On Fri, Mar 21, 2014 at 5:01 AM, John Young wrote:

Sys admins catch you hunting them and arrange compromises to fit your demands so you can crow about how skilled you are. Then you hire them after being duped as you duped to be hired.

everything old is new again, betrayals for lucre, for lust, for fame, for fear, ... this is why some technology consumers demand independent validation[0] to confirm to their own eyes if design matches intent; if operation matches assurance. how can you even trust the word of a third party verifying integrity if you can't determine integrity yourself? caution: this line of reasoning leads to long dependencies... ;)

The lead Tor designer reportedly (via Washington Post) had a session with NSA to brief on how to compromise it, although "compromise" was not used nor is the word used by gov-com-org-edu.

http://cryptome.org/2013/10/nsa-tor-dingledine.htm

the beauty of privacy, like freedom, is that it floats all boats. [ i may not agree with what you do with free, uncensored communication, yet i code and toil for your ability to communicate regardless. ] in all seriousness, what you describe at the root of things: systems that are inherently and fundamentally compromising, if you have the right adversary, if you have the right resources, is absolutely true! in industry speak this is characterized in terms of "risk management". in military, aimed at a higher common denominator, yet fundamentally just as vulnerable (built to a more competent attacker. a larger resource stream.) there are defeatists a plenty, having looked around the state of things, and fall to nothing but despair. i think it is reasonable to demand complete transparency and utmost correctness and reliability in these technologies we depend on. that's a radically different future than what we have now or can think of in terms of current engineering capabilities. never the less, a future worth aiming toward! finally, to your mention of the meeting with NSA, this is interesting from a reversing the adversary's perspective. [since presumably Roger does not hold clearance of course, this is all treating Roger as hostile witness!] let's review it: --- Roger Dingledine at NSA NOV 2007 ...

...

Contents 1 (U) Talk by Roger Dingledine at NSA, 11/01/2007 at R&E (Sponsored by NSA RT) o 1.1 (U) Who are TOR Customers? o 1.2 (U) Anonymity System Concepts o 1.3 (U) TOR Issues

the usual culprits.

...

(U) Talk by Roger Dingledine at NSA, 11/01/2007 at R&E (Sponsored by NSA RT)

next time ask for them to sponsor bridges, obfuscated proxies, and fast exits? :) [only half in jest, as QUANTUMSQUIRREL would also make a great single, large exit for entire Tor network as has been mentioned in the past! constantly changing set of address space would avoid censorship and blocking into and out of the network. (though i would _only_ use NSANet as a obfuscated proxy first hop to hidden services or as last hop exit relay to clearnet where they occurr no where else along my circuit.)]

...

(U) Roger Dingledine, now of Torproject.org, was one of the principle inventors or TOR. Current usage statistics quoted are 200K users and 1K servers. When asked about trends, he had no concrete data - Being a non-profit open-source effort, the collector of statistics has not been active recently.

now there are metrics :) https://metrics.torproject.org/

...

(U) The obligatory "Anonymity is not equal to Cryptography" and "Anonymity is not equal to Steganography" admonishments were given early on. (U) Who are TOR Customers? (U) Mr. Dingledine mentioned that the way TOR is spun is dependent on who the "spinee" is. Using the typical (in the cryptography world), Alice and Bob as communicants, he described several Alices: (U) 1. Blogger Alice, who wants to be able to write to a blog in an anonymous way. (U) 2. 8 yr. old Alice, who wants to be able to post to sites for children in a way insuring her true name and location are not discovered. (U) 3. Sick Alice, who want to research information on her illness on the Internet while not enabling anyone to determine her true name and location. (U) 4. Consumer Alice, who wants to research possible purchases without having a database of her marketing habits being built without (or with her weak) consent. (U) 5. Oppressed Alice, who lives in a repressive country (no or limited free speech) and wants to talk about things contrary to her governments positions. The countries he used as examples were France, Germany (prohibitions on fascist writings?) and the US (not sure what he meant here?). (U) 6. Turning to "Business Alice", we had examples of companies not wanting to give up their business secrets to competitors via their Internet usage patterns. An anecdote was given of some business getting a different HTML page displayed when the same URL was accessed with and without TOR. (U) 7. "Law Enforcement Alice" was concerned with the ability of anonymous agents/informants to really main anonymous when contacting their law enforcement ties.

communicating a message to be best received by the audience. Roger's had some practice! again, the beauty of anonymity is that it floats all boats... [e.g. magically getting mutually distrusting, even opposed entities to cooperate on a shared goal.]

...

(U) Anonymity System Concepts (U) Running ones own anonymity service vs. Using a 3rd party service: If one uses one's own service, its pretty obvious who the user is :-) (U) Low Latency Anonymity Service vs. High Latency Anonymity Service: The difference is in how paranoid someone really is. In a Low Latency Anonymity Service (all common proxies, TOR, others), there is a rerouting through some number of proxies, but there is no attempt to reorder packets or artificially introduce latencies. The result is something which can be used for most web and instant messaging / chat applications with only minimal notice of delays by the user. In a high latency service, proxies attempt to randomly reorder an delay packet so that it is harder to track traffic. Such systems are really only useful for such protocols as email. (U) The most recent and advanced High Latency anonymity service was the /*MixMinion*/ family of open source projects. Mr. Dingledine was one of the key developers of these. His opinion is that the very limited utility of such projects has caused them to wither on the vine. He does *not* see any major development in such services for other than research in the forseeable future. Another key point is that the degree of anonymity in any system is proportional to the number of users. If noone is using any of the high latency systems, why bother. This proportionality is one of the ideas Mr. Dingledine refers to as a /tension/ in the world of anonymity systems.

yup, a nice summation. from here it gets a bit more interesting...

...

(U) TOR Issues (U) The short description of TOR for the reader is as follows: The user, via his/her TOR client, queries one of 5 directory servers for the current list of TOR nodes. Using metrics such as availability and bandwidth in conjunction with random choice, a set of 3 proxies is chosen for a "circuit". It is this circuit which is used, with a unique layer of encryption on each link, for anonymous Internet interactions. (U) The lifetime of a circuit, a tuneable parameter, is another /tension/, this one specific to TOR. The longer the circuit life, the more various traffic that may transit it, forming a knowable relationship between the traffic streams. Too short of a lifetime means too much time/CPU is spent building circuits. The original default lifetime was 30 seconds but is now 10 minutes. Everything is tweakable in TOR, so a user if free to choose his/her own circuit lifetime. But this is dangerous, as a unique circuit lifetime could easily become a user identification feature :-).

note the knowing, smily face at end. they either had started on or already had the ability to detect anomalous circuits, likely based around active/targeted DoS among who knows how many other possibilities they've been working on since "Tor stinks" :-) unfortunately anything further that would be useful would also be classified and thus not in this doc. [pointers and future articles solicited!]

...

(U) Mr. Dingeldine was asked about the concrete choice of a 3-long circuit. This is unlikely to change soon, as it appears to be a very suitable tradeoff. (U) The mention of SOCKS proxies, such as /*Privoxy*/ as a bump in the chain before TOR was mentioned. These proxies can intercept and cleanup things such as cookies to further help anonymity.

back to boring fact taking again... *yawn*

...

(U) The current "owner" of TOR is torproject.org, a US registerd 501(C) non-profit organization, of which Mr. Dingledine is a principal. In addition to specific technology issues such as scaling, other categories of work are: (U) 1. Usability (Targetting the ability of other than tech-savvy users to embrace the technology)

it has become so much better since 2007!

...

2. Incentives (Trying to get more people to run TOR servers)

great progress here too, i think.

...

3. Design for Scalability/Decentralization 3a. Regarding scalability of the TOR network, Mr. Dingledine proffered the guess that 2000-3000 is a rough upper limit on the number of nodes in the pool before a new topology may be advised. 3b. Decentralization means less reliance on a very small set of trusted Directory Servers (curently 5)

robust decentralized systems, still fucking hard in 2014!

...

4. Continued research on attacks and the mitigation thereof. 5. Continued provision of documentation and user technical support.

that's it. one bone, in the whole unclassified pile. so where's the docs with the circa 2011/2012 state-of-the-art Tor attacks? :)

On Fri, Mar 21, 2014 at 10:53:31PM -0400, dan@geer.org wrote:

At this point, one can but humbly remember John 8:7,

...He that is without sin among you, let him first cast a stone...

For then I shall cast a stone upon myself, for I have commited the gravest of sins upon the altar of transparency and rule of law I have signed a non-disclosure agreement[*] [*] dislaimer: Due to recent publicly documented leaks, any information I may or may not have agreed to not disclose may or may not be copied, duplicated, archived, and disclosed to unauthorized third parties, including, but not limited to government agents, private contractors, and ethical rogue sysadmins

Dnia sobota, 22 marca 2014 01:04:28 Scott Blaydes pisze:

On Mar 21, 2014, at 5:04 AM, rysiek wrote:

...

1. they know when you're using Tor, and can flag you accordingly, and (for

example) deliver some nastiness when (not "if"!) they get the chance, because "when you have something to hide…”

The old argument for convincing people to use crypto when they “have nothing to hide” was the postal analogy. Do you send your snail mail in an envelope? If you have nothing to hide why not use postcards? The idea is that if you are sending everything encrypted, when you do have something to hide it doesn’t stand out. Now people use envelopes for privacy and out of convention. If everyone did the same thing with crypto,used it for privacy and out of convention, intelligence agencies wouldn’t be able flag suspicious communications easily.

Sorry, not really a “to Tor or not to Tor” answer, but something I remember using in the past.

I am well aware of this argument, and I use it often. My question here is different: with all the info we have about Snowden, QUANTUM, etc, and with the number of Tor users today, AND with some Tor design choices (like: not padding the packets so that each packet, regardless of between which nodes it is sent and how many encryption layers have already beed removed -- has the same length, which would make it that much harder to do traffic analysis), is it PRACTICALLY REALLY better to use Tor, OR does it get people flagged and exploited in other ways? For Joe Schmoe, is it better to use Tor, or to hide in the noise? I guess one part of the question is the fact that NSA probably doesn't really have to break encryption, they just need info on who is communicating with whom, exploit one of these endpoints and get all the unencrypted logs, data, etc they want. -- Pozdr rysiek

correct, an IP alone insufficient to impersonate a Tor node. you would also need key material. (active use of stolen keys to facilitate secondary attacks would be interesting to inventory from leaks...)

Ubiquitous use of a comsec system is a vulnerability, whether PGP or Tor or another popular means. Crypto advocates and Tor encourage widespread use as a defense but may be luring victims into traps. The more users of a system the more likely it will be attacked by officials or by malefactors. And the attacks are most often overlooked in the volume, or excused as a price of popularity, fixes underway, always underway, keeping coders and investors happy as engineers mud-wrestling and financiers soused. Most trusted systems (MTS) are where the money is, as with banks, so that's where robbers make their living, and MTS set up budgets for loss, PR, lobbying, training staff in cover-ups and workarounds, hiring ex-regulators and distinguished industry leaders as advisors, board members and faces of the MTS around the planet. The lucrative boomlet in comsec generated by Snowden Inc's marketing gambit promoting encryption and enhanced comsec among media mouthpiece megaphones indicates that another cycle of dubity of the status quo comsec confidence game is to be followed by a repair and rejigger protection racket, as evidenced on these mail lists, at conferences, and no doubt in halls of semi-classified exchanges everready to share tips and tricks to ratchet up demand for security in all its devilish manifestations. Was it not mere months ago when a call was issued to redesign and or replace the entire Internet from top to bottom, the whole thing, to end the futile comsec tinkering and delusionary marketing, no way the Frankenstein could be made secure for human use, it had fundamental faults which precluded durable comsec. Perhaps re-Frankensteining is being done in semi-classified halls, hindered by by official and commercial and scholarly exploiters of the monster's faults to advance their interests in advocating MTS for public use, just keep those research and investment funds flowing. No risk, no security market, so what fool would want an Internet that had no faults. No bank would want perfect security to be available directly to customers. No military or spy agency would want perfect national security available to the citizenry. No government would want a threat-free populace. No comsec industry would want ... Best to aim for pretty good comsec and call it best that can be done but cheating happens, thank you Edward Snowden, so prepare for disaster "not if, not when, but now." Intel committees wokring hand in hand with Snowden Inc. to keep the public panicky and needful of secrecy protection of the holy grail, national security backed by WMD. In short, Tor is a confidence game, crypto is a confidence game, no better than military, espionage, publicity, entertainment, finance, law, insurance, education and religion. Oops those are the primary routes to wealth and power concentration and need for WMD protection. What, you say WMD is a confidence game? Getoutahere, that's top secret codeword core faith in secretkeeping. Without that fundamental Frankensteinian fault nobody would buy security against the Doctors of monsters working hard at most secret laboratories on earth to devise crypto for assuring WMD comms and launch threats are pretty good at persuading the public to pay the steep protection fee -- which it should be noted is laundered through IRS and NGOs, blessed by FRS and SEC. Damn 3 lettered agencies of God.

On Wed, Mar 26, 2014 at 7:23 AM, John Young wrote:

Ubiquitous use of a comsec system is a vulnerability

Which ubiquity, in the curious case of Tor/I2P, appears to be holding up reasonably well so far. That is to say, who can state a case where a weakness in those systems (documented, or not) was exploited publicly to jail someone? Tor people seem to say it's possible, and the four horsemen have been operating in these nets for many years. Yet we're not seeing any canaries dropping in public. Why? And there's mountains of lesser [computer/finance] crime, filesharing, etc on these nets, with no sign of those actors being disrupted either. Let's move to leaks, a civil/criminal matter. That's the one thing that has had perhaps even zero first person appearance on .onion/.i2p. Why not? (Discounting docs from criminal hacks above, submission portals to third party publishers, mirrors, etc.) What if the docs that say, places like Cryptome, have had to pull due to threat of legal/ToS action... were hosted and told by the leaker/collator themselves on these nets? Who will carry the future gilded staffs of Cryptome, full-disclosure, WL, etc? And more importantly, where? What if a new set of Top Secret Snowden-like docs were hosted on tor/i2p? What if they had fewer silly redactions, or more sources and methods? Or serious political/geo/nwo intrigue the likes we've not yet seen? Are these nets only suited to street crime? Is offloading through the media the only suitable/safe place for high crime and politic? If not already present on these nets (some classes noted above), and thus far apparently immune (perhaps foolishly so), then what exactly are the needed test cases that will start producing not just dead canaries, but public record of what killed them? Any musing of 'To Tor or not to Tor?' must put consensus and evidence to these sorts of questions.

On Wed, Mar 26, 2014 at 2:47 AM, rysiek wrote:

... I meant a situation in which the NSA can listen-in on any connection in the clearnet, including connections between Tor nodes.

ok. this is sounding like classic traffic analysis (on the "metadata" rather than the content, so to speak).

They *can't* break the encryption nor do they have the keys...

ok.

...*But* (esp. if most of these nodes are in the US) they *can* observe that in sequence there are packets being sent between IP1, IP2, IP3 and IP4, and that these packets get smaller at each step, in a way that is coherent with removing layers of Tor encryption.

Tor cells use padding, but this alone is not sufficient to defeat traffic analysis.

What they can get from that is information; IP1 is communicating via Tor with IP4.

So now they know whom to target with QUANTUM when they'd be using clearnet for something.

this is why i am fond of everything dark! namecoin to hidden services, no DNS, no plaintext. (not entirely defeating QUATUMTHEORY, but much of it!)

Tor encryption gets less relevant if NSA gets access to the endpoints via other means, and for that they need to know whom to target. Observing packets flying between Tor nodes can give them that info -- at least that's a suggestion somebody made elsewhere.

the anonymity set is large, but maybe that isn't sufficient. this is exactly the same argument for or against zero knowledge mixes. sure, they offer stronger protection from traffic analysis, but the anonymity set of users is tiny, making that theoretical hardness useless in practical terms.

So my question is, does that make sense? Is that a viable threat?

depending on where you stand, and what network you egress, it may make absolutely perfect sense - Tor use alone drawing scrutiny that draws conflict. from my personal experience, _not_ in places where Tor use alone is suspect, it has been a essential tool. if you're concerned about NSA/TAO/SSO then you're speaking of two broad domains of concern: 1. pervasive, passive global intercept - this is where Tor and encryption come in. you've just made it harder, and turned something global and passive ineffective, pushing activity toward: 2. tailored access - the black bag jobs, weaponized exploits, HUMINT attacks, etc. if you've pushed your adversary to these means, you've achieved a COMSEC and symbolic victory. you don't defend against #2, you just fail less quickly...[0] 0. there are exceptions. these are left an exercise for the reader :)