Summary of where we are right now

[Tom Ritter]

> So they figured it was easier
> to just get suckers to use some form of encryption (including and specifically
> TOR) to send the red flag that someone wanted to hide something, so "look over
> here!".

I don't agree that the NRL funded Tor for this purpose, but I do agree
that our tools today (Tor, mixmaster/mixminion, PGP mail, RedPhone,
TextSecure, OTR, etc) are easily distinguishable in traffic streams,
and that this is a problem.  Just as Riseup collects a bunch of people
who care a lot about privacy onto one mailserver - people using these
tools are likely to be interesting.

Skype, Facebook, Gmail - for all their problems, they are ubiquitous,
and don't draw attention.

> 3. But we are going to win. Yeah, we're gonna win. Why? Because we want to.
> It's not enough to encrypt: The type and context of encryption had to be
> hidden as well. Kind of the network version of Rubberhose. But these young
> kids who grew up not watching TV because it didn't interact with them, it's
> they who will create a stego virus to propagate fake stego everywhere on
> Facebook or whatever. It's them who are going to create TOR services that
> operate ubiquitously behind the scenes, so that most users dob't even know
> they are using it. Hiding the form of encryption will itself be the final
> frontier as crypto becomes ubiquitous.


A friend I talked with recently told me he thought it was easy to set
up an anonymity system that worked great for you and your friends, and
near impossible to build one that worked well for everyone else.  Once
it got popular or you became a target of investigation, people would
put the effort into detecting it.  Otherwise, it would continue along,
looking like another TLS/SSH/Skype/whatever that just a little bit
odd...  Tor faces this problem immensely.

I don't see us as having won, I see us as now knowing how to fight.

We know the devices they will use to easily detect our traffic, and in
most cases we can get access to them.  We must make our protocols
indistinguishable on the wire. We know the ubiquitous services and
protocols that we must work within or disguise ourselves as.

We know (some of? most of?) the statistical attacks adversaries of the
future can conduct - we must make them as difficult and expensive as
possible for them to achieve.

We know how woefully inadequate the user interfaces and requirements
of the first generation of tools were, and we know where we must go:
to browsers, smartphones, tablets, and consumer operating systems.

We have a much better idea of how normal people will react to our
tools, and thus how much effort we must make to make them usable, and
push for ubiquity.

We know what requirements are unreasonable of us to make upon people,
and that we must design systems where those requirements are worked
around, dulled, or the single 'sharp edge' of the system.

-tom