On Tue, Sep 19, 2017 at 2:34 AM, Mirimir <mirimir@riseup.net> wrote:
I'm not sure how Freedom Hosting operator Eric Eoin Marques went down. Maybe it was the same Firefox bug and NIT malware that got many users. But it likely wasn't a Tor bug. I'm not aware of Tor bugs before the CMU clusterfuck with substantial meatspace impact.
Just as the actors below do, opsec is a learnable discipline. There have been and can be fixable "bugs" in the code and sub architectures and protocol bits of overlay softwares themselves, those certainly have an impact in the overall game. Then there are analysis and attacks all the GPA / GAA do that can undermine probably at least some feature use case / mode of all overlay networks in existance today. That's bad. Sybil, traffic timing counting flow analysis, network manipulation, etc... https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi https://theintercept.com/snowden-sidtoday/ https://www.scribd.com/document/349261099/2016-Cert-FISC-Memo-Opin-Order-Apr... http://www.bing.com/search?q=nsa+parallel+construction http://www.bing.com/images/search?q=nsa+tor+stinks Some of this is fundamental stuff, perhaps a decade of both secret and public recent progress and thinking, that legacy overlay / p2p network architectures generaly didn't have squarely on their radar, at least as known production attacks, not just plausible theory feasables, before their designs got birthed and locked down in production. Focusing on those leading production nets, whether trying to rework fix maintain or attack, at least not without sound consideration of and ability to apply current thinking to them with notable results, may not be optimum investment. Perhaps it is really lack of next gen architectures proposed and in operation that can defeat those attacks (or at least target them squarely in priority and push the cost / envelope further out of reach) that is what "stinks". Tor exists and is known. Others have yet to be designed, coded, scaled up in production, presented and reviewed, kudosed and failboated, etc. Be the [r]evolution creating tomorrow.