Tor can be used for good and for bad. It's the very same problem that Cory Doctorow talks about in his lectures about the War on General Purpose Computing, and it's not an easy problem to solve.
I'm an admin on a social/gaming site (a MUD with appendant forum, blogs, and other community elements), and we have had to make a few decisions about Tor in the last couple of years.
Some background: the site is quite old, and we have historically encouraged users to sign up without needing to provide a unique ID such as email address. They can provide one, but don't have to. In the last few years we have had the problem of occasional griefers log on and cause whatever social havoc they can.
Now, my personal feelings about Tor are generally quite positive, and I like the freedoms it provides people who are otherwise restricted by their ISPs or governments from accessing legitimate resources. Like many others have said, Tor is a tool that, while it can be used to do illegal things, is also used to provide a very useful service to people who need it to get on with things you and I take for granted.
Now, back to our griefers: We have a number of banning mechanisms based on IP or domain, and they tend to be successful because griefers usually get bored when they can't access the site for a couple of hours. However, because a tiny minority of griefers are more persistent, more technically adept, and figured they could use Tor to damage our community, we did a little bit of analysis and found that few if any legitimate users of our site came from Tor exit points, and we chose to block them. The alternative was to require a unique identity during the sign-up process, and frankly we wanted as few hurdles as possible to new users (anyone who knows the MUD community knows that it's in decline, and low-friction signups are pretty desirable). So we blacklist Tor exit points from our signup process.
The unfortunate fact is that some Tor users do bad things with the fantastic tool at their disposal, and end up spoiling it for the legitimate (and extremely valuable) use cases that make it such an amazing tool. Yet its very anonymity means that there is no easy way to allow one set of uses while disallowing others. This is a hard problem, and one I'm not smart enough to solve.
Assuming you have the technical capability, requiring an email address and confirmation for only tor users could work.
Freenode does something similar - tor and other problematic traffic sources can connect but must use connect time SASL to authenticate to a previously created account, which is sufficient to exclude the vast majority of the griefers.
At least right now – I suspect the intersection of "TOR users" and "people happy to provide email address confirmation" is so small as to be insignificant. Any development effort aimed at that cohort could almost certainly be better used elsewhere.
Having said that, I'm currently trying to make a point of using TOR for regular and mundane uses - particularly if using government sites - just to increase the amount of "legitimate" tor traffic. I'm also (carefully) intentionally de-anonymising myself while using tor like this - identifying myself to local government websites while doing "ordinary" things while connected over TOR - I booked an extra trash collection recently for example. I don't suppose my local council website managers even notice, but I like to think my local PRISM equivalent operators see traffic like this and think "WTF?" ;-)
(But like the parent-poster, I've suffered forum-trolls, and given the time and skill poor nature of most forum owners, the obvious "just ban free email accounts/tor/cellular-ip signups" is often the right, if overly broad hammer.)
FreeNode's use is a bit more extensive than just requiring an email address - you have to create the account from a non-Tor IP, so if you do something bad and get banned, they ban the account (thus preventing further access from you via Tor) and then also have the option of banning the IP that registered the account (preventing it from registering further accounts that will be abused via Tor). If they really want to, they can also ban the email address, but in practice this really isn't worthwhile as it's so easy to get a different one.
No, they attempt to block similar domains. And completely fail at it.
I never use my main email for anything I don't feel requires it, and while maininator.com is often blocked, I've never in my life had to refresh the mailinator page more than twice for an alternate domain that works. Since mailinator accepts email from any domain that has it's MX record set to it, if you own a domain you can set it to be an alternate name to mailinator in seconds. Enough people have done this.
There are tons of lists that are regularly updated that list all published mailinator.com domains. While it's true you can set up a new one on a subdomain of your own, as soon as you publish it to mailinator and it enters the rotation of the domains that come up, it's easily added to the lists and blocked. There's even a commercial live list with plugins for most email systems that blocks on any of the hundreds of mailinator-listed domains as well as over a thousand other disposable email domains.
Heck you can just write a script to refresh the mailinator.com homepage to start pulling out domains to block: @veryrealemail.com, @chammy.info, @mailinator2.com, @spamthisplease.com, @sogetthis.com, @mailinator.net, @binkmail.com, @sendspamhere.com, @spamherelots.com, etc.
Did you try the other approach taken by many sites of making their posts/activity hidden from others? Initially they can't tell the difference between being ignored and being hidden. It also has the advantage that if they were incorrectly hidden you can turn it off and their activity is still present.
We did this for social contact (channels, forums, and other forms of communication) for a while, but because it's a MUD, it's a shared world with persistent effects, so it's impractical to make all activity invisible. Blocking social communication just resulted in other forms of griefing as a result. Griefers gonna grief.
I think the problem with Tor is that it makes it very easy to create multiple pseudonyms. Fwiw, the approach used to combat spam successfully on freenet based fora, is to artificially increase the effort. This can be done by not activiting an identity for x hours, or requiring that users solve n captchas on signup.
If you provide access to the website as a Tor hidden service, do you get some sort of unique ID for the computer connecting that can be banned? I don't know much about the Tor protocol, but if you're on the receiving end of packets that need a response, you need a way to address them back.
Basically, the client and the machine hosting the hidden service both connect to a rendevouz point and communicate via that. The connections to the rendevouz point are not direct. They are bounced through three nodes, with three layers of encryption, each node being able to peal off one layer before passing it on to the next.
This is why hidden services are pretty slow. Every packet has to be routed through 6 other machines, which each can be anywhere in the World.
There is enough bandwidth. It is latency that is the problem. That's why stuff like streaming videos or downloading large files over hidden services works fine.
What must be done, and by who, to solve the latency issue? Can it be improved at all? It seems that more folks rnning relays and contributing bandwidth increases available bandwidth, but what can be done about latency, anything at all?
Somebody put it well on the tor-talk mailing list today:
"both the client and the hidden service establish a three hop circuit to the same tor relay, where the connections are joint, so hidden services will have even double the delay of normal tor traffic. If relays were homogeneous distributed among the globe, two random relays will be 1/4 earth circumference apart on average. This means that a round trip will have a speed of light delay of 12 hops * 10 000km each / 300 000 km/s speed of light. That's 400ms from finite speed of light. Switches, routers and relays along the way will add to that."
Doesn't matter if his website is a hidden service or not. The communication between the website and the user is done through Tor relays, which are shared. There cannot be any unique ID tied to the user because that would break anonymity.
> Doesn't matter if his website is a hidden service or not.
Well, when it's not a hidden service, it's the exit node that gets to see the contents of the message before sending it (unless it's SSL of course) to the wider Internet. If there was a unique ID within the Tor network, no one on the wider Internet would be able to see it. My thought was that if you were connecting directly to a hidden service within the Tor network, there might be a unique ID. Sounds like even connecting to hidden services within the Tor network is done indirectly.
I have a hard time blaming them for this. They're a budget provider, so any extra cost handling subpoenas and legal documents (which, let's not kid ourselves, is going to happen 100x more on a Tor node than on the majority of their other customers) quite possibly means a loss for them on a server.
The relevant French: "depuis quelques mois, nous avons eu
plusieurs affaires juridiques lié à l'utilisation
de plusieurs réseaux TOR dans le cas de la pedo
et on va désormais l'interdire au même titre que
tous les systèmes d'anonymisation."
My (amateur) translation, cleaning up Google translate (which doesn't recognize Tor as a proper name): "For several months, we've had many legal matters related to the use of TOR networks in pedo cases, and from now on, it is forbidden along with all systems of anonymization."
Fellow Frenchie here- it does look like it was written by a high schooler rather than a CEO- awkward phrasing ("dans le cas de la pedo", wtf?!?), conjugation mistake ("liées"), use of "on va" instead of "nous allons" in a formal written statement...
The fact that he arrived in France from Poland at the age of 15 may explain that. Plus that his whole family works with him. Does anyone know if he speaks polish with them at work?
The company is 100% family owned! Not bad.
http://www.vaporcloud.info/
"Vous aussi vous en avez marre des annonces franco-françaises autour du Cloud financé par l'argent public ?
Adoptez le Cloud français d'OVH.com. "
It's not just exit nodes that you are forbidden from running. It seems any participation in the Tor network is banned, whether it be a relay, or a personal bridge in to the network.
"Pour des raisons de sécurité, l’ensemble des services IRC (à titre non-exhaustif : bots, proxy, bouncer,
etc.), services de navigation anonyme (généralement appelés proxy), nœuds TOR, ne sont pas autorisés
sur le réseau OVH sauf autorisation écrite d’OVH. OVH se réserve le droit de suspendre tout serveur sur
lequel ces éléments seraient utilisés sans autorisation préalable d’OVH."
It looks like anything looking like a proxy is forbidden now. Including tor nodes :/
For security reasons, all IRC services (including bots, proxies, bouncers, etc.), anonymous navigation services (also known as proxies), TOR nodes, are not allowed on the OVH network without written authorization from OVH. OVH reserves the right to suspend any server on which these services are used without prior authorization from OVH.
OVH used to be one of the top host provider.
Last year they removed the unmetered bandwidth and now TOR, VPN too ? (it's unclear to me).
What's next ? no HTTPS, European traffic only ?
seriously this sadden me, lucky for us Online.net is a good challenger.
I tried but failed to sign up for one of their 3 euro/month servers a few days back in response to other HN discussion (their .uk site wont accept Australian addresses, and their .com site doesn't have those inexpensive 1G servers).
The main reason I would have got the would have been to use as a non-US based VPN endpoint. (I'm somewhat less satisfied with my DigitalOcean droplet as a VPN endpoint since Snowden's revelations.)
Their support is totally abhorrent though, be prepared waiting days/weeks instead of minutes/hours for any support at all, they abruptly change your TOS and server specs without telling you, cancel you order for no reason without telling you or even refunding you etc.
They're totally horrible to deal with, unless you make minimum wage you're probably going to spend more on packets of Tylenol due to all the headaches they cause than what you're going to save.
Indeed. I ordered a Kimsufi server five days ago with a guideline setup time of 24 hours. Placed the order, made payment, no doubt I'm already paying for the service, but five days later, I'm still awaiting setup.
Their ordering process is painful. Their online management interface is atrocious. Communication is poor.
"no doubt I'm already paying for the service, but five days later, I'm still awaiting setup."
I'm a long time OVH customer and I can ensure you that your contract term will start only when you get your server.
As far as I know the first 1000 "3euros" servers got sold faster than they thought. Now they are building new ones. Be patient, your server is coming. ;-)
Bandwidth is more important than space to me, so Online is still much better. And as soon as they will have matched OVH's new prices there are going to be THE best host.
They removed it on their EU-customer only servers, which means they're relying on the fact that 80-90% (at least) of their bandwidth is going over EU IXes and is thus free to OVH.
"depuis quelques mois, nous avons eu
plusieurs affaires juridiques lié à l'utilisation
de plusieurs réseaux TOR dans le cas de la pedo
et on va désormais l'interdire au même titre que
tous les systèmes d'anonymisation. Cela augmente
l'utilisation frauduleuse de notre réseau et le
nombre de réquisition juridique chaque mois"
"starting a few months back, we've had an number of legal cases regarding the use of multiple TOR networks for pedo, and we will forbid its use from now on, the same way we forbid all anonymisation systems. It raises the number of fraudulent uses of our network and the number of subpoenas each month"
The policy is probably just a justification for canceling accounts after they get the first complaint; if you never generate a complaint they'll probably never notice.
7.4 For security reasons, all IRC services (for non-exhaustive: bots, proxy, bouncer, etc..), anonymous browsing services (usually called proxies), TOR nodes, are not allowed on the OVH network unless written consent of OVH. OVH reserves the right to suspend any server which these elements are used without prior permission of OVH.
Running a hidden services requires running a relay (exit or no-exit), right? I was planning to provide a hidden service for a site of mine for fun mostly but would not want to risk losing my server for satisfying my hacker enthusiasm.
What about hidden services? In my opinion that's the real heart of Tor. I think the value of exit nodes will start to wane as Tor gains a larger and larger user base and becomes it's own truly viable darknet. As it stands the majority of security related discussions I've come across regarding Tor strongly discourage spending any large amount of time on clearnet services anyway as this create many potential security/privacy risks.
If you are more interested in the hidden services aspect, did you also have a look at I2P [1]? It is more geared toward this aspect (exit nodes = outproxies in i2p-speak for example are just standard hidden services)
"With that in mind, what user would want to operate an exit node?"
All of the people who have already been running exit nodes for years? Those who don't mind getting that terrible knock on the door? Those who have already had that knock on their door, sometimes more than once, but who live in locations where they don't need to fear their local police?
They can, and they do. Which is why you need to use encryption as well as Tor if you want to something private. But that's the case without Tor anyway.
In theory you could run an exit node with a locked down exit policy, e.g. limited to web traffic which is routed through an IWF compliant proxy, disallow HTTPS and/or payment processing sites, add an HTTP header for reporting abuse/requesting blocks, etc.
Tor's cause is a noble one, but I fear it will end up (if it hasn't already) being used mostly by bad people for bad things.
Once you get your home or server IPs connected to black market forums, drugs, human trafficking or kiddie porn sites and your life (and your family's) has suddenly become more complicated, I wonder how many will still be eager to run Tor exit nodes? Maybe a few dreamers and anarchists.
Tor exits will be shut down one by one, either by the owners or by the police/state.
What we need to come up with is a fully encrypted, anonymous, self-contained super-internet of something like Tor "hidden services" only.
None of the nefarious services and use cases you list require the presence of exit nodes. Silk Road, for instance, is a hidden service. Obviously I don't know about the rest, but you'd have to pretty stupid to put such things on the public internet.
The only people who suffer from the loss of Tor exit nodes are the 'more genuine' or 'more worthy' users who need to use it to escape oppression, or state monitoring.
Exactly, the people who need it "the most" will prolly be left without it at some point.
From the comments I see for a proper "dark net" we now can choose between Tor (without exit nodes) and I2P, this is actually great news.
I'm an admin on a social/gaming site (a MUD with appendant forum, blogs, and other community elements), and we have had to make a few decisions about Tor in the last couple of years.
Some background: the site is quite old, and we have historically encouraged users to sign up without needing to provide a unique ID such as email address. They can provide one, but don't have to. In the last few years we have had the problem of occasional griefers log on and cause whatever social havoc they can.
Now, my personal feelings about Tor are generally quite positive, and I like the freedoms it provides people who are otherwise restricted by their ISPs or governments from accessing legitimate resources. Like many others have said, Tor is a tool that, while it can be used to do illegal things, is also used to provide a very useful service to people who need it to get on with things you and I take for granted.
Now, back to our griefers: We have a number of banning mechanisms based on IP or domain, and they tend to be successful because griefers usually get bored when they can't access the site for a couple of hours. However, because a tiny minority of griefers are more persistent, more technically adept, and figured they could use Tor to damage our community, we did a little bit of analysis and found that few if any legitimate users of our site came from Tor exit points, and we chose to block them. The alternative was to require a unique identity during the sign-up process, and frankly we wanted as few hurdles as possible to new users (anyone who knows the MUD community knows that it's in decline, and low-friction signups are pretty desirable). So we blacklist Tor exit points from our signup process. The unfortunate fact is that some Tor users do bad things with the fantastic tool at their disposal, and end up spoiling it for the legitimate (and extremely valuable) use cases that make it such an amazing tool. Yet its very anonymity means that there is no easy way to allow one set of uses while disallowing others. This is a hard problem, and one I'm not smart enough to solve.