So let's say I run a few websites and do support the idea. I read that article and think "I should setup an .onion version of my site and then point to that". The article points to https://community.torproject.org/onion-services/setup/ - and I'm immediately lost. Setup a local webserver? Why would I need that? The documentation mentions that I have to configure the webserver correctly, but offers no details about that whatsoever. So that's not a good start.
Hey, I know documentation is hard. But this could be improved a lot. By now I figured out that I'd have to install Tor on the server (not my machine, as the docs stated), find the torrc (the documentation has to mention where it is), point to the localhost port active of the webserver, the .onion address is autogenerated (so this will be an unreadable mess?) and can be taken from a file the tor software generates.
And this:
> We're not going to cover how to set up a web server here. If you get stuck or want to do more, find a friend who can help you. We recommend you install a new separate web server for your onion service.
Just cut it out. I'm actually lucky enough to have friends that could help me with this, but what if I hadn't? Cover in the documentation what needs to be done, or at the very least don't show an attitude about it.
Yes, we are aware of some flaws in the current documentation that have been migrated from the old site to the new site. Very soon we will improve this.
Documentation and ease of setup have long been the biggest weaknesses of Tor. The browser is easy but setting up a server or any of the infrastructure isn't.
The first time you setup a server or a relay expect it to take half a day to a full weekend.
The Tor community improved a lot the Tor Relay Guide in the last two years. Actually now you can easily setup a relay following the instructions: https://community.torproject.org/relay/setup/
You're right, those docs are a lot better than the last time I looked.
I forgot why exactly I didn't use ansible-relayor last time I setup relays but I had a reason. I'll try to use it next time I deploy a batch of relays.
it's possible they're trying to avoid a monoculture of web servers that serve tor sites in order to avoid many sites becoming insecure in the event of a bug disclosure for a software package they have no control over
They're not a tech support company or a hosting company. There are literally thousands and thousands of documents on basic web server installation and configuration already written. The information is trivial to find. It falls under "if you have to ask, you're not ready".
Running a default or standard configuration of the bigger web servers like Apache or NGINX is a terrible idea if you're actually trying to hide the identity of your server. Setting up a secure hidden service usually requires that several default or common features be disabled, if one actually wants to hide the location of the service.
...can you link some details on how we should actually configure this? Because the answer to your question is "No" but I'm sure a good many of the people here would like to be able to say yes.
I tried this feature of Tor Browser, using the first example I saw in TFA (www.propublica.org)... and was surprised to see that the .onion equivalent of the www.propublica.com home page... tried to make requests to third-party non-.onion cross-site surveillance trackers.
A separate concern, besides this choice of example, is why ProPublica is normally helping to leak the identities and intimate browsing behavior of people who visit their site, to some of the most powerful and invasive corporations, given this mission:
> ProPublica is an independent, nonprofit newsroom that produces investigative journalism with moral force. We dig deep into important issues, shining a light on abuses of power and betrayals of public trust — and we stick with those issues as long as it takes to hold power to account.
To be safe one should disable JavaScript and most if not all third-party requests on .onion sites. Thats why TorBrowser always includes NoScript. Unfortunately in an unsafe default configuration that allows too much.
So overall, I guess this move isn't intended to protect the masses but provide more cover traffic mainly.
I'm not sure how relevant this is to running your website on the "darknet", but a potential warning for future Tor service operators: I ran a TOR relay for about a year, eventually even ordering a static IP for 5€/month. One random day, I was unable to log into my online banking, receiving some obscure error code. After digging around and finally contacting the bank, they referred me to some "IP protection service" in the UK, which had put me on a blacklist for unknown reasons (they don't tell you the reason for security reasons, but there was mention of something "proxy"). After submitting multiple requests to remove me from their blacklist (all automated online with no option to talk to a human), I finally caved in and shut down my relay. After doing that, combined with waiting a few days, while also continually resubmitting my removal request, they marked my IP as "clean", allowing me to login to my bank again. The whole process took about 6 weeks, and neither my bank nor the UK service provided any assistance along the way. Fun times.
I would love to run a TOR relay again but I'm a bit paranoid now.
I had a similar experience with my Xiaomi (robotic) vacuum cleaner.
A few days after setting-up a tor relay (not an exit node!) on my home connection, my vacuum stopped working.
The "Mi Home" app, which communicates with the vacuum via a server in China, was unable to find the vacuum.
A traceroute to the Xiaomi servers revealed that my packets were dropped somewhere in the ChinaNet AS.
I stopped my relay and everything went back to the normal a few days later.
Is it really necessary for your vacuum to work, that it 1) connects to a server 2) on a different continent? Why would anyone willingly put something like this in their house?
It is the v1 of their vacuum which was not sold officially in Europe/America. The newer versions can work with servers located in Europe.
If you don't want to use the Xiaomi app there is an API to control the vacuum on the LAN.
See also "34C3 - Unleash your smart-home devices: Vacuum Cleaning Robot Hacking" [1]
Privacy and security concerns aside, I find that pretty magical that you can control a device from the other side of the planet, with only a few hundred milliseconds of latency :-)
Yes, unfortunately some sites and such "protection" services block Tor IP addresses to mitigate abuse. While just blocking exit nodes would be sufficient (though still an overly blunt instrument), some carelessly block Tor relays as well.
In the case of Onion Services, unlike running a Tor relay or exit node, you are using Tor as a client, much the same as when you use the Tor Browser. Your IP is not on any such global list of "Tor IPs". Your ISP (or VPN, if applicable), can see that you're using Tor (unless you use a bridge), but this doesn't get you on these sort of block lists.
On a side-note, if you're thinking of running a Tor relay from home to help contribute to the Tor network, but don't want to risk getting your IP address blocked, consider running a bridge instead. https://community.torproject.org/relay/setup/bridge/
Never use your home IP address is the conventional wisdom I've heard from relay operators and be aware there is a significant industry building up around figuring out whether or not traffic is tor'd and allowing to block based on that.
It's basically an arms race all the time; you'll need to pick as side. It's sad but there's a touch of "we don't want to do business with people who have something to hide" that has to get weeded out before you're not guaranteed to suffer any inconvenience from running a for relay.
Well that seems like all the more reason for more individuals to run a Tor (relay) node instead of consolidating into a minimum number of easily blockable VPS services. I personally am once again highly motivated after reading all the comments here basically excusing the shoddy behavior by lazy sysadmins.
If my bank blocks me again, my solution will be to use a VPN instead of giving in.
I'm just letting you know as someone who has been on the inside and actually talked with Risk departments at financial institutions.
They do it with rooted phones, and they do it with Tor. If you're using those, you're an acceptable loss based on their metrics. Unless you can figure out a way to set up your friends and family to be Tor'd, and everyone else does too, that won't change. Also, no matter how much you point out that from the inside, you can't avoid the fact that a lot of fraud inevitably ends up using the same tools.
I'm not saying I agree with or like that state of affairs, I've just fought that fight and it really doesn't go much of anywhere. They have their reasons, and what they deem to be acceptable reasons to make the decisions they do. As long as that is the case, you just end up having to live with it, or not do business with those companies. By fighting that fight, I mean doing things like pushing against things like adoption of device fingerprinting, and picking apart under what conditions it works and doesn't. From the perspective of the business these measures make sense. From the perspective of a society at large and what even a modest understanding of what courts would do with some meta-info if they knew it existed/was collected on the other hand, that resilience to fraud is not a luxury we may reasonably be able to afford for long.
I think you're confusing a relay and an exit node here. Pretty much everyone using Tor runs a node and for virtually everyone it's on IP also used for personal transactions. There are silly services which take every tor node as suspicious. They're wrong, but it doesn't matter if you get banned.
I also considered bringing up that point, but then I actually looked it up[0]:
> Tor relays are also referred to as "routers" or "nodes." They receive traffic on the Tor network and pass it along. Check out the Tor website for a more detailed explanation of how Tor works.
There's dictionary definition and there's typical usage. When people say relay node, they typically don't mean exit nodes. Not 100% correct, but the assumption is common.
Excuse my ignorance, but why should I not be allowed to run a Tor relay (not an exit node!) at home when I have sufficient bandwidth and purchased a static IP through my IP which they advertise even "to allow running of private servers"? I thought one of the points of the article was the propagation and subsequent democratization of Tor/Onion sites? If I have to rent a VPS to run a node, isn't half the point defeated?
IMO the real issue is that my bank is reckless for picking a shitty UK service (who don't even speak our local language - just imagine some poor soul getting blocked because someone else running a Tor node over DHCP).
Thanks for that info, I had no idea it was that bad. It's horrible yet understandable, with so many underpaid, overworked sysadmins out there (i can count myself as one of them).
I sometimes wonder the same! The problem was at the time that I dread going to the bank to do anything (and I tend to do a lot of transactions, especially recently due to certain events).
I will definitely repeat the "experiment" in the near future, just as soon as it is feasible.
I assume that isn't free? And more importantly, is that even supported/allowed by VPS services? I'm definitely open to suggestions!
EDIT: As I mentioned in another comment:
> I thought one of the points of the article was the propagation and subsequent democratization of Tor/Onion sites? If I have to rent a VPS to run a node, isn't half the point defeated?
hence 'if you have one'; you can also run it on your pc. internet connections are not free either but a basic vps is substantially cheaper. i am not any kind of specialist and i run a couple for hobby projects; one of them is $15/year. but nobody is stopping you from running a relay on your desktop.
CloudFlare had a much more elegant solution: the Alt-Svc HTTP header [1]. It is entirely transparent to the user. Security is guaranteed because it uses the original SSL/TLS certificate for exchange (that is, on top of the usual safety guarantees provided by a Tor hidden service).
Sadly they stopped doing that a while ago [2]. If anyone has insider knowledge about the reason behind, I would be really interested to hear about it.
Cloudflare only sends the header to clients it detects as Tor Browser. If you have tweaked your config or are running an older version, it may not detect correctly. Even if it had previously worked.
This technique is not "better than" the "Onion-Location" approach. They complement well. Use the 'Alt-Svc' header for all users with Tor Browser's user agent and send "Onion-Location" to all users. If a user decides to opt for the .onion address, they can. But they don't have to.
It’s so transparent that Tor Browser users cannot actually tell if Cloudflare’s Alt-Svc “Onion Routing” is actually working. Try to determine how your traffic was routed while browsing a site with Alt-Svc enabled.
A user should plainly know if _any_ traffic exited the Tor network and that is not always the case. (See mixed content on most HS mirrors of major sites like NYTimes)
I'm pro decentralizing the internet, but these movements really need some marketing chops. ".onion" TLD? (Yes I know it has been around for awhile) Think of how a normal person will view a ".onion" domain name. It's nonsensical to the uninitiated.
What about http, ://, www and other TLDs like .co.nz or .ac.uk? All of these were pretty meaningless to initiates of the internet. In this new age of ".pizza" and suchlike, ".onion" doesn't seem much different or weird tbh. (To be clear: I don't think these new tlds are especially good either, but it's the world we live in now.)
A common theme with country code tld's is that you get one country using someone else tld if and when there is a match in the local language and the two letters. For example, Sweden has a lot of swedish websites under the .nu (island state of Niue), to the point where the Swedish registrar actually bought and took over the operation of the tld. "nu" is the word for "now" in swedish.
For me who don't live in the states and have very little exposure of that satirical newspaper, .onion brings no connection to it. If I did not know about The Tor Project I would had guess it was a cooking related domain name. I would also have guessed that google was a company trying to sell glasses.
Names under the .onion TLD are random (they're derived from a public key, and you should generate your key pair randomly or else your private key isn't private). You can of course just keep picking random names until you get one that you like, but "the" isn't a possibility even if you kept trying forever.
Increasingly there are full word TLDs (see here: [0]), so I don't think people will find it that weird, especially since most people don't really spend a lot of time looking at the address bar.
The .onion TLD is named for onion routing[1] and has been around for quite a while as you pointed out. If it caught on, I imagine most people would accept the name without much thought. I think the bigger barrier to .onion catching on is getting people to install Tor at all.
"Web" definitely meant something to people as a metaphore, for long before the internet (ex. "web of lies").
"The 'internet' is like a spider's web, but each point in the web is a different computer."
vs
"Tor is like an onion, where each layer of the onion represents a computer acting like a relay, in a giant network of computers, which your traffic is routed through....."
Shrek is an old meme and onions are stinky. Do you think that's a recipe for this to catch on by the next generation? It's a miracle .com worked at all, and I wouldn't hold my breath for a second miracle.
> Shrek is an old meme and onions are stinky. Do you think that's a recipe for this to catch on by the next generation?
Yes, older members of Gen Z have already been enjoying Shrek "post-ironically" for years. Younger members of the generation are editing together clips of teenagers from the 00s as though it were some bygone halcyon era. Whether we like it or not the trends of reference and farce seem to be accelerating.
A normal person won’t be able to access an onion site, let alone care about the pop up they’re getting about its availability. I’ve watched people navigate web pages with the half screen cookie banner still open.
Tor is not targeting a “normal” person, as the media has already told the “normal” people that the only things available on the “dark”/“deep” web are illegal.
Are there other non-Tor onion routing programs? If so, .onion seems more generic and thus better. (I know that tor is the abbreviation of The Onion Router)
I am tempted to onionize my site for political (if that is the correct word) reasons.
I am almost done reading The Surveillance Economy and it feels like almost an obligation to push back. (Using ProtonMail, use a large leased server in Germany at Hetzner for my routine work and writing, and using private browsing tabs when I must use Twitter or Reddit.)
It looks like Onion domain hosting services are $5-$8/month, but going through their checklist and making one of my VPSs approved would be educational.
Running an Tor Hidden Service doesn't require a specific host. As far as I know the traffic it generates will not be malicious. You only need to worry about malicious traffic and Tor-friendly ISPs if you plan to run an exit node (and at this point you need to consider the legal implications as well).
Furthermore if you are not hosting any illegal/objectionable content and don't need to hide from law enforcement or state-sponsored attackers, a lot of the security concerns around anonymizing the server no longer apply either.
Using a centralized service which, ultimately, you have to take at their word seems to me like it should not be necessary in this age of trustless networks and innovation in decentralized technology. Speaking in particular about ProtonMail here. Are there any email services that are provably private?
Frankly this is one of the few non-financial areas where blockchain-like technologies make sense: anonymously creating and routing connections. Right now, you can encrypt the contents of your email, but there is no hiding who is the recipient and who is the sender, certainly not from the mail service on either end. Until you solve that problem (for example, by posting encrypted versions on a public blockchain), you never get a truly end-to-end secure communication channel.
Still, I feel better using ProtonMail than FastMail, and I consider FastMail to be preferable to gmail.
I also feel better only touching Twitter, Reddit, and Facebook in a private browsing tab. I understand that they can to some extent still use my data to make money for themselves and not share any back with me. I understand that even limiting the data collected in me, I am still subject to nudging, herding, and conditioning - but I hope to impede these actions against me.
I am an author and I rely on social media a few times a year to notify readers of new books, updates, etc. Otherwise I would be happy disconnecting, as I have disconnected from corporate news services.
Instead of Twitter you could use Nitter [0] for reading and use Invidious [1] instead of YouTube. There is also a privacy-friendly Insta client, but I forgot which one.
I often take the effort to convert the URL's to these sites before sharing with others (there are plugins that do this automatically).
I doubt there's a ready network of cypherpunk remailers sitting around at the moment. I seem to recall (~20 years ago) a lot of remailers ended up with spam problems.
However the system by which they operate is relatively easy to implement by volunteers. The model is very similar to Tor's onion routing (they're both Chaumian mix networks). I could see middle relays run by volunteers on their Gmail accounts (or whatever) with exit nodes being established addresses specifically for the purpose of being exit nodes.
Exit nodes might require messages be signed by a publicly available key or one registered with the exit node. The sender does need a public key for all the hops. So the final recipient needs to have a key known to the sender.
While spammers could send stuff to people they know public keys for, they wouldn't necessarily be able to send random spam to people.
IIRC in the historical spam problems the sender would make an anonymous (non-crypto) remailer the final recipient so the network would forward the encrypted messages around but the last one would remail the unencrypted message to an included distribution list or listserve or something. Since anonymous remailers aren't a thing anymore that spam vector is closed.
Remailers were an interesting thing a long time ago. Because they work on extant infrastructure I think they could be a cool thing again.
How does a blockchain solve the anonymity and routing problem? If I post anything on a public blockchain it will be cryptographically verified to have come from a specific account because all transactions are signed: https://blog.signatura.co/using-the-blockchain-as-a-digital-....
> Bitcoin uses digital signatures (ECDSA) to prove ownership of funds, so sending bitcoins requires the owner of them to digitally sign authorizing the transfer. This transaction is sent to Bitcoin’s public network and later recorded in Bitcoin’s public database (blockchain), so anyone can verify it by checking its digital signature.
If everything is signed and verified to come from a specific account then that's by definition not anonymous. To be anonymous it would need to be the case that no one could figure out who sent the transaction (making the sender of the transaction anonymous), i.e. it couldn't be tied back to any specific account.
Monero uses ring-signatures; every transaction is signed by multiple signatures and it's impossible who is the actual signer. You also cannot tell what public address belongs to the signature, nor which public address is supposed to be the recipient. There is a reveal key that you can give tax authorities to reveal only you as a sender or receiver of a transaction but not the other end of it.
Monero makes it impossible to tell what is what and gives people who want to trace money a very hard time doing so.
ZCash uses Zero Knowledge Proofs. A ZK Proof (in this case zkSNARKs) is a way you can prove that you own a key to a second party without a third party being able to tell if there was an actual key involved (it is very easy for two colluding parties to fake a successfull ZK Proof).
IIRC ZCash basically allows you to prove that a transaction has moved money correctly between two accounts without revealing what accounts those are or how much money was transacted. There is knowlegde of how much money is in the shielded pool, ie, all money behind ZK Proofs.
Either approach has different advantages and disadvantages.
Makes sense. I remember going to a bay area talk about Bulletproofs but the talk was abstract enough that I didn't get too much out of it. Interesting to see that Monero is using them.
you don't need to spend money if you have a server or even a raspberry pi or something—I run a mirror of my clearnet website as an onion service and it was a fairly straightforward setup.
In this context OnionShare (https://onionshare.org/) is an excellent program that even non-technical people can use to either share files or even complete static websites over Onion routing. The main advantage is you don't need to grub around with Nginx, Apache and the Tor daemon manually setting everything up.
I operate a few websites that host static content only. Is there any benefit to setting up onion services for these sites? Or are onion services more valuable for providing interactivity/logins?
If the data might be subject to censorship or spying, yes - using an onion service protects users from having info like “you read about STI treatment” sold to their insurers.
Why haven't we seen a pay-for-use version of Tor yet? The network won't scale unless exit and relay nodes are incentivized with value beyond warm-fuzzies.
Majority of the ISP's provide dynamic IP these days and getting static ip costs significantly more money. If you have a low compute device like raspberry pi running 24/7 which controls all the home network, then connecting(ssh) to it over internet requires static ip. The other alternative which does not cost money is setting up tor(which is pretty simple) and ssh socks proxy on the client machines. This use case is pretty common which does not involve privacy but very useful.
I did it for my personal site, and it wasn't too hard, I personally didn't have as much experience with nginx and stuff back then but if I were to set one up now I feel I'd be done in under 30m complete with a vanity url.
I remember, in 2014, Facebook started to be available on Tor, and people speculated that there will be a wave of popular websites being offered on Torspace.
Nothing came of this "wave", if I'm not wrong, right.
I still use Facebook via Tor quite often, even though it's barely usable - loading anything takes between 3 and infinite seconds (i.e. never loads, requiring multiple refreshes). I use it to let them know that people still use it, with the hopes that they don't even remove it. I don't have this problem with other Tor sites, so it leads me to believe they want to be able to advertise it as "we offer this because we care" while making it nearly unusable to the point that nobody will use it. It's very similar to the secure chat feature, which they continually move deeper and deeper into menus, each move progressively more difficult to find. They just yesterday enabled the new "layout", and I can't even find the secure chat feature anymore, they either buried it so deep or removed it entirely?
I am not an expert but as far as I understand it's harder to do correlation attacks when you're able to monitor network traffic when communication stays inside the Tor network. Additionally, you're replacing (or extending) CAs with Tor's public key cryptography for authentication and encryption.
Computerphile did an interesting video series on this!
> replacing (or extending) CAs with Tor's public key cryptography
Which is good because CAs are useless; they're complete overhead. Back when EV certificates meant something, they were marginally useful, but at this point, we might as well just switch to a TXT record that validates domain ownership. (Obviously, that doesn't protect against DNS MITM attacks, but that's a separate issue.)
Oh you mean storing some data to cryptographically verify that a particular server is associated with a domain? If I'm not mistaken, that's what .onion addresses are.
I wonder if anyone has tried putting .onion addresses into DNS and have clients treat them like address records...
An onion service's IP address is protected. Onion services are an overlay network on top of TCP/IP, so in some sense IP addresses are not even meaningful to onion services: they are not even used in the protocol.
End-to-end authentication
When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion. No impersonation is possible, which is generally not the case. Usually, reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks).
End-to-end encryption
Onion service traffic is encrypted from the client to the onion host. This is like getting strong SSL/HTTPS for free.
And there's another good reason for the Tor network: if you run an onion service, the traffic will use only Tor non-exit nodes in the circuit, giving a relief to the exit nodes.
The website cannot identify who they are, what ISP they use, or where they live. Similarly, middleboxes such as their ISP cannot find out what websites they are browsing, which is still easily possible even with TLS via many methods (DNS, SNI, IP correlation, many others)
Tor public keys don't prove identity (ie, that is cloudflare.com) while such a certificate over, for example, Alt-Svc headers does. Pure .onion certs exist as well and give extra reinsurance that you're on the correct website.
In theory no one can spoof a Tor hidden service. The service name itself encodes the public key, and only the corresponding private key can authenticate. Much better than https, where you have many dozens of "trusted" authorities, any one of which can compromise you.
And also it precludes any attacks a malicious exit node could run on your https traffic, like the other comment says
The domain is actually owned by the person running the website rather than leased on the whim of some corporation all too eager to bow to external pressures.
I'm in charge of a security for a reasonable sized company. I generally support the Tor project and the goals of having a surveillance free internet.
However - if an employee would install tor browser or use tor on a company device, or a device attached to the company network, they would be fired immediately. I would then refer them to law enforcement after conducting a forensic audit.
Should you make your site only available via onion routing, or primarily available on onion routing, all workplaces will immediately block access and look at anyone who accesses with great incredulity
I wasn't as active on the Internet during the initial rise of HTTPS, but I wonder how many companies, schools, and public stores threw the exact same fits back then when they realized there might be a world where they could no longer MITM every web request that went across their routers.
I do remember the "kids who use Linux are hackers" arguments from schools; arguments that still occasionally pop up on rare occasions. And even more recently, I see the pushback from administrators and ISPs over encrypted DNS.
My instinct in this situation is that the "only criminals need privacy" argument is probably evergreen, and that Tor probably isn't in a unique position.
Of course, companies can choose what to install on their own devices, and they can choose what software they'll allow to connect to their networks. The Tor project changes nothing about employers' rights to control and monitor the hardware that they issue. It's normal for workplace networks to have more restrictions than ordinary networks.
Nevertheless, if (beyond those policies) your instinct is that anyone you see using Tor is probably a criminal, then I'm not sure you can honestly claim that you "generally support the Tor project and the goals of having a surveillance free internet." A casual observer would be forgiven for thinking that maybe the opposite is true, and you're terrified of a world where the Internet can't be monitored -- particularly the ordinary, everyday Internet as accessed by regular nontechnical people on their regular, everyday smartphones and laptops.
> I wonder how many companies, schools, and public stores threw the exact same fits back then
Plenty did, but they were typically outgunned by the need for ecommerce transactions. Everyone had to order something with a credit card at some point.
TOR needs to find a mainstream killer-application like that, if it is to ever go beyond the current stereotypical demographic (hacktivists and criminals).
> There is no legitimate use for it in this context
There's no legitimate usage for World of Warcraft on a work computer, and I'd happily ban that from work computers. But I also wouldn't hop onto an unrelated article for new players and imply that all of them were criminals. The linked article never mentions work computers, it's talking to website operators.
If your objection here is that you think Tor is inappropriate at this moment in one specific work setting, then fine, but that's not really adding anything to the conversation about whether or not general websites should be made available over Tor. It's just unrelated FUD.
I want to be clear, the goal of Tor proponents is for everyone to be running Tor (or something similar), and for most websites to be available over Tor by default. People should be running Tor on their smartphones, on their home laptops. Tor should be the default way that people share files with each other, and the default way that people set up technical blogs, or even just quick websites that show off pictures of their cat. The vision of the Tor project is a world where Tor is normal and ubiquitous for regular, non-technical people.
So unless your work policy bans all personal devices from your network, creating an expectation that any smartphone that joins and boots up a Tor browser automatically belongs to a criminal is contrary to the goals of the privacy movement. Our goal is that every device and every website should be private by default. Your network should be the exception, and it should only have company-owned devices on it.
And of course it's fine if you disagree with that, you don't have to be a privacy proponent. Lots of smart, reasonable people disagree with us about what the balance is between security and privacy. But demonizing Tor users in ordinary, everyday contexts is anti-Tor.
> or primarily available on onion routing, all workplaces will immediately block access and look at anyone who accesses with great incredulity
To go a step farther and suggest that making a website available over Tor should automatically mean that people who visit it are suspicious -- that is also anti-Tor and (I would argue) anti-privacy in general.
If I went into an interview for any company in any field offhandedly mentioning that I ran a Tor website, and then had to field a bunch of questions about whether or not I was a criminal, that would be a major red flag to me to avoid that company.
I'm adding my thought that hosting a website on Tor primarily, will make it totally unavailable from many workplaces. Currently, Tor is not the place for a site that doesn't _require_ an extremely high level of anonymity of access.
The network policy does ban all personal devices, in order to control what connections originate from inside the network.
To be clear, I'm not demonizing Tor or Tor users. I like what the Tor project wants to do, and I support it, but believing it will be allowed in many corporate settings, in July 2020, is extremely naive. As I already mentioned, there's no legitimate use case to allow this in a corporate setting.
> There is no legitimate use for it in this context
Do concerns about being tracked between websites suddenly disappear at work? Is it no longer legitimate for an employee to log in to a personal account for non-work purposes via the corporate network on (for example) their lunch break? Etc, etc.
Also I'm a bit confused by your stance given the realities of encryption. Does your network strictly block all outbound traffic that it can't actively MITM? If not, a nefarious employee could proxy their criminal (Tor or other) traffic through an external machine that they controlled. In fact this would be the obvious thing to do as visiting an HTTPS (apparently) website on a personal device would seem much less likely to arouse suspicion.
> Also I'm a bit confused by your stance given the realities of encryption. Does your network strictly block all outbound traffic that it can't actively MITM? If not, a nefarious employee could proxy their criminal (Tor or other) traffic through an external machine that they controlled. In fact this would be the obvious thing to do as visiting an HTTPS (apparently) website on a personal device would seem much less likely to arouse suspicion.
Yes - with some exceptions (lunch break facebook/youtube etc)
You're saying that if someone installs TOR, you'd refer them to law enforcement? This is interesting. What do you tell law enforcement? You: "Hey I'd like to report someone a work installed a web browser that I don't like.." LEO: "are you reporting a crime?" You: "No, just that they installed TOR." LEO: "Sounds serious. Did they hack your network?" You: "No, I'm the head of security, I let my users install what they want, except I'm also mad they chose TOR so please come and arrest them."
That seems like a bit of a knee-jerk reaction, you could just ask them not to use Tor on the company network. Some legit browser come bundled with it (Brave).
In some businesses it is important that all employee communications are captured and can be inspected in case there is suspicion of IP or customer data theft.
For example in a hospital, there is no good reason for employee to use Tor on work computer.
>For example in a hospital, there is no good reason for employee to use Tor on work computer.
"I'm a doctor in a very political town. When I have to do research on diseases and treatment or look into aspects of my patients' histories, I am well aware that my search histories might be correlated to patient visits and leak information about their health, families, and personal lives. I use Tor to do much of my research when I think there is a risk of correlating it to patient visits. - Anonymous Tor User"
> in a hospital, there is no good reason for employee to use Tor on work computer.
I would argue that hospitals and other public settings are actually more in need of higher privacy in electronic communications.
Imagine a physician working on, say, Scarlett Johansson's health issues; he periodically sends this data to the specialist that will run some test, and a creepy sysadmin finds out. Should he be able to MITM those comms, and resell the info to newspapers (or worse)...? Nope; the physician should have perfect privacy from network operators.
That's an excellent example but I'd point out that in any such scenario devices ought to be thoroughly locked down and run strictly audited environments. If properly configured you wouldn't be firing an employee for using Tor but instead for maliciously tampering with company hardware.
I've plugged my laptop to my Corp WiFi, Brave browser was running a tor client process, I got approached by Ciso within 3 minutes asking to stop torring or get off the network immediately.
https://community.torproject.org/onion-services/advanced/oni... works better, it shows the configuration, but assumes there is already an .onion address and does not point to documentation how to set it up.
Hey, I know documentation is hard. But this could be improved a lot. By now I figured out that I'd have to install Tor on the server (not my machine, as the docs stated), find the torrc (the documentation has to mention where it is), point to the localhost port active of the webserver, the .onion address is autogenerated (so this will be an unreadable mess?) and can be taken from a file the tor software generates.
And this:
> We're not going to cover how to set up a web server here. If you get stuck or want to do more, find a friend who can help you. We recommend you install a new separate web server for your onion service.
Just cut it out. I'm actually lucky enough to have friends that could help me with this, but what if I hadn't? Cover in the documentation what needs to be done, or at the very least don't show an attitude about it.