Talk:Tor (anonymity network)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

partial impartiality[edit]

"An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting"."

"As of 2012, 80% of The Tor Project's $2M annual budget came from the United States government,"

hahaha. oh dear. — Preceding unsigned comment added by 220.233.16.6 (talk) 08:12, 7 October 2014

Not verifiable and relevant to topic[edit]

Current wording of Wikipedia block on Tor (anonymity network) at the lead of the article (as described at WP:LEAD) is unable to get verified. Need a good source (not a WP:BLOG, WP:USG, WP:UNRELIABLE, ect) to verify content and that weird link to Wikipedia:Advice to users using Tor completely unrelated. Wikipedia is not being discussed and there is no reference in body to verify lead. User:Saschaporsche what rule did you apply here? Would discuss this out. — Preceding unsigned comment added by 182.58.239.252 (talk) 07:38, 6 July 2019 (UTC)

Current wording of lead:

For example, the MediaWiki TorBlock extension automatically restricts edits made through Tor, although Wikipedia allows some limited editing in exceptional circumstances.[1]

References cited to support inclusion:

A New York Times article is being cited which discusses about a current situation of Wikipedia block in Turkey, which has received extensive media coverage. The news article discusses about the Virtual Private Network block on Wikipedia which is discussed extensively on the article, not Tor's block on Wikipedia. A link to Wikipedia namespace does look problematic as it is not being well aligned to WP:WIKILINK which states to use Mainspace links instead of Wikipedia: namespace links.

Text of reference is (NYT; attribution of fair use to demonstrate unverifiability and incorrect reference):

ISTANBUL — Baris Dede, a game design student, had a question: How easily did Viking longboats glide through the water? Dilara Diner, a psychologist, wanted to double-check a symptom of hysteria.

But these Turks were not able to quickly find out what they wanted. Since late April the Turkish government has blocked one of the world’s go-to sources of online information, Wikipedia.

After Wikipedia refused to remove unflattering references to Turkey’s relationship with Syrian militants and state-sponsored terrorists, officials simply banned the whole site.

Several weeks into the ban, some Turks are still struggling to remove Wikipedia searches from their muscle memory.

Yaman Akdeniz, a law professor, turned by habit to Wikipedia to find out when the latest “House of Cards” season was released.

“You forget that it’s blocked, and then you click on it and then — boomph, nothing: You realize you can’t access it,” said Professor Akdeniz, describing his personal form of digital whiplash. Many people didn’t realize until after it was blocked, he said, that Wikipedia “was so much a part of our lives.”

Mr. Dede said he mourned the loss of “part of your memory.” Even in his academic world, where Wikipedia is sometimes scorned, the website was secretly seen as a good starting place for research, he said.

But beyond the problems it has created for the curious, Turkey’s Wikipedia ban is a reminder of something darker, government critics say: a wholesale crackdown on free expression and access to information, amid wider oppression of most forms of opposition.

Wikipedia is just one of 127,000 websites blocked in Turkey, estimated Professor Akdeniz, who has led legal challenges against the Wikipedia ban and other web restrictions. An additional 95,000 pages, like social media accounts, blog posts and articles, are blocked on websites that are not otherwise restricted, Mr. Akdeniz said.

Some of these sites are pornographic. But many contain information and reporting that the government finds embarrassing. Sendika, an independent news outlet, is now on the 45th iteration of its website. The previous 44 were blocked.

For web activists in Turkey, Wikipedia is simply the latest victim of a wave of online censorship that grew steadily from 2015 onward and then surged significantly after last year’s failed coup.

The coup attempt gave President Recep Tayyip Erdogan the political cover to expand a crackdown on his opponents, including in the traditional news media. Since the coup, 190 news organizations have been banned and at least 120 journalists jailed.

“The international community noticed this issue by reference to the Wikipedia block, but it’s not a new thing from our point of view,” Mr. Akdeniz said. “Critical media is under stress on a daily basis — and what made that visible is the Wikipedia ban.”

For students, the ban could not have come at a worse time: just as they were knuckling down for exams.

“It’s a big obstacle,” said Ege, a 17-year-old high school student, whose surname has been withheld at the wishes of his headmaster. “Wikipedia is the source of the sources — you can find everything there.”

While studying Jean Anouilh’s French adaptation of a Greek tragedy, “Antigone,” Ege’s friends had wanted to know more about the heroine’s father: the mythical King Oedipus, who mistakenly married his mother.

“The Oedipus bloodline, what he did, the curse that was put on his family,” Ege’s classmate Yusuf said. “Reaching that information wasn’t exactly easy.”

Wikipedia use has fallen by 85 percent in Turkey since April, but some have managed to circumvent the ban with a VPN, or virtual private network, a tool that helps web users gain access to blocked websites.

According to GlobalWebIndex, a group that researches worldwide internet activity, Turkey has the third-highest VPN prevalence in the world. More than 45 percent of Turks ages 16 to 64 who have web access used a VPN in the first quarter of 2017, and the practice has become second nature even for some beginners.

“My mom learned to send an email two years ago,” Mr. Dede said. “The next thing, she’s learning how to access a VPN.”

But VPN use comes with an unwelcome side effect. Because Wikipedia does not allow VPN users to edit articles, Turks are unable to correct or update information posted on the site or write new articles.

“Turkey has lost its voice online because of its inability to edit Wikipedia,” said Alp Toker, a co-founder of Turkey Blocks, a group that tracks Turkish internet censorship.

In addition, some VPNs are also banned. Those that remain are often slow, particularly on cellphones, so using one is sometimes not worth the hassle.

As a result, some students are getting desperate about their final exams.

“Dear President of the Republic, the Leader, open up Wikipedia at least until the end of the finals week,” one wrote on Twitter. “President, I am overwhelmed, hear me out.”

No mention of Wikipedia's block of Tor (although it has a article and a extension to enforce them).

References

  1. ^ PATRICK KINGSLEY (June 10, 2017). "Turks Click Away, but Wikipedia Is Gone". The New York Times. Retrieved June 11, 2017.


Requested move 15 September 2019[edit]

The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion.

The result of the move request was: CONSENSUS TO NOT MOVE. --- Coffeeandcrumbs 02:10, 23 September 2019 (UTC)


This page, Tor (anonymity network), gets the most traffic. See the pageview analysis of the articles on the disambiguation page. Because of this high traffic the WP:PRIMARYTOPIC for the term "tor" is this page.

There were a series of similar move requests in 2015-16. I participated in those. What is new now is that we have these traffic analytics tools which make it easy to identify a WP:PRIMARYTOPIC with data by running a query. Blue Rasberry (talk) 13:38, 15 September 2019 (UTC)

  • Reasonably convinced... the traffic analysis you linked is convinces me that PRIMARYTOPIC comes into play. Jason Quinn (talk) 14:22, 15 September 2019 (UTC)
  • Oppose I am not convinced there is a primary topic here, due to the long-term significance of the many other potential topics. However, the disambiguation "anonymity network" sounds clunky - maybe Tor (software) would be better.ZXCVBNM (TALK) 19:14, 15 September 2019 (UTC)
  • Oppose. I don't see a primary topic for "Tor". The high pageview stats for the software are biased by WP:RECENTISM, which has only been around since 2002. +mt 01:33, 16 September 2019 (UTC)
  • Weak oppose. I can see the argument because the network dominates the pageviews, but I'm sure for many folks the primary meaning of "tor" will be Tor (rock formation). PC78 (talk) 12:28, 16 September 2019 (UTC)
  • Weak oppose per PC78. Crouch, Swale (talk) 17:46, 16 September 2019 (UTC)
  • Support per pageview stats. If this move fails to find consensus (and it's looking like it won't), I would suggest elevating Tor (anonymity network) to "most often refers to" status at the top of the dab page as a compromise to help speed readers to their intended destination. Colin M (talk) 19:25, 17 September 2019 (UTC)
    I support moving it to the top. Crouch, Swale (talk) 19:34, 17 September 2019 (UTC)
  • Oppose. No primary topic here. For instance, I would always think of the rock formation if I heard the word. Pure WP:RECENTISM. -- Necrothesp (talk) 12:51, 18 September 2019 (UTC)
  • @Necrothesp, PC78, Mwtoews, and Crouch, Swale: Could I ask for some clarification? I fail to understand why you think anyone would think of the rock formation for such an odd, geology-field-specific term. I have never heard this word to mean a rock. "Tor (rock formation)" is a page which, based on citations, might not even meet WP:N, so I was wondering what you all were thinking. I looked at your user pages, and you all are British. Special:WhatLinksHere/Tor_(rock_formation) seems to be a list of British places. Do you all expect that people in the UK know this word? I am in the United States and lived in India. I do not think there are "tors" in either of these places, except to mean the privacy tool. If there were some way to determine that only people in the UK knew this word to mean rock, would that either change your view now, or otherwise be a justification to you for raising this discussion again in the future? Thanks. Blue Rasberry (talk) 13:21, 18 September 2019 (UTC)
If you lived in Devon or Cornwall you certainly wouldn't think it was an "odd, geology-field-specific term"! The land is covered in them and the word is in common parlance. Remember, experiences vary. I'm not saying the rocky outcrop should be the primary topic; I'm saying there isn't a primary topic. Personally, I've never heard of the Tor you think is because I have little interest in technology other than as an end-user! Please don't assume everyone shares your interests and remember the long-term significance clause of WP:PRIMARYTOPIC. Pageview analysis is not the be all and end all and a computing topic is soon yesterday's news; whereas things like rock formations will be around long after we're dead and gone. -- Necrothesp (talk) 13:27, 18 September 2019 (UTC)
I get that experiences vary and that pageviews are not everything, but what constitutes sufficient evidence? Am I misapplying WP:PRIMARYTOPIC? In both 2017 and 2018 Tor the software got about twice the pageviews as all other uses put together. To me this looks like strong evidence. I was wondering if I was somehow ignorant of the United States rock tors, but now I am thinking more that by coincidence British people happening to be commenting here and by coincidence this is a term which British people know, but maybe not others. I can only speak for myself and maybe some people outside of the UK know this word. Or, maybe for the sake of the UK, we should take cultural experience over pageviews. I just found it odd that there could be firm feelings about an odd term. And yes, there is more recenticism happening here in the United States with about 10 years of continuous technology privacy scandals, espionage, and data leaking, all of which results in people talking about privacy and Tor. Blue Rasberry (talk) 13:49, 18 September 2019 (UTC)
What Necrothesp said. The primary dictionary definition of tor is the geological formation (see Merriam-Webster, a US dictionary) so I don't necessarily think its a US/UK thing, more a question of different interests – I've also never heard of the anonymity network, for example. I think it's best to say that there isn't a primary topic in this case. PC78 (talk) 16:17, 18 September 2019 (UTC)
The rock formations outside UK are also called tors, so it's not a British thing. This term has been in use before the 12th century, and is still used today. I might change my tune if the software is still around a few centuries from now :) +mt 21:28, 18 September 2019 (UTC)
  • Oppose - Advocating for this to be primary topic is nothing but recentism. If anything were to be granted primary topic for this name, it would be the so called "odd, geology-field-specific term". --Khajidha (talk) 13:47, 18 September 2019 (UTC)PS - for Bluerasberry's benefit, I'm from NC. The geological formation and the SF publisher are much more familiar to me. And the combined form "Glastonbury Tor" is definitely more familiar than this software I've never heard of before.
  • oppose - this is the most popular Tor recently, but as a seemingly common 3-letter word with so very many meanings, almost all of which are older and regarding subjects more likely to be around X years from now, I'd err on the side of disambiguating. In general I'm wary of making a very short word with many meanings default to a proper noun. — Rhododendrites talk \\ 23:41, 18 September 2019 (UTC)
  • See the recent discussion at Talk:Beck (disambiguation)#Requested move 23 May 2019 where PC78 opposed to a move of a musician despite "beck" being a term used in northern England for a stream. Mwtoews is in Aotearoa but I agree with Necrothesp that there isn't a clear primary topic. Crouch, Swale (talk) 09:39, 19 September 2019 (UTC)
    • Not sure why you felt it necessary to bring that up. The two cases aren't necessarily comparible, and each move request ought to be judged on its own merits. PC78 (talk) 00:58, 20 September 2019 (UTC)
      • It was in response to the comment I looked at your user pages, and you all are British. Crouch, Swale (talk) 07:54, 20 September 2019 (UTC)
        • Ah, ok. No worries. PC78 (talk) 13:18, 20 September 2019 (UTC)
  • Oppose — On the basis of the discussion so far, it seems that both the geological sense and the computing sense are commonly used enough that neither should be held as primary topic. Factor in, also, that Tor, the software, rose to prominence in the early 2010s with the growing popularity of WikiLeaks and even more so in 2013 following the Edward Snowden reports, and there's clearly an argument for recentism bias. Google Trends results for even just the UK, however (see here), show that Tor, the software, is still around twice as commonly searched for compared to probably the most well-known example of a geological tor, Glastonbury Tor. I'll also chime in with my own personal experience, and say that as an approx. 20-year-old Londoner in the computing industry, I've personally only ever heard "tor" used as a lone term to refer to the software, with "Glastonbury Tor" being the only example of it being used in the geological sense that I've come across before (but of course, anecdotes are just that: anecdotes). — JivanP (talk) 13:02, 22 September 2019 (UTC)

The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page or in a move review. No further edits should be made to this section.

Quick note on move request[edit]

I missed the entire move request, which is fine since I agree with the outcome. :) However, I wanted to note a couple points for future reference in case it becomes relevant later:

  • The article is about the Tor anonymity network, not the software called "tor". While tor is the software typically used to access the Tor network, you wouldn't say that the article on BitTorrent is about torrent clients, or that the article on the World Wide Web is about browsers.
  • The claims of WP:RECENTISM seem vastly overstated to me. For one, the network has been around for almost two decades now, and isn't going away any time soon. It's well funded, has a massive community, and is one of the most consistently used privacy enhancing technologies over the course of its existence. Furthermore, it's not just Wikipedia accesses that indicate it's better known than the rock formation. A Google Scholar search for "tor rock" turns up 547,000 results, while a search for "tor network" turns up 1,980,000 results (related searches like "tor geologic" and "tor privacy" give similar discrepancies). Just because something is newer doesn't make it WP:RECENTISM, and we have hard numbers that indicate that's not the case here. For an analogy, the page for train is on the industrial vehicle, even though the word predates that use by hundreds of years, and isn't even close to the main definition on wikt:train.

Again, I think that the decision not to make this the primary topic is the right one, but also think it's important to understand the actual situation. —Tga (talk) 22:31, 23 September 2019 (UTC)

Possible incorrect information[edit]

The article states "Tor does not prevent an online service from determining when it is being accessed through Tor." However, this CAN be incorrect under certain circumstances. This is because the means via which we determine whether or not a given IP is a tor node is based upon the lists provided for by Tor which come from the mainstream public directory authorities. Most users use the public directory authority in actual practice, but it is possible to form your own directory authority, if you were to have enough nodes join your directory authority. Simply put, the ability to learn if a machine is a tor node is dependent upon the given directory authority publishing to the public in some way or another that the information that it is a tor node. While the Tor project does this for the mainstream public directory authorities, other directory authorities may not necessarily do this, though the nodes would still very much be "Tor" nodes within the classical sense. 66.90.153.184 (talk) 00:56, 25 September 2019 (UTC)

The statement looks correct as written to me. Another equivalent wording that might make things clearer for you, but would probably confuse most laypeople, is "An online service determining if it is being accessed through Tor is not in Tor's threat model." An alternative tor network could opt to refrain from disclosing this information, but that's not the same as tor preventing it. My guess is that there are mechanisms which would work for fingerprinting Tor traffic from the server side, because this was never a threat anyone has been trying to defend against (off the top of my head, I know Tor handles half-open TCP connections unusually). And from a more practical perspective, outside of test networks (which typically aren't allowed to exit to the wider internet), I've never heard of an alternative network being deployed, so clarifying that this isn't something Tor as it exists will help you with seems like good information to convey. —Tga (talk) 17:06, 26 September 2019 (UTC)
Agreed. To the OP: even if a given set of nodes does not publicly disclose that they are, in fact, Tor nodes, that does not prevent servers being accessed by Tor exit nodes from profiling all visitors and thereby determining which visitors are actually Tor exit nodes. The fact that Tor exit nodes are not required to publicly disclose their status as exit nodes does not imply that nodes which do not disclose such status cannot be identified as exit nodes through other means. — JivanP (talk) 19:17, 2 October 2019 (UTC)

Missing info at “Some protocols expose IP addresses”[edit]

There is a lot of discussion on the boards (e.g. reddit) about the security of webm, especially regarding the protection of the user’s IP address when using HTML5. This is a very active discussion right now in the context of using TOR even over VPN, especially on iOS and possibly other mobile platforms. I did not see any discussion of this on other security-focused wiki pages nor on the webm Wikipedia page. Perhaps someone with more detailed knowledge than I could consider adding something to this section of this page on this topic? I also will added a note to the webm Wikipedia page about this. Mike-c-in-mv (talk) 17:19, 8 October 2019 (UTC)

Splitting December 2019[edit]

Wikipedia:Article_size recommends dividing from a size of 60k and strongly recommends it from above 100k. This article is 137k. What part should be moved to a different article? — Preceding unsigned comment added by Streepjescode (talkcontribs) 16:02, 17 December 2019 (UTC)

Perhaps a split is not required. By User talk:Dr pda/prosesize.js the "readable prose size" is 44kb, which is within the standards of that article size recommendation. Much of the content here is in citations and lists. Maybe those usage templates with all that data are contributing to your larger measurement; I am not sure.
If there were a split, then there could be a History of Tor article. Tor is 20 years old, and as with much software, the relevant information is the software's current state. I have no idea if the "weaknesses" are still accurate, because I do not know if problems from 5-15 years ago still persist today. Some of the implementations are probably stale, and the year by year updates in "impact" could be moved to a long history article but summarized here. To save time and editorial labor, I say move lots of old content to a history article for preservation and reworking, and do so without changing it in the split, then let anyone work it there if it needs curation. The information should be accessible but it is excessive here. Blue Rasberry (talk) 20:17, 17 December 2019 (UTC)

"Weaknesses" section outdated and one-sided[edit]

It focuses too much on outdated attack methods. It references some really old studies (2009, really?) and methods that as of 2020 are patched. Why not talk about a current problem, such as malicious relays running SSLStrip? or hidden services being DoSed? I suggest rewriting the entire section, focusing on relevant stuff, and actually referencing Tor's blog. https://blog.torproject.org/bad-exit-relays-may-june-2020 https://blog.torproject.org/stop-the-onion-denial https://blog.torproject.org/ IveGonePostal (talk) —Preceding undated comment added 11:27, 10 September 2020 (UTC)

I don't know I'd call it "one-sided", but it definitely suffers from outdated WP:RECENT, and needs to be rewritten. The question is, do we try to rewrite it to avoid said recentism entirely, or just remove old attacks and update it with the attacks that are more likely to be relevant to contemporary readers of the article? If we re-structure it to avoid recentism by orienting it towards classes of attacks and the general Tor Project response to them, we can avoid having to do this again in another few years, and generally make things more appropriate for Wikipedia's style. On the other hand, readers for security-critical software like this might be more interested in the latest attacks they should be thinking about, rather than more abstract understandings of Tor's security. Do any more experienced WP editors have advice for how to weigh this sort of thing?--Tga (talk) 18:20, 10 September 2020 (UTC)
The former option sounds nice. I don't think we should delve any deeper into past attacks that have been patched. It may give readers the wrong idea that Tor that it is inherently unsecure. We should give readers the general idea that Tor users can be "deanonymized" because of correlation attacks, i.e using the same pseudonym both on clearnet and Tor. I'll add a "Section needs to updated" template for now IveGonePostal (talk)

People relying on Tor as a 'safety-critical' piece of software, that if it were to fail would result in being busted, etc... but it has not been written to such standards.

Also it an open open secret within the internet service provider community that it is not secure, because anyone with a "God's eye" view of the network can break it. That means pretty much all governments and many law enforcement agencies. So the software could be considered a honeypot because it provides a false sense of security, and innocent people who are not true criminals are likely to end up being prosecuted because of draconian 'thought crime' computer crime laws.

Tor does not claim to be functional against a global passive adversary, and has openly stated as much since its inception. There is no publicly known case of such an adversary using this information in practice. Rest assured, if there was a fundamental and practical flaw in how Tor operates that adversaries (or researchers) knew about, there would be a lot more visible use of it. But of course, if you know that your adversary does have a global view of the network, then you should not rely on Tor. It's also just true that most people do not have such adversaries, and those who do, basically cannot use the web at all. With regards to your link, I would recommend not taking its claims seriously, and we certainly can't use it as a source here on Wikipedia; that blog has a reputation of not being particularly well-informed or knowledgeable about the subject. My understanding is that the community has been trying to be patient with explaining things to this person, but to no avail (to be fair, it's easy to misunderstand these things, but there's a reason why this field has a peer review process, and random attention-seeking blogs aren't a part of it). In any case, accurately describing the threat model Tor uses is, of course, well within the scope of this article, but just describing things as "safety-critical" or not doesn't actually mean anything. --Tga (talk) 15:55, 18 September 2020 (UTC)
To be clear, the person you replied to there was not me, it was an IP i do not know IveGonePostal (talk) 10:04, 19 September 2020 (UTC)