[tor-talk] Hi IAmA! We are core members of the Tor Project. Ask us anything! (self.IAmA)

Eugen Leitl eugen at leitl.org
Thu Jun 21 12:27:26 UTC 2012


http://www.reddit.com/r/IAmA/comments/vdhs8/hi_iama_we_are_core_members_of_the_tor_project/

Hi IAmA! We are core members of the Tor Project. Ask us anything! (self.IAmA)

submitted 3 hours ago* by runasand

The Tor Project develops and maintains the Tor, a software that allows users to browse the web anonymously and securely. Tor was originally developed for the purpose of protecting government communications. Today, it is used by a wide variety of people for different purposes. An estimated 500,000 people use Tor on a daily basis; some use Tor to keep websites from tracking them and their family members, some use Tor to research sensitive topics, and some use Tor to connect to news sites and instant messaging services when these are blocked by their local Internet providers.

Karen Reilly (puffin_net) is the Development Director at The Tor Project, responsible for fundraising, advocacy, general marketing, and policy outreach programs for Tor.

Runa A. Sandvik (runasand) is a developer and researcher working on a range of different projects, from blocking analysis and quality assurance, to outreach and support.

Karen and I will be answering all your questions throughout the day, so feel free to ask us anything you'd like relating to Tor and the Tor Project.

edit: Here is some proof from our Twitter account: proof 1, proof 2, proof 3, and from my personal twitter account: proof 4.

    198 comments
    share
    save
    hide
    report

all 198 comments
sorted by:
best
formatting help

[–]throwawayagin 231 points 1 hour ago

We run the only exit node in Iceland at the moment. Everyone working at a university or running a hackerspace should consider running an exit node or at least a relay. For those that care about real freedom of speech this is the most direct way you can help. Thanks again to the Tor Devs for helping change the world for the better.

    permalink
    report
    reply

[–]runasand[S] 49 points 1 hour ago

Can't upvote this enough. Thanks for running an exit relay!

    permalink
    parent
    report
    reply

[–]taterballs 18 points 19 minutes ago

Are the exit node and relay something that can be done at home or do they require a larger setup?

    permalink
    parent
    report
    reply

[–]Fuck_Yo_Cat 2 points 7 minutes ago

Any modern computer can run a tor exit node. You can even download hacked firmware for your linksys router that will allow you to run the node from your router.

    permalink
    parent
    report
    reply

[–]ItsCrockett 1 point 6 minutes ago

Here is the Tor Project's page about running a relay. "If you have at least 30 kilobytes/s each way, please help out Tor by configuring your Tor to be a relay too."

No powerful setup required, you're just donating bandwidth.

    permalink
    parent
    report
    reply

[–]daanavitch 1 point 4 minutes ago*

You can just do it at home, but it is advised to have a fast computer, and most of all, a fast internet connection. You're also responsible for your own internet connection. So if someone does bad things through your exit node, you're going to have a hard time explaining what happened to the authorities. If you do want to help the Tor network without any risk of getting in trouble, you can simply run a relay. That way you only send encrypted data to the next Tor relay.

    permalink
    parent
    report
    reply

[–]blahdeblah88 11 points 9 minutes ago*

Aren't there significant legal risks to allowing people to proxy through your IP address?

Call me stupid, but isn't it like lending random strangers your passport and a mask that looks like your face?

    permalink
    parent
    report
    reply

[–]dd72ddd 1 point 6 minutes ago

I think a better analogy is taking a locked briefcase from a shady looking dude and delivering it for him or one of his friends, in exchange for him doing the same for you at some point in the future.

You can't logically infer wrongdoing from the use of tor. That's (partly) the point. Also, an IP address is not a person, nor is it an ID for a person.

    permalink
    parent
    report
    reply

[–]wilkor 1 point 54 seconds ago

Do governments and judges know that?

No offence, but what they don't know can hurt me.

    permalink
    parent
    report
    reply

[–]blahdeblah88 1 point 21 seconds ago

Disagree. Delivering a breifcase isn't terribly traceable.

You should assume that everything your IP address does online is ultimately traceable back to you, if someone really wants to get at that information.

    permalink
    parent
    report
    reply

[–]S2333 2 points 2 minutes ago

I feel the same way. Especially when I saw that story about those German men who got in trouble because someone was looking at child porn using Tor and they were the exit node.

    permalink
    parent
    report
    reply

[–]the_third_guy 41 points 2 hours ago

Firstly, thank you for Tor, I use it a lot for just general browsing. I suppose my only question is is there anything I can contribute to the project as a C#/android developer?

    permalink
    report
    reply

[–]runasand[S] 26 points 2 hours ago

Our volunteer page contains information about our projects and how you can help us. I would also recommend you check out our projects page to see if there is anything that interests you. You can also get in touch with the developers at The Guardian Project. They do lots of awesome work on Android.

    permalink
    parent
    report
    reply

[–]the_third_guy 3 points 2 hours ago

Awesome, I'll check them out. Thanks.

    permalink
    parent
    report
    reply

[–]8u9i8u8u7y4e9i6t9i -58 points 29 minutes ago

Thanks for all the child porn access, I know you didn't put it there but it's great to get a break from actually raping children so I can watch some HD Childporn

    permalink
    parent
    report
    reply

[–]I_Am_Error13 14 points 28 minutes ago

^ Asshole that gives this project a bad wrap

    permalink
    parent
    report
    reply

[–]8u9i8u8u7y4e9i6t9i 1 point 8 minutes ago

Ya trust me I know about bad wraps, when I ordered from The Silk Road last time they didn't wrap the shrooms well enough and the bag got searched. Good thing I used a drop! My neighbor is still in prison!

    permalink
    parent
    report
    reply

[–]inane-dick 3 points 9 minutes ago

*Rep as in reputation. :)

    permalink
    parent
    report
    reply

[–]useful_helpful 8 points 26 minutes ago

Don't bother replying to this dude; comment history indicates he's a troll trying to get a rise out of people.

    permalink
    parent
    report
    reply

[–][deleted] 46 minutes ago

[deleted]

    permalink
    parent

[–]Schroedingers_gif 3 points 6 minutes ago

Good thing he didn't ask you.

    permalink
    parent
    report
    reply

[–]meepstah 2 points 7 minutes ago

Yeah, who wants to work in a fast, reliable, rapid-dev language that's easily portable to both Windows and Linux but retains the power to use low level programming where appropriate? Fuck that noise.

    permalink
    parent
    report
    reply

[–]pauloat 35 points 1 hour ago

Hi!

I was fire for my work for recomend the use of Tor (and change my mail to Riseup, using DuckDuckGo and being a member of the Argentinian Pirate Party). Im in this moment in the middle of a legal dispute about that. My friends allways said to me that talk to the guys in Tor and in the EFF about this. But I dont really know if you can do something from the US to help me here in Argentina. Do you have contacts with lawyers or someone in Argentina that can help me in my case??

thanks!

    permalink
    report
    reply

[–]runasand[S] 39 points 1 hour ago

Please email me at runa at torproject.org with some details, and I will try to put you in touch with the right people.

    permalink
    parent
    report
    reply

[–]pauloat 10 points 1 hour ago

Thanks!

    permalink
    parent
    report
    reply

[–]wowko 2 points 4 minutes ago

Apparently the guys at Tor are good people.

    permalink
    parent
    report
    reply

[–]pub571 61 points 2 hours ago

Thank you; Thank you and Thank you; from ( Hell = Iran ).

    permalink
    report
    reply

[–]runasand[S] 19 points 1 hour ago

You're welcome! Please email help at rt.torproject.org if you have any questions about Tor (outside of this iAmA) and/or need help.

    permalink
    parent
    report
    reply

[–]pub571 1 point 3 minutes ago

OK and Thank you again.

    permalink
    parent
    report
    reply

[–]The_Devil_AMA 3 points 8 minutes ago

You don't even want to know.

    permalink
    parent
    report
    reply

[–]mr_e_on_the_net 56 points 2 hours ago

No question, just a big thank you from Dubai!

    permalink
    report
    reply

[–]runasand[S] 25 points 2 hours ago

You're welcome! :)

    permalink
    parent
    report
    reply

[–]RadiantSun 24 points 12 minutes ago

Thank you from Pakistan. Pornography is blocked and imagination fapping is hard.

    permalink
    parent
    report
    reply

[–]magicspud 14 points 9 minutes ago

Real life testament that you are changing peoples lives for the better.

    permalink
    parent
    report
    reply

[–]apolotary 25 points 3 hours ago

First of all, thank you for your efforts! What's you opinion on anonymous linux distros like tails?

    permalink
    report
    reply

[–]runasand[S] 31 points 3 hours ago

Thanks! Tails is actually an official Tor project, and we are working with the developers to ensure that all traffic is safely routed through Tor and no trace is left on the system. I, personally, think Tails is a great distro and have used it a few times while traveling.

    permalink
    parent
    report
    reply

[–]n4mu 9 points 3 hours ago

-> https://www.torproject.org/ search for "tails", it's under "our projects". I am guessing they approve.

    permalink
    parent
    report
    reply

[–]SlasherPunk 23 points 2 hours ago

Now it's a known fact that Tor browsing speeds are quite low. Can we expect higher speeds in the future? Also, is the Tor Project entirely dependent on donations? And do you experience a shortage/surplus of funds?

    permalink
    report
    reply

[–]runasand[S] 26 points 2 hours ago*

The short answer for why Tor is slow is that there are 500,000 people using Tor daily and only 3000 relays in the network. You are sending your traffic through three relays somewhere in the world, and each relay have different amounts of bandwidth donated to Tor users. We need more people who can run relays and help the network grow even bigger.

If you want the longer answer to your question, then I suggest you read the blog post called Why Tor is slow and what we're going to do about it written by Roger in 2009.

To answer the second part of your question; yes, we depend on grants, donations, volunteers who help us with development, testing, documentation etc. All companies (non-profit or not) go through stages where there's a shortage of funds, and the Tor Project is no different. That said, I am really excited that we recently won the Knight News Challenge on Networks.

    permalink
    parent
    report
    reply

[–]Salanderson 12 points 23 minutes ago

Is there any way you can make some sort of dummies guide to setting up a relay?

Or could it never be that simple?

    permalink
    parent
    report
    reply

[–]lho 1 point 3 minutes ago

See https://www.torproject.org/docs/tor-doc-relay.html.en

    permalink
    parent
    report
    reply

[–]Ogrebushi 47 points 2 hours ago

As far as I understand as a TOR newbie, the foundations of TOR were a United States Navy project. What can you offer to refute that TOR is simply an intelligence honeypot?

    permalink
    report
    reply

[–]runasand[S] 30 points 1 hour ago

You are correct. Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. To help convince you that Tor is not an intelligence honeypot:

    The code is open source and available online. You can find it on gitweb.torproject.org.
    Tor's protocol specifications is also available online.
    If we were to introduce a backdoor in our own software, we would not only have a broken tool, but a trashed reputation as well.
    Tor is used by 500,000 people daily, including core members of the Tor Project.
    Volunteers all over the world run 3000 relays in total. Your client will pick three relays at random when sending traffic through the network.

    permalink
    parent
    report
    reply

[–]pauloat 6 points 11 minutes ago

i heard that the Navy discover that the only way the tool be usefull is if a lot of diferent people use it, and thats the reason they free the code. This is true?

    permalink
    parent
    report
    reply

[–]easternfootwear 1 point 2 minutes ago

Reading this response critically, it could be interpreted as extremely equivocal, but I'm hoping that this is because runasand isn't a native English speaker.

    permalink
    parent
    report
    reply

[–]whythehateman 6 points 1 hour ago

Why is Ogrebushi being downvoted?

The misunderstandings about the relationship between the TOR project and the US Navy are keeping many people away from using TOR.

    permalink
    parent
    report
    reply

[–]ANAL_POWER_GENERATOR 17 points 1 hour ago*

Couple of questions,

1) Can your anonymity using Tor be compromised if you disconnect and then reconnect from a wifi network whilst loading a page through the Tor network?

2) How anonymous are exit node operators? I know some people run exit nodes on their home networks, and this seems very risky considering some of the things people use Tor for.

Thanks for the work of the entire Tor Project team. I'm lucky enough not to have to use the Tor network, but the work you do for the people around the world who do is inspiring.

    permalink
    report
    reply

[–]runasand[S] 11 points 58 minutes ago

    Can your anonymity using Tor be compromised if you disconnect and then reconnect from a wifi network whilst loading a page through the Tor network?

What are you worried about? That the URL of the site you are browsing is going to leak because it's loading before you have reconnected to the Tor network? Or that someone watching both you and the site you are connecting to can identify your user from all the other users?

    How anonymous are exit node operators? I know some people run exit nodes on their home networks, and this seems very risky considering some of the stuff people use Tor for.

The IP address of each relay in the network is publicly available on sites like torstatus.blutmagie.de, including contact information for each relay operator (if set in the Tor config file). I can recommend reading the blog post Tips for Running an Exit Node with Minimal Harassment.

    permalink
    parent
    report
    reply

[–]ANAL_POWER_GENERATOR 5 points 52 minutes ago

What are you worried about? That the URL of the site you are browsing is going to leak because it's loading before you have reconnected to the Tor network? Or that someone watching both you and the site you are connecting to can identify your user from all the other users?

The first one, I suppose. Would you start loading the site before the Tor network, or would you reconnect to Tor without the URL of the site leaking?

    permalink
    parent
    report
    reply

[–]runasand[S] 7 points 48 minutes ago

Tor will only work as long as you have Internet access. Tor Browser will not allow you to browse a page if Tor is not running and connected to the network.

    permalink
    parent
    report
    reply

[–]wjoe 4 points 28 minutes ago*

I don't think running an exit node from a home machine would be a good idea. I had one running on my one at some point, but I had to turn it off because it got my IP banned from pretty much every IRC server.

    permalink
    parent
    report
    reply

[–]mischanix 1 point 8 minutes ago

and you'll never be able to post on 4chan again.

    permalink
    parent
    report
    reply

[–]microwave_suicide 15 points 1 hour ago

Thanks for everything you do! You're doing really important work and the world is a better place because of it.

It seems like there is an escalating conflict between the US government and groups who have a very different view on the purpose of the internet. The new NSA data center aims to completely destroy what privacy we may have left, and the government is getting even more aggressive with malware like flame and stuxnet. The US was embarrassed by wikileaks, and appears to have it out for Julian Assange. Groups like Anonymous are releasing sensitive information on a semi-regular basis, and it seems like all this can only go on so long before government campaigns like the “war on drugs” and the “war on terror” are joined by some sort of a “war on cybercrime” that sees anonymity as a threat. Do you think the US government is making plans to infiltrate, disrupt, or take down the Tor network? Do you have plans on how to respond if it does?

    permalink
    report
    reply

[–]eastwards 15 points 1 hour ago

How safe is it exactly to run an exit node? I am from Europe and have a ton of unused bandwidth, but I can't even be bothered to open my mail - let alone deal with any legal stuff that might be brought on by me running one.

    permalink
    report
    reply

[–]runasand[S] 16 points 45 minutes ago

It really depends on what you are worried about and what you count as safe. Either way, I think it's important to first understand what running a Tor exit relay really means, and you will want to consider hosting it somewhere other than in your own home. The Tips for Running an Exit Node with Minimal Harassment post is a good source for information, and you can find a list of Tor-friendly hosting providers on our wiki.

    permalink
    parent
    report
    reply

[–]eastwards 2 points 8 minutes ago*

First of all, I highly appreciate what you guys are doing. Even though I rarely use TOR myself, I believe that maintaining uncensored Internet access is one of the most important factors to improving the global human condition.

That being said, stories such as this one scare me. For me, this reduces the question of whether or not to run an exit node into "Am I willing to potentially face prosecution just because some asshole decided to browse kiddie porn at my expense?"

I'm sure this is one of the main concerns that holds people back from running an exit node. The suggestions that you list make a lot of sense, but they are mostly reactive. Are there proactive means to fight this? I guess any form of technical counter-measure can be interpreted as a form of censorship..

    permalink
    parent
    report
    reply

[–]some_random_develope 5 points 11 minutes ago

If you don't want to run an exit, you can operate as a relay: https://www.torproject.org/docs/faq.html.en#ExitPolicies

Or, as a special type of unpublished relay Tor calls 'Bridges': https://www.torproject.org/docs/faq.html.en#RelayOrBridge https://www.torproject.org/docs/bridges.html.en

    permalink
    parent
    report
    reply

[–]p_gargleblaster 10 points 36 minutes ago

How likely (/unlikely) is it that some government agency runs enough TOR nodes to do traffic analysis and/or compromise the network?

    permalink
    report
    reply

[–]sdfghjkiuy 7 points 59 minutes ago

Is there a way people who have only just started programming or studying computer science can contribute?

    permalink
    report
    reply

[–]runasand[S] 6 points 50 minutes ago

You can help with anything you want, such as development, testing, documentation, support, running a relay etc. Our volunteer page contains information about our projects and how you can help us. I would also recommend you check out our projects page to see if there is anything that interests you.

You can find us in #tor and #tor-dev on irc.oftc.net :)

    permalink
    parent
    report
    reply

[–]sdfghjkiuy 3 points 48 minutes ago

Thanks! I'll check out the IRC channel. Do you think a beginner coder will be able to contribute anything worthwhile?

    permalink
    parent
    report
    reply

[–]Neuran 2 points 30 minutes ago

Even if you can't, it's good to get experience working on an external project. You may or may not commit anything, but learning to work with other people's code is something you're very likely to do in the future.

    permalink
    parent
    report
    reply

[–]sdfghjkiuy 2 points 17 minutes ago

Thanks! Great point as well. :)

    permalink
    parent
    report
    reply

[–]opera-frowney 1 point 8 minutes ago

I am sure there are a lot of bugs to smack. Check out https://trac.torproject.org/projects/tor and go nuts!

    permalink
    parent
    report
    reply

[–]Release_the_KRAKEN 29 points 3 hours ago

Back in the day I used Tor to surf for porn. Thanks for letting me surf for my depraved porn anonymously :)

    permalink
    report
    reply

[–]asstits 10 points 1 hour ago

Is there more than CP on tor?

    permalink
    parent
    report
    reply

[–]opera-frowney 7 points 33 minutes ago

Well, TOR > .onion. You can surf to any usual places with tor. You can do anything at TOR. This is TOR. Welcome. This IS TOR, welcome. The only limit is yourself. Welcome, to TOR.

    permalink
    parent
    report
    reply

[–]Release_the_KRAKEN 25 points 1 hour ago

I wouldn't know. I like BDSM with a focus on humiliation and sadism.

    permalink
    parent
    report
    reply

[–]asstits 11 points 1 hour ago

But that sounds legal to me, therefore not so hard to find on the normal web?

    permalink
    parent
    report
    reply

[–]odei 24 points 1 hour ago

"Extreme" porn is actually illegal in the UK, some aspects of BDSM fall under this even though it's between consenting adults.

    permalink
    parent
    report
    reply

[–]asstits 10 points 1 hour ago

Just like he's being downvoted for no other reason than his choice of porn, I'm glad we're more open minded here.

    permalink
    parent
    report
    reply

[–]Red1123 2 points 30 minutes ago

Have you signed the petition to have that removed?

    permalink
    parent
    report
    reply

[–]Release_the_KRAKEN 9 points 1 hour ago

It was back when I was under-aged and full on terrified that the FBI would haul my ass off to jail for looking and such perverse stuff. Also, I'm pretty sure the sites I used to look at were taken down because they were fucking insane.

    permalink
    parent
    report
    reply

[–]some_random_develope 5 points 1 hour ago

The web looks pretty different depending on your perspective. Internet censorship includes porn in many countries.

    permalink
    parent
    report
    reply

[–]unas666 1 point 1 hour ago

Please have an upvote - although I would not choose like you, you contributed fair and square.

    permalink
    parent
    report
    reply

[–]Release_the_KRAKEN 2 points 1 hour ago

WHY WOULDN"T YOU LIKE ME?!

    permalink
    parent
    report
    reply

[–]cfuse 6 points 23 minutes ago

Some people just need a bit of encouragement.

    permalink
    parent
    report
    reply

[–]Monarki 2 points 12 minutes ago

If you go to the hidden wiki there's more stuff wrt porn (if that's what you asking about) stuff like beastiality and necro gore bestiality. So yes there's more. There's probably also regular ol hardcore porn.

    permalink
    parent
    report
    reply

[–]asstits 1 point 2 minutes ago

Explain 'necro gore bestiality' to me like I'm a five year old.

    permalink
    parent
    report
    reply

[–]reomc 1 point 5 minutes ago

You mean in terms of porn? Sure.

    permalink
    parent
    report
    reply

[–]SlasherPunk -17 points 2 hours ago

/r/nofap

    permalink
    parent
    report
    reply

[–]Release_the_KRAKEN 31 points 2 hours ago

/r/nothanks

    permalink
    parent
    report
    reply

[–]Idaho_Potatoes 7 points 35 minutes ago

Is it true that government intelligence agencies like the CIA, FBI, and NSA each own several exit nodes?

    permalink
    report
    reply

[–]lho 3 points 16 minutes ago

Since everybody can run an exit node (including you!), it's very likely that $AGENCY runs exit nodes, too.

    permalink
    parent
    report
    reply

[–]Subbie138 7 points 1 hour ago

TOR has been a game changer for those of us who used to fumble around with questionable proxies and such; it has certainly made anonymity easier,more reliable, and just keeps getting better. Thank you for your work.

There still seems to be a healthy amount of paranoia about running an exit node; are there any real legal risks associated with running one, and is there anything you would tell someone who was considering it?

    permalink
    report
    reply

[–]wjoe 1 point 5 minutes ago

If you're an exit node, you're basically the unencrypted part of Tor. Your ISP can potentially track any traffic which comes out of there, including any of the various illegal things that people might use Tor for. You're basically at risk of any of the things that you might be at risk from if you didn't use Tor (and the things that other people want to use Tor to hide).

Whether or not your ISP will do anything about that is another question, but there is a good chance that other people's potentially illegal browsing will be recorded against your name. Whether or not this will -actually- cause any legal trouble, I don't know. Different ISPs/hosts have different policies, and I believe it's easily noticeable that traffic has come from Tor, so that may get you out of potential legal trouble for the traffic itself (or may get you banned by your ISP). IANAL, though.

Also, since Tor exit nodes are all public, some services (eg IRC servers) might automatically ban any IPs that are listed as exit nodes. It can also use a large amount of bandwidth, at some points it was close to maxing out my 100Mb/s server.

It's generally not a good idea to run an exit node on a home computer, or something where your outgoing traffic is important, and it's mostly more suitable for servers.

TL;DR: Yes there are real legal risks.

    permalink
    parent
    report
    reply

[–]the_asker 6 points 48 minutes ago

How do you handle politicians and sheltered moms proclaiming to "please think of the children" and "guard against terrorist threats"?

    permalink
    report
    reply

[–]cjhazza 6 points 2 hours ago

Hi guys, big thanks for this great service you have provided. Just out of interest do you guys use your own service as standard when on the internet?

Also how do you feel about the fact that a large number of Onion domains are used for transactions and sharing of illegal goods and services? Does this corrupt the original purpose of Tor or was it something you expected to go hand in hand with the project?

    permalink
    report
    reply

[–]runasand[S] 8 points 1 hour ago

    Just out of interest do you guys use your own service as standard when on the internet?

I do, yes, and I know other Tor developers who do it as well. It's actually quite easy to get used to the difference in speed when switching over to the Tor Browser completely.

    Also how do you feel about the fact that a large number of Onion domains are used for transactions and sharing of illegal goods and services? Does this corrupt the original purpose of Tor or was it something you expected to go hand in hand with the project?

I think it's interesting to see people claim that a major part of hidden services is illegal content, without having any proof that this is really the case. We hear about all the bad things because that's what media likes to write about, but that doesn't mean there aren't a ton of good hidden services out there as well.

I can't really comment on the original purpose or if this was something that was expected. What I can say is that we are working hard to explain what Tor is and is not, and I think Karen's response in r/TOR regarding law enforcement and hidden services is a good one.

    permalink
    parent
    report
    reply

[–]cjhazza 1 point 1 hour ago

Thanks very much for the answer, I mentioned the illegal side of things as that is what I first discovered Tor through. Old friend of mine was using Tor to source certain less than legal consumables for selling on again locally which is how I found out about it. Personally I now like using it when I'm doing anything on the internet where I want to protect my identity (no point in using it for reddit as this is somewhere I willing disclose personal info).

    permalink
    parent
    report
    reply

[–]Calochortus 7 points 2 hours ago

Any idea how the governement feels about how it's creation is being used now? Do you ever hear from them?

    permalink
    report
    reply

[–]Dumper-Dash 6 points 2 hours ago

Seeing as Tor was originally designed for government use, what is Tor's stance, ethically and professionally, on co-operating with governments, in particular when requested to help identify users.

    permalink
    report
    reply

[–]runasand[S] 19 points 1 hour ago

We do not log, track, or identify our users and we therefore have no data to give out whatsoever.

    permalink
    parent
    report
    reply

[–]boaby_phet 1 point 1 hour ago*

sorry, i dont mean to be a dick... but with this statement it kind of writes off the statement above that the hidden illegal services are blown out of proportion ... as you have no way of knowing if you do not track anything!

personaly, i have no doubt you all are doing this for the right reasons and i love you all for this! but its a bit naieve to say that its media blowing the scale of hidden illegal services on the tor network out of proportion... i have been on tor a few times but due to the main content and not knowing where to find a safe guide or list of safe sites i have only ever been on silk road to see what the fuss is about.

now, a question ... although i think this is impossible if you do not track anything ... but , what proprtion of the TOR network users are using tor as a simple proxy as opposed to browsing .onion sites?

(ps, i edited to say your doing an awesome job, i dont mean to sound like im hating on things... when this world goes to war , or the powers that be try and block the web,ill be moving to tor :D ... (i always have it ready but never really use it))

    permalink
    parent
    report
    reply

[–]b4df00d 0 points 1 hour ago

True heroes of our times.

    permalink
    parent
    report
    reply

[–]some_random_develope 3 points 1 hour ago

Tor is designed to protect your privacy by design. See: https://www.torproject.org/about/overview.html.en#thesolution for an overview. The idea is that the technology should protect you, not the ethics of the authors or relay operators.

The Tor people take anonymity seriously. See the discussions on the Tor mailing lists (https://lists.torproject.org), or bug tracker (https://trac.torproject.org) for an idea of their viewpoints.

    permalink
    parent
    report
    reply

[–]odei 4 points 1 hour ago

You guys are rad.

With recent events such as the megaupload shutdown, what do you think is the best way to protect shared/hosted data?

    permalink
    report
    reply

[–]runasand[S] 4 points 34 minutes ago

Never keep copy of material on one single site. Ideally, you would want to have local and off-site backup.

    permalink
    parent
    report
    reply

[–]Neuran 2 points 36 minutes ago

The more you value keeping a bit of data, the more copies in a variety of locations, the better the chance the data has to survive.

Ofc, that has to be balanced between how much you'd like it to be kept secure too. Pick your storage places wisely. If a site is getting a reputation for being an illegal file haven, it's likely to attract the authorities sooner or later. Megaupload, for me, definitely had that reputation... so wasn't surprised to hear about the shutdown.

    permalink
    parent
    report
    reply

[–]whateverradar 5 points 28 minutes ago

What % of your exit nodes do you believe to be gov't sponsered?

    permalink
    report
    reply

[–]JesusWasADrugdealer 14 points 3 hours ago

What's your opinion about the depraved things TOR can and are being used to search? I don't judge you guys and I think it's an awesome program, just curios.

    permalink
    report
    reply

[–]runasand[S] 52 points 1 hour ago

People search for depraved things on the normal Internet too, Tor is no exception.

    permalink
    parent
    report
    reply

[–]no-sweat 8 points 30 minutes ago

And people do depraved things in real life too. The internet/tor is nothing but human reality on a screen.

    permalink
    parent
    report
    reply

[–]opera-frowney -1 points 40 minutes ago

That is easy to say, but is it really true? I am not one of them who actively seek out cp, gore and illegal drugs but when on the more popular .onion sites it's takes quite a sailor to steer around them all. That is not the case when browsing our usual, friendly interwebz.

I absolutely support tor and the cryptoanarchy movement, but to claim that TOR doesnt make it easier to get away with the worst kinds of internet use is a lie.

It's a trade-off: it tor would not exist, it would be hard to be trule free on the net but if it is easy to be free on the net, people will do fucked up things.

    permalink
    parent
    report
    reply

[–]runasand[S] 16 points 22 minutes ago

    but to claim that TOR doesnt make it easier to get away with the worst kinds of internet use is a lie.

There is a difference between what you do and what you can get away with. I did not claim that Tor does not make it easier to get away with things, so please don't accuse me of lying.

    permalink
    parent
    report
    reply

[–]segagaga 5 points 31 minutes ago

As a Forensic graduate, I can confirm that people search for the most illegal things, even in Internet Explorer, which logs your search terms. I did an internship with the local police force collating and cataloging evidence collected from PC's during raids, you would NOT believe the horrendous things people will search for with no privacy in mind at all.

    permalink
    parent
    report
    reply

[–]rohei 1 point 10 minutes ago

Examples? Actually, wait, I'm sure I want to know :/

    permalink
    parent
    report
    reply

[–]some_random_develope 3 points 17 minutes ago

Tor is a tool designed to protect anonymity and circumvent censorship. If Tor were designed in a way that could censor content or identify users, it would be broken by design.

Tor tries to make the software easy to use so that it is accessible to everyone. Tor has no data on the popularity of .onion sites; though it's no surprise that the most shocking content gets the most media attention.

Something to consider: if Tor did not exist, would these crimes go away? Sadly, people do fucked up things.

    permalink
    parent
    report
    reply

[–]fswmacguy 3 points 30 minutes ago

TOR is the international waters of the internet. Anything goes.

    permalink
    parent
    report
    reply

[–]cfuse 1 point 12 minutes ago

    That is easy to say, but is it really true?

In the early days of rolling out internet access and email for a company I used to work for we had a bit of a problem with email being a vector for viruses. We decided to manually vet incoming attachments - well, that turned out to be an eye opening experience for me. It rapidly went from "I hope this helps cut down on the viruses" to "JESUS FUCK! Are these really the people I'm working with!?".

The only difference between Tor and normal internet is the difficulty curve. Perverts are everywhere, but smart perverts congregate on Tor.

    permalink
    parent
    report
    reply

[–]opera-frowney 1 point 5 minutes ago

Yeah, and that means that the police only will catch the dumb drug dealers.

As I said, the world pre and past TOR is a tradeoff between freedom and control for governments, and even if it's easy to say that one side is better, it is a moral dilemma.

(Note that I am not saying that tor is bad, nor that government control is bad. All I know is that I know nothing)

    permalink
    parent
    report
    reply

[–]lumpy_walnut -15 points 56 minutes ago

It hurts me that I can only upvote this once.

    permalink
    parent
    report
    reply

[–]mikankun 8 points 1 hour ago

What are you guys planning to do in the future to address the P2P abuse? The slow speeds caused by it make Tor almost unusable.

    permalink
    report
    reply

[–]mischanix 1 point 1 minute ago

I route trackers through TOR due to some poorly implemented network filtering. I do not, however, route p2p through TOR, because I like my speeds to be countable in megabytes, not kilobits.

Could actually make it a point to blacklist exit nodes in torrent clients, but that's not the spirit of things. Alas, we're left with waiting until one infrastructure (free unblocker services, be it TOR or VPNs) can handle it or the other (the censored "free" internet) stops legislating the fuck out of it.

    permalink
    parent
    report
    reply

[–]gotbetteratlove 5 points 2 hours ago

What do you think of the JAP project / JonDos company?

(It is based on the same technology, with the main difference that Jondo gives you control over which servers handle your traffic)

    permalink
    report
    reply

[–]dClauzel 4 points 2 hours ago

What is the current status of IPv6 support in TOR ? What changes does it requiere in the routing models when it comes to preserving anonymity?

    permalink
    report
    reply

[–]runasand[S] 6 points 1 hour ago

In 2011, Nick wrote a blog post called IPv6 is the future, I hear outlining the things we need to make Tor+IPv6 happen. In December last year, Linus sent an email to the tor-dev mailing list explaining how you can configure your Tor client to connect to a Tor IPv6 bridge.

    permalink
    parent
    report
    reply

[–]some_random_develope 2 points 1 hour ago

The Tor Project tries to be as transparent as possible -- you can follow the bug tracker (https://trac.torproject.org), or specification (https://gitweb.torproject.org/torspec.git) for status on any issues, or open a ticket if an issue is not being addressed.

e.g.: https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=closed&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&description=%7Eipv6&order=priority&col=id&col=summary&col=owner&col=type&col=status&col=priority&col=milestone

or the specification: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/117-ipv6-exits.txt https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-ipv6-plan.txt

Tor's routing model (source based routing, because Tor as a client picks the path) will need to consider that the list of relays that support IPv6 will be a subset of those that support IPv4 and weigh path selection accordingly.

    permalink
    parent
    report
    reply

[–]b4df00d 3 points 2 hours ago

Thank you for your work. That is all.

    permalink
    report
    reply

[–]Nekkoru 4 points 1 hour ago

Hello, thanks for doing this AmA :) My question might be kind of vague, but how does legislation like ACTA or SOPA affect Tor?

    permalink
    report
    reply

[–]opera-frowney 2 points 21 minutes ago

I am not an expert, and not even American. But afaik at least SOPA is about controlling DNS (you write reddit.com in the browser - the browser asks a dns server "who is this reddit.com?", the DNS replies "Oh, it's my old buddy 123.456.789.101") and TOR has little to do with DNS. So none.

But what do I know! Please everyone, proove me wrong.

    permalink
    parent
    report
    reply

[–]ExecutiveChimp 1 point 9 minutes ago

That's not a valid IP address - the numbers are more than 255. Other than that, IFAIK you are correct.

    permalink
    parent
    report
    reply

[–]opera-frowney 1 point 7 minutes ago

Yup, I know. That was on purpose.

    permalink
    parent
    report
    reply

[–]gilbatron 3 points 1 hour ago

is there a way to find out which region could use more relays ?

also, is there a list of companies that let you rent a server for a TOR relay without bitching about it (and maybe even let you rent it anonymously ?)

    permalink
    report
    reply

[–]runasand[S] 3 points 39 minutes ago

    is there a way to find out which region could use more relays ?

We need more bridges and relays outside the US.

    also, is there a list of companies that let you rent a server for a TOR relay without bitching about it (and maybe even let you rent it anonymously ?)

Yes, check out the list of Tor-friendly hosting providers on our wiki.

    permalink
    parent
    report
    reply

[–]grawolf 2 points 1 hour ago*

First of all thank you very much for developing tor. I have only recently discovered it and am very happy with it.

Now for the question. Have you ever been contacted by law enforcement regarding the use of tor for illicit activities? Have they tried taking legal action to take it down.

What is the future of tor? Will we see a return to having easier access to a standalone vidalia or is it more integration into the tor browser bundle?

edit: there still is a standalone vidalia but you need to get an addon into Firefox to make it work and change proxy settings in Google chrome to make it work. Personally I could not get chrome to work but Firefox is fine.

    permalink
    report
    reply

[–]opera-frowney 1 point 10 minutes ago

There is a TOR browser bundle, that with no setup needed opens a firefox with tor. To try to configure everything yourself can be hard, if you don't have very specific needs it is most often not needed.

Unless you need to, stick with the browser bundle. It's great!

    permalink
    parent
    report
    reply

[–]runasand[S] 1 point 4 seconds ago

    Have you ever been contacted by law enforcement regarding the use of tor for illicit activities? Have they tried taking legal action to take it down.

Legal action against who in this case? A single relay operator or the Tor Project as a company? We often meet with or talk to law enforcement to explain what Tor is and is not, and what we can and cannot do to help them.

    What is the future of tor? Will we see a return to having easier access to a standalone vidalia or is it more integration into the tor browser bundle?

We are going to discontinue the standalone Vidalia eventually and focus on the Tor Browser Bundle. We are also focusing more on trainings, support, a forum etc.

    there still is a standalone vidalia but you need to get an addon into Firefox to make it work and change proxy settings in Google chrome to make it work. Personally I could not get chrome to work but Firefox is fine.

Please do not use Tor with Google Chrome :(

    permalink
    parent
    report
    reply

[–]mcstain 4 points 49 minutes ago*

What are your thoughts on the new NSA facility which is collecting huge amounts of encrypted data and aiming to crack AES encryption? How do you think this will affect the Tor project?

EDIT: Changed TOR to Tor

    permalink
    report
    reply

[–]Veract 4 points 3 hours ago

I've never used Tor, I've heard a lot about it, what is it that makes yours different from just simply browsing in Internet Explorer. Because for all I know IE is awesome...right... Anyways, how does Tor make things totally anonymous, is it like a proxy server?

    permalink
    report
    reply

[–]runasand[S] 7 points 2 hours ago

I can say a lot about how browsing with Tor is different from browsing without Tor, but I'll try to keep it short; when you are not browsing with Tor, you are allowing your ISP, anyone watching your network, and the websites you visit to learn what you are doing online, which sites you visit, what you searched for on Google, what you bought on Amazon, and so on. The article I wrote for ORGZine a few weeks ago has some more information about this.

Tor helps with a number of things, such as defending against traffic analysis, reducing your digital footprint, preventing your ISP from learning which websites you are visiting, and allowing you to access websites which have been blocked where you are currently located.

The tl;dr for how Tor anonymizes your traffic is that it wraps it in three layers of encryption and sends it through three random servers in the Tor network. The longer explanation, with detailed images, can be found on our overview page.

    permalink
    parent
    report
    reply

[–]number_1_dad -3 points 56 minutes ago

    Tor helps with a number of things, such as defending against traffic analysis, reducing your digital footprint, preventing your ISP from learning which websites you are visiting, and allowing you to access websites which have been blocked where you are currently located.

so i have heard a lot about TOR but how do i use it, also does this mean i can use tor to watch shows like dr who straight off the BBC website? or even south park straight from theirs?

    permalink
    parent
    report
    reply

[–]Formaldehyde 1 point 11 minutes ago

How do you use it? Did you even search for "Tor" on Google?

    permalink
    parent
    report
    reply

[–]DelveDeeper 4 points 3 hours ago

A couple things I've wanted to know but wasn't able to find answers to...

    Can pictures be safely uploaded to the internet using TOR, providing the pictures are 'cleaned' (meta data removed etc) can the website you upload to collect any information about you through the upload process or any information that might be added to the picture by your computer during the upload process, I was thinking about this after uploading a Twitter profile picture...

    Can virus' and malware be installed on your computer by a 3rd party while you are using TOR if you was to click on a link that is actually a virus?

I'm sure I have more and will ask when I think of them, thanks, continue the awesome work!!!

    permalink
    report
    reply

[–]runasand[S] 10 points 2 hours ago

    Can pictures be safely uploaded to the internet using TOR...

Depending on the client you are using when uploading the image, there is a chance that uploaded file's original path is exposed to the remove server. If you want to make sure that no sensitive data leaks out, upload the image from a home directory such as /home/derp or something.

    Can virus' and malware be installed on your computer by a 3rd party while you are using TOR if you was to click on a link that is actually a virus?

Tor protects you when you browse the Internet, it does not protect you from viruses in documents, software etc that you have downloaded onto your computer. I suggest you read the warning section on our website regarding opening files you have downloaded over Tor.

    permalink
    parent
    report
    reply

[–]ReddiquetteAdvisor 1 point 1 minute ago

    there is a chance that uploaded file's original path is exposed to the remote server

I'm kind of curious what you're talking about; I'm not aware of any browser that sends the full path to the server. Maybe misconception?

    permalink
    parent
    report
    reply

[–]Icouldbebatman 2 points 1 hour ago

METADATA!

The location of the file, the camera you used etc is generally stored by default and you can wipe it. But these days what is worse is that smartphones, they will GPS tag your photos with the location they were taken (as well as GPS smart cameras). Wipe it before you put it on the internet. I wrote a big blog post about it but unfortunately it was a work blog.

http://www.makeuseof.com/tag/how-to-remove-the-metadata-from-your-photos-windows-only/

    permalink
    parent
    report
    reply

[–]pauloat 1 point 1 minute ago

ID why u get downvotes.

    permalink
    parent
    report
    reply

[–]n4mu 2 points 2 hours ago

    Can virus' and malware be installed on your computer by a 3rd party while you are using TOR if you was to click on a link that is actually a virus?

Tor is not an anti-virus software as far as I know.

    permalink
    parent
    report
    reply

[–]therealcreamCHEESUS -2 points 1 hour ago

Yes it can but I would advise you to use it with privoxy as browser can and do send all sorts of information that can be used to get your computers fingerprint and be used to identify you. Browser addons, OS details and versions, screen resolution etc etc can be grabbed by a website depending on your settings. Tor makes your connection anonymous and privoxy strips out the data that can make your machine identifiable through the anonymous connection.

You still have to make sure you don't send any personal info.... the best anonymous software in the world won't help if you then log into your personal FB account.

    permalink
    parent
    report
    reply

[–]runasand[S] 4 points 1 hour ago

    Yes it can but I would advise you to use it with privoxy...

This is incorrect. We no longer ship Privoxy or Polipo as part of our bundles.

    permalink
    parent
    report
    reply

[–]some_random_develope 1 point 3 minutes ago

Tor ships a customized firefox+Tor bundle called the Tor Browser Bundle (TBB). It is designed to address the issues you mention, and ensures that you share the same anonymity profile with every other TBB user.

See the TBB design document here: https://www.torproject.org/projects/torbrowser/design/

    permalink
    parent
    report
    reply

[–]procrastinat0r 3 points 2 hours ago

1 - Is it truly annonymous? Aka is there a way to track which websites were visited?

2 - Given that the scipts are turned off (thanks for the useful button) and you don't download anything - how big of a risk is it to get infected by a virus/trojan/malware?

3 - Why is there no major google-type search engine on .onion? The community seems to be tech savvy and decent in size, think that they could make something usefull.

    permalink
    report
    reply

[–]runasand[S] 15 points 1 hour ago

    Is it truly annonymous? Aka is there a way to track which websites were visited?

We cannot guarantee that you will always be anonymous, but we do our best to make sure that this is the case. You should be using the latest Tor Browser Bundle with its default settings, and you should follow the recommendations in the warning section on our download page.

    Given that the scipts are turned off (thanks for the useful button) and you don't download anything - how big of a risk is it to get infected by a virus/trojan/malware?

Assuming you define virus/trojan/malware as something that runs on your computer; You won't be infected unless you download an unknown piece of software that you choose to run on your computer.

    Why is there no major google-type search engine on .onion? The community seems to be tech savvy and decent in size, think that they could make something usefull.

Oh there is; http://3g2upl4pq6kufc4m.onion/ is the Tor hidden service set up by DuckDuckGo (source 1, source 2).

    permalink
    parent
    report
    reply

[–]Red1123 1 point 25 minutes ago

You'll only get infected if you download something stupid, just be smart.

    permalink
    parent
    report
    reply

[–]Icouldbebatman 2 points 1 hour ago

As a security nerd and practitioner, thanks to you guys for providing this service. You've helped to overthrow oppressive governments that actively stalked their citizens on the net, how good is that? Two thumbs up.

    permalink
    report
    reply

[–]tardy4datardis 2 points 1 hour ago

My experience with tor is that you have to be pretty high brow tech savvy to get the full experience, anyway this is likely to change in the future? Allowing it to become customizable , safe yet noob friendly?

    permalink
    report
    reply

[–]flayer0 2 points 1 hour ago

Hi and thank you for a great service. there is only one thing I wondering about. that is regarding being a tor relay exit node. I did this a couple of years ago, and was promptly k-lined from numerous IRC servers since I was detected as an exit node.

Is there anything else I should worry about when it comes to being an exit node?

    permalink
    report
    reply

[–]runasand[S] 3 points 53 minutes ago

I recommend reading Tips for Running an Exit Node with Minimal Harassment. You can look for Tor-friendly hosting providers on our wiki.

    permalink
    parent
    report
    reply

[–]ivals 2 points 57 minutes ago

Thank you! You guys have done students an enormous favour by allowing us to access sites like imgur at school and other sites such as /r/atheism (where /r/christianity isn't blocked)!

    permalink
    report
    reply

[–]Zahne1977 4 points 31 minutes ago

TOR is essential in this day and age. Thank-you for sticking your necks out to keep this going.

    permalink
    report
    reply

[–]whatsuppeoplewhatsup 3 points 25 minutes ago

I just want to say thank you!

    permalink
    report
    reply

[–]CoffeeBaron 3 points 22 minutes ago

I know there has been some weaknesses concerning the exit nodes of the Tor network; is it possible to put some kind of standards in place for the exit node operators to make sure that the end nodes to the target servers are also encrypted (essentially making the trip a complete end-to-end encryption)? Or is that something that might not be 'enforceable' considering the varied networks that exit nodes are being hosted on?

I'd like to say you all have been doing a wonderful job at keeping the internet safe and the information flowing, thank you.

    permalink
    report
    reply

[–]lho 2 points 18 minutes ago

End-to-end-encryption requires the server to support TLS. This can not be forced by Tor or the exit node.

HTTPS Everywhere tries to use TLS whereever possible.

    permalink
    parent
    report
    reply

[–]cashiimo 3 points 18 minutes ago

no question either, just wanted to say thanks! because of you guys, i was the hero when my school blocked several sites from the network xD

    permalink
    report
    reply

[–]poisonborz 3 points 49 minutes ago

Tor is a truly wonderful project, but I think it's biggest problem is that (after some reading, I think) there are major downsides of operating a relay node, including the fact that by default, the operator takes all the heat for its users. While I'm sure there is legal shield in case of a charge (the operator's responsibility can be clearly lifted) this can often be only proven after a police raid, and long/costly legal procedures. Do you plan something that would convince more people to operate relays? I know TOR's system does not allow for "involuntary participation" like bittorrent, but currently it relies too much on the goodwill of a very few dedicated users.

    permalink
    report
    reply

[–]runasand[S] 3 points 12 minutes ago

The downsides you mention are true for exit relay operators, but not for bridge or non-exit relay operators.

    permalink
    parent
    report
    reply

[–]lho 1 point 14 minutes ago

If you run a node that doesn't allow exits, you should be save.

    permalink
    parent
    report
    reply

[–]whythehateman 3 points 1 hour ago

I have heard rumors that you are/were sponsored by the American Navy. Why would they sponsor you?

    permalink
    report
    reply

[–]runasand[S] 9 points 1 hour ago

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications.

    permalink
    parent
    report
    reply

[–]easternfootwear 1 point 7 minutes ago

I think the poster who you replied to framed his question poorly. Are you currently directly or indirectly sponsored by the US Navy, any other organisation affiliated to, or controlled by, state actors, or state actors themselves?

    permalink
    parent
    report
    reply

[–]Serious_username 0 points 59 minutes ago

How do you feel about Tor being used for sites such as silk road and other "dark web" activity? Was this kind of thing in your mind when developing it?

    permalink
    report
    reply

[–]lugh 2 points 2 hours ago

Not directly related to Tor, but one of your GSoC projects. Do you know if there are plans to port MAT to other platforms?

    permalink
    report
    reply

[–]runasand[S] 2 points 1 hour ago

I don't know, sorry. I suggest you email the developer or ask on IRC.

    permalink
    parent
    report
    reply

[–]CHEESY_ABORTION_FIST 2 points 1 hour ago

This is the first I have heard of Tor, sounds awesome, so my question is one that is extremely basic in nature. I can browse anything I want to online and even download things entirely anonymously? Btw I have no malicious intent I just hate knowing that everything I do online is tracked in great detail. Thanks.

    permalink
    report
    reply

[–]SgtSloth 1 point 1 hour ago

So, just downloading and using the little Tor executable/browser and using it as is, just how anonymous am I? I hear about exit nodes and this and that, and that if I really wanted to be anonymous, I would want to take other precautions and steps other than just use the simple download and run package. Or is that simply enough?

    permalink
    report
    reply

[–]runasand[S] 2 points 9 minutes ago

Make sure you are using the latest Tor Browser Bundle, do not change the default settings, and follow the recommendations in the warning section on our website. That's it.

    permalink
    parent
    report
    reply

[–]Locklinn -2 points 1 hour ago

ok technical question if im using an ip that someone used to say post cp the police could think its me and knock on my door or are ips and locations dif

    permalink
    report
    reply

[–]runasand[S] 1 point 8 minutes ago

Related to you using Tor as a client? Or you running a Tor exit relay at home and use the same IP address for your normal browsing?

    permalink
    parent
    report
    reply

[–]tordj -1 points 49 minutes ago

How secure is Tor really? Is it really impossible to trace what I am accessing?

    permalink
    report
    reply

[–]Kimmy__Gibbler 2 points 45 minutes ago

hey jacob!

    permalink
    report
    reply

[–]timepad 2 points 35 minutes ago

Thanks for all you've done in building tor, and thanks for coming here to answer our questions!

I'd like to know what your thought are on Par: Payment for Anonymous Routing (PDF)?

The abstract of this paper is:

    Despite the growth of the Internet and the increasing concern for privacy of online communications, current deployments of anonymization networks depend on a very small set of nodes that volunteer their bandwidth. We believe that the main reason is not disbelief in their ability to protect anonymity, but rather the practical limitations in bandwidth and latency that stem from limited participation. This limited participation, in turn, is due to a lack of incentives to participate. We propose providing economic incentives, which historically have worked very well.

I personally think that economic incentives are critical to solving the "tor is slow" problem, but I'd love to hear your thoughts! Are you planning on incoroporating anything like this into tor?

    permalink
    report
    reply

[–]scifiman_42 2 points 31 minutes ago

I just wanted to say thank you for you work on this project!

    permalink
    report
    reply

[–]asdfasdf4r 0 points 27 minutes ago

How do you feel about illegal activity within the TOR network?

Sites like silkroad are actually OK with me, but with TOR there is also a possible way for CP to be distributed and so on.

Also, how did you come up with the idea to create such a network? Was there an inspiring paragon for the way you made it? How long did it take?

And last but not least. How can someone create a .onion-domain within the TOR network? I looked it up once but didn't seem to find anything.

Oh so many questions. I like you guys.

    permalink
    report
    reply

[–]lho 1 point 17 minutes ago

CP can be distributed by postal mail, too.

    permalink
    parent
    report
    reply

[–]Kynaeus 2 points 22 minutes ago

I wish I knew more about the service or netsec in general so I'd have a better question to ask but I just wanted to say thanks for all the great work you're doing.

The top comment is about exit relays, maybe you could expound on that topic a little? Such as why they're important or how to set one up?

    permalink
    report
    reply

[–]RuairidhLowe 0 points 19 minutes ago

How do you feel about sites such as the Silk Road that can only be accessed using Tor?

    permalink
    report
    reply

[–]Anonazon2 1 point 15 minutes ago

How secure is SSH?

    permalink
    report
    reply

[–]Polari 2 points 14 minutes ago

Hi, keep up the great work! A really user friendly secure messaging service run through Tor on Android and potentially other mobile platforms is something I would love to see the project look into.

    permalink
    report
    reply

[–]bureq 1 point 13 minutes ago

Since tor traffic isn't encrypted, what can be done to have the exit point traffic encrypted?

    permalink
    report
    reply

[–]lho 1 point 9 minutes ago

Traffic inside the network is encrypted. Traffic from the exit node to the destination server can only be encrypted if this server supports it. Tor can do nothing about that.

    permalink
    parent
    report
    reply

[–]droberts1982 1 point 10 minutes ago

What are your thoughts on how to protect TOR users that are victim to MITM attacks by people using sslstrip on exit nodes?

    permalink
    report
    reply

[–]ether_a_gogo 2 points 9 minutes ago

I really like using TOR, but I sometime feel bad doing so. I like my anonymity on the web, but don't really need it. Given the bandwidth squeeze, I feel like that could be better used by someone else. Do you guys discourage people from using TOR for general web surfing? What's the general feeling on this?

    permalink
    report
    reply

[–]lho 1 point 7 minutes ago

No, you should be proud to use Tor. The more "normal" people use it, the better. Anonymity loves company :)

    permalink
    parent
    report
    reply

[–]bluedishwasher 0 points 8 minutes ago

How do you feel knowing that Tor is used by many as a portal to the so called "Dark web"?

    permalink
    report
    reply

[–]Osskyw 1 point 4 minutes ago

I bow to you, seriously.

    permalink
    report
    reply

[–]xSalvation 1 point 2 minutes ago

It seems like a lot of setup information about tor is outdated. I think one of the simplest improvements you can make to tor is to have a constantly updated official setup page that list and describes all of the software/settings needed to browse completely anonymously. I know tor browser bundle is pretty complete but when I look over setup information on the web it is easy to get confused about things like privoxy/torsocks/polipo. As seen previously in this thread, other people think that privoxy is necessary but you state that TBB no longer ships with it. Putting something like this on the front page of your website or somewhere very noticeable would help newbies quickly get started and not get lost in the non-user friendly documentation section of you website.

Other than that I must say that I love tor. It has helped many people bypass network restrictions at my residential high school and is know by name.

    permalink
    report
    reply

[–]parkadactyl 1 point 50 seconds ago

Have you ever been contacted by a government organization for any reason?

    permalink
    report
    reply

[–]reallydude 1 point 2 hours ago*

Thank you so much. TOR and the SilkRoad are responsible for some of the best times I've ever had. Keep up the good work guys, I really respect you for doing this.

e: Dunno why I am being downvoted. Just speaking the truth here. Tor makes SR possible and SR enables you to do with your own body as you please, without having to deal with dealers (pun unintended) directly.

    permalink
    report
    reply

[–]throwawayagin -7 points 1 hour ago

username

    permalink
    parent
    report
    reply

[–]Johnnyash 1 point 44 minutes ago

First you're all fucking genius level, good stuff.

Any plans on adapting for idevices?

    permalink
    report
    reply

[–]lho 1 point 15 minutes ago

What are idevices?

    permalink
    parent
    report
    reply

[–]hrndwg 1 point 10 minutes ago

ipods, ipads, any type of "smart" phone or device

    permalink
    parent
    report
    reply

[–]lho 2 points 8 minutes ago

Android devices are supported: https://guardianproject.info/apps/orbot/

    permalink
    parent
    report
    reply

[–]Meshuggener -1 points 26 minutes ago

How does it feel to know this is the paedophile software of choice? :|

    permalink
    report
    reply

[–]T10Terminator -8 points 49 minutes ago

What are you doing to combat the drugs and hit-men that use TOR to advertise, setup murders and drug deals?

    permalink
    report
    reply

[–]Red1123 2 points 27 minutes ago

Is that their job?

    permalink
    parent
    report
    reply


More information about the tor-talk mailing list