- The "PCAP" data, email addresses, etc that they sell comes from them running malware samples on their own infrastructure. It's not based on captured Internet data.
- The web page addresses etc that they sell are the results of automated vulnerability scans and honeypots, not captured Internet data.
- The netflow data they sell is captured from real ISP traffic, but it is a small sample (only 1 in 10,000 netflows is captured), and it can't identify individual websites if they use a CDN or shared hosting infrastructure (which most websites do).
I have no clue how true these claims are, but those are the claims.
Only entry guards which isn't secret info. You will need to get very lucky to correlate that with relay traffic with the guard. Even with decent 1:10 sampling I would say it us only a little better than a random guess at best.
> But of course, not actively endangering our users is a low bar. It is reasonable to raise questions about the inherent disconnection between the business model of Team Cymru and the mission of Tor which consists of private and anonymous internet access for all. Rob Thomas's reasons for choosing to resign from the board are his own, but it has become more clear over the months since our initial conversation how Team Cymru's work is at odds with the Tor Project's mission
If you are using Tor, seriously ask yourself if it's a good idea to install software that was developed by DARPA and has never solved the exit node problem.
This is such an odd comment. ARPANET and by extension DARPA are embedded in the origin story of the Internet and I'm sure DARPA will continue to fund fringe technologies that emerge to change the way we communicate into the future.
It isn't, in and of itself a reason for suspicion on the level implied, nor would I argue above and beyond baseline healthy suspicion in anything.
> ARPANET and by extension DARPA are embedded in the origin story of the Internet and I'm sure DARPA will continue to fund fringe technologies that emerge to change the way we communicate into the future.
That doesn't matter at all. Tor is not proposing to accomplish the same thing the internet does. If we are to take Tor at its word, it is proposing the exact opposite of what is in the interest of government and law enforcement.
That it's hard to get enough volunteer capacity, that exit node operators can sometimes get in trouble for things users did, that attackers can run exit nodes in order to look at traffic content, that attackers can run undisclosed families of relays in order to perform some traffic correlation attacks when a circuit uses multiple relays controlled by the same party, or that some sites may block or CAPTCHA exit nodes?
How would you solve the various exit node issues? If anyone can run an exit node, it's bound to be as trustworthy as the "anyone" that runs it. Plus once your traffic is out of the onion-routed network, it's open to all the usual attacks on the public internet. I2P tries not to deal with non-I2P traffic at all because the problem is so difficult.
> I2P tries not to deal with non-I2P traffic at all because the problem is so difficult.
The problem is difficult because what I2P is doing is essentially the correct approach in this area. Designing an "anonymous" network around accessing an inherently non-anonymous network with a handful of dominant sites is how you run into limitations like needing exit nodes. Yet most people keep insisting upon Tor, as if it's a good idea for the "dark web" to be effectively a single application with an inherent flaw it may never overcome.
It's because Tor does a much better job of being usable to general users, combined with the network effect of Tor Hidden Services, means that more people think of Tor as the "dark web" and more people will use Tor. I2P definitely takes the more secure-by-default state.
> It's because Tor does a much better job of being usable to general user
By having a browser ship with Tor, yes. The rest of Tor is hardly less complicated than running I2P. And I'm not saying that I2P needs to be as popular as Tor. If I2P never gets to having a competitor to the Tor Browser, it will always remain in minority use. That doesn't mean people shouldn't be aware of it or consider it as an alternative for their own use.
> combined with the network effect of Tor Hidden Services
I'm not sure what you mean by that. I2P is almost entirely focused around hidden services, and those services more or less work the same way for the end user with the added bonus that there's a loose sort of "DNS" that creates human readable URLs for services. How does Tor's services have more of a network effect than those on I2P?
> means that more people think of Tor as the "dark web" and more people will use Tor.
Yes. That also isn't anywhere near an ideal knowledge level these users should have. It's not the problem of I2P or even the responsibility of Tor per se that people think this way.
Someone who is reading this very comment and thinks that Tor is the end-all-be-all of the dark web and isn't privy to its origins should think twice before relying on it, because they clearly don't understand the tool that they are using. They probably shouldn't be doing anything remotely "private" or "anonymous" on the internet if all they know is that Tor is the magic thing they install to hide the naughty things they do.
I think people here are misunderstanding me. I'm not saying to never use Tor under any circumstance. I'm telling people to think before they use a tool with known flaws and an interesting origin story. There's nothing unreasonable about this.
> I have really bad news: the internet was formulated by the government.
The internet isn't one piece of software you knowingly install on your system. The internet isn't promising anonymity. Likewise to Tor, I wouldn't install a radar scanner in my car if I knew the company was owned by the U.S. Marshal Service given the kind of incentives that exist for them to take advantage.
I was very particular in saying "formulated". They didn't "make" the internet as we know it, nor do they "own" the internet. I just mean that the very foundation of American internet is the U.S government.
After all, my point wasn't against trusting the internet, It was more that everything built on the foundation is as trustworthy as the foundation itself.
Do you really expect anonymity out of the internet or trust that your IP traffic isn't being analyzed and logged? It certainly is, and it being a government project isn't an argument in its favor. The internet isn't selling itself as a tool of anonymity, never has, and isn't software you're installing on your hardware.
While I can appreciate the measured tone in TFA, at some point you've got to take a step back and ask what the hell is going on. This instance reeks of an egregious conflict of interest and this response is negligent on behalf of the board.
The current TOR Board scenario is akin to having a known child-abusing relative babysit your own kid, catching them inexplicably sitting with the kid alone in a darkened room in a state of undress, then saying:
"Well, this is strange.. but we can't prove you were planning anything malicious this time around. As you were, mate!"
Sometimes a harsh response is warranted to preserve integrity of that which is important. This is one of those times.
My confidence in TOR was already kind of low, now how can I trust and be assured the lack of firm response isn't due to integrity already being compromised and no longer the main priority?
The public trust in TOR is EVERYTHING the project has*.
Hard disagree. The measured tone in TFA is how adults debate issues. Invoking phrases like "child-abusing relative" and "kid alone in a darkened room in a state of undress" is the kind of hyperbole that sites like Twitter and HN love to employ that reduce the quality of conversations and how threads turn into shouting matches.
Ask yourself how the hyperbole you engage in leads to "curious conversation", how you're "assuming good faith", and how you're "eschewing flamebait". Because TFA seems to invoke curious conversation and good faith and your hyperbolic analogies just seem like ideological-battle oriented flamebait.
> Sometimes a harsh response is warranted to preserve integrity of that which is important. This is one of those times.
I'm pretty sure this is explicitly against "Please don't use Hacker News for political or ideological battle. It tramples curiosity."
P.S. As a long time HN reader/user, these hyperbolic flamebait comments in the service of political ends are exactly the kinds of comments that I find degrade this site the most. When people complain about this site turning into Reddit, it's these kinds of comments I think about.
Why are you attacking the commenter's character and chose not to respond to a single concern they brought up? They've asked some good questions and AFAICT they're legitimately concerned and only acting in good faith.
Your claim that they've violated HN guidelines is misplaced, at best.
Who's side are you on? Are you defending the guy with conflicting interests who is on the board and simultaneously selling a tor removal kit?
I have yet to read a single HN thread which does not involve some sort of meta-commenting or tangential conversation, exactly like what is happening in this thread.
OPs comment wasn’t just off the cuff emotionally charged rhetoric though. They acknowledged that there are times for a measured response, and there are times that a measured response is inappropriate. That outrage and pitchfork wielding are appropriate responses. They made the case that this was one of those times.
Bring enough people together with varied enough opinions and each of them will feel their own personal deep concerns are worth wielding pitchforks for. Eventually every conflict will involve pitchforks and the temperature of any discussion will be high enough that all you have are flames whereupon conflicts will just be hidden from public view and taken care of under the table so as not to risk the public flames of wrath.
>Key witness against Assange admits to lying in exchange for US immunity
Oh yeah.
But hey, we might have destroyed one of the crown jewels of free software because the CIA played SJWs like a fiddle but at least we're good people: https://www.youtube.com/watch?v=O4hh1YhDfbA
Maybe if those two guys had kept their dicks in their pants and not gone around molesting and raping as if they were somehow immune to any consequences, they'd not have got in any trouble for it.
Not everything is a shadowy government conspiracy. Most often, people behave despicably just by themselves. Particularly the arrogant, domineering egotists - such as the two you mentioned.
>Not everything is a shadowy government conspiracy. Most often, people behave despicably just by themselves. Particularly the arrogant, domineering egotists - such as the two you mentioned.
>>Sigurdur “Siggi” Thordarson, a convicted criminal from Iceland, has admitted that the main allegations he made against Julian Assange, which form a central component of the US indictment against the WikiLeaks founder, were lies proffered in exchange for immunity from American prosecution.
I guess clicking was too hard.
It literally was a government conspiracy. If that hadn't worked they would have planted some child porn on both of them. And if that didn't they'd have done an Epstein.
It is always hilarious seeing people with a Che shirt defending the CIA.
In short, they claim that:
- The "PCAP" data, email addresses, etc that they sell comes from them running malware samples on their own infrastructure. It's not based on captured Internet data.
- The web page addresses etc that they sell are the results of automated vulnerability scans and honeypots, not captured Internet data.
- The netflow data they sell is captured from real ISP traffic, but it is a small sample (only 1 in 10,000 netflows is captured), and it can't identify individual websites if they use a CDN or shared hosting infrastructure (which most websites do).
I have no clue how true these claims are, but those are the claims.