Serious question for people that are familiar with Tor: given that we've already seen people get arrested for simply running an exit node, have features like hidden services made it any safer for someone that agrees with tor's purpose (providing a less restricted end point to people that are censored by their governments) to keep an exit node running?
It seems to me that arresting an exit node's maintainer for child porn serves to have a real chilling effect on the system. As much as I'd like to provide, say, a dissident with a means to voice their opinion, it's not going to help when the cops cart away the exit note and haul me off to jail.
I guess what I'm thinking is that hidden tor services sort of 'close the gap' when it comes to problems like I describe above, since conceivably a political dissident could post to a hidden service (never appearing on the Internet at large) and have something of an intermediary in a country with greater freedom post it for them?
I am one of the persons behind https://www.torservers.net/ , a collective of non-profit organizations that run Tor exit relays thanks to your donations. :) I am not aware of any "arrests" anywhere, although some exit relay operators have been raided and their equipment seized in the past. I understand this might scare away some people from running exit relays. You can still contribute to the network by running non-exit relays.
Hidden Services use only the internal network and don't rely on exit relays at all. All communication is end-to-end encrypted, so all relays will only ever see encrypted content.
If you have less than a couple of Mbit/s of upload capacity, you might want to run a bridge. Bridges are especially useful for people in heavily censored regions, and only provide an entry point to the Tor network.
Exit node operator here, had to login to address your comment.
One of the bigger advantages of a hidden service is that you can't be sure who's hosting it and where. They're great for hosting websites but do nothing for allowing access to other services. If you're worried about trouble from running an exit node you could contribute by running a relay or a hidden bridge which would be way more useful than a hidden service.
I've actually been contacted by the Michigan State Police in a child porn investigation and after explaining that I run a TOR exit node and have no ability to help in their investigation the officer I talked to was quite pleasant. I've heard nothing about it since then.
There are several news outlets that run hidden services for whistle blowers and people in danger or unable to speak openly so your idea isn't without merit but it does require pre-planning to be of any use. If you've got no way to communicate the existence of your service to people before they need it, it'll be of little use.
I've talked to someone who runs an exit node. They not only have avoided hassle, but they run it via Amazon, which is supposedly against ToS. No issues so far.
Also, if people would like to help Tor but are afraid of running an exit node, Noisebridge (a hackerspace) runs a fucking giant exit node. Donating time or money to them would help.
Exit relays can be run on AWS, but it's a waste of money. You'd be better off with an inexpensive VPS from a Tor-friendly provider. Donations of any amount can also be sent to TorServers.net.
I'm running an exit for $5/month on DigitalOcean that blows through its 1TB of transfer in ~3 days. I've received one complaint about it (due to someone emailing their abuse address) and their support gave me no trouble when I explained what was happening.
Someone managing an exit node is effectively running an ISP - presumably in the USA they get protection under safe-harbour provisions like those of the DMCA (17 USC 512).
Aren't there also safe-harbour provisions for transmission of lewd/indecent content and for trademarks, libels and such?
Of course there being legitimacy of your actions in statute [if indeed that's the case] wouldn't mean you don't get hauled off to jail.
No exit node operator has ever been taken to court over something like this. The police eventually realize their mistake, realize the Tor node is of no help to their investigation, and move on.
As more law enforcement become literate in technology and become aware of what Tor is, this will happen less than the vanishingly improbable rate that it happens now, until it never happens at all.
As far as I know arrests or searches only happened for people who ran exit node on their home connection. Running exits on hosting services puts you into a different category for the police, namely good guy to ask for traces instead of bad guy to bust.
Exit nodes are not necessary to connect to hidden services, regular relays are used for that who do not know where the data comes from, or where it goes to. The hidden services exist within the tor network, thus no exit is needed.
I tried to actually use tor for my browsing back when snowden leaked and schneier implored us all to. But I found the browser really too restricted to be useful. I understand that plugins can go around the browser config etc, but there has to be a better way...
The project I want to see is running the tor router in zerovm in docker, and running a full browser and all plugins in a child docker in such a way that it is fully fire walled and can only communicate via the tor container, with vnc screen scraping etc.
And set up so the browser container can be launched in persistent mode to make changes eg browser plugins, but normally runs with aufs on a ram disk so it never touches disk and is completely lost when closed.
"A dedicated hardware device which forces all internet traffic to be sent over the Tor network. This significantly increases the odds of using Tor effectively, and reduces the potential to make fatal mistakes. "
https://github.com/grugq/portal
Instead of just having your ISP able to sniff or MITM your web traffic, now you may have some random exit node operator doing the same - likely with more malicious intent than your Internet provider.
People who use Tor seriously usually also use a VPN service, and disable cookies, java, or any other client-side means of tracking you. They will also run TOR via a local virtual machine that they created on the fly.
While the exit node will be able to sniff the users, it won't be able to link it back unless the user gives up some information. ISPs can link back every time, regardless of behavior.
The FBI busted a child-porno ring on Tor using only an iframe and some javascript. They were able to take control at the data center the site was hosted, and then trace back to the ISPs for the Tor users who didn't disable java.
Java is not allowed on Tor Browser Bundle and shouldn't be allowed in a browser, ever. (And probably in general if you care about security.)
JavaScript in general should not be that dangerous - however, there was a 0-day bug in Firefox, that Tor Browser used, that leaked the IP anyway, and NSA used that 0-day.
In general - at least in my opinion - JavaScript is much lower on the "dangerous" list than Java, but yeah, still can leak something.
The best way is probably to just use Tails - a linux distro made to be secure from the start.
I meant javascript - my bad. The bug in Javascript was that it identified the MAC address, right? Javascript can still track client info if I'm not mistaken.
What do you mean by using Tor and a VPN service? Do you mean accessing Tor through the VPN? Or accessing the VPN through Tor? It seems like using Tor is a waste of time if you then go ahead and authenticate yourself somewhere. Or is this just in the context of trying to break out of a restricted environment? (rather than looking for anonymity)
Good question, I have been wondering the same for a while.
I have read somewhere the point is that one is anonymity provider, other - encryption to hide from your ISP.
If you think about it, you'd be using Tor to connect to either public or roll your own VPN. The issue with using Tor is that all exit nodes are (probably) monitored. Some websites even refuse to serve you, as they have a list of exit nodes. Use of public VPNs is easier, as semi-officially they track you, hence they can be trusted by websites. Your best option is use Tor & custom VPN with a clean IP address. Trouble here is leaving payment data and you'd still probably would trigger some alarms by connecting from a registered Tor exit node...
I meant using a VPN through TOR, between the client and the VPN service. This prevents the TOR chain from sniffing, at the cost of the VPN service potentially seeing your client.
For web browsing, the bundle is the definitive, closest-to-actually-being-secure way to do it. Tor's FAQ explicitly calls what you're doing "a really bad idea." I'm too lazy to write down all the ways it is a bad idea, but I'll just summarize it to say that you can't make Chrome always use the proxy, and it's still possible in various ways for a site to induce Chrome to give up information about you.
An HTTP proxy won't proxy DNS lookups. If you're using SOCKS4a/5 proxying, Firefox will use it IF you set network.proxy.socks_remote_dns=true, on Chrome it'll work if you use socks5 but the dns prefetch will bypass it and expose you. On Firefox, plugins and extensions can bypass the proxy. I don't know specifically about Chrome, but I experimented with it and when playing around with strict firewall egress filtering and restrictive apparmor profile, using the embedded Flash would just up and crash the browser.
It's not a good idea. If you want to use the web on Tor, use the browser bundle.
And that's what the TOR browser bundle does. And that's why it is locked down and disables all plugins etc.
The point of hosting in docker in docker is to firewall the browser so it can't talk to anyone else, and to add extra layers of protection - however flimsy - against any eventual targeted compromise.
Uhh...I don't think the organisations have been announced yet. This just means that they will be applying for GSoC 2014, not that they are selected. :)
Truth is, Google doesn't care what open source project you want to make into GSoC, as long as someone likes your proposal, the project will get the $$ it needs :) Note Mercurial didn't make it to GSoC officially this year (probably have to go under PSF's name) - so even popular OSS doesn't automatically becomes a GSoC participant.
Tor wasn't just sponsored by the Navy, it was "originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory." https://www.torproject.org/about/overview.html.en
When a company is recruited into a program like Prism, that doesn't necessarily happen through the CEO. Certainly, the company doesn't announce such a deal at an all-hands meeting, and omits it from their financial and regulatory filings.
The vast majority of a company's employees might be legitimately offended at the suggestion they are collaborating in such a program.
And yet, such a company can lose their customers and reputation, and may deserve that fate. It's a form of corruption. It's a hazard for customers. Those companies listed as participating in Prism have to bear the responsibility, whether or not most of the employees and even most of the company leadership can correctly claim to be victims.
It seems to me that arresting an exit node's maintainer for child porn serves to have a real chilling effect on the system. As much as I'd like to provide, say, a dissident with a means to voice their opinion, it's not going to help when the cops cart away the exit note and haul me off to jail.
I guess what I'm thinking is that hidden tor services sort of 'close the gap' when it comes to problems like I describe above, since conceivably a political dissident could post to a hidden service (never appearing on the Internet at large) and have something of an intermediary in a country with greater freedom post it for them?