Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Communications Censorship Electronic Frontier Foundation Encryption Privacy Your Rights Online

How Shari Steele Plans To Take Tor Mainstream 94

blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward: At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.

"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"
This discussion has been archived. No new comments can be posted.

How Shari Steele Plans To Take Tor Mainstream

Comments Filter:
  • Great, we will have geeks getting stomped by bikers for wearing 1%ers patches.
  • For how someone uses the gun.

    But still, you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

    • I'll bet he gets maimed by one of his own munitions, then captured by guerilla forces, and has to wear an electromagnet in his chest to keep metal from entering his heart. Hopefully he learns from this and uses his knowledge for good instead of evil. You know, an ironic sort of punishment.

      • Aside from your cute reference to the plot of Ironman, this STILL HAS NOTHING TO DO WITH NETWORK SECURITY.

    • you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

      What do you have to wonder about them? They're making a profit, aren't they? And that is their job.

    • by nbauman ( 624611 )

      Selling arms to dictatorships is just one of those things we have to put up with in life.

      http://sciencenordic.com/unite... [sciencenordic.com]
      The United States arms most dictatorships
      January 1, 2012 - 07:00

      You'll have to come up with a better reason than that to shut down anonymous networks.

      Like, "Because we want to control which dictatorships get arms."

  • ...set up a Tor relay node. Easy peasy.
    • I hear that pretty much any VPN or other sort of tunneling or encrypted network traffic pretty much accomplishes the same thing. Probably just posting to discussions about this type of topic Slashdot does it too.

  • I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

    • No. I'm not saying it's not broken, I read a paper some years ago showing that Tor can be compromised by anyone owning 50% of the nodes. Using fast nodes can cut that percentage significantly. At the time there were, IIRC, 2400 total Tor nodes. So to say Tor wasn't compromised would be to say the US government didn't have the means and will to set up 1200 systems in various places as Tor nodes. I don't know how many nodes there are now but if it's not in the hundreds of thousands, I would bet my ass the who
    • by gweihir ( 88907 )

      It is not. Get your facts straight.

      • by JustNiz ( 692889 )

        I may not be totally correct about Tor but at least I'm not an arrogant dick like you.

        • by gweihir ( 88907 )

          You are clueless and shoot off your mouth and the person pointing it out is an "arrogant dick"? Are you campaigning for equal credibility for idiots and morons or what?

          • by KGIII ( 973947 )

            Gotta be honest here... You're really being the dick in this situation. Read their post again. Note the question mark? Heaven forfend, someone try to learn something when we're always telling people that if they don't know they should ask and learn. (Or just directing them to the manual.) However, in all fairness, a number of articles have made it a bit confusing and one might believe that TOR has been broken. By all accounts, it hasn't so long as you remain on the .onion domains. Exiting the network might

            • by Maritz ( 1829006 )
              Sadly the general tone of Slashdot seems to lean in that direction.
              • by KGIII ( 973947 )

                I won't argue but I will add that you're right, it's not uncommon. However, I've communicated with 'em before and they're usually not a dick. Even I'm a dick sometimes. Though, often it's my poor articulation that makes it seem like it was intentional but sometimes I'm still a dick. I suspect they were just grumpy or drunk. ;-)

          • by JustNiz ( 692889 )

            >> You are clueless and shoot off your mouth
            No, I simply asked a question.

            >> and the person pointing it out is an "arrogant dick"?
            exactly. See the way you did it, both originally and just then.

            >> Are you campaigning for equal credibility for idiots and morons or what?
            Thanks for just further confirming my assertion that you are, in fact, an arrogant dick.

    • by tlhIngan ( 30335 )

      I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

      Well, it's not Tor itself that's the problem it's poor OpSec that was the issue causing the identity of the site owner to leak out. And there's another one involving an Apache module that is configured to listen to requests from localhost by default, except that Tor dark sites do exactly that so

      • In short, get everyone to use Tor and they'll be easily identifiable as they start using Facebook, social networking, as well as e-commerce and everything else.

        I think the whole point of this exercise is to make Tor usage as widespread as possible. Right now, I'd imagine that Tor usage is an immediate red flag for further attention. But if you get millions of people using Tor for social networking, e-commerce, and other general, innocuous purposes, than it becomes just another security precaution, no more suspicious than having your phone PIN-locked.

        This is partly the reason I make it a point to use Tor on a semi-regular basis myself.

    • by AHuxley ( 892839 )
      Onion routing vs Tempora https://en.wikipedia.org/wiki/... [wikipedia.org] would show that in a nation every packet in and out can be reconciled.
      The US gov origins and fronts for funding for onion routing to help US backed NGO's, spies, freedom groups, color revolutions.
      https://pando.com/2014/07/16/t... [pando.com]
      As for the NSA, GCHQ? Why would anything the US gov created be left out of their reach? Collect it all is the mission. A lot of nations globally have given or got asked or offered to share their entire telco systems a
  • Angels are the, some times murderous, henchmen of the universal dictator. Biblical metaphors are never a good idea, except in sermons to people that welcome being preached at.
  • My problems with it. (Score:4, Interesting)

    by waspleg ( 316038 ) on Tuesday February 16, 2016 @06:42PM (#51523207) Journal

    I'm a big advocate for TOR and what they try to do but there are some big obstacles.

    * Speed sucks.
    * There are no good search engines.
    * Exit nodes are widely blocked and/or monitored.

    I saw a good BBC documentary that explains TOR in laymen's terms https://www.youtube.com/watch?v=rZhmuGVSdaY [youtube.com] if anyone is interested.

    • by Anonymous Coward

      It sounds like you haven't used it in a while. It's gotten a lot better. Tor is really fast now and while sites blocking exit nodes is a problem it's probably more important that hidden service work be improved. There are ways to get around sites that block Tor for those who actually need to access public web sites over Tor. On the other hand the people who really need to remain anonymous in order to publish content have no such ability to protect themselves adequately against attack. It's the weak spot of

    • by AmiMoJo ( 196126 )

      Speed is okay for general browsing, especially since you would normally have full ad-blocking enabled and scripts disabled. For searching, I presume you mean for hidden services because google works with Tor, and well... Maybe the reason most of those sites don't make themselves available for indexing by search engines is because they don't want to be found that way.

      As for exit node monitoring, it's really only an issue for n00bs. Maybe the Tor Browser bundle should block non-HTTPS sites by default.

  • by Voyager529 ( 1363959 ) <voyager529@y[ ]o.com ['aho' in gap]> on Tuesday February 16, 2016 @07:07PM (#51523437)

    Tor's issues with respect to going mainstream, in my opinion, are as follows:

    1.) It's complicated. Yes, it can be streamlined, which is the goal, but even if it were, it's still inherently more complicated than "not using Tor".
    2.) No need. "I'm just browsing Facebook and paying bills online...and if someone is really snooping that traffic, what difference does it make?"
    3.) Location data is convenient. As much as I hate Google tracking me, I'd much prefer knowing about restaurants near me when I'm hungry, than ones in Malaysia.
    4.) Many people's first encounters with Tor are the result of ransomware...which are usually a traumatic experience. That's not exactly great marketing.
    5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.
    6.) Even the "good guys" have questions about the utility of Tor (compromised exit nodes, honeypots, etc.)
    7.) Tricky on mobile devices.

    Honestly, I see Tor's problems having much less to do with technological problems than with sociological ones. For most people, Shari would have to establish a need for them to use Tor. I don't see her being effective in that - not because of who she is, but because of her audience.

    • by tnk1 ( 899206 ) on Tuesday February 16, 2016 @07:35PM (#51523611)

      Tor is useful when you need it and really have no better choice, but its not going to be a mass solution. There's too many things you have to get right for it to work the way it is intended and not expose you to discovery.

      And yes, it is slow. Painfully slow.

      Another thing I consider when I look at encrypted or otherwise more purposely "secure" transmission methods is that if you're using them, you're now in a group of people that is passing more "interesting" traffic. Observers may or may not be able to read what you are saying, but they're a whole lot more interested in whatever it is you are saying, if you show that you're taking more than the usual precautions with it.

      It also means that even if they can't see you, there are specific Tor .onion sites which are only a small subset of the Internet, and those sites can become infected with malware that talks back to the investigators, as it has been seen in the past. In that way, a Tor user may be more likely to get caught in the dragnet and investigated. And it doesn't have to be something like a Silk Road type of site either, although you're certainly a target if you look at one of those kind of sites.

      So, when I hear of people trying to take this sort of thing mainstream, I can totally see why you'd want to do that. It makes it less likely that you're a higher priority surveillance target just for using it.

      Unfortunately, most people have to have a good reason to be inconvenienced in this manner during normal transmission of data because they just want to send a message or look at a site and don't care who knows where they browse. We'll need something a lot more user friendly (and more secure) than Tor for that sort of adoption.

    • 5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.

      This. I've tried to use Tor several times over the last 10 years, it's always been so slow I gave up on it before getting 3-4 pages.

    • by Anonymous Coward

      1) My grandmother thought the VCR was complicated
      2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)
      3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem
      4) In my life, sadly of which too much is spent online, I have never encountered 'Tor ransomware'. But maybe this is a reality for some?
      5) My understanding of Tor is l

      • 1) My grandmother thought the VCR was complicated

        Yes, there will always be those who cannot adapt. However, the problem attempting to be solved is that there is a majority of people for whom Tor is prohibitively complicated.

        2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)

        No, it's not Hillary. I too know it makes a difference. The problem is that the perception of the implications for most people is that they are trivial. Hence, why this is a social issue as much as a technological one.

        3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem

        Yes, but Tor doesn't solve this problem. Running a Google search through Tor will show me restaurants near the exit nod

    • by AmiMoJo ( 196126 )

      I think perhaps you misunderstand the goal of Tor. It's not really aiming to be the default way people browse the web. We should concentrate on other technologies for that, like making sure everywhere uses HTTPS properly.

      Tor is ideal for low bandwidth stuff like messaging and browsing simple but important web sites. It's useful when you need to communicate privately and securely, even if it isn't always perfect. So there are two important points here:

      1. Even if it isn't always used perfectly, it still preve

    • by houghi ( 78078 )

      3.) Location data is convenient. As much as I hate Google tracking me, I'd much prefer knowing about restaurants near me when I'm hungry, than ones in Malaysia.

      When I am hungry, I can type in 'City' and get it.

      What I dislike about it is how it is NOT used to help me. Filling out an adress and they ask for a state? Whare I live we have no states.

      And looking at Google: I understand that you want me to use google.TLD, but do NOT assume that I want to see something in a certain language depending on my location

  • They need to petition large/multinational corporations like BK, MickyD, Pepsico, Walmart, etc to install tor exit nodes at all their retail locations and make available something like an all inclusive raspberry PI package with a rolling distro configured to auto-update to keep it secure. Maybe with a bitcoin full node as well. Call it a the Raspberry Freedom with the audio catch phrase "PHHHHHHHT" raspberry sound (distinctly discernible from the farting apps constituting so much of whats available for apple
  • So unrelated to the story specifically, but this is a discussion about a woman in technology who actually does stuff? She's not complaining about SJW issues; she's out there fighting the fight with us-- for us! So for once, we can relax and not have a big feminism discussion just because a woman is doing something tech-wise.

    Thank you, Shari.

  • Tor's problem is not hidden services.

    Tor's problems:
    1. Speed sucks. Since *ANY* node can be used in the pathway, your speed is limited to the upload speed of the slowest node you are using. Since you have no control by default over which nodes are used, you cannot prevent this.

    Scarily, when I was playing/using Tor, the best results came from limiting my usage to only half a dozen nodes. Never mind the goal of security here.

    The work-around: Use an IP-like system, where your stream is sent over many links, an

  • From the OP: "We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

    https://www.youtube.com/watch?... [youtube.com]

Multics is security spelled sideways.

Working...