Date: Mon, 8 Nov 2010 17:55:16 +0000 From: case@sdf.lonestar.org To: lisheo@hotmail.com CC: cypherpunks@al-qaeda.net Subject: RE: distributed traffic patterns (for personal traffic)
On Mon, 8 Nov 2010, Alastair O'Neill wrote:
The threat model is not a current one. If you are actively breaking the law _right now_, then all of this (including Tor, IMO) is out the window - you move to the realm of throwaway mobile phones and prepaid visa cards and open wifi networks.
No, the threat model I am concerned with is future correlation attacks and data mining. I am concerned with a set of digital footprints that can be stored indefinitely and can be used to frame all possible motives.
So yes, Tor would work, but Tor is slow, and even with a large number of additional nodes and much more bandwidth, Tor will still have _very_ high latency. If you read back in the Tor mailing list, you can see the devs state that while the bandwidth will get better over time, the latency issues are here to stay. This is in contrast to a hop from CONUS over to Amsterdam and back to check nfl.com ... that's pretty snappy, I am happy to report.
So that's the threat model, and that's why I have declined to use Tor (I'm well versed in Tor usage and admin).
Payment is prepaid visa or postal money order, etc. Most asian ISPs I have dealt with don't accept credit cards for service anyway.
As to cost, if $80 or $100 per month is too much, I guess you use Tor. I'm of the mind that this is extremely cheap for 3-5 nodes spread across the world, especially considering that this barely got you a single colo'd server 8 years ago.
Comments ? Where does this break down, given the modest requirements described ?
If all you're looking to do is avoid data-mining and digital footprints being stored by non-state actors, I think it would suffice, as long as you were careful with the shell/VPS providers. Mix it up, and connect to a free shell provider (if you aren't doing anything that requires stronger anonymity) or server that has other accounts, as mentioned, to use as an "exit node" in order to hide your exit traffic from upstream camping, and of course use a browser that's resistant to browser-fingerprinting, and all of that standard jazz.