I’ve been playing with TOR Browsing for a while. It works reasonably well. A bit slower than normal, but livable. For complete anonymous use some regular browsing ‘features’ need to be avoided ( such as YouTube Videos and Torrent downloads ). For ordinary day to day “look at a web site” it’s not a problem.
There are two “issues” I’ve experienced that are slightly larger, on the edge of annoying.
1) Sometimes a connection is “reset” and you effectively get dropped. I’ve experienced this when editing things on this blog. It may simply be that my firewall settings are fairly tight interacting with the security settings of WordPress and both interacting with the ‘unusual’ IP number assigned to my traffic when my traffic is ‘originating’ from God Only Knows Where on the planet. I know that were I running security at a place like WordPress and some “admin” connection that normally came from California was suddenly showing up with a Russian IP address, it would likely ‘hit the floor’… The flip side of this is that if the connection is from, say, New York and is just being sporadically dropped, it might leave a live logged in session running. I’ve had the laptop “hibernate” and then wake it up again and the “session” is still live. It seems to time out after 24 hours (once per day about the same time of day) so could leave a 23 hour ‘exposure’ (IFF the owner of that IP address tried to connect as Administrator to my specific WordPress account. Unlikely, but as the final link is emitting packet ‘in the clear’ a sniffer would let them know what those packet were and that they were destined for WordPress. Yes, https encrypted, but the IP is clear. Wouldn’t take a genius to think “maybe I’ll try connecting to that IP” all that’s missing is the URL. For highly popular sites with millions of ‘readers’ the odds of a random ‘hit’ on the site is non-trivial. For me, it’s not a real risk as it’s a 1 in a few dozen million odds.
2) More worrisome: I’ve posted a few comments to my own blog via TOR. About 1/2 of them “went to the SPAM queue”. That tells me that a significant number of the “exit nodes” on TOR are either supplied by or heavily used by SPAM distributors. Enough that they’ve been ‘tagged’ as SPAM by WordPress (that’s fairly good, if a bit ‘tight’, about it.) EVEN when I was logged in as an Admin. So clearly the “By IP” SPAM fingering over rides the “login” information. The core problem here is that by definition a system of ‘anonymous and private’ public distribution is ideal for SPAM distribution as well and can not be policed. Any “policing” by content or by origin would require violating the things that make it anonymous and private.
The BitCoin Modest Suggestion
It looks, to me, like the basic issue that allows email based SPAM to flourish is the fact that providing the mail is a free service. When the cost of a SPAM message is near zero, you only need a very tiny income from a 1:1,000,000 success rate to support sending out 1,000,000 SPAM messages. This will lead to 1,000,000 SPAM messages for nearly no utility while the non-SPAM user sends out messages in the ones and twos… Basically “Bad messages drive out good” (in a variation on Gresham’s Law. If nobody else has already proposed that point, I’d call it “Smith’s Corollary to Gresham’s Law”. ;-)
The answer is to establish a “price”. BUT, how to arrange “payment” when there is no physical material exchange and no identity?
Bitcoin is an anonymous all electronic currency. While I generally think it a bit silly (rather like Bridge playing or other ‘artificial’ behaviours); the simple fact is that anything can be currency. The Gamer Types who invented it have arranged for a fairly hard to counterfeit and limited supply “medium of exchange”. IFF folks “believe” in it enough, it will work. (Rather like all Fiat Currencies, even the U.S. Dollar and the Euro…)
So, to limit SPAM, one could simply institute a BitCoin Price for bandwidth. Each site that allows “exit routing” to the internet collects a tiny BitCoin “toll” per message (even 1/100000 cent would reduce the 1:1,000,000 spam economics to a money loser). The “BitCoin Toll” would be attached to each message. For a SPAMer to use the system, they either have to pay (too much to make a profit) for it, or provide a VERY large spigot to the pool (thus preventing them dominating the average traffic and despoiling the ‘commons’ by making the commons larger).
This would not eliminate all SPAM, but would reduce the volume AND make it proportional to bandwidth added.
Individuals wishing to use the system would need to buy a ‘BitCoin’ to attach fractional bits to their messages, or provide an ‘exit relay’ to the internet. “Newbies” might be allowed some trial period (say 1 day or a few dozen messages?) or one could just allow a small fraction of normal exit payment for providing an ‘internal relay’ (from one TOR client to another, but not an exit to the internet) or some combination of both. In that way folks could ‘try before they buy’ but there would not be enough ‘volume’ available to be usable to SPAMers trying to avoid the ‘pay to play’ portion.
Well, that’s my idea, for whatever it is worth.
I think there is both a need, and a value, to TOR and Onion Routing. It is also clear that it is at risk of “appropriation” by “bad guys”, and in particular by SPAM generators. Something needs to be done to control that risk of SPAM, or the system must collapse under it. Either directly by “Smith’s Corollary to Gresham’s Law” or by ‘regular folks’ abandoning the system as THEIR IPs of use get ‘tagged’ as SPAMmers.
I’ve decided not to let my site be an ‘exit router’, for just that reason.
(I’ve also decided that IFF I use TOR for anything beyond the occasional use, I’d likely rent a patch of “cloud virtual machine” somewhere and turn it on as an Onion Router as “payment” for my use elsewhere. In that way, the IP assigned is of no interest to me and I don’t care what ‘reputation’ it gets.)
In short: I think there is value in TOR, but it also looks like there are clear economic laws / pressures that will limit the adoption. While I see little inherent value in BitCoin, it also looks like there are clear economic laws / pressures that would make it of value in ‘fixing’ the problems of SPAM on TOR Networks. Maybe those two need to get together ;-)