For most things like democracy activism, whistleblowing, anti-censorship, exposing human rights abuses, reaching out for help in abusive situations, and so on you generally only need anonymity for one side of the communication. The danger to the party communicating the information is local, not global, and there are usually parties outside the danger area who are openly working on addressing the issue that the person inside needs to communicate anonymously about, and who can serve as recipients of the communication.
For the most part, that kind of communication can be done using tools such as encrypted email using the recipient's public key, leaving encrypted files on a cloud service somewhere, and things like that to communicate to those outside parties.
Where you really need Tor is when you are doing something where there is no one willing to openly handle the other end of things, and that's usually going to mean it is something like Silk Road, kiddie porn, human trafficking, and things like that where it is generally illegal nearly everywhere.
This is why I decided against it when I once considered running a Tor node. All of the noble uses I had in mind, I realized, could be accomplished without too much trouble without it, and so it seemed I would really only be helping people who where doing things I'm not interested in aiding.
I don't think the use case of hidden services are large sites that themselves need to be anonymous. That's really hard anyway because if you're big then you inherently have a lot of traffic, which significantly reduces the number of possible nodes that could be hosting the site to the ones with at least that much traffic going through them.
The use of hidden services for large sites is that they authenticate the site without the person uploading the documents having to trust the CA system. And the person doing the uploading has to use Tor or something like it because otherwise their adversary would just block them from accessing that site or punish them for it, and Tor is better than something like a VPN in that regard because the uploader only has to trust the design of Tor, not an individual operator like a VPN.
I think the real use case for a hidden service where the service itself is anonymous are apps like Ricochet where every user has their own hidden service. So you can have two activists in a repressive country who want to communicate with each other while remaining mutually anonymous and not have to trust some third party in a foreign country who could be cooperating with their oppressors.
> All of the noble uses I had in mind, I realized, could be accomplished without too much trouble without it
"Too much trouble" is a real problem. Security needs to be usable, especially in the sort of context where someone who makes a mistake or doesn't understand the implications can get killed for it. Anonymity by default and then you can tell them who you are if you don't need it is, in that regard, much better than anonymity only if you do specific extra work and if you didn't know that then you're dead.
It's also important for the people who need anonymity that lots of people who don't actually need it use a service that provides it anyway, or use of the service paints a target on you.
> I don't think the use case of hidden services are large sites that themselves need to be anonymous.
Using a hidden service has some serious caveats, using a hidden service is significantly slower than using a clearnet website over tor.
>That's really hard anyway because if you're big then you inherently have a lot of traffic, which significantly reduces the number of possible nodes that could be hosting the site to the ones with at least that much traffic going through them.
Yeah, as you would expect you have to scale up if you get a lot of traffic.
>The use of hidden services for large sites is that they authenticate the site without the person uploading the documents having to trust the CA system. And the person doing the uploading has to use Tor or something like it because otherwise their adversary would just block them from accessing that site or punish them for it, and Tor is better than something like a VPN in that regard because the uploader only has to trust the design of Tor, not an individual operator like a VPN.
As opposed to a PGP public key and a clearnet site?
> Using a hidden service has some serious caveats, using a hidden service is significantly slower than using a clearnet website over tor.
There is now a feature that allows tor services to not use onion routing. The node that would have been the client's exit node just connects directly to the node providing the service, so it's the latency is the same as using a normal website over tor but the website is authenticated using the onion address.
> Yeah, as you would expect you have to scale up if you get a lot of traffic.
You misunderstand. Having too much traffic means you can't be anonymous. If an attacker knows your site pushes 40Gbps of traffic and there is only one node in the network pushing 40Gbps of traffic then a passive observer can trivially figure out who you are. If there are five such nodes then they've still eliminated all but those five nodes as possibilities.
> As opposed to a PGP public key and a clearnet site?
And which is harder to use, PGP or a Tor onion service when you're already using Tor?
How are you going to use "a PGP public key" to access a service like Facebook that is blocked in China? I'm not aware of any web infrastructure (i.e. ports 80/443) that uses "a PGP public key" to secure communications.
I've been considering operating my Murmur server that runs on a local Debian box as a hidden service because I do not want to expose my public IP (mostly for DoS reasons). Let's just say that it is not very easy, and I hope to document my setup once it is to my satisfaction. Hopefully, we can make this process easy enough for my parents; then we can point to more usage by the mainstream thereby saving you from arguing against the usefulness of such software.
>How are you going to use "a PGP public key" to access a service like Facebook that is blocked in China?
I don't recall suggesting that. I personally used my own VPN server to access services like facebook in China.
>I'm not aware of any web infrastructure (i.e. ports 80/443) that uses "a PGP public key" to secure communications.
I've seen a plenty. In fact, I just sent a PGP encrypted email from gmail over https.
>arguing against the usefulness of such software.
Where am I arguing against the usefulness of such software? I use .onions every day and host several, it's just that unless you need to hide your servers IP address you're adding tons of extra latency for some rather questionable benefits.
>>I'm not aware of any web infrastructure (i.e. ports 80/443) that uses "a PGP public key" to secure communications.
>I've seen a plenty. In fact, I just sent a PGP encrypted email from gmail over https.
The web infrastructure (i.e. "gmail over https") was secured by a certificate (X.509) that is similar to, but separate from, a GPG key. As a user, you chose to take the extra step of encrypting your message locally, but that fact does not change the fact that the _web infrastructure_ was not secured by "a PGP public key."
I guess I got confused by your mentioning of "a PGP public key" because it is a very odd way to put it, and seems orthogonal to the discussion here that Tor hidden services are useful to people other than for black-market eCommerce operations.
>I guess I got confused by your mentioning of "a PGP public key" because it is a very odd way to put it, and seems orthogonal to the discussion here that Tor hidden services are useful to people other than for black-market eCommerce operations.
This is what I was responding to
>The use of hidden services for large sites is that they authenticate the site without the person uploading the documents having to trust the CA system. And the person doing the uploading has to use Tor or something like it because otherwise their adversary would just block them from accessing that site or punish them for it, and Tor is better than something like a VPN in that regard because the uploader only has to trust the design of Tor, not an individual operator like a VPN.
It sounds like AnthonyMouse was suggesting that .onions would be a good way of sharing documents with "large sites" in scenarios where it is important for the user (note: not the site) to hide from someone they aren't the biggest friends with.
Problem with this suggestion is that .onions don't really offer any benefits to an user wanting to hide their activities, but in fact hurt them by dramatically slowing down any transfers (This could be a serious issue for time sensitive stuff).
Therefore, instead of offering an .onion version of their site any such organizations and their users would be better served by a web service on the clearnet with an associated PGP public key that the users could use to encrypt any uploads.
For the most part, that kind of communication can be done using tools such as encrypted email using the recipient's public key, leaving encrypted files on a cloud service somewhere, and things like that to communicate to those outside parties.
Where you really need Tor is when you are doing something where there is no one willing to openly handle the other end of things, and that's usually going to mean it is something like Silk Road, kiddie porn, human trafficking, and things like that where it is generally illegal nearly everywhere.
This is why I decided against it when I once considered running a Tor node. All of the noble uses I had in mind, I realized, could be accomplished without too much trouble without it, and so it seemed I would really only be helping people who where doing things I'm not interested in aiding.