Eugen Leitl wrote:

On Fri, Dec 15, 2006 at 06:43:55AM -0500, Tyler Durden wrote:

...

OK, more dumb questions about hiding a Tor node.

Not dumb at all, it's just the Tor designers went for a public approach. However, as persecution seems to have started tightening thumbscrews on Tor operators, a slide into illegality (and a redesign towards more resilience) might be soon required. Of course, that's the whole idea behind harassing Tor operators -- move them into a dark niche, where they will be insigificant as providers of anonymity for the masses.

The criminals already have their zombie networks, and with even some superficial mixing finding a head in a global 100 kNode cloud is practically impossible. And I very much doubt anyone is seriously looking at all. Now anything that might disrupt installation of the Panopticon is another matter entirely. It's pretty obvious that a Second Great Depression is at the doors, and the democracy is failing, so I'm guessing the powers that be are preparing to intercept and quash the Internet as a grassroot signalling layer for protesters (something like in France, only not just immigrants, and on a vastly larger scale).

...

Even though the current list of Tor node IP addresses is basically public, I'm not 100% convinced it woul have to be.

The client builds the circuit, so it has to know the entire list of the nodes. The Tor server doesn't have any say in that matter, and that's actually good because you can operate a Tor network with a high fraction of Mallory nodes more or less safely.

...

Well, exit and entry nodes perhaps have to be public, but what about nodes inside the cloud? OK, anything sent to one of those nodes by an edge node has to use a unencrypted IP address on the packet header, right? BUT, the same machines that house the Tor nodes could (and probably do, right?) house other services as well...a packet sent to the Tor node has to be sent to the right socket and layer 4 service. Right? And THAT can be encrypted, and probably already is by Tor nodes. (Now remember I'm not a datacom guy...)

If the list of interior Tor nodes is encrypted and only machine-readable by other Tor nodes, AND if we have a few additional services residing on the

I would be very surprised to learn that no TLAs are running nodes, or at least tap nodes (when you run a colo, you don't have a lot of control about physical security, so you have no idea whether there's a rootkit after it comes up after a yet another "outage").

...

same machines as the Tor nodess, then a packet sent to a machine housing a Tor node may or may not actually be going to a Tor node.

A much better idea is to make Tor a payload for a worm vector. I would be very surprised if spammers wouldn't start building their private Tor networks on zombies for control traffic, should persecution begin in earnest. These IRC bots and channels are awfully public, and a couple of trampolines is not sufficient number of indirection layers by far.

...

If the operators of that machine are also unaware of the precise service-bundle existing on the machine (not unreasonable as long as someone is paying them for the consumed bandwidth) AND if packets destined for that machine can reasonably be said to be accessing a non-TOR service AND if the IP address list of interior TOR nodes is encrypted, is the Tor node now disguised? Seems to me it would be difficult for some authorities to track down the location of some Tor nodes.

The best Tor node operator is the one who doesn't even know he's one. A network of million zombies where two new arise for one stricken down is effectively unkillable.

Btw, there's a Tor package for OpenWRT -- I have not verified it's working as adverized however -- the hardware *is* a bit tight. It would a perfect disposable node, meshable, and with no wires to trace.

...

Or am I missing something? Like I said, I'm no datacom guy, but hiding a Tor node deosn't seem impossible to me.

You'd need a redesign where servers with only partical network knowledge can randomly redirect packets, while still unable to gnaw off all the onion layers. Topologically, routing in random high-N spaces is not difficult. However, the network better be of considerable size. Enter the worm.

No, enter the "make a buck". The former approach will clog the Internet, the latter will make it thrive. Cheers, ---Venkat.

coderman wrote:

see http://tor.eff.org/svn/trunk/doc/design-paper/blocking.pdf

Excellent paper, I've not read it in detail yet, but I do have a comment about this from the paper:

Fifth, Tor is sustainable. Zero-Knowledge Systems offered the commercial but now defunct Freedom Network [2], a design with security comparable to Tors, but its funding model relied on collecting money from users to pay relay operators. Modern commercial proxy systems similarly need to keep collecting money to support their infrastructure. On the other hand, Tor has built a selfsustaining community of volunteers who donate their time and resources. This community trust is rooted in Tors open design: we tell the world exactly how Tor works, and we provide all the source code. Users can decide for themselves, or pay any security expert to decide, whether it is safe to use. Further, Tors modularity as described above, along with its open license, mean that its impact will continue to grow.

I think that this is Tor's strong point, but there is nothing from preventing an open source system from also allowing node operators to recover their cost of operation and to make a profit. The insight I wish to convey is that each node can operate its own currency - denominated in what it provides - i.e. *bandwidth* as a currency, and it is free to set its own price and what it will trade that bandwidth for. Paid bandwidth might, for example enjoy a better QoS, than that enjoyed by leaches. Other nodes might specialize in currencies denominated in gold or peanuts... A peanut farmer that operates a node denominated in peanuts, for example, could sell peanut futures - tonnes of peanuts for delivery in June 2007, for example. He could use the proceeds of sale to finance the purchase of equipment (tractors, fertilizer) now in terms of a currency that he can issue - i.e. peanuts for delivery at a given date... this solves the micro credit problem, creates a Universal Trading Platform, makes that trading avoid trade barriers imposed by zealots and creates a free Internet. How to make money in this system is not by the creator of the code "licensing" it out (unlike the Freedom network by ZKS), but by operating nodes and performing useful economic activity - be it providing bandwidth, peanuts or another item of trade. Any such system can be built to interface with existing systems. Open source patches can be written to provide a trading interface with existing protocols, such as SMTP - a Qmail patch would be easily achieved for example. Wallets could be written to integrate into existing applications - such as into an email client like Mozilla Thunderbird. If combined with Mixmaster or Mixminon code, you would achieve spam secure untraceable email. I will leave the tor example to your imagination. By integrating a robust network that is impervious to censorship with the possibility of open trade that is impervious to diktat from bureaucrats, we might yet avoid Armageddon caused by the impending inevitable collapse of ponzi fiat currencies**. "When goods don't cross borders, armies will." Frederic Bastiat http://www.lewrockwell.com/rockwell/bastiat.html Cheers, ---Venkat. ** This is exactly what current foreign policy is directly aimed at achieving. By *forcing* Iran to not have access to USD (and laughably, e-gold), inevitably they will use Euros or "whatever" to trade. Naturally, as value shifts to Euro and artificially raises its purchasing power, it will strangle European producers, raise the cost of goods in USA and create the tensions necessary to incite the West into war. -------------------------------------------------------------------- From: http://www.lewrockwell.com/rockwell/bastiat.html The typical political dissident in China wants more contact with the outside world, more economic opportunity that trade brings. Commerce opens up societies and gives the powerless greater opportunities to have control over their destinies. Besides, if it were possible to use embargoes and sanctions to shape up foreign countries, Cuba and North Korea would have become paradises of human rights long ago. Bastiat had a radical goal. In addition to the protection of private property, he wanted the "the abolition of war, or rather (what amounts to the same thing), the fostering of the spirit of peace in public opinion, which decides the question of war or peace. War is always the greatest of the upheavals that a people can suffer in its industry, the conduct of its business, the investment of its capital, and even its tastes." --------------------------------------------------------------------