----- Forwarded message from Roger Dingledine
The key, obviously, is the primary assertion that the NSA runs "lots" of Tor nodes. I've seen this assertion before, and while it's certainly a reasonable assumption, I don't know if anybody outside the NSA actually has hard evidence for that.
I remember having this discussion with Bruce Schneier long ago, when
he was about to add the phrase "of *course* NSA runs Tor relays" to a
blog post.
Consider two scenarios. In scenario one, NSA doesn't run any Tor
relays, but they have done deals with AT&T and other networks to be
able to passively monitor those networks -- including the (honest,
well-intentioned) Tor relays that run on those networks. They're able to
monitor some fraction of the Tor network capacity -- whether that's 1%
or 10% or 30% is a fine question, and depends on both Internet topology
and also what deals they've done.
In scenario two, they do that plus also run some relays. They have to
deal with all the red tape of deploying and operating real-world things
on the Internet, and the risk that they'll do it wrong, somebody will
notice, etc. And the benefit is maybe a few percent increase in what
they can watch.
Why would they choose scenario two? Scenario one seems like it would be
working out pretty well for them. And if it's not, their resources would
be better spent fixing that, since it leads to better surveillance of
everything else they care about too.
See
https://lists.torproject.org/pipermail/tor-talk/2013-July/028851.html
for a related discussion.
Oh, and this argument should also lead you to ask "ok, but what
about
Assuming that assertion holds, the architectural criticisms start to matter more: 3 hops, 1024 bit RSA keys, etc.
Somebody should tell Robert about the recent (Tor 0.2.4.x) shift to much stronger circuit handshakes and link encryption: https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... And for the "Multiple apps share the same underlying Tor egress" concern, he should learn about the stream isolation features added in Tor 0.2.3.x: https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... All of this said, I don't want anybody to conclude that Tor is perfect. Many of the attacks from my 25c3 "security and anonymity vulnerabilities in Tor" talk remain hard research questions: https://media.torproject.org/video/ --Roger -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5