Re: Update your Tors - Tor security advisory: "relay early" traffic confirmation attack
A less controversial reading of the (US Govt Money) >>= Tor "thing" is
On 2014-08-04 15:33, Cathal Garvey wrote: that, while the Tor devs may be doing their best, Tor is ultimately an asset to the US Intelligence apparatus rather than a liability. The missing context here is that the NSA runs its own anonymity networks because it doesn't trust community-run infrastructure. Some things are useful to the intelligence community. Like phones. And cars. And the Internet. Why disregard a technology just because it might be used by spies?
Why disregard a technology just because it might be used by spies?
Quite right! Good job I didn't say that, then. I said, rather, that a combination of NSA docs, US government funding, and the Tor project's own admission that an adversary with sufficient ability to track and correlate traffic, means that Tor is not likely to be sufficient against that particular adversary; the US National Security Infrastructure. There's nuance in there, of course. The FBI for example are pretty low on the rungs, and won't get all the Tor-killing toys from the NSA unless it suits the NSA. The CIA are more likely to get that access or may have it in-house, but they'll shoot you in your bed rather than make a trial and reveal their tricks. Against other governments, whose exit nodes the Tor project don't explicitly bless in the directory server(s), Tor is likely to be more valuable. So I'd recommend Tor to a person in China or Iran because, although both nations also have excellent anti-speech infrastructure, the structural issues that make me wary of Tor are mostly US centric. The top-down traffic correlation "thing" is a big problem with the Onion Routing approach, and something I'm tempted to think recommends i2p's "Garlic Routing" as a better avenue for research. As all i2p nodes are by default routing traffic for others, and nodes can be configured to vary their tunnel length, correlating traffic becomes (AFAIK) far more difficult even for a top-down adversary. Code i2p up in a safe, portable and vertically integrated way without untrusted, unsigned code execution (Javascript) and I'm sold. On 05/08/14 02:06, James York wrote:
A less controversial reading of the (US Govt Money) >>= Tor "thing" is
On 2014-08-04 15:33, Cathal Garvey wrote: that, while the Tor devs may be doing their best, Tor is ultimately an asset to the US Intelligence apparatus rather than a liability.
The missing context here is that the NSA runs its own anonymity networks because it doesn't trust community-run infrastructure.
Some things are useful to the intelligence community. Like phones. And cars. And the Internet. Why disregard a technology just because it might be used by spies?
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
participants (2)
-
Cathal Garvey
-
James York