On Wed, Mar 26, 2014 at 7:23 AM, John Young <jya@pipeline.com> wrote:
Ubiquitous use of a comsec system is a vulnerability
Which ubiquity, in the curious case of Tor/I2P, appears to be holding up reasonably well so far. That is to say, who can state a case where a weakness in those systems (documented, or not) was exploited publicly to jail someone? Tor people seem to say it's possible, and the four horsemen have been operating in these nets for many years. Yet we're not seeing any canaries dropping in public. Why? And there's mountains of lesser [computer/finance] crime, filesharing, etc on these nets, with no sign of those actors being disrupted either. Let's move to leaks, a civil/criminal matter. That's the one thing that has had perhaps even zero first person appearance on .onion/.i2p. Why not? (Discounting docs from criminal hacks above, submission portals to third party publishers, mirrors, etc.) What if the docs that say, places like Cryptome, have had to pull due to threat of legal/ToS action... were hosted and told by the leaker/collator themselves on these nets? Who will carry the future gilded staffs of Cryptome, full-disclosure, WL, etc? And more importantly, where? What if a new set of Top Secret Snowden-like docs were hosted on tor/i2p? What if they had fewer silly redactions, or more sources and methods? Or serious political/geo/nwo intrigue the likes we've not yet seen? Are these nets only suited to street crime? Is offloading through the media the only suitable/safe place for high crime and politic? If not already present on these nets (some classes noted above), and thus far apparently immune (perhaps foolishly so), then what exactly are the needed test cases that will start producing not just dead canaries, but public record of what killed them? Any musing of 'To Tor or not to Tor?' must put consensus and evidence to these sorts of questions.