Tor Is Building the Next Generation Dark Net With Funding From DARPA 67
Patrick O'Neill writes: After years of relative neglect, Tor has been able to dedicate increasing time and resources to its hidden services thanks to funding in part by DARPA, as well as an upcoming crowdfunding campaign. DARPA's funding lasts 1-3 years and covers several projects including security and usability upgrades that close the gap between hidden services and the everyday Internet. "Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites. ... Hidden services, which make up about 4 percent of the entire Tor network, have until recently been relatively neglected when it comes to funding and developing."
So..... (Score:3)
Freenet (Score:1)
There is already a darknet which does load balancing and more and it has been out there for a while. It's called Freenet, look it up.
Re:So..... (Score:5, Interesting)
Yes, This is pretty much press bloat. Improving hidden services has been a long time goal of them, read their blog [torproject.org]. This is just a press release that they've got funding, and actually started working on that.
There are multiple problems with hidden services, for example you can't delegate your domain, meaning that you can't keep a root key containing your master keys offline, and have a VPS or similar server (which you don't trust) run the onion page.
Re: (Score:3)
You can not hide anything on a fibre optic network, photons most definitely are not free. You can of course hides all sorts of stuff in other places, the electrical grid, fresh water supply pipework and digital radio transmissions and of course what ever is left over of the copper phone network. Anything that can conduct an electric signal can conduct all sorts of hidden stuff at varying frequencies.
Most likely they want to keep on talking to the stuff they have managed to hide in networks all over the w
Re: So..... (Score:2)
Er. What?
Darknets have nothing to do with fiber optics
Re: (Score:2)
You have the same key problem with SSL/TLS certificates -- can't use your cert without your private key on the VPS.
Re: (Score:2)
You can however at least limit the time that certificate is valid.
Your Government Inaction/In Action (Score:2)
while the government agencies DHS and MPAA/RIAA work to close the torrents, DARPA is working to build the torrents. your tax dollars at work.
Re: (Score:2)
torrents [wikipedia.org] != tor [wikipedia.org]
Re: (Score:2)
torrents != tor != Tor (Sci-fi book company) != Tor, regular in Ed Wood movies, along with Vampirella and Bela Lugosi
Comment removed (Score:5, Informative)
Re: (Score:3)
P'haps they wanna fix it till it's broke...
Re: (Score:1)
The new Tor network, funded by the government, and with no back doors! Really, we promise!
Re:Trus but verify... not (Score:4)
The new Tor network, funded by the government, and with no back doors! Really, we promise!
Tor has always been funded by the government. The part that built Tor wants a secure way to communicate with undercover government operatives and foreign dissidents. the government isn't homogenous with one goal it has competing faction with their own conflicting goals.
Re: (Score:2)
One government department is often working in direct opposition to another. This is especially true in the US.
Re:Trus but verify... not (Score:5, Interesting)
"The government" isn't one big entity. There are a lot of agencies in it and some have very conflicting goals. Even in the NSA itself some will be working on securing everything more so that their government is safe from spying while others will be working on breaking everything more, so that other governments can be spied on.
And isn't this just really a grant? Its not like darpa controls the implementation, they just point out what they want to be worked on, no?
Re: (Score:2)
"The government" isn't one big entity. There are a lot of agencies in it and some have very conflicting goals. Even in the NSA itself some will be working on securing everything more so that their government is safe from spying while others will be working on breaking everything more, so that other governments can be spied on.
And isn't this just really a grant? Its not like darpa controls the implementation, they just point out what they want to be worked on, no?
I suppose the code is open source, and I guess that code will be closely monitored. If they really want secure code, to secure agents abroad or even locally to make sure they cannot be tracked down, this is a good thing for everybody.
Re:Trus but verify... not (Score:5, Informative)
Speaking with experience on the receiving side of DARPA contract negotiations.
DARPA projects are not like kickstarter (BYO vision and get money) or like NIH (have reputation and get money); rather they do require actual competency and demonstrated ability to win them. The projects are managed like real engineering projects, requiring lots of documentation up front, thorough project planning, and plenty of checkpoints. However, aside from this good accountability, they do not exert direction on the projects, prescribe technical solutions or gain direct contact to your engineers for day-to-day operations.
Re:Trus but verify... not (Score:5, Interesting)
A large chunk of DARPA do not like NSA.
Hell, a large chunk of NSA don't like NSA either.
Not everyone agrees with the shit they have been doing to (not) catch criminals.
Re: (Score:1)
Sorry to burst your fantasy bubble, but both DARPA and NSA are components of the Department of Defense.
Re:Trus but verify... not (Score:4, Insightful)
The truly gifted insight of the Founding Fathers was that pretty much everybody who wants power is sociopath, so they split up the powers of government into different branches, offices, and institutions, all with checks and balances on each other. Essentially saying "maybe regular people can just get on with their lives while the sociopaths over here fight it out with the sociopaths over there." Even different parts of the DoD have different budgets and competing interests, so there's hope.
That said, what I found truly, pants-crappingly heart-stoppingly terrifying about the Snowden revelations was the reactions of politicians in the aftermath, that they were all basically united. So far off script. If Obama announced he liked ice cream, I'd expect John Boehner to hold an immediate press conference about how evil secret muslim atheist communists like ice cream, and real Americans eat their apple pie no "a la mode" which sounds French, and therefore cowardly. But when that shit came out? No blaming Obama for "stealin' yer freedoms!" from the Repubs, and no "Nuh uh, huh uh Bush did it!" from the Dems. Just lockstep "Everything's fine here! Programs are all legal, and well over-seen! Bipartisan, too!"
When Obama, and McCain, and Feinstein, and Cheney, all agree on something, be very, very afraid...
Re: (Score:2)
Re: (Score:2)
Indeed. "Has something to do with the NSA" is not a valid way to determine trustworthiness of an organization. And there are even good things that came out of the NSA, like SELinux. The NSA is not a monolithic body and has its internal politics and a large faction that is dedicated to making people on the Internet more secure. That current politics is do afraid of the population that they do not want that does not make that go away, just harder to see.
Re: (Score:1)
Darkside (Score:1)
The Darkside joined they have.
Re: (Score:2)
You missed the fact the government created TOR in the first place... (TOR was created by the US Navy).
TOR is basically a US government project. Which is why it's funny when everyone says to go use it to protect your privacy. After all, doesn't the NSA run huge farms of exit nodes which can capture a good chunk of traffic?
as long as they implement this interface... (Score:1, Flamebait)
Re: (Score:1)
If you just want to complain why don't you fork the code and make a more trust worthy version or pony up the cash to pay someone else to do so?
I'll take NSA financed bug fixes over unpublished 0-days.
Isn't the most likely hack (Score:3)
Not of the code but of the keys?
If they have the private keys of the master keys then can play man in the middle and control the list of servers you see, and what keys you see for them too.
Of course you'd only use that on an occasional target, not on a whole population.
To target the whole population they would simply supply a majority of the server power to Tor. Then if you were unlucky enough to pick all compromised hops they've got you.
Re: (Score:2)
I hear the random number generation is one of the new key features
int darpaRandomNumber() // chosen by fair dice roll. guaranteed to be random.
{
return 4;
}
Re: (Score:2)
Wouldnt you want that to return a boolean or a pointer?
Re:More criminality (Score:4, Insightful)
Exactly right. The drug war and the 'think of the children' meme are two of the worst things about the US. We could stop a lot of harm if we abolished them both.
Re: (Score:3)
Isn't weird? (Score:1)
Isn't it weird that DARPA would fund Tor and NSA/FBI would resist Tor?
Re: (Score:2)
Google the following statement: "selling out."
Re: (Score:2)
How the hell is it "selling out" when TOR was *STARTED* by the military?
Re: (Score:2)
Ha! So it would seem! When I thought about it at all I thought Tor Project was a bunch of civvies out of MA who were Stallmanesque EFF types.
Re: (Score:2)
It was started by the military so that people trying to overthrow oppressive governments have a tool they can use.
Re: (Score:2)
And Roger has never hidden that fact and was always able to explain it well and convincingly. What is an actual risk is all the wannabe security experts here that want to drive people away from TOR and to less secure alternatives.
Re: Isn't weird? (Score:1)
Google Tor's history. They were the bastard love child of the Navy and State Department. The bulk of their funding over the course of their existence came from State Department sources, often through intermediaries.
Re: (Score:2)
Not at all. It just requires a bit of understanding how things actually work. The government is not an unified body.
Re: (Score:1)
I am aware that Tor came out off US Naval Research and DARPA but it was a different time back then. I would think that the NSA would have the institutional power to kill or poison Tor. If this is legit then perhaps I've over estimate NSA's clout. At this point I'm only left with distrust.
Re: (Score:2)
As I know a few people in that community, my guess would be that it very much depends on whom they try to get to put in backdoors. The TOR team seems to be a very bad bet for such an attempt, especially as we are not talking about them only passively looking on and they are not all based in the US. Roger Dingledine himself also strikes me as a very bad bet in that regard, as he has invested more than a decade of his life in this and really believes a secure TOR benefits society a lot more than it does harm.
Not just that (Score:1)
The most secure operating system out of the box is SELinux which is maintained by the mighty NSA themselves.
Open source is a strange revolution.
we will win (Score:1)
In 1968 I was in U.C. Berkeley; Uncle Sam was in Saigon, scared. We whipped his ass.
Yesterday I was in the new U.S.Embassy in Vientiane; Uncle Sam was hiding in the USNSA. We will win again; those idiots couldn't invade Pittsburg.
We will, we will rock you.
Re: (Score:2)
pron
I'm not saying to be afraid, but... (Score:2)
If the history of NSA vulnerability disclosures (nearly none), the use of Stingrays, and the push for backdoor encryption are any reflection of the government's interest in network security, then the only possible conclusion is that they want to use Tor for its offensive capabilities rather than defensive. Like a basement-dwelling hacker, they want the ability to remain anonymous, and the ability to unmask anyone else. And they have the resources of the most wealthy nation on earth with which to do it.
Zooko's Triangle (Score:1)
I am glad that they got this funding and can't wait to see what they are able to do with it. I hope that they look closely at secure ways to improve their naming. In other words, I hope that they are looking at any ways that they can "square" Zooko's Triangle (https://en.wikipedia.org/wiki/Zooko%27s_triangle). The reason that I am not as confident using DarkNet services as I am the "regular" .com is because of the naming system.
To anyone from Tor reading this: keep up the great work!
Will