[qnr]

I wonder if it is possible to implement blacklists so that each relay operator may exclude their node from serving requests for hidden services they don't approve of.

E.g. a law abiding tor relay operator in Mauritania may decide to block the infamous underground apostasy discussion forum. It still remains accessible via other routes but the Mauritanian relay is now not involved with serving the site in any way.

[mike_hearn]

It is possible and I suggested they do just that, some months ago. It won't surprise you to learn that this suggestion went down like a lead balloon, with lots of people assuming I must be an NSA agent, evil, etc. They consider the possibility for nodes to control which HS's they support to be a vulnerability and want to close it.

Tor has exit policies, which are somewhat similar ... exits can choose not to handle certain kinds of traffic (or only handle certain kinds). However they also seem to believe that exit policies shouldn't exist and only do, because of "unreasonable" ISPs that care about abuse.

The people in the Tor community seem oblivious to the political risk they're taking on with the hidden service feature. They keep claiming that dissidents etc use hidden services in the abstract, but all the real world examples people are actually familiar with are the worst kinds of abuse. Recently they announced they'd received a tipoff that directory authorities might be seized. Nothing seems to have happened yet, but the apparent credibility of this threat should have set alarm bells ringing at Tor HQ. Given that HS' represent a tiny fraction of overall Tor traffic, there are virtually no legit hidden services and all the really horrible abuse Tor is famous for relies on it, they should consider just dumping hidden services entirely. Otherwise they're putting everything at risk for a minority feature few users really care about.

[newaccountfool]

> there are virtually no legit hidden services

Sorry what? No wonder you got shot down with your TOR suggestion you appear to know nothing about it.

[dogma1138]

There are legit hidden services indeed, but there a question if the legit ones actually need the protection TOR provides...

The sad truth currently is that the people who use TOR the most are the people who either do not need it's protection or do not deserve it.

As much as we like to play the victim card especially in light of the NSA scandals the truth is that people in free countries don't really get into trouble for doing shit over the internet even when it's illegal (to some extent).

And no i don't count the FBI knocking on your door if you post on facebook that you are going to kill Obama, or the police arresting that dutch teenage retard that tweeted she put bombs on 3 flights and told TWA(?) to figure out which a violation of privacy or civil liberties, those people deserved what they got.

On the other hand if you live in a country where legitimate activities taken over the internet can land you in jail or worse then even being suspected of using TOR will get you in trouble.

Even with all the improvements on masking TOR traffic it is still fairly easily identifiable, heck every entry level internet filtering appliance can block TOR these days with very high degree of accuracy even when the user doesn't use public access nodes.

So TOR doesn't and it's current state cannot provide protection to anyone living under a regime that does massive deep packet inspection of internet traffic(and yes i know the US technically qualifies for that too, but they are still not N. Korea, Iran, China, or Saudi Arabia).

The 2nd problem that TOR has is the fact that early adopters of such technologies tend to be criminals, the same was true with early P2P networks. Heck I still remember trying to download Shrek of Kazaa or eDonkey and getting a ton of pedo pictures instead, and that was very common in the early 2000's...

But this was true to everything from cellphones which back in the 90's meant you were either a business douche or a drug dealer, disk and phone encryption, and offshore bank accounts.

P.S. Currently i actually have less trust in hidden services than i do in normal secure websites, after Facebook brute forced their address (https://facebookcorewwwi.onion/) and according to them with relative ease. And since anyone holding the private key for the hidden service can update the directories and route all new traffic to them i think it's not farfetched that a sufficiently funded agency or an individual can do the same. So while i still consider onion routing to be relatively safe form ease dropping, i consider all hidden services of sufficient importance to be compromised.

[newaccountfool]

Facebook only managed to bruteforce the first 40bits of their .onion domain name. They stated themselves that it would be almost impossible to bruteforce the whole address.

[driverdan]

I've downvoted you because the basis of your arguments are factually incorrect.

> all the real world examples people are actually familiar with are the worst kinds of abuse

> there are virtually no legit hidden services

Did you even bother reading the article or any of the content it linked to?

[mike_hearn]

I don't think that's what downvoting is meant for.

Yes I read the linked article, and the Andy Greenberg article and I watched the CCC talk ... both of which the blog post does not link to. So I've read it all. Have you?

I don't think my points are factually incorrect. Please name me one hidden service where (a) the operators are actually anonymous and (b) the man on the street might have actually heard about it and (c) what's going on there is not either illegal or unethical. I claim there are none: all the hidden services that have had mainstream coverage are illegal.

The blog post is the same as always: the Tor people never give specific examples of hidden services that are beneficial and always talk in generalities, because there are so few convincing good examples. Indeed it says the opposite - they want to boost usage.

Other than not linking to the material they're discussing, they also didn't mention the key finding that is causing such a ruckus: over 80% of all hidden service lookups are to child abuse sites.

They say this might be due to law enforcement crawlers, although there is no evidence of this and it leads to the question of why other illegal sites like black markets aren't being crawled just as aggressively.

There is a train of thought, like AlyssaRowan's post above, that says Tor cannot change anything because otherwise it wouldn't be Tor any more. I don't think that's correct. A peer to peer network is ultimately just a group of people working together for a shared goal. That community of people can define the rules for the services they provide, for example Tor tries by default to block torrenting because they collectively decided that they prefer not to spend their resources on that.

Bitcoin is another example of an opinionated P2P network. It enforces rather unorthodox rules about inflation and money creation, rules that alt coins often change. Regardless the people taking part in the Bitcoin network specifically have these opinions about the way to manage the monetary base and other people who try to deviate from those rules are effectively kicked out/ignored.

Tor and its community could become opinionated about the use of hidden services. They could say hidden services are intended for political communication and organisation, for example (along with whatever other useful things they think of), but not for child abuse. There is nothing technically stopping them, as the CCC talk pointed out. But they have collectively decided not to.

[implr]

To block a certain hidden service on a relay you need to know what is the hidden service you are relaying data to (obviously), which completely defeats all anonymity - a 'first hop' relay would basically be able to make a list of all hidden services visited by clients connected to it.

[dogma1138]

such thing will just make it easier for government agencies to identify both users and hidden services via traffic analysis, so it's unlikely to be implemented.

On the other hand both hidden services, and directories can perform a similar thing. Hidden Services can choose which directories they want to publish their address and identifiers too, this is part of the TOR HS protocol.

Directories can augment any request they get from the user and return what ever value they want, this is how you can cause effective DoS of the TOR network (or any other DHT implementation that does not enforce it's agency over core services) with very small resource investment.