----- Forwarded message from Roger Dingledine <arma@mit.edu> ----- Date: Wed, 7 Aug 2013 03:05:35 -0400 From: Roger Dingledine <arma@mit.edu> To: liberationtech <liberationtech@mailman.stanford.edu> Subject: Re: [liberationtech] Anonymity Smackdown: NSA vs. Tor User-Agent: Mutt/1.5.20 (2009-06-14) Reply-To: liberationtech <liberationtech@lists.stanford.edu> On Tue, Aug 06, 2013 at 10:43:39PM -0500, Kyle Maxwell wrote:

The key, obviously, is the primary assertion that the NSA runs "lots" of Tor nodes. I've seen this assertion before, and while it's certainly a reasonable assumption, I don't know if anybody outside the NSA actually has hard evidence for that.

I remember having this discussion with Bruce Schneier long ago, when he was about to add the phrase "of *course* NSA runs Tor relays" to a blog post. Consider two scenarios. In scenario one, NSA doesn't run any Tor relays, but they have done deals with AT&T and other networks to be able to passively monitor those networks -- including the (honest, well-intentioned) Tor relays that run on those networks. They're able to monitor some fraction of the Tor network capacity -- whether that's 1% or 10% or 30% is a fine question, and depends on both Internet topology and also what deals they've done. In scenario two, they do that plus also run some relays. They have to deal with all the red tape of deploying and operating real-world things on the Internet, and the risk that they'll do it wrong, somebody will notice, etc. And the benefit is maybe a few percent increase in what they can watch. Why would they choose scenario two? Scenario one seems like it would be working out pretty well for them. And if it's not, their resources would be better spent fixing that, since it leads to better surveillance of everything else they care about too. See https://lists.torproject.org/pipermail/tor-talk/2013-July/028851.html for a related discussion. Oh, and this argument should also lead you to ask "ok, but what about <smaller country that hasn't yet been reported to have a huge Internet surveillance program>? Shouldn't they run relays?" Maybe they should. Maybe we should hope they all do, which could make the network more diverse assuming they don't share well with each other.

Assuming that assertion holds, the architectural criticisms start to matter more: 3 hops, 1024 bit RSA keys, etc.

Somebody should tell Robert about the recent (Tor 0.2.4.x) shift to much stronger circuit handshakes and link encryption: https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... And for the "Multiple apps share the same underlying Tor egress" concern, he should learn about the stream isolation features added in Tor 0.2.3.x: https://gitweb.torproject.org/tor.git/blob/refs/tags/tor-0.2.4.15-rc:/Change... All of this said, I don't want anybody to conclude that Tor is perfect. Many of the attacks from my 25c3 "security and anonymity vulnerabilities in Tor" talk remain hard research questions: https://media.torproject.org/video/ --Roger -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5