Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
----- Forwarded message from Gregory Maxwell <gmaxwell@gmail.com> ----- Date: Fri, 19 Jul 2013 13:42:03 -0700 From: Gregory Maxwell <gmaxwell@gmail.com> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Network diversity [was: Should I warn against Tor?] Reply-To: tor-talk@lists.torproject.org On Fri, Jul 19, 2013 at 9:45 AM, adrelanos <adrelanos@riseup.net> wrote:
Seems like high latency mix networks failed already in practice. [1]
Can't we somehow get confidence even against a global active adversary for low latency networks? Someone start a founding campaign?
So have low latency ones, some things fail. Today you'd answer that concern by running your high latency mix network over tor (or integrated into tor) and so it cannot be worse. Answering the "you need users first, and low latency networks are easier to get users for" concern. The point there remains that if you're assuming a (near) global adversary doing timing attacks you cannot resist them effectively using a low latency network. Once you've taken that as your threat model you can wax all you want about how low latency mix networks get more users and so on.. it's irrelevant because they're really not secure against that threat model. (Not that high latency ones are automatically secure either— but they have a fighting chance) On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger <tortalk@informationelle-selbstbestimmung-im-internet.de> wrote:
but going much further than that may well decrease your security.
How, actually? I’m aware that what I’m doing is a departure from network diversity to obtain anonymity. I’m excluding what I consider unsafe based on my current understanding. It might be that in the end I’ll be unable to find anything that does not look unsafe to me. I don’t know what then.
Because you're lowering the entropy of the nodes you are selecting maybe all the hosts themselves are simply NSA operated, or if not now, they be a smaller target to compromise. Maybe it actually turns out that they all use a metro fiber provider in munich which is owned by an NSA shell company. In Germany this may not be much of a risk. But if your logic is applied to someplace that is less of a hotbed of Tor usage it wouldn't be too shocking if all the nodes there were run by some foreign intelligence agency. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl