Tor Project Board Member is CEO of Company Selling Capability for Attribution(blog.torproject.org) |
Tor Project Board Member is CEO of Company Selling Capability for Attribution(blog.torproject.org) |
In short, they claim that:
- The "PCAP" data, email addresses, etc that they sell comes from them running malware samples on their own infrastructure. It's not based on captured Internet data.
- The web page addresses etc that they sell are the results of automated vulnerability scans and honeypots, not captured Internet data.
- The netflow data they sell is captured from real ISP traffic, but it is a small sample (only 1 in 10,000 netflows is captured), and it can't identify individual websites if they use a CDN or shared hosting infrastructure (which most websites do).
I have no clue how true these claims are, but those are the claims.
Looks like he was going to get fired anyway.
The Motherboard piece mentioned is: https://www.vice.com/en/article/y3pnkw/us-military-bought-ma...
It isn't, in and of itself a reason for suspicion on the level implied, nor would I argue above and beyond baseline healthy suspicion in anything.
That doesn't matter at all. Tor is not proposing to accomplish the same thing the internet does. If we are to take Tor at its word, it is proposing the exact opposite of what is in the interest of government and law enforcement.
But seriously, the exit node issue is a real sore thumb.
That it's hard to get enough volunteer capacity, that exit node operators can sometimes get in trouble for things users did, that attackers can run exit nodes in order to look at traffic content, that attackers can run undisclosed families of relays in order to perform some traffic correlation attacks when a circuit uses multiple relays controlled by the same party, or that some sites may block or CAPTCHA exit nodes?
The internet isn't one piece of software you knowingly install on your system. The internet isn't promising anonymity. Likewise to Tor, I wouldn't install a radar scanner in my car if I knew the company was owned by the U.S. Marshal Service given the kind of incentives that exist for them to take advantage.
https://www.vice.com/en/article/y3pnkw/us-military-bought-ma...
Didn't google deprecate/stop prioritizing AMP? so why are they still using it?
Is it because Its an opportunity to track users so use it as longer as possible?
The current TOR Board scenario is akin to having a known child-abusing relative babysit your own kid, catching them inexplicably sitting with the kid alone in a darkened room in a state of undress, then saying:
"Well, this is strange.. but we can't prove you were planning anything malicious this time around. As you were, mate!"
Sometimes a harsh response is warranted to preserve integrity of that which is important. This is one of those times.
My confidence in TOR was already kind of low, now how can I trust and be assured the lack of firm response isn't due to integrity already being compromised and no longer the main priority?
The public trust in TOR is EVERYTHING the project has*.
* had
Ask yourself how the hyperbole you engage in leads to "curious conversation", how you're "assuming good faith", and how you're "eschewing flamebait". Because TFA seems to invoke curious conversation and good faith and your hyperbolic analogies just seem like ideological-battle oriented flamebait.
> Sometimes a harsh response is warranted to preserve integrity of that which is important. This is one of those times.
I'm pretty sure this is explicitly against "Please don't use Hacker News for political or ideological battle. It tramples curiosity."
P.S. As a long time HN reader/user, these hyperbolic flamebait comments in the service of political ends are exactly the kinds of comments that I find degrade this site the most. When people complain about this site turning into Reddit, it's these kinds of comments I think about.
Your claim that they've violated HN guidelines is misplaced, at best.
Who's side are you on? Are you defending the guy with conflicting interests who is on the board and simultaneously selling a tor removal kit?
I agree.
You know, the same thing they did to Assange. I wonder how that's going. https://www.wsws.org/en/articles/2021/06/28/assa-j28.html
>Key witness against Assange admits to lying in exchange for US immunity
Oh yeah.
But hey, we might have destroyed one of the crown jewels of free software because the CIA played SJWs like a fiddle but at least we're good people: https://www.youtube.com/watch?v=O4hh1YhDfbA
Not everything is a shadowy government conspiracy. Most often, people behave despicably just by themselves. Particularly the arrogant, domineering egotists - such as the two you mentioned.
The problem is difficult because what I2P is doing is essentially the correct approach in this area. Designing an "anonymous" network around accessing an inherently non-anonymous network with a handful of dominant sites is how you run into limitations like needing exit nodes. Yet most people keep insisting upon Tor, as if it's a good idea for the "dark web" to be effectively a single application with an inherent flaw it may never overcome.
By having a browser ship with Tor, yes. The rest of Tor is hardly less complicated than running I2P. And I'm not saying that I2P needs to be as popular as Tor. If I2P never gets to having a competitor to the Tor Browser, it will always remain in minority use. That doesn't mean people shouldn't be aware of it or consider it as an alternative for their own use.
> combined with the network effect of Tor Hidden Services
I'm not sure what you mean by that. I2P is almost entirely focused around hidden services, and those services more or less work the same way for the end user with the added bonus that there's a loose sort of "DNS" that creates human readable URLs for services. How does Tor's services have more of a network effect than those on I2P?
> means that more people think of Tor as the "dark web" and more people will use Tor.
Yes. That also isn't anywhere near an ideal knowledge level these users should have. It's not the problem of I2P or even the responsibility of Tor per se that people think this way.
Someone who is reading this very comment and thinks that Tor is the end-all-be-all of the dark web and isn't privy to its origins should think twice before relying on it, because they clearly don't understand the tool that they are using. They probably shouldn't be doing anything remotely "private" or "anonymous" on the internet if all they know is that Tor is the magic thing they install to hide the naughty things they do.
I think people here are misunderstanding me. I'm not saying to never use Tor under any circumstance. I'm telling people to think before they use a tool with known flaws and an interesting origin story. There's nothing unreasonable about this.
>>Sigurdur “Siggi” Thordarson, a convicted criminal from Iceland, has admitted that the main allegations he made against Julian Assange, which form a central component of the US indictment against the WikiLeaks founder, were lies proffered in exchange for immunity from American prosecution.
I guess clicking was too hard.
It literally was a government conspiracy. If that hadn't worked they would have planted some child porn on both of them. And if that didn't they'd have done an Epstein.
It is always hilarious seeing people with a Che shirt defending the CIA.
From my reading, they didn't claim to take either side nor comment on the article in question, but made a meta-comment. Which is okay to do.
Tor's tech doesn't create the network effect, it's just that the network effect exists for various reasons. Facebook is on Tor, for example, but it's not on I2P. This notoriety means a beginner to the private net will be more likely to reach for Tor than I2P.
> That doesn't mean people shouldn't be aware of it or consider it as an alternative for their own use.
To some extent I do think the Tor project has spent more resources on trying to make Tor usable for folks who aren't just power users, but I2P has also had a fraction of the resourcing that Tor has. It's a sort of "worse is better" here. It might also be the case that the pool of users interested in the anonymous net is small enough that there's just not enough room for a lot of competitors. I'm not sure and the nature of these networks make it hard to draw any ideas about their size/shape.
> I think people here are misunderstanding me. I'm not saying to never use Tor under any circumstance. I'm telling people to think before they use a tool with known flaws and an interesting origin story. There's nothing unreasonable about this.
This is mostly tone I think. I agree with what you're saying. I also think Tor, for better or for worse, has a lot of somewhat rabid fans. But yeah if I wanted to run a net service that I only wanted accessed anonymously, I'd probably use I2P.
One counter argument to the gp might be something like: this is exactly the kind of expertise The Tor Project should want to consult.