[tor-project] notes from usdoj panel talk

Peter Todd pete at petertodd.org
Fri Sep 29 01:41:55 UTC 2017


On Tue, Sep 19, 2017 at 06:12:33PM -0400, Roger Dingledine wrote:
> * Some examples of interesting onion services?
> 
> [Pause while we get distracted by other panelists]
> 
> "Securedrop" is a tool for people to communicate securely with journalists
> -- the New York Times, the Guardian, the Washington Post, Toronto Globe
> and Mail, the AP, etc all run onion sites.
> (Compare to the FBI's tipline, where they pay Cloudflare to mitm it.)
> 
> Ricochet
> 
> Onionshare
> 
> * The biggest website that has an onion service? Facebook. In April
> of last year they posted that 1 million people accessed Facebook over
> Tor in that month. That's .1% of their user base!
> * Onion services protect different metadata than https, and it's about
> giving the users choice.
> 
> onion services features:
> - stronger security, built-in:
>   - encryption
>   - authentication, so no dependency on the crappy CA model
>   - authorization, so untrusted people can't even reach the webserver
> - can be faster since not competing with exit traffic
> - reduced vulnerability surface area
> - mobility
> 
> Surprising (to this audience) users of onion services:
> Facebook mobile
> Debian updates
> IoT operators
> Activist blogger platform example
> Govt and law enforcement

While perhaps not good example for that audience, Bitcoin Core supports .onion
right out of the box, and will create a .onion and accept incoming connections
on it automatically via the Tor control socket API:

    https://github.com/bitcoin/bitcoin/pull/6639

The more interesting thing about this is Bitcoin's security model *relies* on
having censorship-resistant communication. While PoW makes MITM attacks
detectable (and survivable), censorship is an actual security risk to Bitcoin
nodes, particularly targetted censorship.

Probably the simplest way to describe this is to say that the double-spend
problem that Bitcoin solves is fundamentally one of censorship: a double-spend
attack is where you prevent the target from learning about something - the
existance of a double-spend.

The interesting thing about this argument is it's not Bitcoin specific either.
For example, in my FinTech consulting I routinely recommend that auditing-type
things make use of Tor for both the client and server to preserve anonymity.
Again, the explanation of why is simple: in the real world, if the auditors
announce in advance that they're about to visit, the bad guys get a chance to
swap the real books with the fake ones. With crypto - and Tor - we can make it
impossible for the bad guys to figure out who the auditors are.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20170928/077cb4d8/attachment.sig>


More information about the tor-project mailing list