Jump to content

Talk:Tor (network)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Tga.D (talk | contribs) at 04:58, 18 May 2024 (About Tor's acronym). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Wiki Education Foundation-supported course assignment

This article is or was the subject of a Wiki Education Foundation-supported course assignment. Further details are available on the course page. Student editor(s): Atticusbixby.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 11:31, 17 January 2022 (UTC)[reply]

Partial impartiality

"An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting"."

"As of 2012, 80% of The Tor Project's $2M annual budget came from the United States government,"

hahaha. oh dear. — Preceding unsigned comment added by 220.233.16.6 (talk) 08:12, 7 October 2014

Hello,

I'm definitely late with my response, but I'm adding this comment for posterity, as this isn't the first time I've read something like this.

Sponsors are publicly listed: https://www.torproject.org/about/sponsors/

Here is an excerpt from the text of this page:

The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.

If you develop something especially for "covert" operations, it will be quickly fingerprinted and attributed to that group. What they need is repudiation, so it makes sense that the more users have access to that tool, the easier it is to blend in. The same argument can be made for Ghidra (originally developed by the NSA) or even SELinux. I do remember reading about this somewhere, but can't figure out where at the moment.

Anything can devolve into conspiracy territory, but at some point in the (digital) world someone has to be trusted, there is no other way around it. Personally, while nothing is perfect, I trust the Tor Project and what they are doing.

Kind regards,

IrrationalBeing (talk) 20:03, 20 April 2022 (UTC)[reply]

Requested move 26 May 2021

The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion.

The result of the move request was: Moved (non-admin closure) (t · c) buidhe 15:50, 2 June 2021 (UTC)[reply]



Tor (anonymity network)Tor (network) – simpler disambiguation term Deku-shrub (talk) 22:01, 25 May 2021 (UTC)[reply]

This is a contested technical request (permalink). Anthony Appleyard (talk) 14:47, 26 May 2021 (UTC)[reply]
I took another look and I am not even sure that "tor" article passes WP:GNG to be a stand alone article. I started a merge discussion at Talk:Tor_(rock_formation)#Requested_move_31_May_2021. Blue Rasberry (talk) 13:45, 31 May 2021 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

First the trivial: As of this day, link [41] (Cox, Joseph (1 February 2016). "Study Claims Dark Web Sites Are Most Commonly Used for Crimes". Retrieved 20 March 2016.) referring to the graph to Tor usage is broken, and thus the traffic statistics presented are called into question.

So far as I can tell, there are now numerous claims being made about the utility and cost of ToR. One of the best papers I've seen that isn't cited yet is a 2020 work by Jardine et al: The potential harms of the Tor anonymity network cluster disproportionately in free countries; Eric Jardine, Andrew M. Lindner, Gareth Owenson; Proceedings of the National Academy of Sciences Dec 2020, 117 (50) 31716-31721; DOI: 10.1073/pnas.2011893117

On the other hand, there is a well known quote from a blog from the CEO of Cloudflare indicating that some 94% of requests they were seeing in 2016 was malware. See https://blog.cloudflare.com/the-trouble-with-tor/. That quote is a bit long in the tooth as well.

These claims are not completely out of alignment with one another, because of the methodologies used. The Jardine work in particular compares in network versus out of network access, while of course Cloudflare is looking only at its clear site access.

My suggestion is that the controversy over benefits versus drawbacks be called out in a bit more articulate fashion, a'la "here are purported benefits... here are purported risks..." That would also more clearly demonstrate balance to the reader. Pigdog234 (talk) 09:54, 31 May 2021 (UTC)[reply]

Why there was no info of Onionoo API in the article!?

This needs to be investigated. Wikipedia is seriously abusing this API, and I suppose even logs ips, considering somehow only less protected ips are blocked by real people, and others are just blocked by Tor Block extension of wikimedia engine on github. I will propose to stop Onionoo to Tor Project. Valery Zapolodov (talk) 18:05, 6 June 2021 (UTC)[reply]

Tor Project doesn't make a habit of reading the Tor Wikipedia page, much less the talk, and this isn't the place to discuss it. Opinions on policy decisions, unless part of a public debate between notable parties with verifiable secondary sources, doesn't have any place in a Wikipedia article, nor in the talk page. As for mentioning the existence of the API in the article, I suppose there's no real reason not to, but there also hasn't been a compelling reason for it, since it's just an API for information that can mostly be gotten elsewhere―most notably, the public consensus files (Tor clients wouldn't be able to choose their circuits if there wasn't a publicly available consensus; there's research into reducing the fraction of the network that an individual client must know, for performance reasons, but there's no way to prevent enumeration―particularly when there's only a thousand or so exit relays at any given time anyway, which is what sites like Wikipedia care about for blocking). --Tga (talk) 19:26, 6 June 2021 (UTC)[reply]
You did not age well, we now have Snowflake, so anyone will be able to be an exit node, even mobile, and consensus is now more vague, P2P style. The fact that Onionoo can see both relays and exit nodes and reading phabricator of wikipedia https://phabricator.wikimedia.org/T49626 you can turn off relays (which you did), since those are not what your AS sees when one accesses Wikipedia. This is disgusting behavioir from Wikimedia foundation and we all certainly will do anything so that even humans will not be able to enumerate Tor. Now that we see Cloudflare and even Google search abusing it, we finally can vote to turn that thing off. Valery Zapolodov (talk) 05:28, 18 September 2022 (UTC)[reply]
Snowflakes aren't exits, they're actually not even relays (they're proxies to a couple designated bridges, so someone connecting to a website via the Snowflake PT connects to their ISP->snowflake proxy->snowflake Tor bridge->middle Tor relay->exit Tor relay). The same amount of information is available as has always been, there's just now a larger pool of bridge IPs from Snowflake proxy volunteers. Bridge IPs, so the IP addresses of the first hop used for censorship circumvention, have always been secret, other than the default bridges that ship with Tor Browser.
Again, if you have problems with how some organizations operate, a Wikipedia article talk page is not the place to discuss those issues, though before discussing such issues in more appropriate forums, it might be worthwhile spending some time reading the documentation to understand the underlying technology first (you can read more at the snowflake docs, the Tor manual, and the tor spec). -- Tga (talk) 04:04, 19 September 2022 (UTC)[reply]

Merger proposal

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
Not merged. czar 02:41, 10 September 2021 (UTC)[reply]

Formal request has been received to merge: Tor Phone into Tor (network); dated: August 2021. Proposer's Rationale: Tor Browser is already merged there, and Tor Phone isn't relevant enough to have another article. Also it(tor phone) has lots of [unneccessary text](https://en.wikipedia.org/w/index.php?title=Tor_Phone&action=history) --Greatder Discuss here. GenQuest "scribble" 14:41, 19 August 2021 (UTC)[reply]
I oppose combining the articles. If anything, a new Tor Browser article should be spun off from Tor_(network)#Implementations. Tor Phone should be added to the list of tools at The_Tor_Project#Tools; note Orbot there also has its own article, which needs improvement. Spending some time on those would be more useful. -- ~~~~ Yae4 (talk) 11:56, 19 August 2021 (UTC)[reply]
I have added all the important text of Tor Phone in Tor_project#tools. I didn't the related projects, what libraries it uses, or any guide on what people can use other than this. --Greatder (talk) 05:30, 20 August 2021 (UTC)[reply]
Noting your link called "Tor_project#tools" is actually a redirect to this page, Tor (network). That is confusing at best, or misleading at worst. -- Yae4 (talk) 13:24, 20 August 2021 (UTC)[reply]
@Bluerasberry: What does age of the information have to do with article improvement? This isn't wikinews. --Greatder (talk) 07:11, 21 August 2021 (UTC)[reply]
@Greatder: It is relevant because large organizations with long histories and which go through huge sums of money have many dead projects, and adding lots of text about them to the main organization page does not help anyone understand the organization today. Blue Rasberry (talk) 13:51, 21 August 2021 (UTC)[reply]
  • Oppose - Per Blue Rasberry. Nom's rationale in unconvincing. - Aoidh (talk) 13:15, 20 August 2021 (UTC)[reply]
  •  Comment:: First of all shouldn't this merge request be closed by now? Second, even adding a line referencing the project isn't allowed anymore? [1] --Greatder (talk) 10:21, 26 August 2021 (UTC)[reply]
    Objections to the sentence, and where placed: Tor Phone is not "a tor focused" mobile ROM or operating system, so the sentence was mis-placed, and is basically nonsense. Also, what source describes the Tor Phone project as "attempted" or "abandoned"? So the language is biased. -- Yae4 (talk) 19:25, 26 August 2021 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

About Tor's acronym

Saw this reverted edit: https://en.wikipedia.org/w/index.php?title=Tor_(network)&diff=1092140671&oldid=1092139313

About this--back in the day, pre-2015 I believe, Tor was written as TOR and did stand for "The Onion Router". Today, it is spelled "Tor", but the acronym is still valid. M4sugared (talk) 22:30, 10 June 2022 (UTC)[reply]

Tor was never written as TOR, even though it did come from "the onion router". You can see a greatly abridged version on the Tor FAQ, and can check the original paper to confirm the capitalization has always been that way. My interpretation, even though it slightly differs from the wording in the FAQ, is that Tor is and always has been a name, not an acronym, and that "the onion router" is just the etymology of that name, not what Tor stands for. E.g., if you were at an academic conference today, and you said "the onion router", people would probably have the same reaction as mentioned in the FAQ (which onion router?), but would understand Tor as a proper noun perfectly fine. Tga (talk) 23:35, 10 June 2022 (UTC)[reply]
Regardless of how the Tor team officially spelled it, it was called TOR at some point in time by some people as the Tor Project posted a notice suggesting that users say "Tor" versus TOR.
https://www.facebook.com/TorProject/posts/10160801361629951
Either way, I'll look into how valid Tor standing for The Onion Router is, but based on some reading and what you noted, it seems the acronym has failed out of use. Perhaps it should be removed from the introduction of the article and moved to the history section. M4sugared (talk) 00:34, 11 June 2022 (UTC)[reply]
@M4sugared: In this paper by Paul Syverson (page 7 on the PDF, page 129 on the paper) there's an entire section describing how the word "Tor" came about; emphasizing that it's neither an acronym nor is it ever spelled "TOR". It's worth noting that Syverson is a primary source as he invented onion routing. Flycatchr 10:33, 11 June 2022 (UTC)[reply]
To provide a bit of additional context to the cited Facebook post: The FAQ entry I linked has included "In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong" since at least 2011. Nothing fell out of use, there's just been a common mistake over the years, one that the Tor Project has consistently tried to correct. Tga (talk) 16:46, 11 June 2022 (UTC)[reply]
IMO The article should explain the naming history some more, based on what "reliable" sources can be found. The lead should give one or two more "popular" uses of "Tor" (also known as). Tor is sometimes known as The Onion Router, sometimes The Onion Routing network, or apparently not as popular: Tor's onion routing. I don't think there is a one and only "correct" definition, so what "reliable" sources can be found should be followed (for wikipedia), and statements attributed to the authors.
  • "Reliable" sources (i.e. popular usage) wins at wikipedia, IIUC.
  • Facebook is an unreliable source WP:RSPFACEBOOK.
  • Current usage of the terms is inconsistent by arguably reliable, independent sources,[2] and at places that should know better.[3]
  • We will find numerous "reliable", or at least independent, sources saying Tor is, or was originally, called "The Onion Router" and other things.
  • Syverson's 2011 explanation may be correct, or could be wishful thinking and faulty memory. See inconsistent terminology used early at onion-router dot net in archive: "Onion Routing Network" and "The Onion Router Prototype Network".[4]
That said, I do enjoy "a recursive acronym, ‘Tor’s onion routing’" as much as anyone. -- Yae4 (talk) 01:01, 15 June 2022 (UTC)[reply]

So I haven't bothered discussing this since the above discussion because it's mostly been a relatively harmless issue, but because of recent edits, I'm going to reiterate that Tor is not an acronym, and never was. The etymology of it is "The Onion Router", yes, but it never actually stood for that per se (hence "Tor" and not "TOR"). The fact it is commonly referred to as such is an error, but one common enough that I could see why people would think otherwise, and why it wasn't a huge deal to be in the lead. But unlike Tor the idea or Tor the network, it is absolutely unambiguous that the software itself was never called "The Onion Router". You will not find that name in its README, or its source code, because from the original publication of the Tor paper, they never called that code base anything other than Tor (well, more accurately, they call it "tor", or "little-t-tor", to distinguish it from all those other things, but I'm not going to bother disputing that spelling). I've changed the existing cites on the issue to a book published by MIT press with a quote discussing this misconception. Hopefully that's enough to settle the issue? If need be, I can pull more sources for this, but I do want to emphasize that typically reputable sources outside the space get this wrong all the time, and I kind of suspect that misconception itself originates from rushed journalists reading this very article, which is why a sourced book from an academic publisher is better than the tertiary news sites we would typically be okay to rely on. -Tga (talk) 04:58, 18 May 2024 (UTC)[reply]

Goverment Law enforcement mediated Deanonymization

I added a section related to the past decade of law enforcement agencies using a variety of technologies to deanonymize Tor. Recently 2019 and forward there has been some new form a attack that does not use a NIT, and has some greater than 50% reliablity. The law enforcement agencies only appear to be able to deanonymize a few IP addresses per day, so whatever the method, it's computationally intensive. I digress.....the point is, I added a section, but don't think it's necessarily in the correct place. It could be broken down by year in the Reception, impact, and legislation section, which doesn't seem to be the right title for the by-year section. We mention a government attack early on in the Firefox/Tor browser attack section, OR we have an entire section of attacks in weaknesses. It seems like we have different attacks and vulnerabilities scattered all over the place. Is this best? I'm opening the floor for a lengthy debate, since the organization seems a tad haphazard if the goal was to read the article and understand the history of vulnerabilities and attacks etc. eximo (talk) 00:32, 2 March 2024 (UTC)[reply]

I deleted this section for now, for WP:OR and WP:PRIMARY. These attacks should likely be discussed where we have reliable information on them, but we can't rely on primary evidence like court documents, and we definitely can't conjecture on the nature of them using research papers. Speaking as a domain expert, I doubt that any of these attacks performed by law enforcement are related to that particular research. Website fingerprinting does not directly allow for IP deanonymization, it merely allows identifying the nature (or really, class in a classifier) of particular traffic; i.e., it would at best allow the attacker to know when and which site was being accessed, but when executed on a middle relay, it would not leak who was accessing it or where the site is hosted. There's a much larger body of research on doing these attacks from one of ends of the circuit (e.g., a guard relay or client ISP), but I've never heard of law enforcement using them (for many reasons too off topic to go into here).
As to the more general discussion, the rule of thumb I think this page should use is: Do we have a reliable, non-primary source that the attack was performed on real, non-consenting Tor users, or did the attack affect the design or implementation of Tor in some way that affects how Tor itself is described in the rest of the article? If the answer to both of those questions is no, it's either not reliable or not notable enough to warrant discussion on the main Tor article.
There are some changes I'd like to see made related to this, like moving "weaknesses" into the "operation" section and pared down to just the things that impact Tor's design, and restructuring the "Reception, impact, and legislation" section from a timeline into cleaner subsections on "attacks", "censorship", "awards", etc.. The article as a whole currently feels like a kludge of random facts (or "facts") that felt relevant when they were written, but haven't aged well. Ideally, the article should be something that someone can read though the article and come away understanding what Tor is, who uses it, why, and what its limitations are. Tga (talk) 05:34, 2 March 2024 (UTC)[reply]
In reply to your last paragraph "The article as a whole currently feels like a kludge of random facts", I agree. Can we
create a drafts page or sandbox page for experimenting with a collaborative rewrite to try some things out?
As for being a domain expert, I implore you to read the Rob Janson article/youtube video that was cited in what you erased. That method (or a method very similar) is being used by the NCA to deanonymize users such as in Operation Lobos 1. The NITS from the other two attacks by the government should be included somewhere as well in the article, not just simply erased.
I agree that using the government and the stipulations of fact from the trials is suboptimal, but these were "secret" operations and there isn't exactly any secondary information to utilize for them. Even the Operation Torpedo and Operation Pacifier don't have quality secondary sources despite the fact that the University of Nebraska reverse engineered the Operation Torpedo NIT. eximo (talk) 21:36, 5 March 2024 (UTC)[reply]
If you'd like to give rewriting a shot, you can use your account sandbox, or even just go for it in the article itself (see WP:BOLD, just keep in mind the things discussed here and keep an eye on any further feedback).
I've read the research paper cited (I actually also know Rob and have published papers with him). I still don't see how a middle-relay vantage WF attack translates into any kind of IP deanonymization, particularly when compared to more traditional traffic correlation attacks. Actually, watching the presnation now, Rob even says this: "In this case, we don't have client deanonymization, but there are several other attacks you can do" (he then lists attacks that don't involve deanonymization -- things like measuring the popularity of an onion service, or rendering an onion service inaccessible by taking down its guard relay rather than the server). Regardless, Wikipedia has to be strict about these rules, and without trustworthy third party sources a non-expert can read and understand, it likely shouldn't go in any article. This does mean that there will be a lot of true things that don't make it into Wikipedia, but that's how we prevent false claims from sneaking in. Tga (talk) 02:00, 9 March 2024 (UTC)[reply]
@Tga.D
Ok, I agree with you that without an admission of the exact methodolgy, then we must error on the side of caution. In the Operation Lobos 1 deanonymization, the government has been tight lipped, and has only stated that it was not a NIT. In the Operation Pacifier and Operation Torpedo, we know that a NIT was used through admissions of evidence via the courts. In both instances third parties were brought in to assess the technology. This is juxtaposed to Operation Dark Huntor where there doesn't appear to be any deanonymization technology used, as the methods were through controlled buying and tracing the objects through the mail back to the source.
So, back to the original goal/point, I would like collaborate to include a section that discusses various government operations to deanonymize Tor. The Russians purportedly had the Nautilus project, the Chinese have...something...and the Virtual Global Taskforce (VGT) has at least two other technologies they have employed. NITs at least twice (not including the encrochat exploit), and something else that is not a NIT.
We don't even have to describe the section in great detail, but I would settle for the time being in having some section that links to those government law enforcement operations.
Perhaps even a table with the Operation name/WP:link, the method of deanonymization and the year of the op. Where unknown methods just remain as "Unknown" until we have objective evidence (with consensus) showing what it was. eximo (talk) 20:38, 11 March 2024 (UTC)[reply]