On Mar 21, 2014, at 5:04 AM, rysiek <rysiek@hackerspace.pl> wrote:
If the NSA can impersonate any IP on the planet, they can impersonate any Tor node.
Shouldn't they have the node's private key too? Just having the IP they would receive encrypted traffic, they wouldn't be able to route it, your communication would fail and another TOR circuit would be used. Cheerz http://apx808.blogspot.com On Sat, Mar 22, 2014 at 6:52 AM, rysiek <rysiek@hackerspace.pl> wrote:
On Mar 21, 2014, at 5:04 AM, rysiek <rysiek@hackerspace.pl> wrote:
1. they know when you're using Tor, and can flag you accordingly, and (for
example) deliver some nastiness when (not "if"!) they get the chance, because "when you have something to hide..."
The old argument for convincing people to use crypto when they "have nothing to hide" was the postal analogy. Do you send your snail mail in an envelope? If you have nothing to hide why not use postcards? The idea is that if you are sending everything encrypted, when you do have something to hide it doesn't stand out. Now people use envelopes for privacy and out of convention. If everyone did the same thing with crypto,used it for
Dnia sobota, 22 marca 2014 01:04:28 Scott Blaydes pisze: privacy
and out of convention, intelligence agencies wouldn't be able flag suspicious communications easily.
Sorry, not really a "to Tor or not to Tor" answer, but something I remember using in the past.
I am well aware of this argument, and I use it often. My question here is different: with all the info we have about Snowden, QUANTUM, etc, and with the number of Tor users today, AND with some Tor design choices (like: not padding the packets so that each packet, regardless of between which nodes it is sent and how many encryption layers have already beed removed -- has the same length, which would make it that much harder to do traffic analysis), is it PRACTICALLY REALLY better to use Tor, OR does it get people flagged and exploited in other ways?
For Joe Schmoe, is it better to use Tor, or to hide in the noise?
I guess one part of the question is the fact that NSA probably doesn't really have to break encryption, they just need info on who is communicating with whom, exploit one of these endpoints and get all the unencrypted logs, data, etc they want.
-- Pozdr rysiek