[NBLUG/talk] Tor tonight

Aaron Grattafiori nite at sonic.net
Wed Oct 12 15:46:59 PDT 2005


On Wed, 2005-10-12 at 12:26 -0700, Christopher Wagner wrote:
> I think Aaron gave an excellent talk.  I was curious about comparisons
> to similar technologies like I2P, for instance.

Thanks. Yes I looked a little at I2P when I had the time. A lot of how
it works is similar to Tor. 
Some of the main differences are:
"communication is end to end encrypted"  
	Thats not what tor focuses on, but surely is better than no
	crypto 

"Every participant in the network chooses the length of these tunnels,
and in doing so, makes a tradeoff between anonymity, latency, and
throughput according to their own needs."

	This is cool, becase If I wanted to use SSH, and I'm less
	worried about completely being anonymous, I could choose less
	hops and then have less latency. I asked roger about a way to
	restrict tor nodes to only in the US, then my SSH sessions would
	be a lot better... He has yet to respond to that idea... 

"the client you send a message to is the cryptographic identifier, not
some IP address, so the message must be addressed to someone running
I2P. "
	This is THE major difference.. between I2P and tor. Kinda cool
	though.. But it doesn't seem like this would reach the amount of
	people Tor can, and remember adoption is key to anonymity, we
	want to have as many people as possible.

"However, it is possible for that client to be an outproxy, allowing you
to anonymously make use of their internet connection. "

	This has security issues because anyone can be an "outproxy".

"To demonstrate this, the "eepproxy" will accept normal non-I2P URLs
(e.g. "http://www.i2p.net") and forward them to a specific destination
that runs a squid HTTP proxy, allowing simple anonymous browsing of the
normal web."
	Does this only forward to ONE specific destination? 

> I'm also interested in the directory servers, which seem to be a point
> of high-risk for failure (relative to the high redundancy in other parts
> of the network).  How might a low-latency anonymizing network circumvent
> this problem and what are the Tor developers considering as options?

The directory servers are kinda an open problem... The only real issue
is the security of them. Because the directory is mirrored to clients
only after they are understood to be 'good' we help the performance but
this could hurt our trust. If I wanted to get some traffic to go over my
network, I could create a directory of servers that are all mine and
corrupt. When Alices client connects to me and says.. hey I need to
build a circuit, gimme the list of servers I can give her my list of my
very special tor nodes. She'd never know the difference.
This is partly why we don't just let any client download the list from
any new node. (It might be intresting to see if the client randomly
chooses a new tor node to get the directory and when that occurs.)
But your right... Directory servers are a difficult problem. 
Plus im not even talking about how to get the server list into
china/iran without the evil government knowing. I'd have to be a pretty
'underground' network. (im sure they currently exist)

> Some of these questions would probably be answered by RTFMing a bit, I
> know. :)  Feel free to answer all, or none, it's up to you, I won't be
> offended. :)

Be sure to look at:
http://www.freehaven.net/anonbib/ 
(Pay special attention to the papers in the yellow boxes)

 -Aaron Grattafiori




More information about the talk mailing list