Oh...seems the same idea corssed your mind too. That guy's english was also suspiciously good... Either way, it bares further investigation... -TD

From: Justin To: cypherpunks@jfet.org Subject: Re: Fwd: Some legal trouble with TOR in France Date: Tue, 16 May 2006 03:11:47 +0000

On 2006-05-15T08:12:17-0700, coderman wrote:

...

ah, reputation and trust. my favorite crux

Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.

...

---------- Forwarded message ---------- From: france-info@safe-mail.net Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk@freehaven.net

I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do.

-- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants.

As usual, i'm late to the party.

Hey, if you're going to feed the trolls, might as well feed them something interesting... Does it bare investigation, or bear it :-) ?

I vote to bar the quesion. :-/

And of course there's no need for government FUD in a cypherpunks environment, since there has always been plenty of volunteer work by the private sector.

Which is a great intro to a few of the first random thoughts I had while reading this missive from the Sooper Sekrit [French] Gub'mint Agent: How convenient that Frog is the example used, as Frog is well known for it's [successful] attack against the system. What better way to get the locals to start nodding their heads than to use this well known and long identified broken node", while implicitly maintaining that 'Le Author" does't know anything about that. "About TOR now: I MAY not say all what I know, as the case is currently investigated by our services and I don't want to get into trouble!" Yet s/he chooses a "safe" remailer like service to "hide" behind? Wait - I thought we just learned that _all_ remailers and their relatives were under hostile control? "About 4 years ago (I don't remember exactly, and I am at home now, I haven't my documents with me), we visited the operator of the remailers FROG and AZERTY." Since when would an agent have the files from a four year old (assumedly Black) "operation" easily at hand? The rest of this latter is just well known crap smooshed together with a Secret-Club Handshake and a warning to 'be careful' - no duh! WTF was the actual _point_ of this in the first place? What would the possible payoff be? The writer is for sure no secret agent, nor likely even playing one in her garage: does he merely get off by posting stupid shit on a public list? Nobody truly familiar with any annonymizing service is going to pay that thing any attention, but newbies *might* (depending on their naivete and gullibility). Even so, standing by itself, it's not even a howl in the wind, it's a whisper on a subway...inaudible, unintelligible, and a waste of oxygen. Like this reply... -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker

On 5/15/06, Justin wrote:

On 2006-05-15T08:12:17-0700, coderman wrote:

...

ah, reputation and trust. my favorite crux

Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.

i suppose my point was that trusting tor as it stands is a leap of faith. there is little visibility as far as node selection criteria for addition to the directory, the information and physical security aspects of the servers within the directory, and the reputation of the node operators with respect to "rubber hose / threatened incarceration" attacks and the associated trust level to assign in such a context. much better than nothing, but i still consider tor useful mainly for keeping your source IP out of webserver logs. any other government / malicious entity can compromise accordingly. (i know this isn't the situation overall, but i assume as much so i won't be surprised by a worst case) i used to run a peertech node on a dedicated server. this host was compromised by tech staff at the facility with physical access and ever since i've refused to operate a node until i could be sure physical security was assured. i tend to consider any service that relies on host integrity also reliant on a number of other prerequisites like: - physical security to prevent unauthorized access - hard disk encryption to prevent unauthenticated disclosure (esp. seizure of hardware) - infosec best practices to keep attack surface minimal (firewalls, chroot, VM's, POLA, etc) for the situation mentioned in parent thread, i'd like to know that if the TLA comes knockin' my key scrubbing loop-aes turns all disks into large entropy stores the moment power is killed upon any attempted seizure. most services currently assume the disk is private. if you want a private disk, you need full disk encryption (key scrubbing in RAM++) tied to strong authentication.