On Wed, May 27, 2015 at 11:08 PM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
Tor certainly works for some of its intended uses. If you are in a repressive state and want to get access to CNN or the like, Tor is your friend. It isn't going to prevent a police state noticing that you might be up to some sort of unapproved activity but they won't be able to tell the difference between a dissident and someone surfing for porn etc. So it is useful and reduces risk in countries like Iran or Russia. But using it in North Korea would mean risking a death sentence.
Where I don't see Tor being remotely safe is trying to operate an online Drug bazar as a hidden service. I mean seriously guys, cryptography isn't magic and traffic analysis is a very effective tool. Tor is still going to help your customers keep their identity secret but it isn't going to stop a determined law enforcement team with pervasive Internet access tracking down your server. Not when the hidden service is trying to become a consumer brand with global reach.
So I think a change in terminology is needed. It is not just that people are not taking security precautions due to a false sense of security, some people are ordering up mob hits because they think they are in a permissive environment that is accountability free.
Rather than calling it the dark web, the term Twilight Web seems more appropriate to me. It is possible to hide but only if you know how and only among the trees.
For whatever part of your threat models above includes global passive adversary watching the input and output points of your network of choice and lining up traffic observations... there is little defense to be taken other than filling your unused capacity with fill traffic. No network to date appears to be developing or using that defense. There have been threads on that within the last year, and even one on making such background fill a part of IEEE for fiber and copper physical links.