Yep, another Tor onion-routed below the ruse, tucked behind easily found hidden services, exited around camouflaging exits. That, to be sure, was and remains the fundamental intent of Tor: off the grid, criminal, illegal, illegitimate, government grade security.

Now, who would just *love *to get people off something secure, and onto something insecure. All the while making them believe it's secure. I suppose the more secure countries are Iran, Cuba, Russia. Those are (*should be) isolated from NSA developments and should be at about public level. Russia might not be that ignorant though, best stick with Cuba. Iran and North Korea should be 100% monitored and likely don't run any Tor nodes. This is on the basis of their hostility towards America (&friends) and with that the assumption of isolation from their developments and no cooperation. China is hard to judge but might also be better than anything else. Hong Kong might be the best in China. HK is in China's womb yet, like a baby, it isn't China. All of the less-than-stable Africa seems like a good target. Too busy running crime or trying to keep stuff together to have developed international spy agencies. South Africa might have an agreement with GB/US (doesn't actually matter which) so I'd avoid them. The northern "dictator-band" has been/is being disassembled. The US is likely only involved to protect its interests now that the obedient dummy dictators are gone. That means there's no telling what the status of surveillance is, but it might be very good (iow: absent). Regardless the Internet connections are unreliable and the security will likely be US-colors soon enough. Asia except for China is hard to judge (for me). Taiwan (aka "Republic of China", hilarious story that is) is developed and connected but has had trouble getting recognition/allegiance due to the People's Republic of China. No clue about security allegiances. Can imagine it's been declaring its independence so hard it doesn't have any, and might be a good target. Any of the not-that-developed countries should be decent exit points (the whole Vietnam, Cambodia, Thailand, Laos (esp. Laos), Myanmar, Philippines, Indonesia group). (There's quite some difference between those countries, but I *think* they still end up in the same category). Singapore is a total no-go. The whole region around India I have no knowledge off. India and Pakistan are both very mixed in their level of development to a point where mass-surveillance just doesn't make sense. They're also nuclear powers, which does testify to their willingness and ability to stand up to world powers. Probably good exit points. All the middle east is probably bad because of oil/militairy interests. Special mention of Isreal as being extremely bad. Turkey too is subject to military interests and wants to be EU and whatnot so let's just avoid them. EU is all surveillance or wants to be surveillance. Eastern Europe has the developmental backlog that might've caused them to push it further down the to-do list. Greece, Italy, Spain, might be so busy not going bankrupt that they've skimped on the surveillance. Morocco and Algeria are oddballs, close to the EU but nothing else (deserts) they might've not had purpose for surveillance, yet have better connections than the rest of Africa. (Tunisia?) The world feels pretty good about the Nordic countries but I think they just tie into the US+ spynet so that makes them useless. Iceland's small population and distance to everything made it really nice, now I'm not so sure. The amount of attention means the pressure should be rising. No idea how that'll work out. The population is small enough to be smart. I suppose they're observed in any non-politically approved but still possible way. Err.. Nevermind. Enough mind games. You have to pass the wires anyway, encrypt and trust the endpoints. (and encrypt hard)

2013/9/4 Kyle Maxwell

...

Enough mind games. You have to pass the wires anyway, encrypt and trust

On Wed, Sep 4, 2013 at 8:20 AM, Lodewijk andré de la porte wrote: the

...

endpoints. (and encrypt hard)

Which, generally speaking, will still not defeat traffic analysis without special considerations...

I'm gonna go ahead and suggest trickle connections. It's in my paper about mesh networking that I might release once. You have n connections to n nodes (1 on 1) and you continuously flow (both directions) random data over it. Occasionally instead of random data you put an encrypted package in it. The other end continuously (tries to) decrypt packages. This way you never know if something is being sent or not, at the cost of some bandwidth. Schematically: generate random > send buffer secret package > send buffer send buffer > stream encryption > transmit buffer transmit buffer > rate limited connection to peer on the other side: receive buffer > stream decryption > package detector > usual way of dealing with incoming packages. If you never actually use these trickle connections, but you do have them, you can deny being the origin of packages (I didn't know what it was! I got it over a trickle connection!). If you mark packages as "top secret" they should only be send over trickles and they'll never be network observable at all. Additional tricks such as delayed further transmission, network path mixing, etc. are all possible with what I have in my paper and should be (easily) doable in Tor. I never really understood the problem with traffic analysis.

On Wed, Sep 4, 2013 at 11:25 AM, Kyle Maxwell wrote:

On Wed, Sep 4, 2013 at 9:33 AM, Lodewijk andré de la porte wrote:

...

Additional tricks such as delayed further transmission, network path mixing, etc. are all possible with what I have in my paper and should be (easily) doable in Tor.

I never really understood the problem with traffic analysis.

Trickle connections are an interesting idea and will work for some applications where high latency and possibly low throughput are okay. I look forward to reading that paper.

Though re: traffic analysis, if your traffic stands out too much (i.e. for relatively low n on a global scale), then you'll still have issues[0]. And the devil's in the details, as Tom Ritter's fine work around AAM[1] has shown.

[0]: Obligatory XKCD: http://xkcd.com/1105/ [1]: http://ritter.vg/blog-deanonymizing_amm.html

-- @kylemaxwell

Lest we forget: WASTE had 'chaff' communication capabilities. The problem is that bandwidth isn't free; also standing out ;) -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com

Although it's a separate conversation (Cost vs Privacy / ISPs policies etc): Domestic ISPs have caps on data and euphemistically named 'traffic shaping' policies. For many users bandwidth isn't free. On Wed, Sep 4, 2013 at 11:58 AM, Lodewijk andré de la porte wrote:

2013/9/4 Travis Biehn

...

The problem is that bandwidth isn't free; also standing out ;)

Any idea how much fiber/copper goes dark for extended periods of time? Remember Fidonet*? Remember 0.00000...1 == 0! Besides, what's privacy/plausible-deniability worth to you?

*pairing agreements make a lot of bandwidth free both ways, after the physical connections are constructed. Problems arise when destinations aren't preferred ones, but why would you trickle towards not preferred ones? As long as you can onion route towards preferable you'll be green.

-- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com