Introducing Proof-of-Work Defense for Onion Services | Tor Project
blog.torproject.org
external-link
Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.

PoW? Really?

What do you think PoW was created for. This is exactly the use case of PoW – to reduce malicious traffic. It works great!

Mubelotix
link
fedilink
1
edit-2
1M

Though if an attacker has an ASIC he can single-handedly dominate the whole pool of other users as ASICs are tremendously more efficient than CPUs

Depends on the hashing algorithm. Tor implements two, and neither are vulnerable to custom architectures like ASICs

Mubelotix
link
fedilink
11M

Good

It’s not like it’s going to consume electricity like Bitcoin.

PoW was first conceptualized as an anti spam method. It’s just a little overhead to make it expensive to make DOS attacks. This makes perfect sense.

Mubelotix
link
fedilink
11M

It will, but that’s the point. Costing money

@ziviz@lemmy.sdf.org
link
fedilink
8
edit-2
1M

At least it appears to be something that gets triggered. In theory, if a node is not under attack or heavy usage, this isn’t a consideration. Doesn’t seem to be a perfect solution as it still slows the traffic of legitimate users in the event of an attack. I don’t know the full details, but in the worse case it makes it easier to semi-DoS, maybe not by fully making a node unresponsive, but by making the service so painfully slow that users may give up on it.

Only for those users who do not have proof of work capability, they get put at the back of the line, but anybody with proof of work capability, which was released last August, will do the work and be put higher priority. I know some people who run seed nodes for Haveno-reto and they had major DDOS issues until they got PoW enabled. It was taking like 5 or 10 minutes to get connected to the network. And now it takes about 30 seconds.

Possibly linux
creator
link
fedilink
41M

What else would they do?

sunzu2
link
fedilink
91M

I bet that commenter got triggered because cyrpto bad!!! There

Anyway, ain’t pow like the only practical solution to fight bots?

Share Some conputer to enter… Seems fair if you are good faith single actor but very expensive if you are running a botnet campaign

PropaGandalf
link
fedilink
11M

No, in my eyes PoW is just a waste of resources. At least let them do some useful computation for the node.

Either that or charging a micro transaction for loading the page. But yeah the goal is to make it cost a small amount that is insignificant to a regular user but adds up to a huge amount at the scale of a spam farm. And it’s also the same rationale behind hashing passwords with multiple rounds. It adds a tiny lag when you log in correctly but adds an insane amount of work if you’re checking every phrase in a password cracking dictionary using an offline attack because it adds up. (In the online scenario you just block them after a few attempts)

Still a better use of the electricity than Ai.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog