This thread/discussion/response is getting very fragmentary, so pardon if I slash-and-burn a little to try and restore a theme:
On 3 October 2016 at 09:46, grarpamp <grarp...@gmail.com> wrote: > On Sun, Oct 2, 2016 at 5:53 PM, Alec Muffett <alec.muff...@gmail.com> > wrote: > > "How many more of X? How many X should there be in total? > > So now we need "more than 1" proxy network - but still, how many? > > Fermi Napkin is legit approach. > Though network quality and purpose must also be included in that. > So this is about proxy networks, their number, quality, diversity, function and purpose. To a first approximation I am in favour of maximising all of those, but practically I feel that that's a foolhardy proposition - simply, my Netflix viewing, or whatever, does not need to be anonymised. It _might_ benefit from a VPN (because see all the stories of ISPs choking bandwidth where they are not receiving a kickback) - but in such circumstances I'd prefer the solution to be "choose an ISP who are not a bag of dicks, and 'out' their ill-behaviour as much as possible", rather than to re-engineer the internet for this edge-case. Generalising: more tools, please, but let's not pretend that more than a fraction of bandwidth will benefit greatly from anonymity technologies. > Everyone isn't aware of why they might want it, and what they > are up against today. So of course their current position when > asked might be as such. Educate them and maybe they'll think > differently. I kind-of agree, but I'm not able - on grounds of pragmatism - to tell the world "DUMP EVERYTHING AND USE THIS NEW SUPER-PRIVATE SOFTWARE, MAYBE IT WILL MAKE YOU THINK DIFFERENTLY" My preference is "HERE TRY THIS NEW SUPER-PRIVATE SOFTWARE **AS WELL**, IT HAS COOL BENEFITS AND MAYBE IT WILL MAKE YOU THINK DIFFERENTLY" > all those proxy > > networks which are designed to let people watch TV when they are not in > > their home country <cough/> > > That would be one of "purpose"s above. Agreed, that's why I mentioned it. But for the 98% of the time that I *am* in the UK, I don't need (nor want) to take the performance hit of the BBC's geolocation-restricting firewall (geowall?) > We want big crowds of about that size. > > Yes, underutilization is a problem, especially for anonymity > networks that require utilization to deliver claimed properties. I was thinking about that, having pressed "send". It seems logically impossible, as well as unwise, to try and say "Tor is over-full, go use AltTor" when one of the key points of Tor is to strip identity; after all, whom will you identify to tell this too, and how? I feel that we just have to let market demand, and ability to scale & deliver value, be the deciding factor in what is available... > > Good question. My take: innovate and evangelise, stop pretending that > > one-size-fits-all. > > Tor has plenty of both, so the next step is to get off tor lists and get > on to the next size list. > ...as opposed to pretending that some manner of centralised policy, doubtlessly run by a cabal of people of impeccable ethics, is either of possible OR desirable. > Foster & support I2P for... well, whatever I2P is good at. I have no > > interest in filesharing and a major valueprop of Tor to me is bridging to > > clearnet through exit nodes > > I2P offers exit services. Its users can operate exit nodes. > Yeah, I saw the numbers. Tor wins. I suspect that exit services are not I2P's main value proposition? > having a namespace which intersects the rest of the web > > s/namespace/URI scheme/ > Good clarification. I am _very_ glad that the IETFers who argued against ".onion" and said that Tor somehow needed to become a "scheme" (eg: "onions://foo.onion/") were beaten. My take on the whole matter is "just because Tor Onionspace is not based upon DHS does not make the HTTPS protocol/scheme any different" However, do be alert: some folk in the IETF are still not content with that decision. [on forking] > Create _new_ stuff. That'd be superb. Just don't try to be like the > early > > Torfork weenies, proclaiming that they would split the Tor userbase (and, > > presumably, onion namespace) and that this would be "progress". > > It's one approach, and forking is valid per license, so cannot complain. > https://rotorbrowser.com/ https://twitter.com/indieonion Oh, I can complain. :-) Being independent from both parties I am free to characterise the indieonion brigade as a bunch of pseudo-student-radicals bent on trolling the community a-la Gamergate. If eventually it turns into a wholly new privacy technology or a separate and compatible Tor implementation that would be great. But it should never be pretended that it started as anything other than a tantrum by a handful of marginally-post-juvenile twerps, butthurt about Tor's internal "drama" and threatening to split the Tor network. It's that latter bit that I _really_ did not like. Make things better, but don't fuck with the infra, and don't split the userbase. We know the whitepapers tell us some of these systems have > enough bits^2 to do that. That researchers are collecting and > making anonymized statistical analysis from live systems. And > we know there are deployments of same or similar ideas for those > exact purposes in places from advertising to NSA. > The reason I wrote "that's bullshit" is because one moment someone is calling for more anonymity - even being hardcoded by default into the network - yet the next moment the same person is castigating (?) the platform providers for not bothering to apply all the possible signals and technologies at their disposal, to track, deanonymise, and even merge multiple identities ("User 476 types in exactly the same way as User 9945!") - in pursuit of authentication. A huge chunk of the people on this list, I aver, would be totally freaked-out at the suggestion that what is needed is a _more_ comprehensive approach to platform identity. > > The issue is that "authentication" and "deanonymisation" are from many > > practical perspectives **exactly the same thing**. > > Depends on the context. Almost. It depends on the "perspective", and "intent". Unfortunately, as I have seen first hand, you can build a tool "for great good!" only for a bunch of privacy activists to say "ZOMG THIS IS CLEARLY AN ATTEMPT TO DEANONON THE TOR NETWORK AND ADVERTISE TO THEM" Privacy activists can be total assholes sometimes. Me included. [On User Service] > To reduce harm and cost, sometimes you will get a little of both. > > With a bit of training, an entry level helpdesk junkie can review and > nuke an amazing amount of genuinely bad accounts. "Helpdesk", he says. Ho ho ho ho... I'd suggest the > big corps can afford to dedicate a junkie or two to similar tasks, > under recognition that IP blocks alone take out good with bad. > True, and - to reassure you - spamspotting is already often based on more than just IP address/block/ASN. It's a source of constant amazement to me that folk believe this stuff is not already being tried - or got tried and then replaced by something better. If the CIO/CSO/CTO, even on down into the techs, at any of these top N sites > in their categories, did *not* know about tor / vpn / proxy (or have a > staffer > they knew to go ask about what's up with the IP's), after decades of these > tools existance and relavance as a class to netsec, even if only in a "Oh > is that that DeepSilkLeaks thing I heard on the news" sort of way, I'd > consider > them incompetant and fire them. > Then you'd be firing some of the best netops and sysops people in the world, merely because they believed the things that the media have told them about "the dark web". > > Parachuting clones of me into organisations is not what changes things. > > ... > > but there are also these *other* people who use the service > > Yes, the gist of what I meant was, they don't trust hearing it from > users, and they don't trust hearing it from the likes of Tor Project, > to them they're both biased and outside. Concur. > who need especially it in sudden > > rushes when bad things happen, so we need to build things such that > > accommodations are made for that. > > That's backwards, you're not going to onboard users when shtf unless > you've already done the work to allow them in general population > long beforehand. > Frequently it's not "onboarding" - the spikes are largely people who - faced with a sudden network block - fire up a tool (Tor Browser) that bypasses the block and gets them to the site on which they are *already* registered and which they *want to use*. Then when the block is finished, they go back to Chrome or whatever their preferred browser is - the one with session-cookie persistence, with Flash support and great for playing music and porn. The majority of users will use Tor "at need"; a relative minority use it 24x7-ish. -a -- http://dropsafe.crypticide.com/aboutalecm -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
