Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/10/2021 [offlist] wrote:
If the US is compromised by 100%, Tor would not work at all, right?
For providing reliable anonymity against the US and UK government agencies in the form of the NSA and GCHQ, yes, Tor is completely useless. Against a lesser adversary, well there are many other possible attacks against Tor's anonymisation - I particularly liked the hitting set attack - and I don't keep up in detail, so while Tor probably provides some protection I don't really know how much. There is another factor to consider though - the best position for a code-breaking agency to be in is if they can break the code but everybody else thinks they can't and so continues using the broken code. That is pretty much the position of USG/NSA with respect to Tor, which is why USG fund 80% of it. [4] The phrase "bodyguard of lies" comes in here, as does eg subsection 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can tell a lot about what spy agencies are doing by studying the relevant legislation) The result of this that while NSA and GCHQ may know, they aren't necessarily going to tell anybody, at least not about the routine stuff. Even in Bin-Laden-hunt situations the most they might say is that they got some chatter (or whatever the current circumlocution is) indicting some intelligence may be correct or a direction for investigation. As for dumping everything they know about eg dark nets to the FBI or local cops, it ain't likely to happen soon. Though it might, one day.. Incidentally that's why other agencies like the FBI and the NCA in the UK at least apparently, and probably actually, do the work which leads to criminal convictions on darknets. I suspect they get a little "help" from the code guys, like "you can't use that in court" or maybe "try looking in a different direction". [4] It also has the to-them benefit: "to aid democracy advocates in authoritarian states" while they can still tell who is who, if not (mostly) what is said. To do this it has to provide some level of protection against lesser adversaries, though that may not be a very high level. cf the anonymity of Afghan translators who worked for the British Army... [5] (1)No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)— (a)[...] (b)tends to suggest that any interception-related conduct has or may have occurred or may be going to occur. [6] #TOR FAQ: Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides.... Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.... So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.
What about connection, cell padding? Does it help to reduce the matching success?
As I have said I'm not totally up-to-date on Tor, but probably not much. Peter Fairbrother
On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 10/10/2021 [offlist] wrote:
If the US is compromised by 100%, Tor would not work at all, right?
For providing reliable anonymity against the US and UK government agencies in the form of the NSA and GCHQ, yes, Tor is completely useless.
But please don't use anything less. Your web browsing is private, and it is appropriate that somebody should need to have probable cause and work hard to monitor and log it. Against a lesser adversary, well there are many other possible attacks
against Tor's anonymisation - I particularly liked the hitting set attack - and I don't keep up in detail, so while Tor probably provides some protection I don't really know how much.
There is another factor to consider though - the best position for a code-breaking agency to be in is if they can break the code but everybody else thinks they can't and so continues using the broken code.
That is pretty much the position of USG/NSA with respect to Tor, which is why USG fund 80% of it. [4]
The phrase "bodyguard of lies" comes in here, as does eg subsection 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can tell a lot about what spy agencies are doing by studying the relevant legislation)
The result of this that while NSA and GCHQ may know, they aren't necessarily going to tell anybody, at least not about the routine stuff.
Even in Bin-Laden-hunt situations the most they might say is that they got some chatter (or whatever the current circumlocution is) indicting some intelligence may be correct or a direction for investigation.
As for dumping everything they know about eg dark nets to the FBI or local cops, it ain't likely to happen soon. Though it might, one day..
Incidentally that's why other agencies like the FBI and the NCA in the UK at least apparently, and probably actually, do the work which leads to criminal convictions on darknets.
I suspect they get a little "help" from the code guys, like "you can't use that in court" or maybe "try looking in a different direction".
[4] It also has the to-them benefit: "to aid democracy advocates in authoritarian states" while they can still tell who is who, if not (mostly) what is said. To do this it has to provide some level of protection against lesser adversaries, though that may not be a very high level. cf the anonymity of Afghan translators who worked for the British Army...
[5] (1)No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)—
(a)[...]
(b)tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.
[6] #TOR FAQ: Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides....
Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that....
So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things.
At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.
What about connection, cell padding? Does it help to reduce the matching success?
As I have said I'm not totally up-to-date on Tor, but probably not much.
Peter Fairbrother
On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 10/10/2021 [offlist] wrote:
If the US is compromised by 100%, Tor would not work at all, right?
For providing reliable anonymity against the US and UK government agencies in the form of the NSA and GCHQ, yes, Tor is completely useless.
Against a lesser adversary, well there are many other possible attacks against Tor's anonymisation - I particularly liked the hitting set attack - and I don't keep up in detail, so while Tor probably provides some protection I don't really know how much.
There is another factor to consider though - the best position for a code-breaking agency to be in is if they can break the code but everybody else thinks they can't and so continues using the broken code.
That is pretty much the position of USG/NSA with respect to Tor, which is why USG fund 80% of it. [4]
The phrase "bodyguard of lies" comes in here, as does eg subsection 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can tell a lot about what spy agencies are doing by studying the relevant legislation)
The result of this that while NSA and GCHQ may know, they aren't necessarily going to tell anybody, at least not about the routine stuff.
Even in Bin-Laden-hunt situations the most they might say is that they got some chatter (or whatever the current circumlocution is) indicting some intelligence may be correct or a direction for investigation.
As for dumping everything they know about eg dark nets to the FBI or local cops, it ain't likely to happen soon. Though it might, one day..
Incidentally that's why other agencies like the FBI and the NCA in the UK at least apparently, and probably actually, do the work which leads to criminal convictions on darknets.
I suspect they get a little "help" from the code guys, like "you can't use that in court" or maybe "try looking in a different direction".
[4] It also has the to-them benefit: "to aid democracy advocates in authoritarian states" while they can still tell who is who, if not (mostly) what is said. To do this it has to provide some level of protection against lesser adversaries, though that may not be a very high level. cf the anonymity of Afghan translators who worked for the British Army...
[5] (1)No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)—
(a)[...]
(b)tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.
[6] #TOR FAQ: Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides....
Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that....
So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things.
At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.
What about connection, cell padding? Does it help to reduce the matching success?
As I have said I'm not totally up-to-date on Tor, but probably not much.
Peter Fairbrother
On Sun, 10 Oct 2021 14:47:56 -0400 Karl <gmkarl@gmail.com> wrote:
But please don't use anything less. Your web browsing is private, and it is appropriate that somebody should need to have probable cause and work hard to monitor and log it.
don't spread misinformation karl. There's no 'probable cause' of anything at play here, and the implicit claim that attaking tor is 'hard' is bullshit.
On 10/10/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 10 Oct 2021 14:47:56 -0400 Karl <gmkarl@gmail.com> wrote:
But please don't use anything less. Your web browsing is private, and it is appropriate that somebody should need to have probable cause and work hard to monitor and log it.
don't spread misinformation karl. There's no 'probable cause' of anything at play here, and the implicit claim that attaking tor is 'hard' is bullshit.
I feel irritated. Is what you are saying true? Would my expression have landed better if I hadn't used that phrase?
On Sun, 10 Oct 2021 15:11:37 -0400 Karl <gmkarl@gmail.com> wrote:
On 10/10/21, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 10 Oct 2021 14:47:56 -0400 Karl <gmkarl@gmail.com> wrote:
But please don't use anything less. Your web browsing is private, and it is appropriate that somebody should need to have probable cause and work hard to monitor and log it.
don't spread misinformation karl. There's no 'probable cause' of anything at play here, and the implicit claim that attaking tor is 'hard' is bullshit.
I feel irritated. Is what you are saying true? Would my expression have landed better if I hadn't used that phrase?
Well "probable cause" is jargon from the US nazi 'legal' system, but we're talking about arpanet spying which is completely 'lawless'. One of their founding principles is that they spy on everyone, all the time, with no 'probable cause' at all. Anyway, I think it could be argued that tor provides some measure of 'plausible deniability', it makes it harder for government criminals to 'legally' prove something, because to prove it they would have to explain how their spying works. Which is why the most corrupt cesspool on the planet, the US, has something hilariously called 'parallel construction'... https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-launderi... " "Parallel construction" is really intelligence laundering"
participants (3)
-
Karl
-
Peter Fairbrother
-
Punk-BatSoup-Stasi 2.0