From a stupid simple persec POV Tor buys you time... to make a run for it... or whatever. That's the best you can ever hope for. Use the time wisely. Revolutionaries are dead men on furlough, and so are whistle-blowers. Rr On 06/06/2016 05:25 PM, Steve Kinney wrote: On 06/06/2016 02:47 PM, juan wrote: > On Mon, 6 Jun 2016 18:23:17 +0000 (UTC) jim bell > [1] wrote: >> >> Apparently there are a number of easy-to-describe improvements >> which could be made to the TOR protocol, such as increasing the >> number of hops, generating fake extra traffic, etc, which would >> improve it greatly. TOR is a net positive, > Or let's try this : > Tor is a crass example of controlled opposition. No doubt > controlled opposition is a net positive...for the establishment. > And so it must be a net negative for the opposition. Since nobody asked, here's a description of why neither TOR nor any other existing or presently planned anonymizing protocol I know of can be relied on to conceal a user's identity from the Five Eyes or any of several other hostile actors. I surface this concept every year or so, but so far nobody seems interested in discussing it. Maybe it's just too discouraging to think about. No matter who created it or why, TOR and similar mix networks are at best security theater, relative to top tier State adversaries. Quoting myself from an earlier post: Anonymized routing protocols are designed to defeat passive observation and limited traffic manipulation by hostile actors. But what if an effectively unlimited number of compromised routers, subject to realtime observation and internal manipulation, were available to hostile actors? Game over, I think. About 15 years ago I used online traceroute utilities and whois lookups to determine (roughly) where all the high performing Mixmaster remailers were physically located. Over half of them, including most with "exotic sounding" TLDs, were apparently in the state of Texas. Then I used my data to construct "hard to compromise" chains, routing Mixmaster messages through national jurisdictions not likely to have comprehensive data sharing between their security services, and started sending test messages. None of these test messages ever made it back to me. So I concluded that, despite its major technical superiority to other anonymized networking protocols, the Mixmaster network was most likely compromised by passive observation (one owner for a majority of reliable remailers) and active intervention (traffic between uncontrolled remailers interrupted in transit). Owning enough of the routers in an anonymizing network to negate its security is largely a question of money: How much budget to you have, how certain do you want to be that nobody is really anonymous? If I had to neutralize an anonymous routing network, my approach would be to set up a cloud server running thousands of instances of the router software in question, customized to facilitate monitoring by a hypervisor. Each of these routers would be connected via VPN to a unique remote host, which would function as a transparent proxy. The proxy hosts could be machines owned by "friendly" actors, rooted consumer grade routers, purpose built appliances, conventional Windows botnets or some combination of these. I have not seen this method of attack described and named; I call it a "hydra" attack, because one body, many heads. I think this mode of attack deserves competent attention (i.e., not by me) because realtime observation and manipulation of any desired quantity of routers would provide solutions to any distributed anonymous routing protocol. The only defense I can think of is to assure that message traffic passes back and forth between mutually hostile national jurisdictions before delivery. This would be a bit of a hairball to implement, lots of slippery variables and potential counter-actions by hostiles would have to be taken into account. But this approach could increase the cost and reduce the reliability of Hydra attacks against anonymizing protocols. Somewhat. Probably not enough for "life safety" application s. Long story short: If you want to be /really/ anonymous in the presence of hostile State sponsored actors, do not rely on a software-only approach: Use physical security measures to conceal your identity from the physical router that connects you to the Internet, because most or all of the anonymizing routers your traffic passes through may be owned and controlled by the very people you are hiding from. :o/ > References 1. mailto:jdb10987@yahoo.com