Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Programming
Tor: Freedom for whom?
Share
Print
CommentsProponents of Tor recommend reading renowned security expert Bruce Schneier's article on the value of privacy. Schneier makes a compelling argument in favour of the value of privacy. But use of Tor isn't just about privacy.
There are, fundamentally, two forms of freedom. There is the freedom "to," and the freedom "from." There is also the balance of freedoms: how one person's freedoms affect another's. Services like Tor address both the freedom "to" and the freedom "from," but deprive others of both freedom "to" and freedom "from."
Tor works by routing a user's Internet connection through a long and wholly undocumented and unlogged list of participating hosts. Theoretically, it is impossible to trace a connection back to its origin through this system. With the lack of logging, the only practical way is to monitor participating hosts and try and figure out who is doing what. The result is that anyone who uses Tor is anonymous to anyone whose services he is using. This provides the Tor user the freedom to privacy, and complete freedom from being identified.
This also takes away service providers' freedom to monitor access, and the freedom from abuse.
Bruce Schneier's argument, as twisted by Tor users, would appear to be that it is not a provider's right to know who is using its services. Tor users worry that providers are in a position of power, and power corrupts. The logic employed -- that if a provider knows who is using its services it will use that information for nefarious purposes -- is no more sensible than assuming that someone who is using a privacy service like Tor is necessarily doing so to facilitate trouble-making.
My fundamental problem with Tor is connected to my experience as an IRC operator. On IRC networks, Tor prevents freedom from abuse. If a hundred people use Tor, and one of them abuses his privileges on a provider's network, the only alternative for a provider (other than allowing the abuse to continue) is to block all 100 users, because there is no way to differentiate among them. Because blocking large groups of users often is not a practical solution, that one problematic user can continue being a problem without any limitations.
Privacy vs. freedom
Schneier states that the debate is wrongfully categorised as a debate between privacy and security. I agree -- it is not privacy versus security, it is privacy versus freedom. When one person's privacy restricts someone else's freedom, we have a problem.
In the real world, every country has a legal system with a set of rules by which everyone must live. If someone breaks one of those rules, a police force and judicial system exists to prevent them from continuing to do so. In some cases, the rules are unjust, but generally, rules are designed to protect the freedoms of others. Take the police force and judicial system out of the equation, and you end up with anarchy.
That's what Tor brings to the Internet. If everyone on the Internet used Tor, and no one could figure out where anyone was coming from anymore, the Internet would be a complete anarchy, even though most people would still attempt to continue their normal, honest behavior.
While IP-address-based restrictions may not be an ideal solution for managing services on the Internet, it is the best currently available. Tor in effect removes this system from the Internet.
Prior to Tor, similar problems existed through open proxies and hacked accounts, but these can be blocked, because there is no such thing as a legitimate user coming through these means.
Please understand, I'm not against the concept of privacy. What I am against is the concept of total anonymity. I would not object to Tor, or any other anonymising service, if it provided a way of uniquely identifying users. I don't care if connections can be traced back to actual end users, just that they can be managed separately. But making end users identifiable is contrary to the stated objectives of Tor.
Are there practical solutions? Yes. The simplest solution would be to require registration of Tor users, and have service providers implement a system to check users' registration status. Though it wouldn't eliminate problems, it could reduce them and make them more manageable. Unfortunately, it would remove the very anonymity Tor seeks to create.
Is there a way to balance the privacy of users with the propensity for bad apples to destroy the crop? If so, what is it?
Comments
on Tor: Freedom for whom?Note: Comments are owned by the poster. We are not responsible for their content.
What the author says is simply: "it's nice you want to be anonymous but I want to know your personalities anyway".
So in fact, he does _not_ "have a problem with Tor". He is against. Just against - and somehow is afraid to state that clearly.
What he really says is "O.K., let's make some fake anonimity for lamers but the uebergeeks like me should have the data anyway".
He tries to ignore the fact that you can have only: anonymity - or not. So he talks about some "changes" in Tor which would make this product completely ineffective and unnecessary.
I don't know why he's doing these acrobatics. He's not really sure I guess - he just feels disturbed losing some of his power of a web/IRC operator.
And he is lobbying here.
Well, privately I don't have a clear opinion here - but I don't write articles about it.<nobr> <wbr></nobr>:)
What I know is - if you are against try ban etc. Tor before it gets really popular.<nobr> <wbr></nobr>:P
But I guess that especially in many countries Tor may be an only way to get a freedom - freedom to speak and learn.
There seems to be no shortage nowadays of people willing to explain at tedious length why it is perfectly OK for the government to take away our freedoms. Usually, they just trot out the old "if you've done nothing wrong, you have nothing to hide" mantra - crude, but effective, because it can be conveyed in less than 10 seconds, whereas the rebuttal requires reasoned explanation. In a country with high schools that don't teach people how to think, that's a winning strategy.
This article's attack on freedom is a little more subtle. The essence is this:
My fundamental problem with Tor is connected to my experience as an IRC operator. On IRC networks, Tor prevents freedom from abuse....While IP-address-based restrictions may not be an ideal solution for managing services on the Internet, it is the best currently available.
In other words, he wants to be able to use his power as an IRC operator to block people whom he decides are "abusing" the facility. He's not concerned about anyone's freedom, he's concerned about the operator's loss of power.
The obvious problem with that argument is that he really doesn't have the power even without Tor. Most internet users have dynamic IP addresses from their ISP anyway. Sure, if the abuse is really bad, he may be able to get the ISP to terminate the user's account, but I doubt that is easy.
The other problem with the argument is that by operating a slightly different kind of service, he can achieve "freedom from abuse" anyway. There are IRC communities that want the operator to be able to block abusive people, and who share the operator's standards. They can still have that. All it takes is a "login" requirement - a username and password, given only to users who supply a verifiable email address within the domain of their ISP.
I've heard it mentioned before that first amendment rights protect freedom of speech, but they do not require others to give you a soap box. I think that is really what the IRC issue is about. However, pushing registration out to Tor is taking things too far, IMHO -- if you want control of your own server, either ban Tor altogether, or *do the registration yourself*. It's not Tor's job to track and ID your users for you, nor to help you administer access to your server. If you want to wield more power, you are perfectly capable of redesigning your own services to cope.
Examples include:
- Muting all non-authenticated users, so that they can watch conversations, but not participate. This essentially forces them through your registration process.
- Not allowing non-authenticated users to change their name (to prevent<nobr> <wbr></nobr>/nick spamming).
- Throttling the rate at which non-authenticated users may<nobr> <wbr></nobr>/join rooms.
- Otherwise restricting the flow of non-authenticated users, in order to make the service somewhat useful for legitimate anonymous types, but near impossible to use for abusers.
People have flaws in their definition of freedom
Posted by: Anonymous Coward on June 24, 2006 10:15 PMThe freedoms granted be the Bill of Rights in the American Constitution are not Good Things. They are Bad Things that are protected by our highest laws, because not having them would be worse. Freedom is, and always will be, dangerous stuff.
Geek Unorthodox
I'd replace that last sentence by:
The Bill of Rights tried to protect the freedoms "We the People" used to have.
I don't worry if this user creates his own blog to post obscenities, or writes on a blog where such behaviour is allowed, but I don't want such kind of BS on my blog.
The problem is not anonymity, I don't want to get real identity of him. The problem is I can not ban just one user if it is a Tor user.
Tor developers should create a solution for this problem. If not, system administrators will ban all Tor IPs endly, and Tor will not be useful for anybody.
The problem is, we don't have good comprehensive methods to do this. Something like<nobr> <wbr></nobr>.Net's passport would have been awesome, or better yet, Sun's system they've been working on.
To sum it up: innocent age of internet is long over. Get used to the fact that as soon as you serve services that allow "anonymous" abuse - you'll be hit by it. All services with the potential to be abused should be available only to registered users PERIOD. Blaming Tor is not going to help.
I do use Tor occasionally and I must say that using it all the time is painful due to drop in speed, but I do use it and consider it to be a good thing. I am a sysadmin myself and I'm well aware of all the dangers that anonymity brings but you agreed to them running your services wide open, so learn to live with it or fix your services - Tor does nothing wrong or illegal.
Tor users worry that providers are in a position of power, and power corrupts. The logic employed -- that if a provider knows who is using its services it will use that information for nefarious purposes -- is no more sensible than assuming that someone who is using a privacy service like Tor is necessarily doing so to facilitate trouble-making.
Do you know the company of AT&T and the lawsuit issued by the EFF against them? It's about wiretapping and abuse of power, going even as far as making personal data of their customers their property. So, it's not privacy vs. security, but privacy for security.
http://www.eff.org/news/archives/2006_06.php#0047<nobr>5<wbr></nobr> 0>
http://www.boingboing.net/2006/06/21/att_retrofit<nobr>s<wbr></nobr> _privac.html>
it is not privacy versus security, it is privacy versus freedom. When one person's privacy restricts someone else's freedom, we have a problem.
You are mixing things up: Privacy itself is a freedom, so you say: "when one freedom restricts someone else's freedom, we have a problem." That is correct, just as we have mechanisms to balance these freedoms. As some other readers have mentioned, you can make people register before talking or writing, so they can decide whether to give up their anonymity and switching to pseudonymity, if they want to contribute.
> Take the police force and judicial system out of
> the equation, and you end up with anarchy.
><nobr> <wbr></nobr>... and? Is this a bad thing?<nobr> <wbr></nobr>:)
If you meant "in a complete mess", then write "in a complete mess", not "anarchy".
This is quite different<nobr> <wbr></nobr>:) (just strike out the stupid definition for anarchy, from the dictionnary -some people don't wan't you to think anarchy as anything else than "a complete mess")
Anyway, if this end up in a complete mess, this is not because of anonymity, this is because of the state of today societies. Which are already a complete mess ^_^; Pollution, stress, money problems, jobs you don't want to do, stupid laws, oppression related to security, freedom, privacy, taboos, etc.
Of course, when you feel anonymous, most people will try to unwind themselves in stupid and violent ways...
Everything need to be changed. Let's think about ideals, the rest will follow<nobr> <wbr></nobr>;)
<a href="http://dictionary.reference.com/search?q=anarchy" title="reference.com">http://dictionary.reference.com/search?q=anarchy</a reference.com> gives:
1. Absence of any form of political authority.
2. Political disorder and confusion.
3. Absence of any cohesive principle, such as a common standard or purpose.
n : a state of lawlessness and disorder (usually resulting from a failure of government) [syn: lawlessness]
This is in agreement with my Shorter Oxford English Dictionary.
So I would agree with the OP: loss of identifiability leads to loss of responsibility which will lawlessness of a few - anarchy. Granted, it wouldn't be everybody being anarchist, but it only takes a few people to mess it up for everybody.
Please read up on political science and political models.
Seriously though, the Internet is a worldwide system designed for information exchange. Imposing laws and rules on it will not work because who decides the rules? If the Internet is used for it's primary purpose then any kind of restriction is a breach of the generally-internationally agreed human right to Free Speech. Just because a text-based telephone system just happens to be using the Internet doesn't mean that the whole network should change. You wouldn't kick people out of their houses to make room for more billboards, the billboards are not the primary reason for the use of land, they are just an alternative that happens to use the same system (taking up land area, instead of Internet bandwidth)
On IRC networks, Tor prevents freedom from abuse. If a hundred people use Tor, and one of them abuses his privileges on a provider's network, the only alternative for a provider (other than allowing the abuse to continue) is to block all 100 users, because there is no way to differentiate among them. Because blocking large groups of users often is not a practical solution, that one problematic user can continue being a problem without any limitations.
Let me get this straight. You're running a publicly-hosted service without any built-in authentication/authorization, with lame workarounds to that problem. Now you're complaining that some other piece of software is screwing up the workarounds. How about, gosh, using a real messaging service? Like, say, maybe, Jabber?
This also takes away service providers' freedom to monitor access, and the freedom from abuse.
Only if the services the providers are providing rely upon IP addresses for said freedoms. Real ones don't. Lame ones do. It's your choice as a service provider.
If everyone on the Internet used Tor, and no one could figure out where anyone was coming from anymore, the Internet would be a complete anarchy...
Stop relying upon IP address as an identifier. Then, Tor poses no real problem. IP address isn't a good identifier, anyway, due to proxies, particularly the round-robin variety (see: AOL).
While IP-address-based restrictions may not be an ideal solution for managing services on the Internet, it is the best currently available.
Gee, I guess we need to develop something where a user...oh, I don't know...maybe has to use some sort of secret phrase in order to access a service, based upon a prior registration. Let's call it a "password" after the old game show. Betcha nobody's thought of that idea before!
Oh, wait...
The simplest solution would be to require registration of Tor users, and have service providers implement a system to check users' registration status. Though it wouldn't eliminate problems, it could reduce them and make them more manageable. Unfortunately, it would remove the very anonymity Tor seeks to create.
Not really. Or, more to the point, it doesn't change anything. Face facts: there is no absolute means of identification online. Witness the whole MySpace "what age is the user" problem that's making the rounds in the mass media. Tor creates anonymity for casual Internet use. Some service providers don't care about your freedoms, and hence Tor provides "complete" anonymity to them. If you are a service provider who does care, you can choose to do authentication/authorization; in this case, Tor users have their choice of supplying real or fake registration information. In the end, the service provider only has a statistical probability of having identifying information for any given user. Tor doesn't change that; it only changes the tactics used on both sides.
If I want to stick noughts and ones anonymously on the Internet, I like that right. I don't abuse it personally.
If I want 'plausible deniability', I won't.
I'm a free man. I hold myself accountable for my actions. I accept that I won't live forever. I understand some of the laws of my country, probably not all of them, and I do my best to obey.
But that's as far as it goes. I don't want a bureaucratic layer trying to track me. Or trying to track anyone else.
maybe anonymous registration could help to prevent the problem you described with IRC.
I think in it the following way:
Each user can register, without any email required within seconds. You get some kind of key with which you may enter the channels. Channel-Operators may freely decide on how long such a key has to be registered until someone may enter this channel. (e.g. 24 hours).
To prevent bots to create thousands of keys, there additionaly has to be some human verifaction (like images with numbers) to get such a key.
Advantages:
- anonymity is untouched
- you can block/ban users based on keys
- no automatic creation of accounts, always some human has to be present
Disadvantages:
- new users have to wait some time until they can chat in protected channels
What do you think?
What did I forget/oversee?
> What did I forget/oversee?
Well, an attack could just be prepared a bit, registering accounts in advance...
And having to wait 24 hours is absolutely not acceptable for legitimate users... (normal registration process, even without email verification and/or captcha, already is quite boring...).
If you still think it might help, then allow new accounts immediately, by default... then, if there is a problem, just temporarily increase the time required before being allowed to connect/stay connected... new legitimate users will be disconnected, and this is a problem, but you cannot do more without better checking the user identity...
Still, the best solution is finding why people do bad things, and do what we can to resolve the problems we found...
We should stop thinking it is impossible... As long as you think it is, and do nothing about it, then it sure won't change... Well, it will worsen the situation, as you will try tricky ways to try to protect yourself... (and impose them on others...), wasting far, far, far more energy, than the energy you would have to use, to resolve the real problems...
Service providers can require an anonymous registration/account for any services provided, and it could be automated by charging a small fee ($0.50 or something) via paypal or similar, where clients can submit the fee anonymously, noting the account name or ticket to be activated with the submission. The fee is small enough to not be a financial burden for normal users, but large enough to prevent banned abusers from recreating new accounts ad nauseam.
I do it simply because tor allows me to do it. If I'd run a website with a poll and/or guestbook or anything that matters, I'd completely block tor traffic for those.
Too much power. Too much freedom. Total anonymity is something very bad, because it opens the door to being an a$$hole anonymously. And who of you wouldn't want to be just that sometimes?
> is something very bad, because it opens the door
> to being an a$$hole anonymously. And who of you
> wouldn't want to be just that sometimes?
You have to think of why you would want to be just that sometimes... See comment #127978<nobr> <wbr></nobr>;)
If you don't have any vision, read/watch Yokohama Kaidashi Kikou, Binchou-tan or Aria the Animation/Natural (Otaku powa' ^_^;). Not quite peace, but not far from it<nobr> <wbr></nobr>;)
Why must you have the freedom to do such things on somebody else's server? Precisely that sort of thing is why the IRC operator who wrote the parent article sees Tor as a menace.
Freedom of speech means YOU have the right to speak your mind. It does NOT mean that others are obligated to provide you with a soapbox or even so much as an ear.
Now, I will concede that the operator built his house on sand by relying on IP address as a means of identification but that does not give you the right to kick it down.
Life sucks you know. Crying won't help.
And after all, and being realistic, Tor has much more pros than contras, one of them is the freedom from stupid IRC operators - some of them which we all have already met one way or the other.
The general problem you describe is easily solved: Service providers open to abuse have the option of requiring some form of validation. Some IRC networks have the concept of registered users. Most IRC networks have the option of moderated channels with voice-on-request-from-bot. Both of these allow meaningful abuse-blocking of individual TOR users.
By the way, the problem you describe is no different than that of a large-ish dialup ISP that assigns dynamic IP numbers over a large number of customers, or an ISP that funnels all customers through a common proxy. If you block one annoying customer of that ISP, you must block them all.
As long as repressive governments exist, the unfettered anonymity provided by TOR or a similar service is essential for protecting human rights.
I'm wondering if this particular article was written in jest. It's certainly as bizarre as some of his previous comical works... but it just isn't as funny.
Or even simpler, charge a buck to register. There is no way to make an anonymous payment on-line. Which easily bypasses most Tor users. And, prevents other people from making multiple accounts.
The big problem here: Is your IRC worth a buck?
Maybe in time David, you can get your no anonymity idea implemented into law. Patriot Act 4-5-6-7-8, or 9 etc... If your in a real hurry though, just cause an online event (hagelian dialectic) that will obviate the need for your pet police state measure. This method seems to work quite well for governments now. And history shows that it has worked very well in the past.
Just study the past works of like minded people such as yourself. You Know; Adolf, Pol Pot, Stalin etc... You can get in on the action, and make some good bucks too! Maybe setup a pop corn stand at the mass genocide events, and wholesale human suffering that always follow people like you rising to the seats of power.
problem is not tor, but assumption that IP == user
Posted by: Anonymous Coward on June 25, 2006 05:08 AM
Why do people continue to try and do things on the 'Net that can't be done in a stateless environment? Even cookies and all the other workarounds won't make it anything less. If you want a dedicated connection with direct state connections then build it. But the 'Net isn't it. AJAX and the other similar tech just make it seem like there's a persistent connection. But it's not. It will never be as long as it's based on TCP/IP. The Internet is supposed to be stateless and must continue to remain so. Tor is nothing more than what the Internet is designed to be.
This also takes away service providers' freedom to monitor access, and the freedom from abuse.
The article writer lost my sympathy completely with this early gambit in his argument.
Blocking Tor is not much harder than any other IP
Posted by: Anonymous Coward on June 25, 2006 04:27 PMAnyone who has tried to connect to somewhere like EFnet using Tor will instantly discover this<nobr> <wbr></nobr>... as will those trying to edit Wikipedia over Tor.
More enlightened IRC networks such as Freenode welcome Tor users, but allow individual channel ops to specifically block them if the need arises.
How to block Tor exit-nodes is all outlined in the Tor Abuse FAQ at <a href="http://tor.eff.org/faq-abuse.html.en" title="eff.org">http://tor.eff.org/faq-abuse.html.en</a eff.org>, including links to Python code to do most of the job.
I think the author is whining about a problem they probably could have fixed in the time it took them to write this article. If you really want to block IPs in an attempt to block individual (ab)users, your real problem is still the ever changing list of open proxies and dynamic IPs, not the Tor network which happily provides you with a list of Tor exit-node IPs to block.
This is what the U.S. goverment and major ISPs are teaming up to do with warrantless wiretaps, subpeona-free snooping and the like.
We need to prevent the ISPs from monitoring us BECAUSE they illegally turn info over to the government without proper legal process.
"In the real world, every country has a legal system with a set of rules by which everyone must live. If someone breaks one of those rules, a police force and judicial system exists to prevent them from continuing to do so. In some cases, the rules are unjust, but generally, rules are designed to protect the freedoms of others. Take the police force and judicial system out of the equation, and you end up with anarchy."
This is what's happening with the government now - not following the constitution or its own rules and taking away freedom and privacy from all!
So, I think that it's pretty obvious the author believes in the overthrow of the U.S. Government!
You could apply similar protocols to IRC or any other online communication. Pseudonymity, with my real-life identity protected by Tor, gives the best of both worlds. An easy and scalable implementation would be to identify users by public encryption key, by which posts are digitally signed. No registration of Tor users required.
Sounds really interesting<nobr> <wbr></nobr>:)
Public Telephones: No Freedom from Prank Calls
Posted by: Anonymous Coward on June 26, 2006 08:15 PMBlogs: Too Much Freedom to Express Opinions Anonymously
Sarcasm: Bad for Your Health
Is this author for real?<nobr> <wbr></nobr>;-)
TOR enables anonymity for the rest of us, legally. Of course, it also helps the criminals as using TOR is easier than getting a hold of botnets.
The real solution to the kind of "troublemaker" on the internet that you mention lies with those who don't want to be the recipient of such trouble: firewalls, encryption, and filtering. Being able to trace each user uniquely destroys both privacy, and ultimately freedom.
I'm personally tired of tyrants who want to destroy all freedoms in the name of "security". In the end, you have neither. Yet that appears to be what the author of this article wants to do.
or something like that
(I think it was an american president or something)
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
have been attributed to Benjamin Franklin, from a review he published in 1759. However, there is some doubt that the words were actually those of Franklin himself or a correspondent. Either way, he apparently approved of them, as they were published in his name.
It was Ben Franklin. The only President of the United States who was never President of the United States.
I will argue that service providers should not, and might not, have the right to monitor access.
AT&T is your service provider. They have no inherent right to listen in on your conversations. Same with the US postal service: they have no right to snoop through your mail. The government can, if they get a warrent (I'll skirt the debate on the legality of warrentless domestic spying), but Americans are, in every communications medium beside the Internet, granted the right to privacy, and this right protects them also from the service providers.
--- SER
"Freedom from" is an oxymoronic, or just plain moronic, liberal invention. "Freedom from" cannot be provided, much less guaranteed as a right.
Using a simple illustration: Your desire for freedom from assault can only be satisfied by putting everyone else in handcuffs. Of course, someone might get a running start and head-butt you, so leg-irons are probably also a good idea.
This is, to anyone with a three-digit IQ, patently silly.
On the other hand, you do have the "freedom to" defend yourself by effective means, the freedom to hire a bodyguard, freedom to arrest your attacker or, if you are of the type that tends to call for Mommy, have them arrested. You have the freedom to sue, to live in a gated community, and the freedom to get a gang of your friends and exact revenge (assuming you can live with the consequences).
All your "freedom to" options add up to a reasonably powerful deterrent, but there ain't no "freedom from".
(theThibs)
I see is as a problem when an isp can present you with a TOS agreement that gives them the right to view your communications. I see it as a problem when everyone else on the cable network can sniff email traffic. Simple solution, strict privacy requirements allowing only law enforcement access to private communications. Then of course we need a goverment bureau of privacy to oversee that.
Identify users (ie on IRC)
Posted by: Anonymous Coward on June 24, 2006 04:33 PM#