Talk:Tor (anonymity network)
|This is the talk page for discussing improvements to the Tor (anonymity network) article.
This is not a forum for general discussion of the article's subject.
|Archives: 1, 2, 3|
|This article is of interest to the following WikiProjects:|
|The contents of the Portable Tor page were merged into Tor (anonymity network) on 9 November 2013. For the contribution history and old versions of the redirected page, please see ; for the discussion at that location, see its talk page.|
"An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting"."
"As of 2012, 80% of The Tor Project's $2M annual budget came from the United States government,"
Not verifiable and relevant to topic
Current wording of Wikipedia block on Tor (anonymity network) at the lead of the article (as described at WP:LEAD) is unable to get verified. Need a good source (not a WP:BLOG, WP:USG, WP:UNRELIABLE, ect) to verify content and that weird link to Wikipedia:Advice to users using Tor completely unrelated. Wikipedia is not being discussed and there is no reference in body to verify lead. User:Saschaporsche what rule did you apply here? Would discuss this out. — Preceding unsigned comment added by 22.214.171.124 (talk) 07:38, 6 July 2019 (UTC)
Current wording of lead:
References cited to support inclusion:
A New York Times article is being cited which discusses about a current situation of Wikipedia block in Turkey, which has received extensive media coverage. The news article discusses about the Virtual Private Network block on Wikipedia which is discussed extensively on the article, not Tor's block on Wikipedia. A link to Wikipedia namespace does look problematic as it is not being well aligned to WP:WIKILINK which states to use Mainspace links instead of Wikipedia: namespace links.
Text of reference is (NYT; attribution of fair use to demonstrate unverifiability and incorrect reference):
ISTANBUL — Baris Dede, a game design student, had a question: How easily did Viking longboats glide through the water? Dilara Diner, a psychologist, wanted to double-check a symptom of hysteria.
But these Turks were not able to quickly find out what they wanted. Since late April the Turkish government has blocked one of the world’s go-to sources of online information, Wikipedia.
After Wikipedia refused to remove unflattering references to Turkey’s relationship with Syrian militants and state-sponsored terrorists, officials simply banned the whole site.
Several weeks into the ban, some Turks are still struggling to remove Wikipedia searches from their muscle memory.
Yaman Akdeniz, a law professor, turned by habit to Wikipedia to find out when the latest “House of Cards” season was released.
“You forget that it’s blocked, and then you click on it and then — boomph, nothing: You realize you can’t access it,” said Professor Akdeniz, describing his personal form of digital whiplash. Many people didn’t realize until after it was blocked, he said, that Wikipedia “was so much a part of our lives.”
Mr. Dede said he mourned the loss of “part of your memory.” Even in his academic world, where Wikipedia is sometimes scorned, the website was secretly seen as a good starting place for research, he said.
But beyond the problems it has created for the curious, Turkey’s Wikipedia ban is a reminder of something darker, government critics say: a wholesale crackdown on free expression and access to information, amid wider oppression of most forms of opposition.
Wikipedia is just one of 127,000 websites blocked in Turkey, estimated Professor Akdeniz, who has led legal challenges against the Wikipedia ban and other web restrictions. An additional 95,000 pages, like social media accounts, blog posts and articles, are blocked on websites that are not otherwise restricted, Mr. Akdeniz said.
Some of these sites are pornographic. But many contain information and reporting that the government finds embarrassing. Sendika, an independent news outlet, is now on the 45th iteration of its website. The previous 44 were blocked.
For web activists in Turkey, Wikipedia is simply the latest victim of a wave of online censorship that grew steadily from 2015 onward and then surged significantly after last year’s failed coup.
The coup attempt gave President Recep Tayyip Erdogan the political cover to expand a crackdown on his opponents, including in the traditional news media. Since the coup, 190 news organizations have been banned and at least 120 journalists jailed.
“The international community noticed this issue by reference to the Wikipedia block, but it’s not a new thing from our point of view,” Mr. Akdeniz said. “Critical media is under stress on a daily basis — and what made that visible is the Wikipedia ban.”
For students, the ban could not have come at a worse time: just as they were knuckling down for exams.
“It’s a big obstacle,” said Ege, a 17-year-old high school student, whose surname has been withheld at the wishes of his headmaster. “Wikipedia is the source of the sources — you can find everything there.”
While studying Jean Anouilh’s French adaptation of a Greek tragedy, “Antigone,” Ege’s friends had wanted to know more about the heroine’s father: the mythical King Oedipus, who mistakenly married his mother.
“The Oedipus bloodline, what he did, the curse that was put on his family,” Ege’s classmate Yusuf said. “Reaching that information wasn’t exactly easy.”
Wikipedia use has fallen by 85 percent in Turkey since April, but some have managed to circumvent the ban with a VPN, or virtual private network, a tool that helps web users gain access to blocked websites.
According to GlobalWebIndex, a group that researches worldwide internet activity, Turkey has the third-highest VPN prevalence in the world. More than 45 percent of Turks ages 16 to 64 who have web access used a VPN in the first quarter of 2017, and the practice has become second nature even for some beginners.
“My mom learned to send an email two years ago,” Mr. Dede said. “The next thing, she’s learning how to access a VPN.”
But VPN use comes with an unwelcome side effect. Because Wikipedia does not allow VPN users to edit articles, Turks are unable to correct or update information posted on the site or write new articles.
“Turkey has lost its voice online because of its inability to edit Wikipedia,” said Alp Toker, a co-founder of Turkey Blocks, a group that tracks Turkish internet censorship.
In addition, some VPNs are also banned. Those that remain are often slow, particularly on cellphones, so using one is sometimes not worth the hassle.
As a result, some students are getting desperate about their final exams.
“Dear President of the Republic, the Leader, open up Wikipedia at least until the end of the finals week,” one wrote on Twitter. “President, I am overwhelmed, hear me out.”
No mention of Wikipedia's block of Tor (although it has a article and a extension to enforce them).
Requested move 15 September 2019
Quick note on move request
I missed the entire move request, which is fine since I agree with the outcome. :) However, I wanted to note a couple points for future reference in case it becomes relevant later:
- The article is about the Tor anonymity network, not the software called "tor". While tor is the software typically used to access the Tor network, you wouldn't say that the article on BitTorrent is about torrent clients, or that the article on the World Wide Web is about browsers.
- The claims of WP:RECENTISM seem vastly overstated to me. For one, the network has been around for almost two decades now, and isn't going away any time soon. It's well funded, has a massive community, and is one of the most consistently used privacy enhancing technologies over the course of its existence. Furthermore, it's not just Wikipedia accesses that indicate it's better known than the rock formation. A Google Scholar search for "tor rock" turns up 547,000 results, while a search for "tor network" turns up 1,980,000 results (related searches like "tor geologic" and "tor privacy" give similar discrepancies). Just because something is newer doesn't make it WP:RECENTISM, and we have hard numbers that indicate that's not the case here. For an analogy, the page for train is on the industrial vehicle, even though the word predates that use by hundreds of years, and isn't even close to the main definition on wikt:train.
Possible incorrect information
The article states "Tor does not prevent an online service from determining when it is being accessed through Tor." However, this CAN be incorrect under certain circumstances. This is because the means via which we determine whether or not a given IP is a tor node is based upon the lists provided for by Tor which come from the mainstream public directory authorities. Most users use the public directory authority in actual practice, but it is possible to form your own directory authority, if you were to have enough nodes join your directory authority. Simply put, the ability to learn if a machine is a tor node is dependent upon the given directory authority publishing to the public in some way or another that the information that it is a tor node. While the Tor project does this for the mainstream public directory authorities, other directory authorities may not necessarily do this, though the nodes would still very much be "Tor" nodes within the classical sense. 126.96.36.199 (talk) 00:56, 25 September 2019 (UTC)
- The statement looks correct as written to me. Another equivalent wording that might make things clearer for you, but would probably confuse most laypeople, is "An online service determining if it is being accessed through Tor is not in Tor's threat model." An alternative tor network could opt to refrain from disclosing this information, but that's not the same as tor preventing it. My guess is that there are mechanisms which would work for fingerprinting Tor traffic from the server side, because this was never a threat anyone has been trying to defend against (off the top of my head, I know Tor handles half-open TCP connections unusually). And from a more practical perspective, outside of test networks (which typically aren't allowed to exit to the wider internet), I've never heard of an alternative network being deployed, so clarifying that this isn't something Tor as it exists will help you with seems like good information to convey. —Tga (talk) 17:06, 26 September 2019 (UTC)
- Agreed. To the OP: even if a given set of nodes does not publicly disclose that they are, in fact, Tor nodes, that does not prevent servers being accessed by Tor exit nodes from profiling all visitors and thereby determining which visitors are actually Tor exit nodes. The fact that Tor exit nodes are not required to publicly disclose their status as exit nodes does not imply that nodes which do not disclose such status cannot be identified as exit nodes through other means. — JivanP (talk) 19:17, 2 October 2019 (UTC)
Missing info at “Some protocols expose IP addresses”
There is a lot of discussion on the boards (e.g. reddit) about the security of webm, especially regarding the protection of the user’s IP address when using HTML5. This is a very active discussion right now in the context of using TOR even over VPN, especially on iOS and possibly other mobile platforms. I did not see any discussion of this on other security-focused wiki pages nor on the webm Wikipedia page. Perhaps someone with more detailed knowledge than I could consider adding something to this section of this page on this topic? I also will added a note to the webm Wikipedia page about this. Mike-c-in-mv (talk) 17:19, 8 October 2019 (UTC)
Splitting December 2019
Wikipedia:Article_size recommends dividing from a size of 60k and strongly recommends it from above 100k. This article is 137k. What part should be moved to a different article? — Preceding unsigned comment added by Streepjescode (talk • contribs) 16:02, 17 December 2019 (UTC)
- Perhaps a split is not required. By User talk:Dr pda/prosesize.js the "readable prose size" is 44kb, which is within the standards of that article size recommendation. Much of the content here is in citations and lists. Maybe those usage templates with all that data are contributing to your larger measurement; I am not sure.
- If there were a split, then there could be a History of Tor article. Tor is 20 years old, and as with much software, the relevant information is the software's current state. I have no idea if the "weaknesses" are still accurate, because I do not know if problems from 5-15 years ago still persist today. Some of the implementations are probably stale, and the year by year updates in "impact" could be moved to a long history article but summarized here. To save time and editorial labor, I say move lots of old content to a history article for preservation and reworking, and do so without changing it in the split, then let anyone work it there if it needs curation. The information should be accessible but it is excessive here. Blue Rasberry (talk) 20:17, 17 December 2019 (UTC)
"Weaknesses" section outdated and one-sided
It focuses too much on outdated attack methods. It references some really old studies (2009, really?) and methods that as of 2020 are patched. Why not talk about a current problem, such as malicious relays running SSLStrip? or hidden services being DoSed? I suggest rewriting the entire section, focusing on relevant stuff, and actually referencing Tor's blog. https://blog.torproject.org/bad-exit-relays-may-june-2020 https://blog.torproject.org/stop-the-onion-denial https://blog.torproject.org/ IveGonePostal (talk) —Preceding undated comment added 11:27, 10 September 2020 (UTC)
- I don't know I'd call it "one-sided", but it definitely suffers from outdated WP:RECENT, and needs to be rewritten. The question is, do we try to rewrite it to avoid said recentism entirely, or just remove old attacks and update it with the attacks that are more likely to be relevant to contemporary readers of the article? If we re-structure it to avoid recentism by orienting it towards classes of attacks and the general Tor Project response to them, we can avoid having to do this again in another few years, and generally make things more appropriate for Wikipedia's style. On the other hand, readers for security-critical software like this might be more interested in the latest attacks they should be thinking about, rather than more abstract understandings of Tor's security. Do any more experienced WP editors have advice for how to weigh this sort of thing?--Tga (talk) 18:20, 10 September 2020 (UTC)
- The former option sounds nice. I don't think we should delve any deeper into past attacks that have been patched. It may give readers the wrong idea that Tor that it is inherently unsecure. We should give readers the general idea that Tor users can be "deanonymized" because of correlation attacks, i.e using the same pseudonym both on clearnet and Tor. I'll add a "Section needs to updated" template for now IveGonePostal (talk)
People relying on Tor as a 'safety-critical' piece of software, that if it were to fail would result in being busted, etc... but it has not been written to such standards.
Also it an open open secret within the internet service provider community that it is not secure, because anyone with a "God's eye" view of the network can break it. That means pretty much all governments and many law enforcement agencies. So the software could be considered a honeypot because it provides a false sense of security, and innocent people who are not true criminals are likely to end up being prosecuted because of draconian 'thought crime' computer crime laws.
- Tor does not claim to be functional against a global passive adversary, and has openly stated as much since its inception. There is no publicly known case of such an adversary using this information in practice. Rest assured, if there was a fundamental and practical flaw in how Tor operates that adversaries (or researchers) knew about, there would be a lot more visible use of it. But of course, if you know that your adversary does have a global view of the network, then you should not rely on Tor. It's also just true that most people do not have such adversaries, and those who do, basically cannot use the web at all. With regards to your link, I would recommend not taking its claims seriously, and we certainly can't use it as a source here on Wikipedia; that blog has a reputation of not being particularly well-informed or knowledgeable about the subject. My understanding is that the community has been trying to be patient with explaining things to this person, but to no avail (to be fair, it's easy to misunderstand these things, but there's a reason why this field has a peer review process, and random attention-seeking blogs aren't a part of it). In any case, accurately describing the threat model Tor uses is, of course, well within the scope of this article, but just describing things as "safety-critical" or not doesn't actually mean anything. --Tga (talk) 15:55, 18 September 2020 (UTC)