On Wed, 20 Jul 2016 16:24:04 +0000 Sean Lynch <seanl@literati.org> wrote:
Tor IS actually secure IF YOU ARE THE FUCKING US MILITARY. If on the other hand you are one of their TARGETS then tor IS NOT SECURE.
Is something unclear?
What's your evidence for that? I doubt that it's technical, from what you've shared. So it sounds like just an assumption.
So much about security is based on probabilities and unknowns,
It seems kinda obvious to me that analyzing the security of say a symetric encryption algorithm is very different than analyzing the security of something like tor. In the case of tor there a A LOT more probabilities and unknowns involved. Also in the case of tor there are a few very damning knowns. So, any advertising regarding something like tor must have a lot more disclaimers than say, AES advertising.
and our own privacy is such a personal issue, that I don't think this is something that's going to be solved by "evidence." Some people are going to be uncomfortable using or supporting Tor no matter what because of its history,
It's not just 'history'. Tor is fucked up because of its nature, purpose and past and current funding.
and now potentially because they blame Tor for what happened to Appelbaum.
The appelbaum soap opera is totally irrelevant actually, except that it's good because it shows that the members of the tor project are backstabbing clowns. Now, think how much trust people who don't even trust themselves deserve.
Personally, from having talked to people who knew him that I've known for years, I am inclined to believe that Appelbaum did at least most of what he's accused of. But I blame the community for tolerating it and saying nothing at least as much as I blame him. He could not have existed without the legions of fanboys who, when they saw him trying to force a kiss on a woman, just wished they had such big balls rather than being concerned over whether or not she actually wanted that.
It's the same argument that we make about encryption generally.
No it is not. You are *misaplying* the argument.
I think that what they are saying is that whether or not crypto is effective for a given application depends on the resources your adversaries are able and willing to apply to breaking it.
The 'traffic analysis' of tor is not even crypto. It's based on IXPs taps, not on fancy math and number crunching.
Systems with backdoors can't be secure. And you can't keep anyone from using anonymity systems without backdoors.
Yes you can if access to the backdoor requires capabilities that your enemies don't have.
That's the fallacy about backdoors ;)
Agreed. It's also the fundamental fallacy behind all of the NSA's attempts to weaken crypto.
There isn't any fallacy there. They weaken crypto because that serves their ends. And if they need a 'secure' cypher they won't use any of the ones they sabotaged. But, again, this doesn't apply to tor.
So are you arguing that well-designed backdoors are OK? Or are you just arguing that US military are dumb enough to think so. That they're so confident about their superior capabilities?
The latter seems perfectly plausible to me. Groupthink.
I don't think the US military are dumb. If you do, then you are not thinking as correctly as you should.
As I understand Juan's position, that wouldn't work for him.
What wouldn't work?
Let's assume, hypothetically, that Tor is secure for everyone. And let's acknowledge that US military uses it for evil.
If that were so, would you use and recommend Tor?
Or would you reject it, because it's used for evil?