[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Giving Hidden Services some love



Jonathan,

Thanks for taking the time to answer my questions! In a broader sense, it appears as if I do understand the concept of Tor Hidden Services, an anonymity overlay of the Internet Protocol. I referred to a security blanket since I thought we were securing our anonymity using Tor, but your description seems to be a bit more accurate anyway.

Though I do think, after reading your response, that I understand your statement about "know[ing] what a hidden service can do to benefit". Knowing what a HS can do, beneficially, only explains that service, not the concept of Tor Hidden Services at large. The concept of anonymity, at least in the case of TorBrowser, is the key to grasping the concept/value of Tor Hidden Services, especially if using a similar example to your relay w/buttons scenario, where in one case you secure anonymity in a closed all encrypted network, and, in another, you secure anonymity within that same closed all encrypted network but run a higher risk of losing your anonymity by exiting the network into the regular web [which you entered from as well], though in both cases you do have some level of anonymity. So, I contend, that an actual explanation of what things are and how they work is the most effective, especially in the face of "this service that you are familiar with uses Tor Hidden Services", as that still requires an explanation of "for what?" and maybe "How?", not to mention what Tor Hidden Services actually is.

But, you are correct, that this certainly doesn't mean that someone [Dad] should understand all of the concepts and terms that I pulled from the Tor Hidden Services Document. So, maybe somewhere in the middle is good.

Though, regarding a mental map, I do not mean of a site, just of what a hidden service is compared to a non-hidden service on the regular web. However, now that I have considered it, the descriptor of 'Hidden Service' is what is confusing, as it doesn't map as accurately back to a 'Non-hidden Service' as it could without saying that all of the internet is non-hidden services. Maybe describing the TorHS more like you did, an anonymity network that overlays, or is contained within, the Internet Protocol, is most accurate, though this might require understanding more about how the .onion TLdomain works in a browser. Security [anonymity] can exist in the open.

Awesome,
SpencerOne







Jonathan Wilkes jancsika at yahoo.com wrote:

This has long been a chicken-or-egg problem. A general audience (i.e.,
not digital security specialists) must know what hidden services do
before they get involved in hosting hidden services (or even using them,
for that matter).  But to know what hidden services do, a general
audience must be able to use hidden services that interest them.  If
there aren't any that interest them, then consequently there's no demand for anyone to create them. So few people know what they do, outside of
"hacking" and "omg darknet".

I do not agree that to understand what hidden services do that one
must use them or find using them interesting.

We're probably talking at cross-purposes.  When I wrote "know what
hidden services do", I meant a potential user should know what a hidden
service can do to benefit them (or benefit their community). I don't
mean that a general audience should understand all the technical details
you mention below, nor that Tor docs should try (and fail) to explain
those details to a general audience.

For a general audience to understand what hidden services can do for
them, there ought to be hidden services available which interest them.
Then users can _use_ the services and learn (in a basic sense) how they
work and why they exist.  Otherwise one must explain complex topics
which are outside of the user's area of expertise, _plus_ contend with
the reality that many of the widely-known hidden services are shady or
disgusting.  If you've ever tried to explain the importance of online
anonymity to a general audience, you'll understand what a difficulty
these two issues present.  It's much more effective to show someone how
to browse using Tor, and guide them as they learn for themselves.

I, as well as many ancient astronaut theorists, contend, that the
explanation on the Tor Project's Hidden Services section of their
website needs to be more ... something [I was thinking 'Clear', but if
you understand the concepts, then it is most likely quite clear].

It starts out with a very simple claim about anonymity being the
purpose of using hidden services, but then, as it goes on to explain
how that works, it gets a bit confusing, mentioning things like
"rendezvous points", "relays", "circuits", "introduction points",
"hidden service descriptors", "public keys", "distributed hash
tables", "XYZ=16characters.onion", "one-time secrets"
"introduce/rendezvous messages", "entry guards", "entry nodes", &
"end-to-end encryption/decryption", which do not make sense to most
people [Dad].

If there were a hidden service that interested Dad, that doesn't matter.


To me, understanding some of these concepts, it seems like a closed
network that overlays the internet protocol with a security blanket.

Well, it's an anonymity overlay.  Security blanket is probably
misleading, as using hidden services aren't inherently more secure,
broadly speaking.

But is this accurate?  Is this needed?  How does this differ from
p2p, or does it then become p2p?  Is it comparable to Dotcom's
Meganet, which is supposed to be non IP? Other than not using the exit
relays, what value does it provide that Tor on the regular web does not?

As in the above example, both the whistleblower and Dad have some degree
of anonymity when the content is posted using a hidden service.  The
whistleblower cannot easily post content anonymously on the regular web.

I don't know anything about Meganet.

Also, and this goes in a slightly different direction so ignore, why
is Tor using some relays to exit and not all?

Let's say you decide to run a relay. Would you want to click the button
that only relays encrypted data within the Tor network (encrypted from
_your_ eyes, too), or should you click the button that makes your
computer fetch arbitrary pages from the regular web for anonymous Tor
users?  Which would you guess requires less risk on your part?


I would like to communicate p2p but if scrambling my middleman
connections is the better [more secure] option then I would like to
know.  Also, does this series of relays count as a third party,
ultimately classifying my content [whatever I am communicating] as
public knowledge?

I don't know the answer to that question.


Also, I think saying "Hey, fbook uses it." does nothing to help people
map the concept in their mind.

Oh, it most certainly does.  I don't care how accurate you think your
map is-- when someone peruses the links on the hidden wiki, the theory
behind Tor rubs up against reality and the map gets blurred. Keep in
mind some of those links advertise content that can generate the most
intense emotional appeals out there.

So please do peruse the myriad responses on this list to the
inarticulate outrage over shady and disgusting hidden service content.
Find your favorite response and see how effective it is-- not in
"winning" your side of the argument, but in actually reducing people's
fears and enabling them to use Tor.  Meanwhile I'll use the end-run of
"Facebook uses it", because practicing using a interesting hidden
service is IMO the best defense against emotional appeals.

Anyway, if there were a hidden service tailored to the needs of ancient
astronaut theorists I'm sure you could grasp all of this in less time
than it took me to write a response.

-Jonathan


Awesome,
SpencerOne

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk