Couldn't find any introduction to the project on the blog but the official repo has more info on the background for the project:
>Rust is more secure than C. Despite our efforts, it's all too simple to
mess up when using a language that does not enforce memory safety. We
estimate that at least half of our tracked security vulnerabilities would
have been impossible in Rust, and many of the others would have been very
unlikely.
>Arti is cleaner than our C tor implementation. Although we've tried to
develop C tor well, we've learned a lot since we started it back in 2002.
There are lots of places in the current C codebase where complicated
"spaghetti" relationships between different pieces of code make our software
needlessly hard to understand and improve.
Well done and thank you to all involved. You are making a real
difference on the side of democracy, human rights and the values of
the free world at an uncertain time when so much is under threat.
Towards the flagged sibling comment about the tor network providing a hiding place for illegal activities and terrorism:
While it's non-trivial to inspect many aspects of tor traffic, an often used study metric has been the (determinable) percentage of connections to hidden services, which are usually assumed to be disproportionately malicious.
This ranges around ~5% across most studies, the most recent one I can find shows similar results[0].
Results are limited by the inability to account for lawful use of hidden services, but also the percentage of malicious use outside of them.
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious.
I'm skeptical about their metrics. If I try to access a cloudfare protected site and never manage to finish the infinite captcha look or just change my mind after seeing the captcha, do they consider it a successful block? Even if we think they have some magic way of actually knowing whether all requests are malicious or not:
> That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network.
Personally I don't think content scraping and vulnerability scanning are "malicious per se", by that metric even Google (and every other search engine) would be malicious.
Criticism of this work[0] from which may be relevant.
"I could not find any reference to the toolset used to identify the websites being visited by the scanned users. I think this is important for external verification of the validity of the data. If the software is public and known, could the authors reference it? If the code is new, could the authors deposit it along the rest of the code in the OSF repository? This should not be a problem, since the authors do not have any conflict of interest."
You also might have heard about this saying which goes by: 'The road to hell is paved with good intentions' and it goes both ways. At least I happen to recognize that, unlike the grandparent comment.
> Either way, your same argument can be made against the whole internet which should demonstrate how silly it is.
Not really.
I recognize that the same criminals can also use the wider internet too, however there are central authorities and regulators in different countries that have laws that regulate the internet in the countries that they are in and these criminals will be caught very quickly if they tried.
The difference is that Tor only makes it more harder to trace, hence the appeal to criminals, extremists and terrorists to use it for their illegal activities which that is its unintended use case after promising 'privacy' and 'anonymity' for 'everyone'.
So yes, that is it's 'decentralised' road to hell indeed.
I've been wondering about this. Afaik Ross Ulbricht was caught due to shitty opsec. Was that a case of the NSA having that capability and not sharing it with the FBI?
Ulbricht was first connected to "Dread Pirate Roberts" by Gary Alford, an Internal Revenue Service investigator working with the U.S. Drug Enforcement Administration on the Silk Road case, in mid-2013.The connection was made by linking the username "altoid", used during Silk Road's early days to announce the website, and a forum post in which Ulbricht, posting under the nickname "altoid", asked for programming help and gave his email address, which contained his full name.
I'm actually moving the goal posts, and I should be explicit. I'm using career criminals to differentiate from people who are violating laws but not for personal gain, for example those that require them to use censored services, or buying drugs, both of which may be technically criminal in their countries.
Have you finally cracked the Tor network yet to find and trace all those Nazis, extremists, hitmen and terrorists that are still hiding there to make that unfounded claim?
Is it? There's just too many to list here, even after the shutting down of Silk Road, but these crackdowns cannot be ignored; and look what they found. Majority of criminals using it once again.
You're moving the goalposts. The people operating darknet markets are not Nazis, extremists, and generally not hitmen and terrorists. I have heard that many onion services host child sexual abuse imagery though, but I've never looked for reliable citations or personally verified.
Am I? Or didn't I just say 'There's just too many to list here' and just listed the notable examples.
> The people operating darknet markets are not Nazis, extremists, and generally not hitmen and terrorists.
So who operated those Tor nodes and services of multiple darknet websites in [0] and [1]? Another cybercriminal.
> I've never looked for reliable citations or personally verified.
Talking about 'movings goal posts' and missing the whole 'anonymity' point of Tor. Only time will tell, but so far a great use case for criminals, extremists and terrorists using it.
You can't prevent criminals from using math to conceal their activities (they can just use other solutions), you can just prevent law abiding citizens from having privacy.
So at this point it is ready for passing traffic through a SOCKS proxy. Meaning we can `cargo run --release -- proxy` and redirect applications to use port `9150` for their network connections.
Couple of related questions:
- Does anyone know, in a Linux distro, how to pass all system traffic through a SOCKS proxy port? I'm not looking for intermediary proxy handlers but an official method to force all user and system apps to use an arbitrary port.
- If it is not possible to do so, does `NetworkManager` have a setting for this?
- Is it possible to at least change Chrome/Firefox ports via CLI to an arbitrary port?
I don't think you can generally expect all processes to transparently use a SOCKS proxy? You might be able to finagle a custom vpn around it, I suppose. But AFAIK SOCKS isn't 100% transparent at the IP layer allowing all protocols to transparently layer on top?
I guess SOCKS5 handles tcp and udp - so you might get away with redsocks (which explicitly recommends against using with TOR):
Does anyone know how TAILS accomplishes this, then? It doesn't rely on a relay like Whonix does, but I'm not a networking expert or a Linux expert, so I'm not altogether sure how it does work.
Ah, interesting, thank you. As far as point (b) goes, it seems to work pretty well: I can’t recall an occasion where I’ve had traffic blocked. (I suppose in practice not many applications use custom IP-but-not-TCP-or-UDP-based protocols.) So could that same thing not be a solution to e12e’s question?
One way is to enable a global `LD_PRELOAD=libtsocks.so` (transparent socks) environment variable where you provide an optionally suid (to allow suid binaries to use it if you want) library that overrides `connect`, etc. and forwards them to your socks proxy. Make sure you get ipv4 and ipv6 support if you care. This is not bullet proof by any means. Any application that doesn't using the C library (e.g. go) will not proxy, but most things will.
There is a shell wrapper `tsocks` that does all that - all you need is to configure the SOCKS server/port in /etc/tsocks.conf and run `tsocks $COMMAND`, and all the TCP connections of `$COMMAND` will be tunneled through the SOCKS proxy.
Combined with ssh's `-D` option, it becomes a powerful ad-hoc VPN tool.
You have to be careful proxying everything through Tor if you care about using Tor to its full effectiveness, widely known issues with exit nodes aside, applications may naively sent through the same circuit: https://www.whonix.org/wiki/Stream_Isolation
Best option is to use software that supports SOCKS.
Alternatively you can set up local proxies (eg stunnel) or inject SOCKS support into the TCP calls of your app (eg. ProxyChains)
Tor only supports TCP, so you cannot route all traffic over Tor, you will have to drop a bunch.
<NOTIFICATION: Incoming chat from random IT person> Hey so I’ve been meaning to ask you about all this ssh traffic coming from your box. Do you know what that could be?
Right now it's not possible, but you could open an issue and maybe someday it will be! If you want to open an issue, it's here https://gitlab.torproject.org/tpo/core/arti/-/issues . If you don't want to create an account, say it and I'll create the issue for you.
I'm so happy we are finally getting an easy to use library to use Tor. I've wanted to use Tor in some of my projects but I didn't like having to install it or expecting the user to have it installed already. Time to re-learn rust...
Unfortunely there are tons of domains that it will never happen, given the existing ecosystem
We as society basically have to undo 50 years of going into the wrong direction, without the economical incentives to fix them, rather mitigate their faults.
While that is true and for some extreme cases might stay true for a long time (> 100 years) most software has a lifetime, even if it's damn long and as long as we start writing new software in better languages we will see progress over time, simply by old software dying or no one being able to deal with the legacy codebase anymore
There are millions of lines of code written in COBOL in production use, pretty much all of them addressing business-critical needs. FORTRAN scientific codes are not far behind, either. Better get crackin'.
An enticing UVP for Arti would be that it allows rust services to easily have cheap built-in network redundancy via tor integration. This would make it trivial for administrators to set up alternative access to their services if their services can reach tor.
This would allow global access to services in case of DNS outages, superfluous takedown requests, or anything in between.
Onion service support seems to be TBD, unfortunately.
Yeah I hate to always be that guy, but while I think Tor is great in that it exists at all and has inspired other projects, I think I2P is an overall better design. Not having a history with the US military or funding from DARPA is a plus, IMO. Tor isn't necessarily flawed for that reason, but I trust less anything the US government takes an interest in.
The unfortunate thing is that, as far as I'm aware, I2P doesn't have a "Tor Browser" of sorts, and most people would want to use I2P as a clearnet proxy; the audience for I2P may always be significantly less than that of Tor even if it was revealed that Tor was totally flawed.
I think that I2P could benefit from selling itself less as a means of anonymity and more as decentralized, censorship-resistant web hosting. The clearnet should then have inproxies to expose I2P sites rather than the other way around, as is the typical use case for Tor. That way you can spin up an I2P instance anywhere, instantly have a web server on a unique address, and have it be available on any number of clearnet inproxy nodes as well as to anyone connected directly to the network.
Having played a lot with I2P recently, I find it more "fun" than using Tor. It lacks in content, but its focus on hidden services (eepsites) and the relatively small number of users is reminiscent of he web back when I first started using it in the 90s. I like that it has a sort of DNS system that is only as centralized as you want it, and that it has a built in way of assigning your own domain aliases. Even if you (the reader) aren't interested in anonymous decentralized networking for any practical reason, I'd say it's worth testing out I2P just to get a kick out of how novel it is.
The Tor project was largely funded by the US government initially. If you use Tor currently it's already that compromised, if you consider that an issue.
I crafted this conditional to make no actual claim at all. Personally I don't consider the funding an issue, their processes seemed sound. But if you do then Tor is pretty much a lost cause from the beginning.
This question is relevant when 1: one of the most important (perceived) adversarial is the NSA; 2: as of 2012, 80% of The Tor Project's $2 million annual budget came from the United States government; 3: the Underhanded C Contest exists and we can assume that however secure Rust is, writing underhanded Rust code is possible.
I'm not sure that follows. First, funding != code. And the Underhanded C Contest exists because C kind of sucks; since Rust largely exists specifically to solve the problems with C, I would like rather more compelling evidence that underhanded Rust is possible than pointing at C.
The perceived adversary is not the NSA. Tor is mean to protect agents and journalists from average state level actors. It is not meant to protect you from superpowers that control most of the internets backbone. I would trust tor to protect me from Assad (or some other dictator of a mid level power) I would not trust it to keep me safe from Putin or Xi.
Perhaps you're forgetting that although the NSA have at times historically been regarded as good guys, they've since been found to quietly backdoor crypto products (etc) to others detriment.
Tor was initially funded by the Naval Research Lab (which is broadly similar to DARPA), and from a quick google, has received funding grants from the NSF and Department of State.
Of course not. SELinux is functionally unusable due to it's historical ties. Which is a real shame, because the network limiting (used to be, it's been a while since I looked) is very easy to use and quite good.
Is that likely? People who don't trust things backed by the US gov't are unlikely to be fond of SELinux, but even beyond that, AppArmor is used in preference to SELinux by the Debian and SUSE families, which probably gives it a greater share of the Desktop Linux market (vs SELinux, mostly used by the Red Hat family) even without ideological/trust issues in play.
I'm skeptical that there's much overlap between "people who seriously use TOR" and "people who use ChromeOS", but yeah Android is a fair point. (And I'll certainly grant that there are probably more Android devices out there than laptops/desktops running Debian derivatives.)
Tor was developed by the US Naval Research Laboratory to protect communications of the US intelligence community, so while it wasn't strictly developed by the NSA, if one considers products of the NSA contaminated by their connection to the US intelligence community, it's pretty hard not to see Tor as tainted in the same way.
All of them are, including this 'ZCash'. As long as there are enough greater fools to pump the price of the token. Only for them to lose their money in the end.
Tor is already seen in a bad light for being used for illicit activity, terrorism, illegal drugs, etc. We can have and fund tools that enhances privacy without endorsing or taking money from a so called 'cryptocurrency' that exists to distribute fake internet dark web tokens.
I explicitly do not call them currencies because they cannot be used as such in the real world. All these tokens are extremely volatile and always used by speculators which makes them useless to be used as a currency.
It is fake money that is being cashed out for fiat money on these unregulated token exchanges, not to mention the decentralised ones.
But you just outlined use cases for crypto (illicit activity, etc) in your grandparent post while simultaneously claiming crypto can't be used as a currency. Which is it?
As I said, they aren't useful at all in the real world legally, only on unregulated exchanges where only mostly criminals are able to swap their tokens for fiat from their scores of ransomware raids and scams.
I would be in favour of regulations needing to kill this part off as Monero and Zcash isn't accepted on most of them. Not to mention you cannot even pay your taxes with these crypto tokens.
It's quite easy to be ,,just'' a criminal nowdays. All you need is just be born in a country led by a multibillionaire dictator who wants to nuke the world and want to receive your salary for your hard work from an American company.
Perhaps instead of spreading even more ink around you could go into why you think this is the case. As it stands, the reader can only conclude you are angry - nothing else.
As I have mentioned before on other threads, crypto has no usecase other than to speculate on the token price, scam people and to embolden ransomware in the case with Zcash and other privacy tokens. On top of it all they all are unregulated and fluctuate too much to even act as proper currencies which they are not.
Other voices such as Luke [0] explain in vastly more than a HN thread.
I mean I urge folks who have the ability to direct some of their company's money towards Tor. It's directly helping both Ukranian and Russian citizens right now.
Sure Tor helps Ukrainian and Russian citizens, but I urge the Tor foundation to question themselves and to stop accepting crypto token donations and grants.
It acts as an endorsement and emboldens the cryptobros, enthusiasts and fans to pump the price of the token.
Why should they forgo an opportunity for funding that allows people to donate in countries where direct bank transfers to the Tor project would be logged and marked as suspicious, and which is resistant to payment processors deciding not to process the donations? Because you personally don't like cryptocurrency? That is ridiculously childish.
There is no reason to present a personal attack with your non-argument. As I said before in other threads there are alternative ways they can receive grants for funding of Tor projects without endorsing crypto scams. I mentioned Mozilla and Rust foundation as examples.
On the crypto tokens, there are tons of reasons not to use them as I have mentioned on this thread and others have mentioned as well. [0]
Privacy coins like zcash and monero should be considered distinct from the rest of the crypto sphere. They actually serve their use case very well, and of all cryptos they easily see the most use as actual currency rather than vehicles for speculation.
Their use case just happens to be purchasing drugs and other illicit products off deep web marketplaces. Or receiving payments for ransomware.
When you know a better solution just name it. It's easy to criticice a decision when you don't need to find a better way.
Who's interested in some crypto bros and some idiots that lose their money when you don't have another working possibility?
Using crypto is a good thing in my eyes, but you seem to be convinced that crypto is all evil and a scam.
We've seen in recent years that fiat payment systems are ran by bad actors, that will on a whim revoke access to their systems to any entity they deem "problematic", even if no laws have been broken.
Crypto allows entities to freely exchange money without having to worry about passing some arbitrary purity test or getting witch-hunted into oblivion.
The entire space is a scam? Luke makes some good points and some not so good points about the challenges with the technology.
He acknowledges that every single digital transaction you make can be seen by banks, for example, and yet does not propose an alternative solution. Credit card data is among the most valuable, and sold many times over to advertisers.
Do you personally think that that is a problem worth figuring out how to solve? If you don’t, it’s going to be hard to see the point. Similar to how we don’t need encryption because we have nothing to hide.
You are linking to those as if I haven’t read them – I have! I find the grift in the space just as gross.
You didn’t answer my second question about whether you (yes, you, not Stephen Diehl) think that having a private way to transact online is important. Do you?
The next question for you is a little more philosophical – say cryptocurrency is bad, evil and should be “gotten rid of”. What do you propose we do about that? Ban Proof of Work? Yell about it online and pretend that’s going to make it go away? Nothing I have heard about “what to do about it” quite makes sense. I think the actual answer is going to involve convincing people of things – people who work in cryptocurrency. Unilateral critics are working pretty hard against themselves in that regard.
The overall stance reminds me of people who think Facebook or Spotify are evil – they very well may be, but they provided such a massive utility to the world that the ideas are not going away (a social network connecting most humans on earth and an instantly accessible database of most music ever recorded). You have to fix what is out there, because you can’t really put the genie back in the bottle.
Tight regulations is the solution and is needed on the crypto space.
The privacy tokens will be first, Monero, ZCash, etc, they will be completely banned and made illegal due to this, (why does Coinbase still not allow these tokens?)
Next, we need to crackdown tighter on the exchange ramps, we only have to look at the Tether fraud [0] that is happening, then the crackdown will begin on the whole space.
Then the crash will happen from there and the fallout would be terrible for people who bought these now worthless casino chips. So maybe that crypto will still exist but way less people will use them, especially the privacy ones.
So while you refused to answer the question about how you would solve the problem of online financial privacy, your statement that regulation is needed juxtaposed to what looks like excitement that the first thing to be banned (which also BTW ignores part of the challenge you were given: exactly how does one truly ban a private system? at best you are also going to have to ban Tor, which you seem to claim an interest in existing... though I frankly don't believe you anymore) will be "privacy tokens" betrays that you don't give two shits about online financial privacy :/.
You are entitled to your opinion. But it is just that, an opinion. Not fact. Citing other opinions doesn't make your claim, that all crypto and web3 are a scam, a fact.
Only time will tell. In the meantime, I am happy that this project can get any funding from wherever it can. Especially, since open source is a thankless and typically paid-less job.
> I am happy that this project can get any funding from wherever it can.
There is nothing wrong with calling it what it really is. A scam. Complete fact. I can cite countless sources that wouldn't fit this comment box, but instead I point to alternatives as others have asked. [0] [1]
As I said before, solutions exist already outside of accepting and endorsing crypto scam token projects.
Small crypto grants seem perfectly designed for just such a project as Tor! I mean if one discounts the possibility of a rug pull situation, it has all the hallmarks: privacy preserving, decentralized, fungible ;)
So this means that Tor taking money from Zcash is an explicit endorsement of the crypto token space and the scams and speculation and environmental destruction they harbour.
Not to mention the ransomware enablement of a so called privacy token.
I don't think Tor would want to be associated with all of that on top of all the other illicit activities they are already associated with.
So when did you stop using Amazon? Or Apple? Or Visa? Because of the gift card scams. Or the usd? Almost all crime is paid for in usd.
Your argument is less than merited because there is no moral contrast with alternatives. Guilt by association is fallacious. That leaves only "because you don't like it" and that's a valid opinion, which you're welcome to, but having privacy enabling technology allows real world freedom. Others of us have the opinion that despite bad people existing, supporting the freedom and anonymity of people, good or bad, is an improvement to the world.
These privacy tokens enable ransomware, full stop. Taking money from them enables them to exist and to allow criminals to continue using Zcash, Monero, etc and effects are huge. They are not even regulated and this needs to stop.
Even if I were to use these crypto tokens, the price would fall over drastically upon receiving them. No notable improvement or use at all than receiving a donation or grant via card payment straight into my bank account. No scams or price drops at all there.
> Others of us have the opinion that despite bad people existing, supporting the freedom and anonymity of people, good or bad, is an improvement to the world.
There is nothing wrong with having privacy enabling technology, I didn't argue this at all so I am calling strawman on this.
What I do not want is for the Tor foundation endorse or accept money from a project that environmentally destructive and only benefits speculation, scams and doesn't work as a currency at all.
Taking a donor's money is at most an implicit endorsement. If an active serial killer gave me a million dollars to make the world a better place, it would be wrong for me to refuse to move money from a bad actor to those in need.
Great strawman but I still disagree and it is not what is happening here, it is still an endorsement of crypto scams, and in the case for crypto, this only amplifies the adoption of ransomware, scams and sure bad actors because of the donation. It just makes it all worse.
I don't understand how what I said is a strawman. I think an active serial killer is orders of magnitude worse than any crypto scam, but I would still take their money- ie. I'm disagreeing with a stronger version of your point.
I despise crypto, but telling an underfunded OSS project to abandon scarce funding for what is a relatively minor ideological reason definitely rubs me the wrong way.
Rather than demanding them to change, why not find a way to help secure them a source of less objectionable funding.
I would want them to at least go to the Rust Foundation Grants Program [0] or perhaps the Mozilla Foundation grants program [1].
This isn't minor, Wikimedia [2] is also asking the same thing of their project and they shouldn't use or endorse these crypto tokens, same thing as Tor.
Wikimedia is one of the most well-funded non-profits on the planet; they have largely unconstrained spending. They can easily be choosy about funding sources while other projects cannot afford to be.
> This isn't minor, Wikimedia [2] is also asking the same thing of their project and they shouldn't use or endorse these crypto tokens, same thing as Tor.
While funding is decent, you'd also want to compare to expenses, as well as reserves. The 2020 report did show an overall gain, but this has to be contrasted against the depletion of reserves in the previous year, not to mention the overall trend.
It's also a SOCKS proxy, which at least the last time I used Tor standalone (where I'd have to configure it myself, as opposed to as part of TBB or TAILS where it's set up for me) was the main way a client would access the network.
I’m not in the slightest bit surprised you are being downvoted — your comment is overly dramatic and not a remotely useful contribution. The title of the post of “An implementation of Tor in Rust”. The project claims to be an implementation of Tor, which it is, and it claims to be written in Rust, which it is. It doesn’t claim to be a standalone replacement, it doesn’t claim to be finished and it doesn’t claim to be not-a-library.
I think the downvotes were for an very emotional claim ("infuriating") backed up by 0 arguments. Although it is weird to me that the actual explanation got downvoted instead of the original claim
>Rust is more secure than C. Despite our efforts, it's all too simple to mess up when using a language that does not enforce memory safety. We estimate that at least half of our tracked security vulnerabilities would have been impossible in Rust, and many of the others would have been very unlikely.
>Arti is cleaner than our C tor implementation. Although we've tried to develop C tor well, we've learned a lot since we started it back in 2002. There are lots of places in the current C codebase where complicated "spaghetti" relationships between different pieces of code make our software needlessly hard to understand and improve.
https://gitlab.torproject.org/tpo/core/arti