The TOR fork is Vaporware
I’ve talked a lot about the TOR fork if you follow me on Twitter. This is the last thing I’m going to say on it. My goal is to summarize my opinions in one place. Then shut up about it. Hopefully they prove me wrong.
Recently a lot of buzz and hype has appeared in my news feed surrounding a TOR fork. This is after a lot of upheaval in the project. To summarize all these issues, in board strokes, and likely incorrectly.
- An ex-CIA agent joined, and then left (within a ~2 months).
- Jake, the former leader/organizer was accused of rape.
- The project leadership board was replaced.
- Jake’s current/former flame was socially ostracized and quit the project (even if they were weren’t on the pay roll?)
- A hard fork was announced.
- A strike of Relay operators/developers/users was announced.
What I want to focus on is the Tor Fork. Not Tor itself. Tor has a management board, funding, developer team. We’re just seeing very public office drama. I’m hopeful this internal drama will resolve itself over time.
The Tor Fork I believe is Vaporware. The leadership of this project has, as far as I can tell not led an OSS project before, nor has any experience writing cryptographically secure software. They are a red team-er. There is a very different skill set between popping shells, and merging commits. As of writing the Tor Fork project hasn’t made a single public repo, nor a public binary.
All the Tor Fork has done up to this point has discussed new features they want to add. This is called bike shedding. It is a classic sign a project is going nowhere. The only less productive thing is discussions of the Logo or Motto of the project. If you are interested in more info consider The Law of Triviality.
But instead of looking into things done let us see what the project is signalling.
This isn’t a bad idea, but this isn’t a good idea. Breaking compatibility with about I2P and TOR will lower the bandwidth of BOTH projects. And degrade the privacy of people currently using and depending on TOR.
Well this puts my mind slightly at ease.
To jump into the technical issues. I2P only supports a maximum 4 million clients due to how ClientID’s are encoded in the DHT/Protocol. This also requires building a new I2P client INTO the TOR browser, as the current I2P client is Java-based. Also each I2P client is a gateway, which can bring around privacy issues as now users who are tunneling though I2P is watch their weird hentai, might now forward packets of somebody else browsing CP.
I2P solves a lot of issues with Onion Routing nonetheless. It makes bandwidth management easier. This is a good change to make.
Well I guess this is good to know. Forking TOR’s existing bandwidth would be damaging to both projects. But then you see a tweet like:
Which seems to confirm the Tor Fork wants to break compatibility with the Onion Routing Protocol. Or at least push a new revision of the Onion Routing Protocol.
When you combine the combative nature of this project.
Do these projects really want to co-exist? Or is one person just spouting hot air?
Really all I can conclude is this project is going nowhere fast. The leader doesn’t seem to understand what they want out of the fork. A cooperative project which will expand the Onion Protocol to allow for more options/better security? Or a combative project that will attempt to over throw the existing infrastructure?
So far all the project has done is prop up a site for the future browser Rotor. I just want to state. IF this browser is compatible with the existing TOR you SHOULD NOT USE IT. The reason is the TOR browser exists is to there to make finger printing TOR users hard. Having a different browser, run by a different project will make finger printing trivial.
Yes the TOR project has issues. We should have a conversation about how to improve it. One should work WITH the project to implement these changes. Attacking and hard forking the project is only going to hurt the people in oppressive countries who need TOR. The hard fork has brought about a lot of popular changes, and good proposals. I’ve love to see @jmprcx join the TOR project. They maybe useful voice internally to help bring about positive changes within the core Onion Protocol.
At the very least @jmprc and TOR will have to work together on the proposed changed to the Onion Protocol.