The location of the rendezvous point, unlike that of the introduction point, is kept private. If another Tor user wants to browse the hidden site, both his or her computer and the host’s computer build Tor-secured links to the introduction point, creating what the Tor project calls a “circuit.” Using the circuit, the browser and host identify yet another router in the Tor network, known as a rendezvous point, and build a second circuit through it. It broadcasts the addresses of those introduction points to the network, without revealing its own location. Using the Tor software, the host’s computer identifies Tor routers that it will use as “introduction points” for anyone wishing to access its content. Say, for instance, that someone in Iran wishes to host a site archiving news reports from Western media but doesn’t want it on the public Internet. A hidden service protects the anonymity of not just the browser, but the destination site, too. In addition to anonymous Internet browsing, however, Tor also offers what it calls hidden services.
This routing scheme, with its successive layers of encryption, is known as onion routing, and it gives the network its name: “Tor” is an acronym for “the onion router.”
The guard knows the Internet address of the sender, and the exit knows the Internet address of the destination site, but no computer in the chain knows both. The last computer in the chain, called the exit, peels off the final layer of encryption, exposing the request’s true destination: the Times. That computer peels off the next layer of encryption, and so on. That computer - known as the guard - will peel off the first layer of encryption and forward the request to another randomly selected computer in the network. If a Tor user wants to, say, anonymously view the front page of The New York Times, his or her computer will wrap a Web request in several layers of encryption and send it to another Tor-enabled computer, which is selected at random. Sitting atop the ordinary Internet, the Tor network consists of Internet-connected computers on which users have installed the Tor software. If you’re fully anonymous, you can say what you want about an authoritarian government without facing persecution.”
“The Internet Engineering Task Force is trying to develop a human-rights standard for the Internet, and as part of their definition of freedom of expression, they include anonymity. “Anonymity is considered a big part of freedom of speech now,” says Albert Kwon, an MIT graduate student in electrical engineering and computer science and one of the paper’s first authors. At the Usenix Security Symposium this summer, they will show that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analyzing the traffic patterns of encrypted data passing through a single computer in the all-volunteer Tor network.įortunately, the same paper also proposes defenses, which representatives of the Tor project say they are evaluating for possible inclusion in future versions of the Tor software. Researchers at MIT and the Qatar Computing Research Institute (QCRI) have now demonstrated a vulnerability in Tor’s design. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and websites hosting content that’s been deemed subversive have used it to hide the locations of their servers. With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity.
0 kommentar(er)
