On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote:
2) Torpark is not commercial, it is totally free and open source. We simply offer an upgrade to get higher speeds than the tor network can provide.
3) The fact that trust isn't distributed is a positive, not a negative, because you don't have to trust everyone with your outgoing plaintext traffic. We have independent security auditors make sure our admins are not tracking anyone or doing anything malicious.
I'm leaving the licensing discussion alone for now, but I wanted to respond to this technical point. Tor's security [1] comes from two components. The first is its large and diverse user base -- as the user base expands, the mere use of Tor doesn't narrow you down to a specific user community or specific few people who are known to have fetched the program [2]. The second is the diversity of the relays -- as the Tor network expands, fewer adversaries are able to be in enough places on the network to succeed at linking senders to recipients. Now, it's still an open research question what metrics we should use for these components (that is, how exactly we measure the security we get from them), but my intuition is that after a certain point the first component doesn't contribute much more to security -- meaning in Tor's current state, its security grows primarily as the network grows. And remember that by "being in enough places", I mean being in a position to watch (or otherwise measure [3]) the traffic; the best attacks we know right now only look at characteristics of the traffic flow [4], because any sort of coordinated compromise of many relays is probably harder. I'm not saying Tor's design is perfect. We are still grappling with Sybil attack questions, and as you say we need to encourage our users to employ end-to-end encryption and authentication when appropriate. And we're still not happy that a widely dispersed attacker can probably do very well against Tor. But a central organization that administers all the relays, even if it puts them in different places geographically, and even if it promises to do perfect audits and employ only perfect people, aims for a fundamentally different sort of security than Tor aims to provide. The traffic analysis attacks above are still just as much of a concern, but insider attacks and other attacks on/by the organization are now a significant question too. You can launch a new single-hop proxy service, commercial or not, proprietary or not. You can also launch a multi-hop service where you control every hop. And the license of the Tor software lets you use it if you find it useful for your purposes. But please don't deceive your users by changing the security context and then encouraging them to think that just because the Tor software is present somewhere in the picture, they are benefitting from the type of security that Tor aims to provide. --Roger [1] By "security", I'm talking primarily about unlinkability here; but that's a different thread. [2] http://freehaven.net/anonbib/#usability:weis2006 [3] http://freehaven.net/anonbib/#torta05 [4] http://freehaven.net/anonbib/#danezis:pet2004 ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE