Feasibility of Using TOR or VPNs For Anonymity
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been told TOR and VPNs are heralded for their anonymizing properties however the skeptic in me says that there are some serious failing points. It goes without saying that recipients of this list knows their stuff about prying eyes and third parties surveilling activities of "activists" or people of interest. So, how does one engage in electronic communication whilst maintaining anonymity from governments, business, and rambunctious infosec techies? I've also been told that TOR exit nodes are often run by governments to filter and collect outgoing data that can use to build a profile on a person. How dangerous is this problem? Wouldn't the SSL'd connections between TOR nodes mitigate the issue? My present strategy is to employ the use of a VPN that retains IP address logs for 24 hours before wiping for all communications. The VPN is located outside the US, and is apparently regarded as "safe" by a few paranoid individuals. I know there are a few pitfalls there, how dire are they? In short, I need to be able to disassociate my real identity with this pseudonym effectively enough to "hide" from governments and third parties... At least in terms of originating IP addresses to public services like email. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJNZA26AAoJEPuu2mBeOIXHAucP/0pnDqnbP0rLAbZ0PLKgMOdM Jv7TFo8T7MruGQ6l7X6M8Ol0w05tNeh02Y7UtLv5jBkUXIacXOlxXgJfFhri3Pm7 0IBIzfzoki+PhSyWEca8gc/uhjIFTAE/uEpTDUgf5s4hE4WqgihNwI4JHv98tlr5 tXZn2kcckuoCz/hfGg7HqLbDyI6nCG+6JA9Ojl+Iq9JemIfY51BoE2YBYOAc8keM cGpFNkrrMdL/Cl2/RayYI9OjG/N9yY2cKXpniBRq1kUwHoyMKS/B8424p4fKNiMu otFWBNz2EbV+rbv1O2r+EmmIH8MtLWRFYxnedsHNYcuWetYdQP3b2M4y8QZJvFVs Z7zGLeKpEGxT/Mo489g+6fPaf1YcVCB7g7Y1liq8IPK9YpCpPTwYjiFV+2Fz6Cw1 Ilsyy5ldS+gGaWFiYpLxIBquu5Oki7GNvXTBUQdHOaRmNCuxTT5NvzT7nwtZqhLc GMD1Ea8V7iFeIUfpaEYW8GrvAx/9AnLqP2iTyUfC9huu1q4oFRF8tx5pKWl9Kt5w G14qP3uDmFQiotOfpK1LAW8WTn/ffIb4LLSYPkmW+u+AGR2X0t9PuZqQS+Q8ehFc wTM0dfdZM7lHJY6IDOkSuXyPLDJIXqMO44zStPAVPME/lXLZMSureesV+joD0GRK oBDgNe/aFyK6VOfy9H9W =REH8 -----END PGP SIGNATURE-----
You may not be aware that such questions are now commonplace by commercial spies like HBGary and ilk. So here is what you tell them buzzards openly with your nym prominent: The design of the Internet prevents concealed communication from being possible. How to prevent using the Internet to do what you want was its first design requirement. Still there have been numerous attempts to get around the Internet's fundamental prohibition against being traced. A canard has been promulagated that the Internet routes around censorship and based on that there continues to be a hope that untraceability is in the offing. TOR and VPN claimed to be able to do that but cannot, don't waste your time, they were compromised by design. Many more out there and more hidden to assure suckering. All mass communication must be capable of tracing its users, for "administration and management." Designers and sysadmins of any of these systems know that but keep it quiet to protect their jobs and investor profits. Privacy shams encourage trust in these systems as in confessionals and torture holes. There may be a way to communicate with a few people without using any means of mass communication but not with many and pretty soon one or more of them will rat on the other users, either for pay or for jealous revenge at being stooged. TOR is a fish trap. This is not limited to technological means of communication, it applies to any form, verbal, written, sign, smoke, ear wiggle, eye blink, twitch, finger, forked tongue, boogie, hickory stick, mail drop, dead drop, fake rock, gut condom, vaginal and anal beads, DNA and quanta. You might think keeping your mouth shut would do it, but no no no. Too late for that unless it was never opened begging for tit. Tits have you by the balls. So go to work and pay your dues. But even then expect to be reported to the authorities as a menace to society for asking these questions. Or, if you're broke, report your gang and its fledging means of hiding.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 m0lt1 <m0lt1wl@gmail.com> writes:
I've been told TOR and VPNs are heralded for their anonymizing properties however the skeptic in me says that there are some serious failing points.
Your skepticism is fitting. In fact, even the TOR documentation concurs: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf
So, how does one engage in electronic communication whilst maintaining anonymity from governments, business, and rambunctious infosec techies?
uinmyn: Is this anonymous browsing, or what? http://groups.google.com/group/alt.privacy.anon-server/browse_thread/thread/... stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html
In short, I need to be able to disassociate my real identity with this pseudonym effectively enough to "hide" from governments and third parties...
Good stuff. Stick with it. -- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAk1kNbsACgkQDkU5rhlDCl70agCcCfTMPTtKxD0+LNo15a+ke1MF WOYAnRhiZXg5Vxvr9i2cjan7Vgx0zMvw =P6aB -----END PGP SIGNATURE-----
participants (3)
-
John Young -
m0lt1 -
StealthMonger