So, whatever happened to this? "Black Hat Cancels Presentation on Cracking Tor" http://www.pcmag.com/article2/0,2817,2461204,00.asp http://freedomhacker.net/tor-project-fixing-vulnerability-that-could-expose-... Why was the talk cancelled? Did that happen in the Western Cesspool where 'freedom of speech' is oh so fucking sacred? And what about this 'vulnerability'? Isn't tor oh so amaazing that even the NSA can't track tor users...except that's a stupid lie?
I'd recommend the blog post about this, if you haven't seen it already: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-c... It should answer some of your questions. I have only seen speculation on why the talk was cancelled.
Does anyone have ideas about who would be the right person or people to follow up with about this? The school and researchers front doors seem closed to queries, maybe there is a side door somewhere? On Thu, Sep 18, 2014 at 4:01 PM, <x50@fastmail.fm> wrote:
I'd recommend the blog post about this, if you haven't seen it already:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-c...
It should answer some of your questions. I have only seen speculation on why the talk was cancelled.
On Thu, 2014-09-18 at 16:01 -0400, x50@fastmail.fm wrote:
I'd recommend the blog post about this, if you haven't seen it already:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-c...
It should answer some of your questions. I have only seen speculation on why the talk was cancelled.
The talk was almost certainly canceled because it contained admissions of violating federal wiretapping laws, which is what happens if you de-anonymize Tor users in the wild. This is a legally gray area in theory, but I think in practice it would never be judged in favor of the defendant, and so the CMU legal team pulled the talk to avoid exposing themselves to liability. -- Sent from Ubuntu
On Thu, Sep 18, 2014, at 05:18 PM, Ted Smith wrote:
The talk was almost certainly canceled because it contained admissions of violating federal wiretapping laws, which is what happens if you de-anonymize Tor users in the wild.
This is a legally gray area in theory, but I think in practice it would never be judged in favor of the defendant, and so the CMU legal team pulled the talk to avoid exposing themselves to liability.
Thanks Ted.. I fully agree that this is almost certainly the reason for the cancellation of the talk and for good reason. Many of us are aware of how these cases typically go for the defendants and it is not unusual for the prosecution to push for extreme sentences in these types of cases. That said, while I do understand the reasoning for cancelling the talk, I've still be extremely disappointed in the lack of cooperation with the Tor project on addressing the concerns. Especially given the relationship between CMU and CERT. It seems there would have to be some middle ground between a public speech at a convention and being almost completely silent when it comes to working with the developers on understanding the issue and implementing a fix. As for Patrick's question, unfortunately I am not aware of any side doors to collect additional information and I am not overly optimistic given the developer's issues with obtaining the information they requested on the attack.
On Fri, Sep 19, 2014 at 4:29 PM, <x50@fastmail.fm> wrote:
On Thu, Sep 18, 2014, at 05:18 PM, Ted Smith wrote:
The talk was almost certainly canceled because it contained admissions of violating federal wiretapping laws, which is what happens if you de-anonymize Tor users in the wild. This is a legally gray area in theory, but I think in practice it would never be judged in favor of the defendant, and so the CMU legal team pulled the talk to avoid exposing themselves to liability.
Wiretapping usually involves collecting content or traffic metadata that is identifiable to the user. When not against a specific user, disclosing a real IP address in itself might be more of an edge case along the lines of circumvention of the tech, cracking what the user setup, etc. There probably need to be test cases to cover these areas as applied to anonymity networks.
I've still be extremely disappointed in the lack of cooperation with the Tor project on addressing the concerns. Especially given the relationship between CMU and CERT.
That's still thinking in terms of some BS non-full-disclosure legal/professional/industry play-nice rules. There's no reason why, if their is no crime, no contractual party loss, etc that the 1st amendment can't be used to disclose it. And ZERO reason whatsoever that the research cannot simply be anonymized, rewritten and anonymously posted somewhere as if it were developed in parallel by some anon. It's as if while playing their legal/credit games they forget/ignore that vulnerable users come first. Or someone bought them out.
Dnia czwartek, 18 września 2014 16:02:09 Juan pisze:
And what about this 'vulnerability'? Isn't tor oh so amaazing that even the NSA can't track tor users...except that's a stupid lie?
And what about these "germs"? Isn't washing hands oh so amaazing that it makes it impossible to get sick, ever... except that's a stupid lie? -- Pozdr rysiek
participants (6)
-
grarpamp -
Juan -
Patrick -
rysiek -
Ted Smith -
x50@fastmail.fm