[tor-talk] Hijacking Advertising to give a Tor Exit node economic sustainability?
Mike Perry
mikeperry at fscked.org
Mon Aug 8 18:06:58 UTC 2011
Thus spake Javier Bassi (javierbassi at gmail.com):
> On Sat, Aug 6, 2011 at 5:09 PM, Fabio Pietrosanti (naif)
> <lists at infosecurity.ch> wrote:
> > Could a Tor Exit Node pay itself and eventually generate more revenue to
> > install other tor server by being self-supported by advertising?
> >
> > A Tor Exit Node could modify all the advertising that the user see while
> > web browsing (google adwords, facebook, doubleclick, etc) by injecting
> > it's own sponsored AD in http flow.
>
> A tor exit node will not be able to produce a dime this way because
> its always the same IP that is watching/clicking ads (his own ads) so
> the clicks will not count or the account will get banned in all
> adsense services.
>
> Still, changing links to amazon, ebay and other similar websites by
> adding the referral/tag of the tor exit node owner could produce
> income, regardless the IP. But who browse the internet for shopping
> via tor?
I do. I use Tor for purchasing things because I have a real problem with
my purchasing activities being strongly correlated, data-mined and
sold. I've experienced inappropriate and embarrassing
non-context-relevant ads, poorly targeted political spam (virtual and
physical), and other annoyances due to advertising attempting to
target ME as opposed to what I am DOING at the time.
The straw that broke my back was Amazon recommendations related to my
personal life that were visible to my manager at work who was sitting
next to me at my computer while we looked for tech books. Thankfully,
I think his own mental ad-filter caused him not to notice.
Still, I quickly canceled my Amazon account and requested they delete
all purchase history.
Flash forward several years to today: There are no physical bookstores
(other than those for used books) left in my city. My choices for new
books are now to either order the book from Amazon, get a digital copy
on an e-book reader (the use of which is subject to monitoring and
deletion), or pirate a copy.
I strongly believe that this indicates there must be a demand for a
model for privacy that allows private commerce and ad revenue, but
defangs the nasty properties of online advertising that I and others
have personally experienced..
However, all this talk about intercepting advertising and modifying
Tor traffic is pure insanity. To those studying it: you're wasting
your time and you're probably breaking US law. Once again: this is the
path to 'BadExit'.
The right way to do this will probably look more like the Mozilla
model: partnering with search providers who will pay us for users that
we drive to their sites. The unique hurdle Tor faces for deals like
this is how to ensure that actual users are behind the browser.
Revocation systems like Nymble could be one answer. Javascript proof
of work mechanisms could be another.
There is also a body of research attempting to devise ways to target
users in a privacy preserving way. For a recent example, see
http://petsymposium.org/2011/papers/hotpets11-final3Bilenko.pdf.
However, most of these have problems with non-contextual targeting as
well as requiring local disk storage of browsing activity.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110808/2bce5d32/attachment.pgp>
More information about the tor-talk
mailing list