Tor Stinks re Traffic Analysis and Sybil (as do other networks)
recommend utilizing Tor to combat government surveillance
If users adversaries operate under whichever governments classification levels such as TOP SECRET FVEY, and especially if the users are doing something that such govts would take personal affront to, such users need to do some serious thinking.
low-latency
This phrase is misused by many as if it were some kind of litmus test for determining TA resistance... it is not. It's likely possible to create a LL network that traffic analysis cannot penetrate even with every single link tapped. Latency, purely by itself, does not define whether or not a network is secure against traffic analysis. Latency (whatever level therein) really refers to the useability different categories of apps would have at such level... the user experience.
"All ... systems as currently designed and deployed are essentially broken against The Man"
Surely generally true by now. Tor's nearly 25 year old design since inception is nothing more than a bunch of free proxies that users chain through (same as VPN's). Perhaps a bit better than VPN by maybe weighting traffic towards busy, plus an assortment of other things, and some more worse than VPN due to obvious simplicity of infesting the network with a nasty case of Sybil to the tune of 100+ nodes a month in some months. Luckily the dumb ones are caught, but it's not those that users should worry about. Like VPN, Tor is good at giving users a different IP that the everyday world of civilian / commercial endpoints has a hard time tracing. But hardly so good at resisting what Govt's and GigaCorps can now analyze and attack. Even independant smalltime researchers are confirming TA and Sybil methods against Tor and many other overlay networks. As to the *PA's listed before, they've had the thought, vantage, access, coordination, tech, money, etc to TA, and certainly to Sybil, just about any overlay network since about the time such networks came into being. 1995 2000 2005 and if by 2010 and Snowden people weren't assessing that capability exists, even based only on opensource research, well pity the fool. TA, Sybil, *PA's, GT-1's etc are no longer just some sidebar caveats in highbrow whitepapers to be dismissed and buried. There needs to be new networks deployed that take those as their top design considerations over all others.
Schneier seems much more a friend of govcorp (ie Counterpane), and a generic blogwonk, than any sort of genuine users activist taking any sort of strongly voiced principled stand on anything that matters. As Chiefs on Tor Board one might look for Schneier and Blaze to be publicly saying and doing some project, Tor or other, regarding TA, Sybil, or even disproving them if they weren't real threats, or at least something... instead Tor and other nets are often crickets on that. (Old congressional testimonies are also oldsauce, stir up some new hot chili.) Note also that Tor doesn't need to actually care about its users security to play whatever legal test and game in the courts that it and it's lawyers are lined up waiting to play (remember Tor was tied with EFF for many years for various reasons). How are users to be indemnified by anyone, if not first by themselves using the security of a network itself, and if the network is not capable, then what. Regardless of whether Tor etc is good or bad or none of the above, holding a near monopoly in the space on cashflow, legal, steering tech, discourse, twatterverse populism, etc... for ~10-15 years... is not good situation. Competition is healthy. And while the design of today's networks is largely unchangeable by nature of being deployed, their adversaries are adapting to leverage clearly whitepapered weaknesses in those designs since years. New networks... from internet overlay, fiber, radio, carrier pigeon, dropgangs... need to be researched, coded, and deployed by new players. Anyway, have some traffic noise generators... http://trackmenot.io/ https://adnauseam.io/
On Sat, 23 Nov 2019 03:21:08 -0500 grarpamp <grarpamp@gmail.com> wrote:
low-latency
This phrase is misused by many as if it were some kind of litmus test for determining TA resistance... it is not.
by 'low latency' they mean two things : 1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not. 2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'. So anyway, 'low latency' is shorthand for systems that don't do any of the above, and oo are...shit. And tor is included in the shit cateory. And scum-master syverson openly acknowledges it...in papers that no-one reads, while advertising tor as a means to "Defend yourself against network surveillance and traffic analysis." which is of course outright criminal fraud.
On 23/11/2019 17:00, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 03:21:08 -0500 grarpamp <grarpamp@gmail.com> wrote:
low-latency
This phrase is misused by many as if it were some kind of litmus test for determining TA resistance... it is not.
by 'low latency' they mean two things :
No, neither of those. Low latency simply means messages get delivered quickly - in practice for web browsing this means a user gets a (subsequent) response within 4 or 5 seconds, though less than 1 second is better. Initially that timing was a guess, but since then there have been several papers which conclude that if web response time is consistently longer than 4-5 seconds then people will give up and seek a faster response by eg using different software. After 1 second you begin to lose your train of thought. After 4-5 you get bored. There is another threshold of boredom at about 10-12 seconds. Eighth law: a system which is hard to use will be abused or unused. The Tor rationale for requiring low latency was to make it more user-friendly and also thereby increase (innocent) traffic. Unfortunately that came at the cost of easier traffic analysis, as only the traffic passed within the last 4-5 seconds need be considered. They tried to balance that out - more traffic plus greater usability vs easier analysis - and came up with a system which had some perhaps-useful properties. However, resistance against traffic analysis by The Man was not one of those properties. And for that exact reason I agree, Tor stinks. Most if not all of the initial devs would have liked it to be, but that wasn't possible. Roger Dingledene did the initial brainstorming with the informal help of much of the then privacy/anonymity crypto community, including Paul. Nick Matthewson was then roped in as the main code writer. It was quickly realised that Tor - like any low-latency web onion router - could not defeat The Man, at which point many of the community dropped out or declined to be associated with it. And scum-master syverson At the time of Tor's inception (and afaik still) Paul primarily identified as US Navy. I don't know whether Paul would have worked on a public system which was impervious to NSA and USN - but the question never arose. Tor would be good enough to defeat third-world governments, which was both his and Tor's stated goal, and Tor could never defeat The Man. openly acknowledges it...in papers that no-one reads, while advertising tor as a means to
"Defend yourself against network surveillance and traffic analysis."
Is that a quote from Paul? It doesn't sound like the chap I knew. Who wasn't a scum-master, except perhaps to the swabbies? Heck, Roger and Nick were wanna-be-heroes. Peter Fairbrother
On Sat, 23 Nov 2019 21:48:45 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
The Tor rationale for requiring low latency was to make it more user-friendly and also thereby increase (innocent) traffic. Unfortunately that came at the cost of easier traffic analysis, as only the traffic passed within the last 4-5 seconds need be considered. They tried to balance that out - more traffic plus greater usability vs easier analysis - and came up with a system which had some perhaps-useful properties.
I don't think they balanced anything. The connections go as fast as possible - there's no reclocking of packets, no mixing, no nothing.
I don't know whether Paul would have worked on a public system which was impervious to NSA and USN - but the question never arose.
well, they worked on mixing networks for email. There are tons of 'papers' on that. But I guess they never set up/promoted a 'high latency' public network. So arguably syverson at least 'worked' on the theory of a system that could resist attacks from his accomplices (nsa).
Tor would be good enough to defeat third-world governments, which was both his and Tor's stated goal,
stated where?
and Tor could never defeat The Man.
openly acknowledges it...in papers that no-one reads, while advertising tor as a means to
"Defend yourself against network surveillance and traffic analysis."
Is that a quote from Paul?
that's the slogan that appeared on tor's site for 10 years maybe? They changed it some months ago though. 2007 http://web.archive.org/web/20071011223019/http://www.torproject.org:80/ "Tor aims to defend against traffic analysis, " 2008 http://web.archive.org/web/20081231081100/http://www.torproject.org:80/ "Tor is a software project that helps you defend against traffic analysis" 2011 http://web.archive.org/web/20110101111624/http://www.torproject.org:80/ "Defend yourself against network surveillance and traffic analysis." 2018 http://web.archive.org/web/20181231204724/https://www.torproject.org/ "Defend yourself against network surveillance and traffic analysis." etc
It doesn't sound like the chap I knew. Who wasn't a scum-master, except perhaps to the swabbies?
Heck, Roger and Nick were wanna-be-heroes.
Peter Fairbrother
On 11/23/2019 10:00 AM, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 03:21:08 -0500 grarpamp <grarpamp@gmail.com> wrote:
low-latency
This phrase is misused by many as if it were some kind of litmus test for determining TA resistance... it is not.
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
So anyway, 'low latency' is shorthand for systems that don't do any of the above, and oo are...shit. And tor is included in the shit cateory. And scum-master syverson openly acknowledges it...in papers that no-one reads, while advertising tor as a means to
"Defend yourself against network surveillance and traffic analysis."
which is of course outright criminal fraud.
Yes, Tor is low-latency. And is vulnerable to traffic analysis. And yet, as you say, it's promoted to the clueless as resisting "network surveillance and traffic analysis". Which is, as you say, "outright criminal fraud". Even so, if you read the Tor design document <https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.html> you see that they're quite open about the limitations. And so are Syverson's publications, which you've quoted a lot. The villains here are writers of the Tor Project website. They bullshit users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots. I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
On Sat, 23 Nov 2019 15:39:55 -0700 Mirimir <mirimir@riseup.net> wrote:
The villains here are writers of the Tor Project website. They bullshit users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots.
Notice that they get paid as long as tor exists. So even if tor was not a honeypot, and they are not idiots, they still have a fundamental incentive to oversell it. Their paychecks. Also, syverson and co. are complicit in overselling tor, despite the fact that their papers for the 'technical intelligentsia' spell out the limitations.
I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
My guess is that the main reason for them to get as many users as they can is to justify funding. Hell, maybe they even get a percentage of funding directly proportional to number of users/network size.
On 11/23/2019 04:23 PM, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 15:39:55 -0700 Mirimir <mirimir@riseup.net> wrote:
The villains here are writers of the Tor Project website. They bullshit users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots.
Notice that they get paid as long as tor exists. So even if tor was not a honeypot, and they are not idiots, they still have a fundamental incentive to oversell it. Their paychecks.
Yeah, good point. After those FOIA documents came out, I lost all respect for the Tor Project. I get how conflicted they were. Needing government support. Keeping the cops happy. Maybe having their jobs threatened. But selling out is selling out, no matter how many excuses one has.
Also, syverson and co. are complicit in overselling tor, despite the fact that their papers for the 'technical intelligentsia' spell out the limitations.
Agreed.
I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
My guess is that the main reason for them to get as many users as they can is to justify funding. Hell, maybe they even get a percentage of funding directly proportional to number of users/network size.
Makes sense.
Critique of Tor applies equally, perhaps moreso, to the whole Internet for monetization, technology, personnel, administration, operation, funding, seducing the public, NGOs, dissent. So too, to crypto, anonymization, cypherpunks. Perennial question is how to sort through the tsunami of claims and counterclaims, sponsored hacks, slyly appealing "free" SM, search engines, FOIA enterprises, Wayback and Wikipedia, paid and volunteer informants and agents, hot shit mail lists and get-it-now podcasts, star-studded conferences and outlaw-celebrity lectures, incarcerated Julians and Jeremys, fans and evermore fans of unexamined underwriters. Has there ever been more people eagerly declaring in public their likes and hatreds, convictions and doubts, hoping to gain advantage over other people by pretense and deception. Actually, yes, there has been since talking, singing, dancing, education, civilization was invented to entrap prey. Prey quickly learned from predators to reverse the panopticon. Usually by offering their gullible, edible kids, cohorts and mates as irresistable bait to fatten the enemy into overconfidence, sloth, braggrdy, imagined supremacy. Tor, like Trump, is hardly novel in this suicidalism, nor the crusading, diabolical internet of everything data. At 06:39 PM 11/23/2019, you wrote:
On 11/23/2019 04:23 PM, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 15:39:55 -0700 Mirimir <mirimir@riseup.net> wrote:
The villains here are writers of the Tor Project website. They bullshit users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots.
Notice that they get paid as long as tor exists. So even if tor was not a honeypot, and they are not idiots, they still have a fundamental incentive to oversell it. Their paychecks.
Yeah, good point.
After those FOIA documents came out, I lost all respect for the Tor Project. I get how conflicted they were. Needing government support. Keeping the cops happy. Maybe having their jobs threatened. But selling out is selling out, no matter how many excuses one has.
Also, syverson and co. are complicit in overselling tor,
despite the fact that their papers for the 'technical intelligentsia' spell out the limitations.
Agreed.
I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
My guess is that the main reason for them to get as many users as they can is to justify funding. Hell, maybe they even get a percentage of funding directly proportional to number of users/network size.
Makes sense.
On 11/24/2019 04:00 AM, John Young wrote:
Critique of Tor applies equally, perhaps moreso, to the whole Internet for monetization, technology, personnel, administration, operation, funding, seducing the public, NGOs, dissent. So too, to crypto, anonymization, cypherpunks.
Perennial question is how to sort through the tsunami of claims and counterclaims, sponsored hacks, slyly appealing "free" SM, search engines, FOIA enterprises, Wayback and Wikipedia, paid and volunteer informants and agents, hot shit mail lists and get-it-now podcasts, star-studded conferences and outlaw-celebrity lectures, incarcerated Julians and Jeremys, fans and evermore fans of unexamined underwriters.
Has there ever been more people eagerly declaring in public their likes and hatreds, convictions and doubts, hoping to gain advantage over other people by pretense and deception. Actually, yes, there has been since talking, singing, dancing, education, civilization was invented to entrap prey.
Prey quickly learned from predators to reverse the panopticon. Usually by offering their gullible, edible kids, cohorts and mates as irresistable bait to fatten the enemy into overconfidence, sloth, braggrdy, imagined supremacy. Tor, like Trump, is hardly novel in this suicidalism, nor the crusading, diabolical internet of everything data.
For sure. Figuring out who/what one can trust is arguably impossible. Or at least, it's far too unreliable. Bottom line, I think, it's foolish to trust anyone/anything. So the challenge is prudently using whatever resources are available.
At 06:39 PM 11/23/2019, you [Mirimir] wrote:
On 11/23/2019 04:23 PM, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 15:39:55 -0700 Mirimir <mirimir@riseup.net> wrote:
The villains here are writers of the Tor Project website. They
bullshit
users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots.
Notice that they get paid as long as tor exists. So even if tor was not a honeypot, and they are not idiots, they still have a fundamental incentive to oversell it. Their paychecks.
Yeah, good point.
After those FOIA documents came out, I lost all respect for the Tor Project. I get how conflicted they were. Needing government support. Keeping the cops happy. Maybe having their jobs threatened. But selling out is selling out, no matter how many excuses one has.
Also, syverson and co. are complicit in overselling tor, despite the fact that their papers for the 'technical intelligentsia' spell out the limitations.
Agreed.
I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
My guess is that the main reason for them to get as many users as they can is to justify funding. Hell, maybe they even get a percentage of funding directly proportional to number of users/network size.
Makes sense.
On Sun, Nov 24, 2019 at 03:25:03PM -0700, Mirimir wrote:
On 11/24/2019 04:00 AM, John Young wrote:
Critique of Tor applies equally, perhaps moreso, to the whole Internet for monetization, technology, personnel, administration, operation, funding, seducing the public, NGOs, dissent. So too, to crypto, anonymization, cypherpunks.
Perennial question is how to sort through the tsunami of claims and counterclaims, sponsored hacks, slyly appealing "free" SM, search engines, FOIA enterprises, Wayback and Wikipedia, paid and volunteer informants and agents, hot shit mail lists and get-it-now podcasts, star-studded conferences and outlaw-celebrity lectures, incarcerated Julians and Jeremys, fans and evermore fans of unexamined underwriters.
Has there ever been more people eagerly declaring in public their likes and hatreds, convictions and doubts, hoping to gain advantage over other people by pretense and deception. Actually, yes, there has been since talking, singing, dancing, education, civilization was invented to entrap prey.
Prey quickly learned from predators to reverse the panopticon. Usually by offering their gullible, edible kids, cohorts and mates as irresistable bait to fatten the enemy into overconfidence, sloth, braggrdy, imagined supremacy. Tor, like Trump, is hardly novel in this suicidalism, nor the crusading, diabolical internet of everything data.
For sure.
Figuring out who/what one can trust is arguably impossible. Or at least, it's far too unreliable.
Bottom line, I think, it's foolish to trust anyone/anything.
So the challenge is prudently using whatever resources are available.
Trusting no one - a life in effective if not physical, isolation. Those granite walls admitting as their entry price no tests of loyalty, yet "protecting" from betrayal, may leave barren the heart, a dry, lifeless, stony courtyard of certainty. "The baffled king, composing Hellelujah.." Technology is no succour for the Soul. Our messy and oh so human journey of discovery discloses fragility, insecurity, and leaps of faith sometimes crushed under a steamroller, at others elevated to the heavens in moments one might live this whole life again just for a fleeting repeat Our tapestry is woven not only of those pre ordained molecular interactions, the nurture of our parents, schooling and acquaintances, but also of those choices and actions wrought from our individual suffering, yet lying within the bounds of our capacity to express that freedom which is our birth right, brought forth by will and bearing the fruit of each consequence. Would you have your life a crystalline never changing ever unshakable certainty of known dominoes? Go well fellow travellers, and may we each find that which Soul seeks for us and for those we love,
At 06:39 PM 11/23/2019, you [Mirimir] wrote:
On 11/23/2019 04:23 PM, Punk-Stasi 2.0 wrote:
On Sat, 23 Nov 2019 15:39:55 -0700 Mirimir <mirimir@riseup.net> wrote:
The villains here are writers of the Tor Project website. They
bullshit
users, overselling Tor. Why, I don't know. Maybe it's all a honeypot. Or maybe they're just idiots.
Notice that they get paid as long as tor exists. So even if tor was not a honeypot, and they are not idiots, they still have a fundamental incentive to oversell it. Their paychecks.
Yeah, good point.
After those FOIA documents came out, I lost all respect for the Tor Project. I get how conflicted they were. Needing government support. Keeping the cops happy. Maybe having their jobs threatened. But selling out is selling out, no matter how many excuses one has.
Also, syverson and co. are complicit in overselling tor, despite the fact that their papers for the 'technical intelligentsia' spell out the limitations.
Agreed.
I've wondered whether it's just that they need lots of users for cover traffic. That _was_ a major factor in opening Tor to the public, instead of restricting it to government users. But that seems unlikely, now, given that the NSA etc could easily run enough bots on hacked servers.
My guess is that the main reason for them to get as many users as they can is to justify funding. Hell, maybe they even get a percentage of funding directly proportional to number of users/network size.
Makes sense.
On 23/11/2019 23:23, Punk-Stasi 2.0 wrote:
My guess is that the main reason for them to get as many users as they can is to justify funding.
Initially the main reason was to increase traffic, in order to make traffic analysis harder. Really. I was around when the idea was first being discussed - Roger, Lucky, Paul (in a smaller role than often stated), Len, Nick, a few others - Matt dropped in occasionally, Ian and Caspar gave their 2c worth. For some reason George and Andrei (mixmaster/mixminion math gurus) weren't much involved. Justifying funding is just a nice side-effect. On 25/11/2019 11:03, grarpamp wrote:
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
I thought I wrote that quite carefully, but perhaps I should rephrase it: "Any practical likely-to-be-successful low-latency web onion router cannot defeat The Man." While a proof of that is not available, I do not know how to do it - do you? Please tell. That was certainly the general conclusion of the crypto privacy/anonymity community at the time TOR was developed. My conclusion also, and I haven't seen anything since to make me change my mind. Low latency means that only a few seconds of traffic need be considered. Web means that users have lots of traffic repeats in time-defined patterns. These make traffic analysis resistance hard. Adding dummy cover traffic does not help until you use impractical levels of cover traffic, it is better to spend limited spare traffic resources on padding to make files the same size, even though this will not defeat The Man it does make his job harder. Dithering timing doesn't really help much against The Man's computing resources, at least until you get to something that is not low latency. ps by The Man I mean someone like NSA with widespread access to raw traffic and considerable computing resources. It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have. In all the "Dark Web" busts I have read about there has been no evidence presented as part of a general break in TOR. Maybe they can't (or just don't) break it. Of course, if they have broken TOR that is optimal for NSA - don't tell anyone it is broken, so people keep using it. Remember Coventry/Enigma (which never happened, but it is a good story). Never Say Anything. Peter Fairbrother
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
On 23/11/2019 23:23, Punk-Stasi 2.0 wrote:
My guess is that the main reason for them to get as many users as they can is to justify funding.
Initially the main reason was to increase traffic, in order to make traffic analysis harder. Really.
Obviously if only a bunch of child murderers from the english military and the US military (tor's intended audience) use tor, then tor would be kinda pointless. That's why they want civilian users, to be used as human shields. But even syverson and co. state that beyond a certain point more users don't improve 'anonimity'. So I fully stand by what I said. It's obvious that the current hysterical focus on more users without any regard to the system's quality is just self-serving, self-interest. They are just a cancer, grabbing as much resources as they can. Also, another important function of tor is to spread war propaganda in countries that the anglo-american nazis want to invade and destroy. Again, that means the tor mafia is not really interested in protecting any kind of 'anonimity', only in breaking the firewalls around iran, china and the like.
I was around when the idea was first being discussed - Roger, Lucky, Paul (in a smaller role than often stated), Len, Nick, a few others - Matt dropped in occasionally, Ian and Caspar gave their 2c worth. For some reason George and Andrei (mixmaster/mixminion math gurus) weren't much involved.
Justifying funding is just a nice side-effect.
It's more than a side-effect.
On 25/11/2019 11:03, grarpamp wrote:
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
I thought I wrote that quite carefully, but perhaps I should rephrase it: "Any practical likely-to-be-successful low-latency web onion router cannot defeat The Man."
While a proof of that is not available, I do not know how to do it - do you? Please tell.
That was certainly the general conclusion of the crypto privacy/anonymity community at the time TOR was developed.
No, that's just the self-serving conclusion of the US-military-tor-mafia.
My conclusion also, and I haven't seen anything since to make me change my mind.
So the inference here is that you have some sort of connection to the american-english nazi military. /usual tor propaganda trimmed.
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
WOW. HILARIOUS. Are you fucking reading this thread or what. I quoted your pal syverson explicitly stating that tor is broken.
In all the "Dark Web" busts I have read about there has been no evidence presented as part of a general break in TOR. Maybe they can't (or just don't) break it.
You're trolling, right?
Of course, if they have broken TOR that is optimal for NSA - don't tell anyone it is broken, so people keep using it. Remember Coventry/Enigma (which never happened, but it is a good story).
Never Say Anything.
Peter Fairbrother
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
yeah, the NSA can't break tor but some random university can https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacke...
On 11/25/2019 08:07 PM, Punk-Stasi 2.0 wrote:
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
yeah, the NSA can't break tor but some random university can
https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacke...
That bug was patched. But there obviously could be others. And the NSA does tend to stockpile 0days. Also, one wonders how long the NSA etc had used the bug that CMU exploited.
On Mon, 25 Nov 2019 20:56:09 -0700 Mirimir <mirimir@riseup.net> wrote:
On 11/25/2019 08:07 PM, Punk-Stasi 2.0 wrote:
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
yeah, the NSA can't break tor but some random university can
https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacke...
That bug was patched. But there obviously could be others. And the NSA does tend to stockpile 0days.
Also, one wonders how long the NSA etc had used the bug that CMU exploited.
here, yet another attack https://www.freehaven.net/anonbib/cache/circuit-fingerprinting2015.pdf Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services and the introduction to that article states "over the past few years, hidden services have witnessed various active attacks in the wild [12, 28], resulting in several takedowns [28]" but hey, the nsa can't break tor..
On 11/25/2019 09:45 PM, Punk-Stasi 2.0 wrote:
On Mon, 25 Nov 2019 20:56:09 -0700 Mirimir <mirimir@riseup.net> wrote:
On 11/25/2019 08:07 PM, Punk-Stasi 2.0 wrote:
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
yeah, the NSA can't break tor but some random university can
https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacke...
That bug was patched. But there obviously could be others. And the NSA does tend to stockpile 0days.
Also, one wonders how long the NSA etc had used the bug that CMU exploited.
here, yet another attack
https://www.freehaven.net/anonbib/cache/circuit-fingerprinting2015.pdf Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services
and the introduction to that article states
"over the past few years, hidden services have witnessed various active attacks in the wild [12, 28], resulting in several takedowns [28]"
but hey, the nsa can't break tor..
That's why it's prudent for users and onion sites to hit Tor via nested VPN chains.
snowden also said that the NSA can't break tor. Such blanket context is unlikely. was
Also unfortunate that, today, one of the few places still propagating such blankets, in reverse via false advertising, downplaying, failing to mention, etc... is the Tor project itself, not least where is on its very own front page. Attacks on today's overlays may not be exactly cheap fast easy or wholesale, but they do exist and are in use. There is no project today that should not at least be putting a link to such warnings and docs... on the front page, download page, in the app, etc. And no reason that when designs and efforts thought to make existing attacks a significant factor harder... upon their startup 10, 15, 20 years ago at that time... whose fundamental underlying technology is now matured to point of diminishing returns on investment against continuously advancing attacks... should not be marked and understood as such by the entire overlay community, so that new fundamental treatise are naturally encouraged.
On Sat, December 14, 2019 2:36 am, grarpamp wrote:
snowden also said that the NSA can't break tor. Such blanket context is unlikely.
[.....]
Also unfortunate that, today, one of the few places still propagating such blankets, in reverse via false advertising, downplaying, failing to mention, etc... is the Tor project itself, not least where is on its very own front page.
Snowden smells like a CIA limited hangout operation. Quid pro quo between CIA and FSB/GRU ... it works like this: Obama the MI56 cutout, promote animus toward defecting poster-child. You host him as pin-up whistleblower hero, Vladimir, because in your country everyone knows not to ask too many questions. Then when moles and snitches in USA and Russia contact Snowden's "trusted resources" to spill beans, we quickly identify and silence them. Obama was a clear intelligence asset from early on. The intel community knows no national boundaries. They are ever a renegade state within the states with no national loyalties. Any pretense to national loyalty or patriotism is kabuki theatre for the peons and soldiers. Snowden also looks like one of the Greenberg brothers. Nikopol
On Sat, Dec 14, 2019 at 11:57:32AM -0000, Spirit of Nikopol wrote:
On Sat, December 14, 2019 2:36 am, grarpamp wrote:
snowden also said that the NSA can't break tor. Such blanket context is unlikely.
[.....]
Also unfortunate that, today, one of the few places still propagating such blankets, in reverse via false advertising, downplaying, failing to mention, etc... is the Tor project itself, not least where is on its very own front page.
Snowden smells like a CIA limited hangout operation. Quid pro quo between CIA and FSB/GRU ... it works like this:
The most generous proposition is that he is an unwitting fool. There are many less generous conclusions... Given the consequences upon hiself, I suspect some combination. His level of naievity (and the consequent almost total irrelevance of his "information" release) is just so depressing.
Obama the MI56 cutout, promote animus toward defecting poster-child. You host him as pin-up whistleblower hero, Vladimir, because in your country everyone knows not to ask too many questions.
Then when moles and snitches in USA and Russia contact Snowden's "trusted resources" to spill beans, we quickly identify and silence them.
Guardian: "We promise we literally smashed all the laptop HDDs with a sledgehammer." And they said that with a straight face. Stunning stuff.
Obama was a clear intelligence asset from early on. The intel community knows no national boundaries. They are ever a renegade state within the states with no national loyalties. Any pretense to national loyalty or patriotism is kabuki theatre for the peons and soldiers.
Snowden also looks like one of the Greenberg brothers.
Nikopol
So much heresy!
I think the most common tech term is "depreciation". Tor should be o marked on their boot page but that assumes there is a practical replacement. On Sat, Dec 14, 2019, 2:38 AM grarpamp <grarpamp@gmail.com> wrote:
snowden also said that the NSA can't break tor. Such blanket context is unlikely. was
Also unfortunate that, today, one of the few places still propagating such blankets, in reverse via false advertising, downplaying, failing to mention, etc... is the Tor project itself, not least where is on its very own front page.
Attacks on today's overlays may not be exactly cheap fast easy or wholesale, but they do exist and are in use.
There is no project today that should not at least be putting a link to such warnings and docs... on the front page, download page, in the app, etc.
And no reason that when designs and efforts thought to make existing attacks a significant factor harder... upon their startup 10, 15, 20 years ago at that time... whose fundamental underlying technology is now matured to point of diminishing returns on investment against continuously advancing attacks... should not be marked and understood as such by the entire overlay community, so that new fundamental treatise are naturally encouraged.
https://pando.com/author/ylevine/ Might want to see that articles from the above author and others on the subject are archived.
HI MIRIMIR -------- Original Message -------- On Nov 25, 2019, 7:56 PM, Mirimir wrote:
On 11/25/2019 08:07 PM, Punk-Stasi 2.0 wrote:
On Tue, 26 Nov 2019 00:58:09 +0000 Peter Fairbrother <peter@tsto.co.uk> wrote:
It should be noted that NSA do not say they can break TOR in practice, and afaik there is no evidence that they have.
yeah, the NSA can't break tor but some random university can
https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacke...
That bug was patched. But there obviously could be others. And the NSA does tend to stockpile 0days.
Also, one wonders how long the NSA etc had used the bug that CMU exploited.
https://web.archive.org/web/20160429124221/techeye.net/news/tor-developer-he... A former Tor Project developer is making a living creating malware for the Federal Bureau of Investigation that allows agents to unmask users of the anonymity software.
Low latency means that only a few seconds of traffic need be considered. Web means that users have lots of traffic repeats in time-defined patterns. These make traffic analysis resistance hard.
Without constant fill upon which they ride hiding within that... yes of course there's little resistance there. Yes, "seconds of traffic" refers to the global buffer space and time required for *PA find a solution within it. That seems to become much harder when, instead of watching discrete mouse clicks propagate around pulsing bumps in TCP like a rat through a snake, your vampire buffer is filled with normalized cell traffic.
Adding dummy cover traffic does not help until you use impractical levels of cover traffic ... better to spend limited spare traffic resources on padding
Adding fill is different from yielding existing background of fill on demand of wheat for carriage.
does not help until you use impractical levels of cover traffic
This is steeped in "OMG won't someone think of the bandwidth", they assume nodes don't manage their own ability to keep their CPU and pipe to ISP above water, that an intelligent and well configured net is not possible whether automatically or manually, that nodes can't contract links among themselves to ensure processing headroom, that it's just balls to the wall until it congests itself into packet loss and the whole thing melts down. When trying to design new things, coming at it with OMG oldtalk tends to limit those areas from being freshly explored anew.
padding to make files the same size
That assumes trying to build yet another network arbitrarily restricting itself to file transfer application. Instead of first trying to create a general purpose transport network that will serve many applications.
Dithering timing doesn't really help much against The Man's computing resources, at least until you get to something that is not low latency.
Dithering, reclocking, jitter... on every link regardless of designed latency... may serve to help reduce or eliminate ability to follow a packeting problem observed or injected upon one link... from being repeatered node to node across the net to the other side. It's finer grained complement to the overall background fill that masks out bigger problems and observables.
It should be noted that NSA do not say they can break TOR in practice
Yes they do, it is the very subject of this thread, search the net... pdf was think and process dating pre 2007... while Tor's design didn't change since then, it's without question that NSA's did to the tune of $Billions... people are utterly fucktarded if they don't think NSA and the rest can point-click that shit 12 years later in 2019... "don't tell anyone it is broken, so people keep using it"... https://edwardsnowden.com/wp-content/uploads/2013/10/tor-stinks-presentation...
In all the "Dark Web" busts I have read about there has been no evidence presented as part of a general break in TOR. Maybe they can't (or just don't) break it.
Parallel construction is well known available tactic to preserve valuable tools and clean up faulty evidence and illegal practice. So is sharing tips out to other entities. It's TOP SECRET so don't expect to see it on it's face. Though I definitely remember a leaked slide deck where a form of PC tipping was indicated as being used in drug cases. Someone else will have to link to that one.
any low-latency web onion router - could not defeat The Man
Crackheaded visions are hard to articulate, but here are some nodes, more or less randomly pathed through as needed by the communicating endpoints... https://www.youtube.com/watch?v=RGfr-KgWiiQ amongst which bucket brigades are constantly carrying things (though the brigade should probably span each link entirely, such that no segment of track is left entirely unoccupied between nodes)... https://www.youtube.com/watch?v=8qDXcQcj1fc capacities vary and can integrate, switch in/out/on/off, and route around problem track as needed and to enforce negotiated contracts and expectations... https://www.youtube.com/results?search_query=sdh+atm
FOIA documents came out
?
villians
Various things people have mentioned, conspiracy or not, that people can decide...
Is that a quote from X... advertising tor as a means to "Defend yourself against network surveillance and traffic analysis."
Posted that problem on tor-talk some times over years, last was probably in the thread announcing new webdesign. Worse, the original version of the sentence many years before was not as blanket superlative and or with some disclaimer... that was removed. After which the problem sentence above has remained through today. See post there, or simply see Wayback, for some of its history.
maybe they're just
Appears more than a few have spent Tor time distracted mushing their brains in drunk sex orgies, revolving circles of sordid relations, on SJW and other hysterics, figuring out and inventing new pronouns, sorting all that, etc. Origins of all those would be research project itself. Any spook agency would speak to the corruptibilty and defocus that can occur therein. Maybe even lay claim to some of it, who knows. There are also many secret funding sources denoted by letter only as "Sponsor X". Though to fair credit, most of those are directed funds where the directives and work is generally known. Secrecy of the Board / Exec that refuses to release meeting minutes, voting records, etc. Also why are users (the final investors stakeholders) not offered any input on single or total Board swapouts, key positions, as with other supposedly public corps. Secrecy and exclusion in some meetups, groups. Censoring some list topics that were valid. Adversaries don't care, only how they can twist things to advantage. Here's one to sort any truth or not from... https://zigforums.com/thread/1012230/technology/tor-project-cia-mossad.html "Julian Martin writes: Here's a short list of what's wrong with the Tor Project - A person at the Tor Project hired (or wanted to hire) a (former) CIA person without notifying it's fellow Tor Project employees[1][2] - Shari Steele's husband Bill Vass worked for the NSA[3] and now works for Amazon Web Services - Rob Thomas a Rabbi is listed as a Tor Project team member (red flags for me!) - They don't mind child porn, drugs, murderers for hire, but White Nationalism (fuck the DailyStormer though) has to be officially and publicly denounced[4]. - It has been infiltrated by SJWs Here's a short list of what's wrong with Tor Browser - Javascript is enabled by default - Javascript is re-enabled each time you restart the browser - They let user be fingerprinted because "it breaks some MAC OS keyboard shortcuts" [5][6] [1]: ibtimes.co.uk/leaked-tor-project-chat-logs-reveal-it-struggled-over-hiring-ex-cia-agent-1567591 [2]: pastebin.com/WPAmqkW8 [3]: bvass.wordpress.com/tag/nsa/ [4]: twitter.com/torproject/status/898256109789687808 [5]: gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h [6]: trac.torproject.org/projects/tor/ticket/26146 I'm still using it because it gives me a false sense of security. And no alternatives, really " Perhaps in the end... it's about that last line... no alternatives. Go create some of those :)
On Mon, 25 Nov 2019 05:46:32 -0500 grarpamp <grarpamp@gmail.com> wrote:
FOIA documents came out
?
villians
Various things people have mentioned, conspiracy or not, that people can decide...
People don't get to decide about facts.
Is that a quote from X... advertising tor as a means to "Defend yourself against network surveillance and traffic analysis."
Posted that problem on tor-talk some times over years,
You mean you did? I think I pointed out their 'little problem' before you did. Furthermore, I think you were a vocal tor apologist when I started commenting on what kind of piece of shit tor and its authors are.
last was probably in the thread announcing new webdesign. Worse, the original version of the sentence many years before was not as blanket superlative and or with some disclaimer... that was removed. After which the problem sentence above has remained through today. See post there, or simply see Wayback, for some of its history.
I'm not fully following. I just posted the history, you trimmed it, and now are telling people to look at it...? "See post there" which post exactly?
maybe they're just
Appears more than a few have spent Tor time distracted mushing their brains in drunk sex orgies, revolving circles of sordid relations,
...do you have any objection to drunk sex orgies? Apart from the fact that in this case they were funded by taxpayers.
on SJW and other hysterics, figuring out and inventing new pronouns, sorting all that, etc. Origins of all those would be research project itself.
that's the feminazi takeover of society that started a few years ago. It's just another facet of the pentagon's PSYOP wars. It's no surprise that technocratic fascist scum from silicon valley (ayn rand's 'heroes') fully subscribe to it.
On Mon, Nov 25, 2019 at 05:46:32AM -0500, grarpamp wrote:
FOIA documents came out
?
villians
Various things people have mentioned, conspiracy or not, that people can decide...
Is that a quote from X... advertising tor as a means to "Defend yourself against network surveillance and traffic analysis."
Posted that problem on tor-talk some times over years, last was probably in the thread announcing new webdesign. Worse, the original version of the sentence many years before was not as blanket superlative and or with some disclaimer... that was removed. After which the problem sentence above has remained through today. See post there, or simply see Wayback, for some of its history.
maybe they're just
Appears more than a few have spent Tor time distracted mushing their brains in drunk sex orgies, revolving circles of sordid relations, on SJW and other hysterics, figuring out and inventing new pronouns, sorting all that, etc. Origins of all those would be research project itself. Any spook agency would speak to the corruptibilty and defocus that can occur therein. Maybe even lay claim to some of it, who knows.
There are also many secret funding sources denoted by letter only as "Sponsor X". Though to fair credit, most of those are directed funds where the directives and work is generally known.
Secrecy of the Board / Exec that refuses to release meeting minutes, voting records, etc. Also why are users (the final investors stakeholders) not
Users are not stakeholders, except that they act as stakeholders. Passive/ tacit/ blind acceptance, is a sheep to be shorn by the stakeholders. Your implied position I agree with though - that users -should- be treated as stakeholders. In the "consumer" paradigm, "the power of the purse" (i.e., don't buy something) is the "user"s veto power. With Tor, I2P is not a viable competitor for the average user, so the average user sheeple cannot "opt out" if he wants to say write a book about the dark web or investigate some naughty behaviour by big corp.
offered any input on single or total Board swapouts, key positions, as with other supposedly public corps. Secrecy and exclusion in some meetups, groups. Censoring some list topics that were valid.
Adversaries don't care, only how they can twist things to advantage.
Here's one to sort any truth or not from...
https://zigforums.com/thread/1012230/technology/tor-project-cia-mossad.html
"Julian Martin writes: Here's a short list of what's wrong with the Tor Project - A person at the Tor Project hired (or wanted to hire) a (former) CIA person without notifying it's fellow Tor Project employees[1][2] - Shari Steele's husband Bill Vass worked for the NSA[3] and now works for Amazon Web Services - Rob Thomas a Rabbi is listed as a Tor Project team member (red flags for me!) - They don't mind child porn, drugs, murderers for hire, but White Nationalism (fuck the DailyStormer though) has to be officially and publicly denounced[4]. - It has been infiltrated by SJWs
Here's a short list of what's wrong with Tor Browser - Javascript is enabled by default - Javascript is re-enabled each time you restart the browser - They let user be fingerprinted because "it breaks some MAC OS keyboard shortcuts" [5][6]
[1]: ibtimes.co.uk/leaked-tor-project-chat-logs-reveal-it-struggled-over-hiring-ex-cia-agent-1567591 [2]: pastebin.com/WPAmqkW8 [3]: bvass.wordpress.com/tag/nsa/ [4]: twitter.com/torproject/status/898256109789687808 [5]: gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h [6]: trac.torproject.org/projects/tor/ticket/26146
I'm still using it because it gives me a false sense of security. And no alternatives, really "
Perhaps in the end... it's about that last line... no alternatives. Go create some of those :)
On 11/25/2019 03:46 AM, grarpamp wrote:
FOIA documents came out
?
https://surveillancevalley.com/blog/fact-checking-the-tor-projects-governmen... https://www.documentcloud.org/documents/4379303-Bbg-Tor-Emails-Stack-21.html <snip>
On 11/25/2019 03:46 AM, grarpamp wrote:
FOIA documents came out
?
https://surveillancevalley.com/blog/fact-checking-the-tor-projects-governmen... https://www.documentcloud.org/documents/4379303-Bbg-Tor-Emails-Stack-21.html Edit: Also https://www.documentcloud.org/public/search/Account:%2019359-yasha-levine <snip>
https://surveillancevalley.com/blog/fact-checking-the-tor-projects-governmen... https://www.documentcloud.org/documents/4379303-Bbg-Tor-Emails-Stack-21.html https://www.documentcloud.org/public/search/Account:%2019359-yasha-levine
https://www.documentcloud.org/public/search/projectid:37206-The-Tor-Files-Tr... Thx. Someone should mirror that whole series of articles and dataset. Here's one copy of the book... Surveillance Valley - Yasha Levine infohash:6440FAC0D1D9D8EBE3FF24B084B58551CF5BC3B5
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan, or refuses to buildout free p2p, guerilla, mesh networks. 2) Bandwidth, if chaff does not get out of the way upon demand by wheat for carriage. 3) Footshoot, user attempted to feed a higher committed rate to their CPU or internet than either can handle.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
While reclocking is likely necessary part of TA defence, many CPUs and NICs can handle line rate processing, and the committed rate to an overlay network can be set below both the physical link speed, and the rate bought from the ISP within which the overlay rides. User or overlay can create its own processing headroom by choosing a lesser rate. Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum. Sure maybe due to variety of hardware making up an actual overlay network and users paths in it, and other processing demands, latency may be higher than non chaff network, but maybe not by enough to actually preclude use of low latency apps such as voice chat, IRC, etc.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
I'm convinced there are too many security issues for high privacy communication over networks that eventually utilize or terminate on commercial facilities. Only specially designed, ptp, wireless comms using OTP or other trusted keying, combined with appropriate tradecraft are likely to be effective against nation state resources. Recall WW IIs wireless warriors. On Mon, Nov 25, 2019, 11:04 AM grarpamp <grarpamp@gmail.com> wrote:
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether
chaff is
sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan, or refuses to buildout free p2p, guerilla, mesh networks. 2) Bandwidth, if chaff does not get out of the way upon demand by wheat for carriage. 3) Footshoot, user attempted to feed a higher committed rate to their CPU or internet than either can handle.
2) actual low latency. In order to prevent timing attacks, packets
need to
be reclocked, which means adding delay, which results in higher 'latency'.
While reclocking is likely necessary part of TA defence, many CPUs and NICs can handle line rate processing, and the committed rate to an overlay network can be set below both the physical link speed, and the rate bought from the ISP within which the overlay rides. User or overlay can create its own processing headroom by choosing a lesser rate. Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum. Sure maybe due to variety of hardware making up an actual overlay network and users paths in it, and other processing demands, latency may be higher than non chaff network, but maybe not by enough to actually preclude use of low latency apps such as voice chat, IRC, etc.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
I can think of what might be a disproof of this: https://en.wikipedia.org/wiki/Dining_cryptographers_problem
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it. A message (or a dummy) could be automatically sent to a large number ("N") recipients, who are instructed to return an answer (or a dummy) within a random or pseudorandom time less than a specific value. This system would still be "low latency", although perhaps not particularly efficient. Also, as for: Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan, Some internet services (1 gbit/second Centurylink) are already unlimited-data, or at least the limit (1 terabyte/month?) is sufficiently high so that it is irrelevant. The latter is about 386,000 bytes per second. Jim Bell
On Monday, November 25, 2019, 09:52:44 AM PST, Steven Schear <schear.steve@gmail.com> wrote: I'm convinced there are too many security issues for high privacy communication over networks that eventually utilize or terminate on commercial facilities. Only specially designed, ptp, wireless comms using OTP or other trusted keying, combined with appropriate tradecraft are likely to be effective against nation state resources. Recall WW IIs wireless warriors. On Mon, Nov 25, 2019, 11:04 AM grarpamp <grarpamp@gmail.com> wrote:
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan, or refuses to buildout free p2p, guerilla, mesh networks. 2) Bandwidth, if chaff does not get out of the way upon demand by wheat for carriage. 3) Footshoot, user attempted to feed a higher committed rate to their CPU or internet than either can handle.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
While reclocking is likely necessary part of TA defence, many CPUs and NICs can handle line rate processing, and the committed rate to an overlay network can be set below both the physical link speed, and the rate bought from the ISP within which the overlay rides. User or overlay can create its own processing headroom by choosing a lesser rate. Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum. Sure maybe due to variety of hardware making up an actual overlay network and users paths in it, and other processing demands, latency may be higher than non chaff network, but maybe not by enough to actually preclude use of low latency apps such as voice chat, IRC, etc.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
On Mon, Nov 25, 2019 at 07:11:48PM +0000, jim bell wrote:
I can think of what might be a disproof of this: https://en.wikipedia.org/wiki/Dining_cryptographers_problem
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it. A message (or a dummy) could be automatically sent to a large number ("N") recipients, who are instructed to return an answer (or a dummy) within a random or pseudorandom time less than a specific value. This system would still be "low latency", although perhaps not particularly efficient. Also, as for: Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan, Some internet services (1 gbit/second Centurylink) are already unlimited-data, or at least the limit (1 terabyte/month?) is sufficiently high so that it is irrelevant. The latter is about 386,000 bytes per second.
~400KiB/s is fine for many uses. Some will still want to work outside this envelope - say 4MiB/s for a day, then 10KiB/s for the rest of the month. And in this case any "interesting" bulk data up/download must of course have occurred within that 1 day window, so the privacy/ hiding characteristics of this link set up may not be overly useful "in certain circumstances", but it is counter productive to not facilitate whatever connection modes users might ultimately find useful and/ or in their interest to use. (I hope I'm just stating the obvious here.)
Jim Bell
On Monday, November 25, 2019, 09:52:44 AM PST, Steven Schear <schear.steve@gmail.com> wrote:
I'm convinced there are too many security issues for high privacy communication over networks that eventually utilize or terminate on commercial facilities. Only specially designed, ptp, wireless comms using OTP or other trusted keying, combined with appropriate tradecraft are likely to be effective against nation state resources. Recall WW IIs wireless warriors. On Mon, Nov 25, 2019, 11:04 AM grarpamp <grarpamp@gmail.com> wrote:
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan,
or refuses to buildout free p2p, guerilla, mesh networks. 2) Bandwidth, if chaff does not get out of the way upon demand by wheat for carriage. 3) Footshoot, user attempted to feed a higher committed rate to their CPU or internet than either can handle.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
While reclocking is likely necessary part of TA defence, many CPUs and NICs can handle line rate processing, and the committed rate to an overlay network can be set below both the physical link speed, and the rate bought from the ISP within which the overlay rides. User or overlay can create its own processing headroom by choosing a lesser rate. Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum. Sure maybe due to variety of hardware making up an actual overlay network and users paths in it, and other processing demands, latency may be higher than non chaff network, but maybe not by enough to actually preclude use of low latency apps such as voice chat, IRC, etc.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
On 2019-11-26 05:11, Jim bell wrote:
I'm convinced there are too many security issues for high privacy communication over networks that eventually utilize or terminate on commercial facilities. Only specially designed, ptp, wireless comms using OTP or other trusted keying, combined with appropriate tradecraft are likely to be effective against nation state resources. Recall WW IIs wireless warriors.'
The best thing you can do to hide metadata data over the network is to make sure that video data is sent in a format that is indistinguishable to the eavesdropper on any single link from data being sent in a manner that hides who is talking to whom. If you are implementing a mesh network, you have to know where in the mesh you are sending data to. In the simple and direct way of implementing a mesh network, done with efficiency rather than secrecy in mind, every signal gets sent from nearest node to nearest node, which means the sender has to know the geographic location of the recipient in the mesh and a map of intermediaries, which which means the location of the parties is widely known, that everyone knows the location of an entity, but watching the network does not provide much metadata on which party is talking to which party. You get close to onion routing for almost free. And you can further hide the traffic by choosing a zig zag path and the sender onion encrypting to each relay, full onion routing, and by having random delays on the link - which means that full onion routing should a field for time sensitivity, that you need to have an interface to the network which supports leisurely interaction, an email like interface. If the network provides fast efficient traffic, the noisy bursts from people using the network to send data in the most direct and fastest way to the destination hide who is talking to whom using leisurely data slowly going an indirect route. Slow and small amounts of data will be hidden by people downloading gigabytes of video by the fastest and most direct route.
On Mon, 25 Nov 2019 06:03:38 -0500 grarpamp <grarpamp@gmail.com> wrote:
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan,
except, unmetered plans are a scam. And that's the whole point. I think it's safe to assume that 'backbones' can't carry chaff traffic. If a substantial number of ppl tried to use their 'unmetered' plans to transmit chaff the nsa-network would grind to a halt.
or refuses to buildout free p2p, guerilla, mesh networks.
...yeah chaff wouldn't be a problem in a network with no backbones. Too bad such mesh network doesn't exist.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum.
the only way to do that is by introducing more delay. Which is fine as far I'm concerned. Because the biggest problem is fucktards who want to download 100mbs in 2 seconds with no 'latency'. Such assholes need re-education.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
That's not what I quoted from scum-master syverson. As to how much 'latency' would a better system introduce, that's an 'open question'. Also, I forgot to mention the obvious fact that using 3 chained proxies aka 'onion routing' instead of a direct connection generates an amount of 'latency' that can't be avoided.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan,
except, unmetered plans are a scam.
Yes if you don't get the physical line rate or whatever the marketing tries to bullshit.
And that's the whole point. I think it's safe to assume that 'backbones' can't carry chaff traffic. If a substantial number of ppl tried to use their 'unmetered' plans to transmit chaff the nsa-network would grind to a halt.
Not really, any substantial number on a nextgen overlay, plus the sum of all tor, i2p, etc... are not even a blip compared to the masses on clearnet and their sum of bittorrent, youtube, netflix, etc. And such overlays will have settings, in conjunction with the OS packet filters, to allow each users 1Mbps or whatever ISP feed they have to be allocated dynamically between clearnet and overlay as they see fit. People need to get out of the thought blocking mindset that chaff fill implies unusable saturation of all line rate pipes on the planet including their own, it doesn't, at all.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum.
the only way to do that is by introducing more delay.
If A sends through B to some C 1pps on average distributed within 1s jitter, B has plenty of CPU, time, and space on its outbound wire to C, to reclock that to 1pps avg to within 0.01s jitter, or to apply it's own random jitter while still meeting 1pps. CPU's operate in GHz, so yes each packet is trapped up in that processing delay for some minimal amount of time like usec's. However so long as the node does that within the line rate, or at least the lesses rate the node has committed to upholding, the bps passed over the link doesn't change. The crypto operations and relay routing are responsible for more "delay" than anything else. After all, the Internet is commonly 10+ hops and 35-175+ msec. In those regards, background of 1Mbps of chaff traffic yielding to 1Mbps of wheat on demand, feels exactly same to the user application as 0Mbps quiet yielding to 1Mbps wheat. Yet with the former the network is using all its otherwise uselessly idle CPU's and NIC's to enable TA resistant cover, and with the latter you're screwed.
fucktards who want to download 100mbs in 2 seconds with no 'latency'. Such assholes need re-education.
True. And people considering designs for TA resistant overlays should probably self-educate on how ATM network cell switching and clocking works regarding how wheat and chaff could then be placed in those buckets, and paths made through. ie: Today's opensource SW devs in their cute corporate dayjob cube farms are lucky to have seen the end of their ethernet cable and the socket(2) manpage, let alone have physical root in telecom satcom bunkers jammed with random gear, so it's not unexpected that their designs might overlook some useful research areas.
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
That's not what I quoted from scum-master syverson.
Quotes in papers that discount or dismiss areas of potential research not yet explored to at least as much breadth and depth as other areas, with known attack surfaces, that are then chosen coded and deployed to users, are probably suspect. Even if a plainly disclaimed "tradeoffs made" "only good enough for cat videos" network is built for 1B of whiny fucktards, that's no reason not to design and build a much more secure one for the say 1M that might want that. The dev efforts, fame, and user benefits are relatively same. So why nothing yet built today using whatever new and reinforced knowledge accumulated, and may be within reach of new research, since 20 years old designs? Alternatively, how can Tor, I2P, etc today possibly be the best that can be done such that there are no worthwhile gains left for any new network to do?
As to how much 'latency' would a better system introduce, that's an 'open question'.
My guess is that a more TA and Sybil resistant network than todays overlays... one within which IRC and low bitrate voice and video comms are usable... is entirely possible. There may even be some number of "more resistant" network designs, for generic transport of multi application data, that could be explored. Though each design by its nature might not be capable of integrating some tech of the other, so long as each is relatively equally better within a factor band above todays, then each could be deployed as needed.
Also, I forgot to mention the obvious fact that using 3 chained proxies aka 'onion routing' instead of a direct connection generates an amount of 'latency' that can't be avoided.
Direct connections may be hard to hide, thus all overlays over the Internet that attempt to hide connections don't use dc's. An SDR radio network, being it's own sort of layer-0 and more physically mobile capable network has more opportunity to exploit ephemeral direct connections. That each hop adds the latency of the respective physical distance and HW SW stack... should be obvious.
On Mon, Nov 25, 2019 at 03:27:30PM -0300, Punk-Stasi 2.0 wrote:
On Mon, 25 Nov 2019 06:03:38 -0500 grarpamp <grarpamp@gmail.com> wrote:
by 'low latency' they mean two things :
1) 'efficient' use of data transmission capacity, i.e. whether chaff is sent(expensive) or not.
Chaff might be really only "expensive" if 1) Monetary, user chose to pay for it under metered plan,
except, unmetered plans are a scam. And that's the whole point. I think it's safe to assume that 'backbones' can't carry chaff traffic. If a substantial number of ppl tried to use their 'unmetered' plans to transmit chaff the nsa-network would grind to a halt.
This sounds correct to a degree. "At purchased capacity, for 'unmetered' plans." In other words under utilized long-duration chaff filled links, ought be incentivized against. This is natural for a friend to friend link - I know my friend by name/nick, and holler at him if his usage pattern is causing me to burn significant chaff which he simply does not use. Remember, we're attempting to create at least somewhat of a switch based overlay net - so the primary connection is a link between 2 peer nodes A and B. Of course, onion routing is onion routing, and so the p2p node link is just a first hop - a 2nd hop must onion across B, e.g. A B C, but now C receives packets "from B" which are really from A, and C is still going to get annoyed if the B C link is "significantly" under utilized. (In practice of course "get annoyed" is a misnomer - only tech folks even bother to look at e.g. wheat/chaff utilization stats, and so the incentivization algos must be (as far as possible) built into link bandwidth management, i.e., automatically shape up and down as needed yet according to "user specified + random" hysteresis conf. May still have a "You might want to get annoyed at peer X" dialog too :) )
or refuses to buildout free p2p, guerilla, mesh networks.
...yeah chaff wouldn't be a problem in a network with no backbones. Too bad such mesh network doesn't exist.
Steve Schear - perhaps you are inclined to include some links and possibly a write up, into text files in the iqnets/doc/ dir (or new git proj if you think that's better)? Some of us see an alt phys net as foundational to our goals here ... and to this end intend iqnets to use and facilitate such links at core protocol... permanent ("stable" "backhaul") dark links, as well as ephemeral temporary e.g. mobile phone ad hoc wireless meshe links. Steve, in these early (design, info gathering) days, a big part of our work is scouring the webs for possibly useful info and dumping such into a links file (e.g. urls-alt-phys-net.txt), and, as inspiration grabs you, write up that which needs to be written up.
2) actual low latency. In order to prevent timing attacks, packets need to be reclocked, which means adding delay, which results in higher 'latency'.
Also, depending on nature of input, reclocking may not necessarily imply additional average delay, as packets and gaps between them might be simply normalized. randomized and or distributed within the same overall sum.
the only way to do that is by introducing more delay. Which is fine as far I'm concerned. Because the biggest problem is fucktards who want to download 100mbs in 2 seconds with no 'latency'. Such assholes need re-education.
It's not a binary - any type of link that two peer nodes agree to establish, within the bounds of their config, is just fine. Depending on my utilitization of a link to a peer, I may then hand out portions of that link for T time period etc...
any low-latency web onion router - could not defeat The Man
This seems yet to be lacking proof and perhaps cannot actually be said without it.
That's not what I quoted from scum-master syverson. As to how much 'latency' would a better system introduce, that's an 'open question'.
You and grarpamp appear to be saying the same thing...
Also, I forgot to mention the obvious fact that using 3 chained proxies aka 'onion routing' instead of a direct connection generates an amount of 'latency' that can't be avoided.
Yes, every extra hop is extra inherent latency. The only challenge I've seen to that is certain fibre optic repeater kit which simply aplifies and repeats an incoming signal - due to their funky excitation block, which is analog, there is either actually no introduced latency, or it's so small as to be not measurable or something... been a while since I read about that.
https://medium.com/@virgilgr/tors-branding-pivot-is-going-to-get-someone-kil... Tor’s Branding Pivot is Going to Get Someone Killed Aka, human rights activism meets the Cobra Effect Virgil Griffith Sep 4, 2016 · 7 min read "Three weeks ago, The Tor Project, Inc. published their Tor Social Contract. The media covered the contract but focused on the policy not to backdoor their own software (as though that were surprising?). Regrettably, the media missed a real story lying in plain sight... a large portion of Tor is so drunk on self-righteousness they can’t recognize they are wantonly increasing their users’ risks." Three weeks ago, The Tor Project, Inc. published their Tor Social Contract. The media covered the contract but focused on the policy not to backdoor their own software (as though that were surprising?). Regrettably, the media missed a real story lying in plain sight — the first bullet: 1. We advance human rights by creating and deploying usable anonymity and privacy technologies. This bullet is a continuation of Tor’s new mission statement adopted in August 2015 which reads: “To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.” Collectively, these two policy documents pivot The Tor Project, Inc. from an organization that was foremost about privacy technology to an organization that is foremost about human rights (HR) where privacy technology is the chosen means to the end. Naïve observers may see little difference, but this pivot has deep ramifications. In western liberal democracies (where Tor is overwhelmingly based, and by raw numbers, largely serves) human-rights advocacy has better optics than privacy. But the opposite is true in the regions that Tor aims to serve. Privacy empowers the individual. Empowering the individual naturally dovetails with human rights, so it’s plausible that greater human rights is a natural byproduct of privacy advocacy. However, Tor’s pivot from “Privacy Enthusiasts” to “Human Rights Watch for Nerds” substantially increases the risk of imprisonment to those operating a Tor relay or using the Tor Browser Bundle from less HR-friendly regions. For example, in Singapore (where I live), the government absolutely does not care for what they term “Western human rights” and views them, at best, as a handicap in maximizing GDP, and at worst, as cultural imperialism. But despite their dim view of human rights, Singaporean authorities top-to-bottom are fanatical about reducing corruption. Most importantly, Singapore’s love of anti-corruption exceeds its apprehension about human-rights-laden privacy enhancing technologies. Tor’s rebranding from privacy to HR activism takes exactly the same activity — using Tor or running a Tor node — and makes it vastly easier for an enterprising authority to stretch it to be liable for indefinite detention without trial. Singapore’s attitude here is representative of the cultural terrain from China to Indonesia, which constitutes, I kid you not, about 1/3 of the world population. The Internet’s core protocol, TCP/IP, was created for “message passing”, not “message passing for human rights”. Personally, if I were branding Tor, I would brand it along the lines of, “privacy-enhanced TCP/IP”, and then downplay any specific applications. This is a branding even China could support. Pigeonholing a generic technology like Tor into the human rights category makes it immensely harder to justify using Tor as part of generic (non-human-rights related) communications. For example, say you’re a sysadmin at a local business wishing to further secure its comms. You propose running a Tor node or using Tor internally. This was just something you could do (if perhaps a bit overzealous), but if asked you justifiably reply defense against corporate espionage matters. After Tor’s pivot, you now have to justify why the company is using software explicitly designed for banned HR activism — why is this worth drawing the government’s ire? Using Tor is now an additional mild liability for all non-HR users. In profound irony, Tor’s pivot especially hurts local users who would use Tor for human rights. Say you’re an Asian HR activist — choosing one, would you prefer: A poignant mission statement and social contract saying Tor, unsurprisingly, supports your noble cause. A larger local anonymity set by including non-HR users, faster performance via local relays, and greater plausible deniability, so that your mere use of Tor is less suspicious? To my surprise, Tor management believes (1) is more valuable than (2). Call me an idealist, but I believe that, for infrastructure like Tor, the greater efficacy of (2) takes priority over the emotional self-satisfaction of (1). Demonstrating how complete the transformation is within Tor, arguing this is deemed VERY SUSPICIOUS. And, I kid you not, that suspicion yields Tor management’s thumbs-up. In terms of Tor’s sustainability, it is as the local Wushu Sifu say, the greatest enemy is within. (No offense to Roger!) As a born-and-bred American, I get the human-rights motivation — I really do. But the “Human Rights Watch for Nerds” branding gives decidedly-unfriendly-and-opportunistic-authorities full license to do as they please with Tor operators or anyone who uses Tor (regardless of whether their usage is HR related!). Yet a large portion of Tor is so drunk on self-righteousness they can’t recognize they are wantonly increasing their users’ risks. Here’s a more familiar analogy illustrating the regional equivalent of what Tor has done. Imagine Tor canonized a new policy document stating: “The Tor Project proudly advances drug-use by creating and deploying usable anonymity and privacy technologies so people around the world can circumvent local drug laws.” Thereafter, anytime an authority sees anything Tor, any enterprising officer has full-authority to proceed for investigating a drug-crime whereas before ze did not. I do not know how to make this more clear. During my undergraduate years (2002–2007), I admired Tor’s skillful treading on the tightrope separating three groups who rarely got along: the military-industrial complex among its funders the anarcho-capitalist cypherpunks among its early operators the potpourri of left-wing activists among its most dedicated users I’m sure it was a difficult balance—but I argue this uneasy balance was the secret sauce of Tor’s success, as Tor was perhaps the only thing these disparate groups could agree on! Unfortunately, modern Tor has firmly rejected the first group, rebuffed the second, and filled the resulting vacuum with one of the worst aspects of the third — purity politics and prioritizing virtue statements over mission efficacy. Tor’s branding pivot is misguided, damaging for global privacy, and ironically, harmful to Asian human rights. Anonymity requires not just company, it requires diverse company, yet Tor has increased the barrier-to-entry for all local non-HR Tor users. This something Tor has brought upon itself, and they are knowingly throwing their most vulnerable users under the bus. After seven years of proud service to Tor including: founding Tor2web, Roster, and Toroken, as well as writing a Tor Tech Report and running several high-performance relays, I am resigning because: Given my residency in Southeast Asia, Tor’s pivot creates nonnegligible risk for me personally. I do not trust an organization which prefers reaping modest public relations benefits within comparably cozy jurisdictions over the security of its neediest users taking the majority of the risk. Tor is carefully positioning itself away from the efficacious privacy promotor it used to be. 💔 Addendums 1. Theory for the Pivot In discussing this post, one of my colleagues opined that, from a management perspective, the pivot towards human rights is actually great for fundraising in the West. With modern Tor Project placing getting off defense-industrial funding at top priority, new funding must come in. And if a byproduct of that new funding demands throwing the most vulnerable users under the bus…well, that’s just the price for those users to pay. So, lets take a step back. The primary reason for Tor to distance from defense money is so it’s not perceived to be a puppet of the West. The optics will look better to casual observers, but dropping defense funding for building products and pivoting towards human rights grants will, ideologically speaking, surprisingly have the opposite effect. 2. Keep using Tor? Yes please. Togg_ remarks my argument is akin to, Fair point! To which I can only respond, The claim is that Tor is recklessly endangering the most disadvantaged users — not that you shouldn’t use Tor. If strong human rights advocacy is kosher in your jurisdiction, Tor is your jurisdictional privilege to preferentially enjoy; so please do enjoy it! 3. “Following The Users” vs “Serving the Neediest” Alec Muffet articulates a level-headed, sensible argument for the HR-pivot by asserting it’s an adaption to better serve Tor’s existing user base. And when breaking down the user counts, this means Tor should adapt to serve: United States, Russia, Germany, France, United Kingdom, Brazil, Japan, Italy, Span, and Canada. Aggregating across these jurisdictions, a pivot from “foremost Privacy” to “foremost Human Rights” is an immense win. So while yes, this pivot does shortchange Asia, but on the total number of users it’s a win. So deal with it. To which I can only respond, “Following the users” is a wholly satisfactory long-term strategy — but it is incompatible with Tor’s rhetoric of “serving the neediest in non-HR-friendly jurisdictions”, which may be okay! However, I take Tor’s rhetoric at face value, and I perhaps naïvely, presumed others do as well. If Tor wishes to follow its rhetoric, this pivot is likely to do long-lasting harm. 4. Can Tor still care about human rights? YES. Dr. Bryan Ford and Kragen Sitaker opine: Indeed. Does Tor have to be completely mum about valuing of human rights? No! Two responses: The goal is to get world-wide deployment, not protest The Man. If TCP/IP had been branded as “robust communications for human rights activists”, it would have never been deployed outside the West and failed in greater unifying the world. Empirically speaking, in Asia, being foremost “Privacy” (of which HR is invariably a component!) has largely worked. But making human rights the utmost thing Tor foremost does hands officers full license to attack with prejudice, and moreover invokes the already established top-down incentives for officers to do so. In short, no pretending required. Tor just needs to have a larger, louder, message (e.g., “Privacy”) which can encompass HR as component. This is what Tor had, and they are actively throwing it away. Updates I changed the final sentence from: “Anyone want to establish a foundation for the efficacious promotion of privacy? Because Tor is no longer it.” to “Tor is carefully positioning itself away from the efficacious privacy promotor it used to be. 💔”. The former was said out of frustration, and the latter better captures my true feelings. Added subtitle: “Aka, human rights activism meets the Cobra Effect” Removed the opening stanza, “There’s never been a better time to leave Tor. After a few weeks of unsuccessfully waiting for my views to mellow, I add my voice to the exodus.” This removal is in direct response to Meredith Patterson’s, and especially Alec Muffett’s feedback. I might have a crush on Alec. This whole editorial is me seeking external pressure before Tor immensely diminishes their efficacy toward their stated raison d’etre. Privacy Human Rights Tor Asia Virgil Griffith Written by Virgil Griffith Special Projects @ Ethereum Foundation See responses (16)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, November 29, 2019 8:25 PM, grarpamp <grarpamp@gmail.com> wrote:
https://medium.com/@virgilgr/tors-branding-pivot-is-going-to-get-someone-kil... ... 1. Theory for the Pivot
In discussing this post, one of my colleagues opined that, from a management perspective, the pivot towards human rights is actually great for fundraising in the West. With modern Tor Project placing getting off defense-industrial funding at top priority, new funding must come in.
lesser of two evils? funding frustration rears its head again.
2. Keep using Tor? Yes please.
uh oh, this is contentious in cypherpunks land... ;) best regards,
On Mon, Dec 02, 2019 at 07:01:55PM -0500, grarpamp wrote:
http://www.hackerfactor.com/blog/index.php?/categories/19-Tor
That article links to another article which some may find much more interesting (same author apparently): https://www.hackerfactor.com/blog/index.php?/archives/789-Cyber-Goat.html (Don't worry, that's not goatse!)
http://www.hackerfactor.com/blog/index.php?/categories/19-Tor
That article links to another article which some may find much more interesting (same author apparently):
My link above is not a link to an article, it's to a blog tag that collates 22 articles about more ways that Tor, tor, and in general probably all of todays other networks, stink.
participants (12)
-
coderman -
grarpamp -
jamesd@echeque.com -
jim bell -
John Young -
Mirimir -
Peter Fairbrother -
Punk-Stasi 2.0 -
rooty -
Spirit of Nikopol -
Steven Schear -
Zenaan Harkness