"Tor is dead technology"
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesn’t use Tor." https://twitter.com/attractr/status/783014723226861568 Comments?
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesnât use Tor."
https://twitter.com/attractr/status/783014723226861568
Comments?
I wouldn't expect them to use Tor. If you're a field agent that may be under surveillance, connecting to something like Tor fucks you. Or at least, I would think it does. Better off with a shell, or front-company, that provides a plausible story of employment or some time of affiliation, and shuttle data to that.
On Mon, Oct 03, 2016 at 06:59:57PM -0700, Razer wrote:
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesn???t use Tor."
https://twitter.com/attractr/status/783014723226861568
Comments?
I would think US governemnt actors, using tor, would be some of the only people that might have a reasonable expectation that it works... not because their traffic or metadata about their traffic can't be pwned to some extent, but because they work for or with some of the only people capable of such attacks (the NSA). Tor is not secure against a GPA... but is the US/NSA the only "real" GPA that counts? John
On 10/04/2016 05:58 AM, John Newman wrote:
On Mon, Oct 03, 2016 at 06:59:57PM -0700, Razer wrote:
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesn???t use Tor."
https://twitter.com/attractr/status/783014723226861568
Comments?
I would think US governemnt actors, using tor, would be some of the only people that might have a reasonable expectation that it works... not because their traffic or metadata about their traffic can't be pwned to some extent, but because they work for or with some of the only people capable of such attacks (the NSA).
Tor is not secure against a GPA... but is the US/NSA the only "real" GPA that counts?
John
Or if the government is surveilling them it's for 'quality assurance' and it doesn't matter anyway. When I suggested that there might be two tors. One for them and one for us, it elicited the 'government doesn't use it' response. As X said, it DOES sort of tip the opponent off that you have something to hide, but whether they can identify 'you'... especially using something like Tails that spoofs your mac address and leaves no trace that you've ever done anything more than power up at a given time. So if you're in some internet cafe in Singapore with a hundred other people walking in and out using the connection, the IP of entrance to the tor network just doesn't do a lot to identify you unless perhaps you're already being surveilled. Over time, if under surveillance the opponent could find a correlation between your presence and tor's use. Again, that why I've said 'the more users the better'. If everyone in that Singapore cafe was using it. the opponent would still be drawing a blank about your identity. Rr
As X said, it DOES sort of tip the opponent off that you have something to hide, but whether they can identify 'you'... especially using something like Tails that spoofs your mac address and leaves no trace that you've ever done anything more than power up at a given time.
So if you're in some internet cafe in Singapore with a hundred other people walking in and out using the connection, the IP of entrance to the tor network just doesn't do a lot to identify you unless perhaps you're already being surveilled.
Over time, if under surveillance the opponent could find a correlation between your presence and tor's use. Again, that why I've said 'the more users the better'. If everyone in that Singapore cafe was using it. the opponent would still be drawing a blank about your identity.
Yeah, in this respect the difficulties of Tor are much like the difficulties of deniable encryption. Using it at all is in a certain way incriminating. Its one of the main reasons why I try to explore novel, legitimate uses of Tor, quite apart from anonymity. It's ability to reach beyond firewalls for hosting is quite novel; unfortunately there isn't much legitimate purpose for this. Personally I don't have a problem with exfiltrating/liberating data from corporate coffers, but it is generally frowned upon more widely. But I wonder if there is a market for such an Internet cafe. An internet cafe that provides wifi for your device, and a few on-premises computers, and tunnels all connections through Tor as a matter of policy. I'd certainly hang out there, just as a matter of geek-chic if nothing else. Could also serve as a kind of base-of-operations for wider public education about cryptography, privacy, security, and so on.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/03/2016 09:59 PM, Razer wrote:
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesn’t use Tor."
https://twitter.com/attractr/status/783014723226861568
Comments?
"I was familiar with TOR and had it previously installed on a computer to anonymously monitor the social media website of militia groups operating within central Iraq." - Chelsea Manning, March 2013 So as of 2009 or so, U.S. Army intelligence was still using TOR for its originally stated purpose. I have not seen any indications that they have something better today; against its intended targets, TOR "just works." TOR has a daily user base of 1-3/4 to 2 million, a fair sized crowd to hide in. The likely alternative would be to impersonate a "normal" user via a fast VPN connection set up to spoof one's location and identity - and I am sure the intel services are all set up for that, where and as they have reasons to look perfectly normal vs. standing out as TOR users. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJX89s1AAoJEECU6c5XzmuqqhsH/RwOEpjq8YPBcVGZFmScsxFy gS/QzjHwwtskYUoLOnUSJsERF9LA/2Gn+9LUKjP/X96LzIfsv5IYtSTCCvVktL26 U6RlPSECntw/s8rV2h8I9ChitMsU4s3LANQrNy+aGv7A5J8A4X0z6RReEGdQS8+J vYEF2Ta94q56g0+aArijKg3wdCTsD8ABrRlH8qRsTbBsaAlMx58+MH4xZJtER5ed jyF8YOD/LJj/GZS/a9F03sVTerNuuHz2+JGf56j8Iuz800Q7lLzX6hX842fdoZmh IDPVA8rnQAjX7sUnodQK7/JtjxL7xHuSMzkHvPNVaFNtlMvWS682HmXjwTohG4g= =mI2e -----END PGP SIGNATURE-----
On 10/04/2016 09:39 AM, Steve Kinney wrote:
On 10/03/2016 09:59 PM, Razer wrote:
The poster of that tweet, @thegrugq, 'security researcher', also said: "the government doesn’t use Tor."
Comments?
"I was familiar with TOR and had it previously installed on a computer to anonymously monitor the social media website of militia groups operating within central Iraq." - Chelsea Manning, March 2013
Pretty sure he meant for secure government communications but thanks for that... Rr
So as of 2009 or so, U.S. Army intelligence was still using TOR for its originally stated purpose. I have not seen any indications that they have something better today; against its intended targets, TOR "just works." TOR has a daily user base of 1-3/4 to 2 million, a fair sized crowd to hide in. The likely alternative would be to impersonate a "normal" user via a fast VPN connection set up to spoof one's location and identity - and I am sure the intel services are all set up for that, where and as they have reasons to look perfectly normal vs. standing out as TOR users.
participants (4)
-
John Newman -
Razer -
Steve Kinney -
xorcist@sigaint.org