Hacker News new | ask | show | jobs
by pankajdoharey 2845 days ago
Hasnt half of the decentralisation problem been already solved by the Tor network which is encrypted and already decentralised? And they still regularly identify and stop tor servers. What makes them so sure that the decentralised nodes on a bitcoin network cannot be physically identified and stopped ? A truly decentralised network cannot be built on borrowed network. A truly decentralised interruption free, government free Internet would probably be built on a satellite based network not this.
1 comments
hazz99 2845 days ago
Important note: Tor does not encrypt your traffic

Tor simply hides where your web requests originate from - it's up to you to to visit HTTPS sites and encrypt your communications.

Also, Tor is quite decentralised but the existence of directory authorities undermines this, since presents a centralised component.

link
LinuxBender 2844 days ago
Sorry you are getting downvoted. This is very much correct and folks simply put a lot of faith in the proxy transport as the ends to a means. One vulnerability / bug (Tor has had many) can weaken that link. Tor is rarely installed correctly or in a secure manor. (forcing all packets through it and dropping anything that leaks from the browser, for starters)
link
hazz99 2844 days ago
Do you have any links on how to install it properly, and to test that? (Maybe through Wireshark or something similar) I admit I've haven't used it in-depth (although I've studied the protocol quite a bit)
link
LinuxBender 2844 days ago
I don't have one handy, though if you might find one in the documentation for Tails linux OS.

At a high level, the client workstation must not be allowed to send any packets to anything other than the socks port running on the Tor host. The Workstation must have a static arp entry for it's gateway. The Workstation should use a ram-disk linux distro and not persist anything to unencrypted disk. The Tor host must not allow anything inbound other than the Tor SOCKS port. The Tor node must only speak outbound on 80 and 443 (formerly known as the fascist firewall setup). Ideally, the Tor node should be running on a cheap VPS host, ideally payed for with a burner card and accessed via a VPN so that Tor traffic from the home ISP is not evident. The VPS host should be cycled from time to time.

This is of course a lot of setup work, but most of it can be automated.

[Edit] Speak of the devil. Here is a zero-day published on the Tor browser [1]

[1] - https://www.zdnet.com/article/exploit-vendor-drops-tor-brows...

link