Preconfigured hidden service

Tyler Durden camera_lumina at hotmail.com
Sun Apr 1 04:20:13 PDT 2007 

Don't know i this comment has been made this-go-round, but I have long 
argued that support for the 'clueless' is actually well within the bounds of 
Cypherpunk concern.

Of course, traditional Cypherpunk theology (a la Tim May) is that we 
shouldn't worry about the clueless. If they can't set up a Tor Client then 
fcuk 'em: If I'm not clueless then my communications can be made secure.

To this I'd offer the following argument, stated elsewhere but summarized 
here. This argument actually does not contradict the traditional cypherpunk 
dogma (if such can actually be said to exist), but acknowledges certain 
realities:

1. Although the mathematical basis of the big encryption algorithms may be 
sound (and it's been argued by the less-than-clueless that some healthy 
doubt could be cast on this claim), practical implementations can be made 
fully secure only through a vast amount of effort that encomapsses computer 
hardware, firmware, software, and the encryption algorthims themselves, not 
to mention brute-force attacks than include binoculars and tempest-like 
surveillance. Thus, any one instantiation of a Platonically secure 
encryption standard should be regarded as less-than-absolutely secure.

2. Although current implmentations may be less than completely secure, it 
seems reasonable at this point (given media information) that it is still 
possible to make a communication secure enough to eat up fairly expensive 
resources. In other words, they may have the ability to crack just about any 
single message, but it seems very doubtful that the abiliy exists to grab 
and crack EVERYTHING. In other words, increasing PGP lengths may not ensure 
security, but it most likely increases COSTS.

3. Assuming any single message is probably crackable, given enough time and 
money, it behooves the clued to reduce a message's 'risk profile' as far as 
possible. In other words, it becomes desirable to remove any easily 
detectable signs that a message is encrypted or even interesting. This 
reduces the likihood that it will be swept up and either stored (for 
cracking later) or given high-priority status through TLA networks.

3. It would seem evident from the  above that, even for the clued, it 
behooves them to accept the need to increase the volume of 
as-secure-as-possible encrypted traffic, mindful of the fact that 'easy' 
implementations may actually not be particularly secure, or not secure 
enough for use by the sufficiently clued. However, as the volume and 
encrypted strength of traffic increases, it becomes all the more difficult 
for any one message to get flagged. (I would suggest that this is the real 
problem that the TLAs are faced with in the information age: They can't keep 
up with the traffic and must do more and more prioitization at the 'edges' 
of their network, thus the whole AT&T fiasco.) Most likely, TLAs have to 
manage to several bottlenecks, another key one being the last resort 
cracking farms or messages that have resisted penetration through any other 
means. The cost per message cracked here is probably quite high for very 
secure mesages. Ideally, one would like as much possible traffic to qualify 
for this, so as to force as much edge prioritization as possible.

4. Perhaps it is needless to say, but it is probably unfair to try to pin 
usability on any one technology, such as Tor. However, as suggested below, 
the value of Tor to all users increases with increased usability and 
reasonably secure traffic. Thus, I would suggest that it is well within 
May-sian Cypherpunk orthodoxy to encourage usability for the clueless (or 
the simply busy), mindful of the limitations (and threat scenarios) that 
such usabiliy might reasonably be constrained to.

-TD

>From: Eugen Leitl <eugen at leitl.org>
>To: cypherpunks at jfet.org
>Subject: Preconfigured hidden service
>Date: Fri, 23 Mar 2007 11:17:56 +0100
>
>----- Forwarded message from JT <toruser at fastmail.fm> -----
>
>From: JT <toruser at fastmail.fm>
>Date: Fri, 23 Mar 2007 03:11:47 -0700
>To: or-talk at freehaven.net
>Subject: Preconfigured hidden service
>X-Mailer: MessagingEngine.com Webmail Interface
>Reply-To: or-talk at freehaven.net
>
>Hi,
>
>is it possible to have a preconfigured hidden service in Tor as I2P has?
>After installing I2P all a user has to do is put html files in the
>htdocs folder and he is ready to go. He can look up the URL of this
>website easily.
>
>Every noob can host a hidden eepsite. Is something like this planned for
>Tor?
>An simple, secure webserver preconfigured to only listen to 127.0.0 and
>ready to go? The average user(at least the ones I talk to) barely
>manages to set up Tor. Some people are even to computer illiterate to
>click on the onion symbol and choose "start Tor" any yet we need those
>people in the user base(more distributed trust).
>
>I know the programmer's power of the Tor project is limited (due to the
>number of programmers) and not everything can be implemented at the same
>time. And this is not a complaint. I love to participate in political
>discussions an be able to talk freely and without having to worry about
>being threatened threatened afterwards. I am very greatful for Tor. The
>technical side of Tor is already very advanced but all the attacks
>published in the last months were possible because the usability side of
>Tor is still lacking a lot. I know it is a common problem for everybody
>in the IT field to assume that the users of the IT have the same
>knowledge as the creators but this is not even remotely true. Yes smart
>project attract also smart users but what about the other 80%? What
>about the 80-20 rule? :)
>
>If Tor wants to be a hidden free internet within the internet it must
>provide a one click service to host a website like I2P.
>
>Journalists that work in Sudan, Iraq, Burma, Cuba, Russia or many, many
>other countries need something that works right away. Not every
>journalist can go to college and learn how to set up an apache server
>and configure it. A standard installation should be able to host html
>only. Tor could learn from I2P. Computer experts can then change the
>settings to host php, etc also.
>
>I think such a thing would spread like wildfire and the Tor user base
>would explode. Lots of people want to host their own sites and they
>would with a one click installation of a hidden service web server.
>
>I really wish I could help with programming and not only making
>suggestions.
>
>Long live Tor!!
>
>:)
>--
>   JT
>   toruser at fastmail.fm
>
>--
>http://www.fastmail.fm - Faster than the air-speed velocity of an
>                           unladen european swallow
>
>----- End forwarded message -----
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>______________________________________________________________
>ICBM: 48.07100, 11.36820            http://www.ativel.com
>8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>
>[demime 1.01d removed an attachment of type application/pgp-signature which 
>had a name of signature.asc]

_________________________________________________________________
Its tax season, make sure to follow these few simple tips 
http://articles.moneycentral.msn.com/Taxes/PreparationTips/PreparationTips.aspx?icid=HMMartagline

More information about the cypherpunks-legacy mailing list