Tor, the pentagon's cyberweapon

Peter Fairbrother peter at tsto.co.uk
Wed Oct 14 15:33:35 PDT 2020 

On 14/10/2020 18:22, jim bell wrote:

> Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers.   I got a quote for 500 Raspberry Pi's, at $70 each.  I included a few ideas, some old, some new:
> 
> 1.    Routers could be anywhere, but would include homes and small businesses.  Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber.      https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data.
> 
>   And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.

The problem is that a reliable cheap anonymising network for low-latency 
traffic like web traffic is basically impossible.

Tor is about as good as we can get. When I was designing m-o-o-t I 
didn't include any web anonymiser for that reason.

The problem is traffic volume and latency. If we want low-latency web 
traffic - nowadays [1] that's less than 4 seconds - we can't include 
fixed file sizes with realistic constraints on traffic.

To put some BOTE numbers on that, suppose you want to provide for 1 
million concurrent users. You have about 150 TB per month user traffic 
to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.

Ouch.

> 2.    Extensive chaff.   (which, of course, is an old idea, strangely it's not yet implemented in TOR)

Like fixed file sizes - essential for anonymity - chaff and covertraffic 
takes too much traffic, see above.

> 3.    "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node:  Their output could be monitored, but not understood as to its content, since it would look like random data.

That doesn't work - the users want to connect to any web server 
somewhere. You could enforce eg TLS but even that does not hide file sizes..

> 4.    I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations:   People  frequently talk about new ideas for anonymity networks, but how might they try them out in practice?   If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed:  You'd have to physically build a new network, along with all such associated costs, for each new routing method.  That's completely illogical.
> 
>     Should there be any limit to the number of kinds of routing done?  It's all software.   One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to

That's OK if you are doing development, but not for production - unless 
the users decide the routing, as in eg Mixmaster. But you can't (or 
shouldn't) use an anonymiser if you don't know whether it is going to work!

> TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.


I was at some of the early meetings when Roger Dingledene, Paul 
Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others 
were talking about a web anonymiser, which later became Tor.

Other people at those meetings included many if not most of the top 
anonymity researchers, and some of the top cryptographers, in the world 
at that time. Tor was not conceived as is was by accident or in 
ignorance [2], many people (including myself) thought it was about the 
best that could be done.


Roger's thought was that TOR would make mass surveillance difficult and 
it would be worth doing for that reason, even though it wouldn't prevent 
targeted attacks by major adversaries. At a set of meetings the next 
year Roger had gotten some funding, iirc from the US Navy, and Nick had 
started work on coding.

I bowed out almost immediately, Len and Lucky bowed out after a while, 
because we knew it couldn't be done securely on the user level.

After that I pretty much lost interest, though I did keep an eye on the 
project.




The problem is that it's a super Zooko's triangle - you simply can't get 
reliably anonymous, low-latency and cheap anonymous web traffic.

You probably can't even get reliably anonymous and low-latency, at any 
price.



Peter Fairbrother



[1] Acceptable low latencies vary according to use and user expectations 
- fifteen years ago people would wait 20 seconds or more for a web page 
to load, nowadays they lose interest at 4 seconds. Actually maybe less 
now, that figure is several years old. And for interactive speech or 
video latencies should be subsecond.

[2] or with evil intent, at least from Roger and Nick.

I don't think Paul had any evil intent either, but he was USN and is 
therefore suspect. It's like my friend from GCHQ - we are friends and we 
were sort-of colleagues until I retired, but it's a bit like having a 
policeman live next door - even when you have done no wrong you are 
always aware that he is a policeman.


One curiousity, the .onion part of the TOR infrastructure was largely 
driven by Paul.

More information about the cypherpunks mailing list