𝕃𝕦𝕔𝕒𝕤 (@lucas@toot.coinfundit.com)
toot.coinfundit.comTIL that the @torproject@mastodon.social is in truth fairly centralized, after learning #Tor was able to drop specific nodes from the network. Even if for benign purposes, this should raise a red flag.
https://www.bleepingcomputer.com/news/security/tor-project-removes-relays-because-of-for-profit-risky-activity/
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.43K Posts
- 57.3K Comments
- Modlog
It is not new.
I, umm, this is good news. For project doing their job at keeping us safe.
try I2P
Run your own entry node anonymously
It is sponsored by american intelligence agencies. What decentralization?
From the original article:
Tor is the best but it is dated
Just the simple fact that Tor was started with a bunch of US intelligence money is cause for concern.
You don’t trust the US Government? Good. But the beauty of open-source projects like Tor, Signal, 7Zip, etc is that you don’t need to trust them.
Keep in mine not everyone uses TOR to evade the three letter agencies. I’m a TOR relay operator and the main reason I’m running it is to give people in oppressive regimes a better chance at exchanging free information. To these people getting spied on by western intelligence agencies is probably the lesser evil compared to their own tinpot dictatorship governments.
So… Are you against all surveillance, or just American surveillance? How do you feel about those CCTV surveillance cameras deployed against Muslims?
Do you distrust every state, or do you happen to trust states with an even stronger apparatus than the USA?
The only thing scarier than the fact that the government may be listening in is the fact that any entity can listen in.
Yes, it is not as decentralised as you have thought. I thought this is a fairly known fact. If you need something truly decentralized, I2P is probably the way.
How is it not decentralized?
It looks like this was done democratically. From the Tor blog:
Traffic is flowing through computers of volunteers, that part is indeed decentralized, but your client needs to find them, and that happens through a centralized service, through a “directory authory” if I’m not mistaken
Where is the directory? Is that actually centralized? And even if it weren’t, wouldn’t there still need to be a way to democratically control which nodes were allowed and disallowed, especially if they were malicious?
Here is the list of the currently available directory servers: https://metrics.torproject.org/rs.html#search/flag:authority
This article claims that their list is hardcoded, but honestly I’m not sure right now whether it means you can change it.
I2P has a mechsnism for banning routers, permanently or temporarily.
It looks it knows what to block from a local blocklist file and from a “blocklist feed”, but I don’t know what’s the latter right now. I hope you can excuse me on that, I’m also quite new on the topic.
It’s no problem, I’m asking because I don’t know how Tor works either… At least, not in great detail.
Tor allows you to configure a bridge manually, which they describe in the app as an “unlisted relay”… So in theory, even a malicious set of directory servers could be overridden.
I figure somebody needs to make the call to allow or deny something somewhere, Right? Something needs to be hard-coded somewhere, so that people can download the app and use it without requiring extra knowledge of something in particular. Or at least, I imagine that’s the goal (by the point you are using an unlisted relay, conditions have probably gotten pretty dire).
Lokinet is a modern alternative to both
Ironically, Lokinet creates perverse incentives towards centralization:
This is the same centralization Tor is avoiding by steering away from the cryptocurrency-based set of nodes run by a for-profit that calls itself aTor…
It worries me that Lokinet depends on Blockchain and cryptocurrency technology
Why?
Agreed, hopefully i2p adoption ramps up.
But now i2p it is being developed, mostly, by Russians. And you hate them. How are you going to use it?
Do we hate them, all of them? Personally, I don’t.
Russophobes always say that. the German Nazis also said so.
I’m using something developed by Russians, said I’m not disliking Russians, and now I’m a russophobe. Ok. You do you.
So how does I2P work, I vaguely remember something about it like slowly building a network as you keep your own connection on, and that the architecture makes it much better for torrenting. Is it worth looking into and learning about or is it just slow bad internet?
Well, yeah, about the speed… it’s not fast. And probably never will be fast as plain internet. Just imagine what is happening: each service you connect to is usually 6 hops away, which in the worst case (where each pair of peers is the furthest possible from each other) would require traffic to take 3 rounds between e.g. west asia and the usa. Here’s an other explanation with a diagram: https://geti2p.net/en/faq#slow
But that’s just the latency, and it can be tuned. If you want to play online games with a group of people over I2P, you could use for instance a 1-hop tunnel, and ask the others too to use a 1-hop tunnel, and now it’s totally different. Of course this hurts your and the other players anonymity, but it could be acceptable, especially if you make it select a router relatively close to you.
Bandwidth is again a different topic, I think that could improve even without sacrificing on the tunnel length, with more (relatively) high bandwidth routers joining the network, but of course your tunnel’s bandwidth will always be limited by the slowest router in the chain. Fortunately there are ways to have a tunnel through more performant routers.
On how does it work: when you start up your router (a software package, through which other programs can use the network), it asks a bunch of preconfigured servers about known I2P peers, through a process called reseeding. Afaik there are currently 12 preconfigured reseed servers, but you can bring your own, or if you know someone with an I2P router who you trust, they can make a reseed file for you which you can import.
After that, your router will talk to the other routers it now knows about, and ask them too about the routers they know.
This means that it’s better (while not necessary) to have a dedicated machine on which a router is always running and online, instead of having it run for the 30 minutes every time you power on your desktop. It doesn’t have to be powerful, it can be a low power consumption SBC (like a raspberri pi or similar), and I think it’s also possible to set up an unused android phone for this purpose with an app, but you probably don’t want it to use your mobile data plan.
On why is it better for torrenting: I don’t remember the details on that.
What I remember is that it’s often said that the protocol was “built for that”.
But there’s also another thing: vandwitdh is naturally less of a scarcity here, compared to Tor. Connecting to the network requires the use of a “router”, which besides giving access to it for you, also automatically contributes to the network with your internet connection’s bandwidth capacity (except if limited by the tech of your ISP, like with CGNAT; it can still contribute some but usually it’s less), and in turn most users will provide a “relay” to the network. On the Tor network, most users are just users, their clients are not participating in routing the traffic of other users, and so they are only consuming the capacity provided by others.
Also, afaik torrenting on Tor always needs to make use of an exit node to access the tracker and all the peers, while on I2P it all happens inside the network, without placing a huge load on outproxies (exit nodes in I2P terms)
Also, here’s a comparison between I2P and Tor: https://geti2p.net/en/comparison/tor
It may seem that I2P has a bunch of downsides, and it may discourage you from using it, but let me tell you how I think about it.
I don’t use it for everything, just as I don’t use the Tor network on a daily basis, but when I need it it’s there, it makes me easier to search on a few private matters, and it runs in the background so I’m basically effortlessly helping the other users, when not counting the initial setup and the electricity costs of course (the former was not much, and the latter does not depend on this in my case)
Very interesting, and thank you for the write up! Might be worth looking and preconfigured reseeds if I was to dabble in it, but generally I just don’t have use for powerful anonymity tools currently. Always rad to hear about the tech though!