OnionShare Tor

Greg Newby gbnewby at pglaf.org
Fri Oct 18 09:55:54 PDT 2019


On Fri, Oct 18, 2019 at 02:54:37AM +0000, jim bell wrote:
>  
> 
>     On Thursday, October 17, 2019, 05:43:04 PM PDT, Punk <punks at tfwno.gf> wrote:  
>  
>  On Thu, 17 Oct 2019 20:16:28 +0000 (UTC)
> jim bell <jdb10987 at yahoo.com> wrote:
> 
> >> The way I see it, there are at least two ways to promote TOR.   
> >> 1.   Openly promote TOR:   "TOR is great".  "TOR is secure enough".   "We don't need an improvement to TOR".
> >> and the second is:
> >> 2.  Oppose potential improvements or augmented systems other than TOR.   List their potential problems.  Ignore their possible benefits. 
> >> I think there are clearly people who are choosing to do the second kind of promotion of TOR.
> 
> 
>  >   I think a key aspect of the tor mafia is that getting a few million dollars from the pentagon each year allows them to outcompete anybody who could challenge them. They don't even have to 'oppose' anything. Just fail to fund it.
>  That sounds quite correct.  Somebody needs to challenge them.

It seems that TOR could be as a starting point, if it were possible to validate the software before building upon it. I'm not sure it is, though.

Jim's proposal would seem to require a few important things:
1. free software (of course) that is open to inspection
2. verifiable functionality
3. trustable deployment

#1 implies the full stack, from network, to hardware, to OS, to libraries, to application. This is harder as you dig more deeply into what needs to be validated.

#2 and #3 are also hard, whether using TOR or something completely new.

Are #2 and #3 easier if we start with the TOR base software or design? With 600K+ lines of code, TOR is unwieldy to validate. The design could be a starting point.

I'll make some obvious statements that I haven't seen in this thread yet (apologies if I missed them):

Verifiable functionality means that the software, wherever it's deployed, can be trusted (to whatever extent is needed). This is challenging for any software, and more challenging when you need to worry about the entire stack including the hardware.

Trustable deployment means that we can validate the nodes in the mesh, to whatever extent is needed. This is a perpetual issue with TOR, because players can do things antithetical to the design (such as collusion or surveillance). 




More information about the cypherpunks mailing list