back to article Tor turns to proof-of-work puzzles to defend onion network from DDoS attacks

Tor, which stands for The Onion Router, weathered a massive distributed denial-of-service (DDoS) storm from June last year through to May. While that attack has subsided, DoS abuse remains a persistent problem, one that degrades the performance of the anti-censorship service and has left many worried about its security. Tor's …

  1. FIA Silver badge

    It appears this computation will not go toward cryptomining, which some may feel is a lost revenue opportunity and others may welcome as an ethical necessity.

    I... how would that even work??

    Who would get the money? how would you decentralise it? How would you ensure consensus?

    I mean a barn has a door, as does a car, but people aren't driving around the Cotswolds in a lovingly restored, 200 year old hay loft*, even if the beam work is both sympathetic and yet unobtrusive.

    *Various models of Landrover excluded.

    1. Anonymous Coward
      Anonymous Coward

      > I... how would that even work??

      > Who would get the money? how would you decentralise it? How would you ensure consensus?

      In theory they could've designed it so that onion site owners could essentially run a mining pool. That is, the site farms out proof of work tasks for an existing currency, eg. bitcoin hashing, such that visitors would need to try a certain number of hashes on behalf of the site (who themselves get any proceeds) before they are allowed access.

      Something similar was tried some years back, using cryptocurrency PoW implemented in Javascript to replace captchas and paywalls on websites. Unfortunately it was easily abused by malicious parties, and thus entirely blocked by web browsers. Which was a shame, because IMO it really was superior at spam-prevention and preserving privacy than the captchas that still survive to this day. But the cryptocurrency connection created perverse incentives for both bad actors and site owners, which is likely a big reason why they avoided such a connection in the Tor work.

      1. sten2012

        Bit legal dubious though, some clients may be coming from territories where mining is illegal - and yet you're forcing them to participate. Also I tend to leave browsers on while not actively using the site which is problematic for JavaScript miners. Assuming you're talking about the more malware-y ones I'm picturing - as opposed to "n challenges completed then halt". In which case just using a single page app with any JavaScript CSRF for API endpoints is practically as effective as anti-automation?

        Also recaptcha isn't completely wasted effort either with it's AI training applications unlike some captcha mechanisms. But it's a shame that's not really for the wider good.

        I liked the disaster response captcha idea that floated for a while but never saw it used, or even if it was used to train public rather than proprietary models would be better.

        1. Catkin Silver badge

          "Bit legal dubious though, some clients may be coming from territories where mining is illegal"

          The authorities in those countries are so despotic that they treat simply attempting to access Tor as a crime.

      2. FIA Silver badge

        In theory they could've designed it so that onion site owners could essentially run a mining pool. That is, the site farms out proof of work tasks for an existing currency, eg. bitcoin hashing, such that visitors would need to try a certain number of hashes on behalf of the site (who themselves get any proceeds) before they are allowed access.

        Doesn't that then immediately link an anonymous site to an entry in a global unchangeable ledger though?

        Plus, that's not really implementing PoW in the TOR protocol, it's implementing a TOR->Bitcoin bridge of some sort. (even if the end result is the same).

        1. doublelayer Silver badge

          "Doesn't that then immediately link an anonymous site to an entry in a global unchangeable ledger"

          In a way, but three factors limit how bad that could be for them:

          1. Wallets can be created easily, so in the worst case, it's linked to an empty wallet. Some Tor sites already accept donations through cryptocurrency, so known wallet IDs aren't that rare as it is.

          2. There are some cryptocurrencies that are designed not to make public information about previous transactions, so they could use one of those.

          3. It wouldn't be very hard to make a pool of a lot of different people, including but not limited to the hidden service. If you mined in the pool, you'd know that one of the twelve thousand wallet IDs in the pool belongs to the operator of the service, but not which one. The pool wouldn't have to know either; as far as they know, they get hashes from someone and pay out, but they don't know who did the hashing.

          I'm still glad they didn't go that way. It would inevitably lead to more abuse and, by using a more complex system, there would be more capacity for vulnerabilities in a protocol that already has a few but to which no alternative at a similar scale really exists. Oh, and it would be more unpleasant for the users.

    2. Lee D Silver badge

      Tor exit nodes are expensive and difficult to run, and Tor operate several of their own.

      Not everything can just happen "for free" especially when every ISP and host is rejecting Tor exit nodes, especially when they're being DDoS'd all the time.

      Using the money to set up or fund exit nodes would make Tor vaguely useable rather than the slow mess that it currently is.

      1. doublelayer Silver badge

        This isn't about exit nodes. They are not that easy to DDOS since, just to work at all, they have to be quite large with a lot of bandwidth. If you're going to DDOS them, you'll probably have more success doing so by flooding their open side through the internet than trying to swamp them through the Tor side because you can deliver a lot more packets the former way.

        This is talking about hidden services which are only available through the Tor network and, because their bandwidth is restricted by the relatively slow network and the costs of creating circuits, they are more vulnerable to DDOS attacks running through Tor than an exit node would be. This challenge mechanism is being suggested as a resistant measure that those services could employ.

        1. Lee D Silver badge

          We were talking about allocation of money, for which exit nodes would be a good candidate to spend money on.

    3. jmch Silver badge
      Boffin

      "...others may welcome as an ethical necessity"

      From an ethical point of view, the server is farming out a piece of work to the client, which is financially benefiting the owner of the server. From a transactional point of view, it's no different to running ads on the server, which require an increased cost on the part of the client (both in compute requirements of hardware as well as attention span of the user), or to charge a subscription to access a site. Nothing unethical about that. The ethical necessity is to clearly inform your users if you are doing so.

  2. Pascal Monett Silver badge
    Pint

    I think this is brilliant

    If I were a Tor user, I would wholeheartedly agree.

    Something that keeps dishonest troublemakers out of my way and let's me surf in peace ? I'm all for it.

    And I really like that they are taking pains to clarify that it is not YAFMS (yet another funny money scheme). Funny money has nothing to do with plain old integrity, and that integrity is what the Tor developers are trying to keep.

    I salute them ->

  3. Claverhouse
    Black Helicopters

    Never trusted TOR, nor anything else constructed by the American military.

    1. Bearshark

      I don't think the current build of 'TOR' resembles anything close to what the United States Naval Research Laboratory built back in the day, IMO. This software is completely open source. That being said, I'm sure the source code has been audited many times. It's all about your trust tolerance I guess.

    2. Anonymous Coward
      Anonymous Coward

      You are currently using a network invented by the Defense Advanced Research Projects Agency branch of United States Department of Defense

  4. Anonymous Coward
    Anonymous Coward

    This would work fine in the days of single machine attacks.

    These days a lot of attacks come from huge networks of other peoples compromised machines.

    1. doublelayer Silver badge

      Re: This would work fine in the days of single machine attacks.

      Yes, but in most cases, it's a few thousand machines repeatedly connecting. It's not just one connection from each machine in the botnet, but a flood from all of them combined. If all the nodes are restricted to a lower connection speed, then the scale of the attack will decrease unless the attacker can get even more machines from which to attack. Depending on who the attacker is, this might involve more expense than they want to incur. This is especially the case for so-called hactivists who often like DDOS as a weapon because it's pretty basic and they don't have the skills to do much else, and that means they also don't have the skills to create a good botnet so often simply buy time on someone else's.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like