[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] New Tor project idea for internet comments

Lee Malek writes:

> Hi, I am new here.
> I have an idea for a tor sub-project that would serve our purpose (fighting censorship) perfectly.
> This would be a different version of tor - a sort of sub-tor... and a browser plugin.
> Everyone that installs this version of tor would be forced to run a relay - but only for comments - no images, etc.
> The browser plugin would connect to the tor app and scan the webpage the person is on. The plugin would display on a drop down comments people have made using the tor comments system. They can of couse make comments of their own.
> I think this is a must for our purpose. So many news website block comments they dont like these days.

This is a major change from the existing approach of Tor and the Tor

First, the Tor project has only focused on preventing censorship
by networks and network operators, not by web sites.  The
censorship-resistance approach of Tor has been that your ISP shouldn't
be able to control whom you can communicate with, as opposed to that
web sites shouldn't be able to control who can post there or what they
can post.

Although the Tor Project has been very interested in ways to encourage
sites not to block anonymous users, there's never been an effort to
force the sites to accept anonymous users, or to conceal the fact that
someone is using Tor on the exit side.  In fact, the Tor Project has
specifically rejected the idea of doing that:


("If people want to block us [on the exit side], we believe that they
should be allowed to do so.")

Second, Tor has never tried to "force" people to route other people's
traffic or to hide the fact that this is happening.  Instead, there
are a lot of cautions given to people who are considering operating
exit relays.  In your proposal, all of the users would be acting as
exits and routing (some) traffic to the public Internet.  That would
tend to put unsuspecting users at risk because they'd start to be the
subject of abuse complaints, including on their home Internet connections.
(In some designs, people could also deliberately target specific people
they don't like by posting threats through those people's connections.)
That would also probably make running Tor a lot less appealing to some
users because they wouldn't be given the choice about whether to provide
exits for other people's traffic.

Third, the distinction between "comments" and other kinds of traffic is
one that requires a huge amount of programming to enforce, and that can
probably only be enforced if users aren't using HTTPS to connect to the
sites.  The Tor Project and larger Tor community have been trying very
hard to get HTTPS deployed everywhere specifically so that Tor exit
nodes _won't_ be able to spy on or examine what Tor users are doing.  If
progress continues to be made on that front, the Tor exits will be less
and less in a position to make the distinction that you suggest between
comments and other stuff.

(It might be possible to extend the Tor protocol to have "comment posting"
be a special kind of exit, where the user explicitly entrusts the text of
the comment to the exit node, which then makes its own HTTPS connection to
the site and posts the comment.  But that would be a lot of engineering
work and would entail a new arms race with the web site operators, who
would be able to update the HTML code of their sites frequently to stop
Tor exit nodes from being able to recognize where and how to post the
comments.  So that's a lot of effort for a kind of blocking resistance
that Tor developers don't necessarily support philosophically and that
would be challenging to sustain over time.)

Fourth, there are some other technical problems with having everyone be
a relay.


Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to