"Tor is a fundamentally flawed and captured network."
I have slowly began to feel this way over the last few years.
Nonetheless, Tor has done amazing things for Bitcoin and human freedom.
This October, Tor will have been serving activists and cypherpunks for 20 years. Although the concept of onion routing goes back to the '90s.
I first used Tor around 2010. I was drawn to the anti-establishment sentiment surrounding the Occupy Wall Street movement and the hacktivist groups like Anonymous (we are legion). There was more to the Internet than was reachable by Google and it was mind blowing at the time.
I felt like I was back on my dial-up modem, following links across message boards to crawl the web. Only this time, instead of dialing into my phone line, I was "establishing onion circuits" using the Tor browser on my windows vista laptop.
My relationship with Tor soon led me to Bitcoin and for that, I'm extremely grateful.
I was willing to overlook the fact that Tor was created by the US Naval Research Lab and received funding from the Department of Defense. After all, if only the military used Tor, it would be very easy to spot military traffic on a network. Just look for encrypted packets following Tor's onion routed scheme. The military had to release Tor to the public to improve their own anonymity set.
I was willing to overlook the fact that the feds were able to track down the exact server which hosted the Silk Road. Even though the site was hosted as a Tor hidden service. Perhaps, they found it through good old fashioned investigation, certainly there's no backdoors in there, right? It took the FBI three years before they released their story for how they "legally" identified the site.
I was willing to overlook the fact that to run an effective Tor relay that gets any substantial traffic, you have to "verify yourself" with an email address. How insane is that for an "anonymous" cypherpunk network? But I let it slide, because it was there to stop the spammers.
I was willing to overlook that the entire network had been getting slower over the years (despite better internet speeds globally) due to ongoing DDoS attacks lasting days, then weeks, then months. Now in Q4 2022, the Tor network has been constantly attacked for the better part of a year.
I was even willing to overlook my own reluctance to run a Tor relay. Even though I self host everything, run my own node, and used Tor. I don't know why, I just didn't see the immediate benefit to running a relay.
Within the last year or so, I've found it more difficult to overlook these issues. Especially, once I started thinking like an adversary in the context Bitcoin and lightning.
In Bitcoin, we worry about our networks becoming too centralized. We think about the knock-on effects of every decision. We worry about spam, scalability, privacy, and every conceivable attack. We even worry about the attacks we haven't thought about yet.
It came as a total shock that the Tor community is distinctly lacking this level of rigor. Maybe they had it once, early on. But today, the vibe is a different one.
The Tor community seems to either ignore the declining usability of their protocol or they'll complain about the constant DDoS-ing, and laugh it off with a meme about those bastards at the FBI ruining the fun.
Several proposals have been made to address the issue, but they never seem to get anywhere. The Tor maintainers appear to have no desire to make fundamental changes to the protocol. Even when provoked by severe network latency, they come up with band-aid solutions just to get through the next wave of attacks.
It seems that, to them, Tor is for journalists to whistleblow, censored citizens to escape firewalls, and junkies to buy weed online. So what's the big deal if they have to wait around a few minutes for a page to load? Just try again later. While you wait, run a relay or gaurd node! As long as it's anonymous, and the message gets there eventually, what's the problem?
Heck, I can't even blame them. Tor does exactly what it's meant to do (assuming it's not actually backdoor'd). It doesn't promise to be blazingly fast or even reliable. It's pretty common for protocols to solidify over time and resist change.
One evening, I'm browsing .onions with the usual fifteen seconds of waiting between page loads, when I notice some sites are advertising their .i2p urls.
"What's this?", I research I2P for a few minutes while a Tor site loads in the background but it seems pretty complicated to get running so I forget about it.
A few weeks later, I found myself refreshing the Tor browser for an hour just trying to get a page (any page) to load.
I finally said, "FUCK THIS! I'm going to figure out this I2P bullshit!" and in less than 30 mins I had a browser configured to use my I2P router and was crawling "eePSites" with decent speed!
"Woah, I wonder if Bitcoin can use this?", I remember thinking.
I find it concerning that Bitcoiners have built their "sovereign stack" around Tor on the assumption that it would be reliable.
Imagine my surprise when I found out that Bitcoin Core already supports I2P as a P2P network layer. I was relieved that the folks working on Core have thought about this and we're well ahead of the curve.
I think that the folks working on lightning are more focused on scaling and commercialization. It seems the experience of the sovereign user often takes a "back seat" in Lightning Land. But the drawbacks of Tor really start to show themselves when using LN.
Tor and BTC go way back. But I really hope we're soon able to use I2P on lightning as well.
I2P is also turned 20 this year. its interesting how I2P and Tor were both conceived around the same time. Tor by a Naval scientist, and I2P by a lone cryptographer (watch I2P's creator give a TED Talk).
It's possible that I2P will one day suffer the same fate as Tor. It could also be DDoS'd into oblivion. However, it would be relatively more difficult to pull off since every I2P user must run their own relay. Unlike Tor where thousands of users share the same relay.
I2P is also way smaller. So if the Fed Bois wanted to, they could probably double the number of routers on the network and start eclipsing users.
If any of this got you excited, consider running an I2P router at home and/or run a Tor relay.
You can even enable I2P alongside Tor on your Bitcoin core nodes. Just point your node to your own I2P router.
If you run a .onion site, consider serving it over I2P as well.
I believe in Bitcoiners ability to stay advasarial and fight back against censorship. Next time you see someone complain about Tor, ask what they're doing about it. Whether they're running relays, petitioning for change or seeking alternatives, it's better than just complaining.
Thanks to Tor for your decades of service. Though not perfect, you've been a net benefit for humanity.
It's time to remind the authoritarians attacking Tor that the sovereign spirit is like sand: the more you squeeze it, the more flows from your grasp.
1325 sats \ 1 reply \ @l0k1 24 Sep 2022
It's been really obvious to me since 2007, that in order to scale, an onion routing network needs to pay its routers. This is why I'm building Indra. You can find me on old Tor mailing list talking about the crappiness of Tor for SSH and IRC as well, just search for "vennik". I have got some basic sponsorship to work on this full time and hopefully spiral.xyz will come through with some more.
reply
This was an inspiring comment. Based on that only I think Indra looks promising.
reply
Will you be our I2P champion?
Lead the campaign. What do you think is the first step towards mainstream adoption?
reply
I didn't even know I2P existed last year, but I was made aware, I experienced a need, and I reached for I2P to solve it. Now, I'm in that part of the rabbit hole where I must tell everyone else about it.
Get umbrel to install I2Pd by default and configure Bitcoin core to use it https://github.com/getumbrel/umbrel/issues/810
reply
Great read. We must make an effort today to keep these things alive and kicking or they won't be there the day we need them the most.
reply
Yeah, Tor's inability to be always working is yet another factor pushing us towards custodial-lightning-land. I'd hope Bitcoin relying on Tor would have attracted more development on it, but the big money in the space barely care about privacy for the user, let alone the few running nodes.
Tor has always had the assumption that the US government won't ever try to take Tor down, because they need it. If the gov doesnt use I2P, I'm a bit concerned, but who knows.
People fear Bitcoin being crippled by taking down the internet (as they have been doing on and off in Iran last couple of days) but there are things being worked on; meshnets, starlink, satelite.
I am more nervous about Tor than the Internet, since everything needs the internet, even things that shouldn't. Glad Bitcoiners are on working with I2P!
reply
reply
I think the author of that character is Merryweather. Among his comics is a battle anime parody with girls representing web browsers. Its called "Internet Explorer".
Very impressive. I translated your post to German: #73560 Let's share your message around the world.
reply
thanks for bringing up i2p!
there's been lots of great material posted on SN surrounding i2p. if you're reading this, consider dedicating time to delve in with a quick search: https://stacker.news/search?q=i2p
402 Payment Required has a how-to guide for your bitcoin node here: https://www.youtube.com/watch?v=2kyt6O-T0nA
reply
I ran a Tor relay for a couple of years, it was a lot of fun. I really need to look into I2P!
reply
Thank you for reminding me about I2P!
One evening, I'm browsing .onions with the usual fifteen seconds of waiting between page loads, when I notice some sites are advertising their .i2p urls.
"What's this?", I research I2P for a few minutes while a Tor site loads in the background but it seems pretty complicated to get running so I forget about it.
I had the exact same experience except that "few weeks later" didn't happen for me yet.
reply
This is too big. So cutting it to the chase: is Tor broken and finally dead? Why isn't I2P going to follow the same path?
reply
Its not dead, just unreliable. Works for most purposes, including the government's purposes. Bitcoiners run their nodes behind Tor, and want little downtime. As the LN gets more robust though, it will be OK. LN, like the internet is good at routing around issues. Good to have a backup plan to make Bitcoin even more robust.
reply
ode /ōd/
noun
a lyric poem in the form of an address to a particular subject, often elevated in style or manner and written in varied or irregular meter.
reply
Did you see this? The CEO of the company selling your data is on the board of TOR
reply
Monero is more Your cup of tea if you're into this level of privacy and security
reply
reply