I’ve been playing with TOR Browsing for a while. It works reasonably well. A bit slower than normal, but livable. For complete anonymous use some regular browsing ‘features’ need to be avoided ( such as YouTube Videos and Torrent downloads ). For ordinary day to day “look at a web site” it’s not a problem.
There are two “issues” I’ve experienced that are slightly larger, on the edge of annoying.
1) Sometimes a connection is “reset” and you effectively get dropped. I’ve experienced this when editing things on this blog. It may simply be that my firewall settings are fairly tight interacting with the security settings of WordPress and both interacting with the ‘unusual’ IP number assigned to my traffic when my traffic is ‘originating’ from God Only Knows Where on the planet. I know that were I running security at a place like WordPress and some “admin” connection that normally came from California was suddenly showing up with a Russian IP address, it would likely ‘hit the floor’… The flip side of this is that if the connection is from, say, New York and is just being sporadically dropped, it might leave a live logged in session running. I’ve had the laptop “hibernate” and then wake it up again and the “session” is still live. It seems to time out after 24 hours (once per day about the same time of day) so could leave a 23 hour ‘exposure’ (IFF the owner of that IP address tried to connect as Administrator to my specific WordPress account. Unlikely, but as the final link is emitting packet ‘in the clear’ a sniffer would let them know what those packet were and that they were destined for WordPress. Yes, https encrypted, but the IP is clear. Wouldn’t take a genius to think “maybe I’ll try connecting to that IP” all that’s missing is the URL. For highly popular sites with millions of ‘readers’ the odds of a random ‘hit’ on the site is non-trivial. For me, it’s not a real risk as it’s a 1 in a few dozen million odds.
2) More worrisome: I’ve posted a few comments to my own blog via TOR. About 1/2 of them “went to the SPAM queue”. That tells me that a significant number of the “exit nodes” on TOR are either supplied by or heavily used by SPAM distributors. Enough that they’ve been ‘tagged’ as SPAM by WordPress (that’s fairly good, if a bit ‘tight’, about it.) EVEN when I was logged in as an Admin. So clearly the “By IP” SPAM fingering over rides the “login” information. The core problem here is that by definition a system of ‘anonymous and private’ public distribution is ideal for SPAM distribution as well and can not be policed. Any “policing” by content or by origin would require violating the things that make it anonymous and private.
The BitCoin Modest Suggestion
It looks, to me, like the basic issue that allows email based SPAM to flourish is the fact that providing the mail is a free service. When the cost of a SPAM message is near zero, you only need a very tiny income from a 1:1,000,000 success rate to support sending out 1,000,000 SPAM messages. This will lead to 1,000,000 SPAM messages for nearly no utility while the non-SPAM user sends out messages in the ones and twos… Basically “Bad messages drive out good” (in a variation on Gresham’s Law. If nobody else has already proposed that point, I’d call it “Smith’s Corollary to Gresham’s Law”. ;-)
The answer is to establish a “price”. BUT, how to arrange “payment” when there is no physical material exchange and no identity?
Bitcoin is an anonymous all electronic currency. While I generally think it a bit silly (rather like Bridge playing or other ‘artificial’ behaviours); the simple fact is that anything can be currency. The Gamer Types who invented it have arranged for a fairly hard to counterfeit and limited supply “medium of exchange”. IFF folks “believe” in it enough, it will work. (Rather like all Fiat Currencies, even the U.S. Dollar and the Euro…)
So, to limit SPAM, one could simply institute a BitCoin Price for bandwidth. Each site that allows “exit routing” to the internet collects a tiny BitCoin “toll” per message (even 1/100000 cent would reduce the 1:1,000,000 spam economics to a money loser). The “BitCoin Toll” would be attached to each message. For a SPAMer to use the system, they either have to pay (too much to make a profit) for it, or provide a VERY large spigot to the pool (thus preventing them dominating the average traffic and despoiling the ‘commons’ by making the commons larger).
This would not eliminate all SPAM, but would reduce the volume AND make it proportional to bandwidth added.
Individuals wishing to use the system would need to buy a ‘BitCoin’ to attach fractional bits to their messages, or provide an ‘exit relay’ to the internet. “Newbies” might be allowed some trial period (say 1 day or a few dozen messages?) or one could just allow a small fraction of normal exit payment for providing an ‘internal relay’ (from one TOR client to another, but not an exit to the internet) or some combination of both. In that way folks could ‘try before they buy’ but there would not be enough ‘volume’ available to be usable to SPAMers trying to avoid the ‘pay to play’ portion.
In Conclusion
Well, that’s my idea, for whatever it is worth.
I think there is both a need, and a value, to TOR and Onion Routing. It is also clear that it is at risk of “appropriation” by “bad guys”, and in particular by SPAM generators. Something needs to be done to control that risk of SPAM, or the system must collapse under it. Either directly by “Smith’s Corollary to Gresham’s Law” or by ‘regular folks’ abandoning the system as THEIR IPs of use get ‘tagged’ as SPAMmers.
I’ve decided not to let my site be an ‘exit router’, for just that reason.
(I’ve also decided that IFF I use TOR for anything beyond the occasional use, I’d likely rent a patch of “cloud virtual machine” somewhere and turn it on as an Onion Router as “payment” for my use elsewhere. In that way, the IP assigned is of no interest to me and I don’t care what ‘reputation’ it gets.)
In short: I think there is value in TOR, but it also looks like there are clear economic laws / pressures that will limit the adoption. While I see little inherent value in BitCoin, it also looks like there are clear economic laws / pressures that would make it of value in ‘fixing’ the problems of SPAM on TOR Networks. Maybe those two need to get together ;-)
Musings from the Chiefio 
Tor is so often used by obnoxious types lot’s of IP’s end up in the blacklist. That’s why i don’t want to use Tor, my IP could end up there to.
HideMyAss or some such is a better option imho. Personally i use vyprvpn but that’s only because it comes free with my giganews account.
@Petrossa:
It seems like TOR is OK to use as long as you do not turn on ‘exit routing’ (that is, your site is never an ‘origin’ address for ‘bad things’).
I’ve not looked into “HideMyAss” and never heard of ‘vyprvpn’. Any comments on them for a ‘newby’?
I have been webmaster for our community website and have decided to screen every new application before activating it. We were being pestered with Indian, Russian and Chinese forum members who wanted to push handbag SPAM. If the adverts are from a ‘reputable’ company I think we need a campaign to name-n-shame them.
Hidemyass and Vypervpn are VPN tunnels. They both (and there are others too) offer L2TP/IPSEC 256 bit SSL VPN tunnels with servers all over the world.
Same as banks use.
Vypervpn has only a few servers, but HideMyAss has hundreds so you can effectively be geolocated in any country and untraceable since the ping ends at the tunnel server.
They are about $80 a year and give unlimited bandwidth, but obviously speed takes a hit because of the encryption.
For example, i am now geolocated in Texas
but this is the return on my IP retrace:
EM
Worth reading http://www.theregister.co.uk/2012/12/10/tor_admin/
@Petrossa:
Yes, I don’t know if it’s stupidity or a tactic, but police raids on Tor Exit Nodes are the reason I don’t run one. It’s a user configurable choice. Over time, either the police will stop raiding them (as they get nothing), or TOR will find a way to prevent the abusive use for illegal acts, or the folks willing to host TOR exit nodes will dwindle (as,for example, me not running one).
Then again, I HAVE thought it would be fun to take one of my first “SAC” browser appliances and turn on TOR exit routing while doing my shopping at Whole Foods… Heck, the things will be cheap enough that one could make pretty plastic ‘wall wart’ covers for them with sticker that say things like “Power Recovery Unit” and just plug them in to random wall outlets in various places… They ought to last a few months to years before someone asks what they are ;-) Doesn’t even have to be IN the starbucks. You can plug it into the exterior power (used for things like leaf blowers) a door or two away… Just config, save to flash, and go… (would need a script to ‘auto log in’ ever couple of hours and reset the MAC address so it always looks like a new customer getting the 2 hour usage allowance…) But that’s “for another day” ;-) Preferably after the things are small enough that you can make them look like a ‘plug multiplier’. So one of those “6 outlets from 2” things. Think anyone at Starbucks, all fighting for plug access, would remove a device that gave them 6 plugs instead of 2? (Modulo local building inspectors… but last I checked these were allowed as they were ‘off the carpet’.)
What can I say? It is, and always will be, a race condition. Just keep thinking “two steps ahead” and never think “I’m done.”
Or like in NY, where to make hobo’s into walking wifi hotspots. That would be the ideal tor exit nodes