[tor-talk] Network diversity [was: Should I warn against Tor?]
Eugen Leitl
eugen at leitl.org
Sat Jul 20 07:17:40 PDT 2013
----- Forwarded message from Gregory Maxwell <gmaxwell at gmail.com> -----
Date: Fri, 19 Jul 2013 13:42:03 -0700
From: Gregory Maxwell <gmaxwell at gmail.com>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
Reply-To: tor-talk at lists.torproject.org
On Fri, Jul 19, 2013 at 9:45 AM, adrelanos <adrelanos at riseup.net> wrote:
> Seems like high latency mix networks failed already in practice. [1]
>
> Can't we somehow get confidence even against a global active adversary
> for low latency networks? Someone start a founding campaign?
So have low latency ones, some things fail. Today you'd answer that
concern by running your high latency mix network over tor (or
integrated into tor) and so it cannot be worse. Answering the "you
need users first, and low latency networks are easier to get users
for" concern.
The point there remains that if you're assuming a (near) global
adversary doing timing attacks you cannot resist them effectively
using a low latency network. Once you've taken that as your threat
model you can wax all you want about how low latency mix networks get
more users and so on.. it's irrelevant because they're really not
secure against that threat model. (Not that high latency ones are
automatically secure either— but they have a fighting chance)
On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger
<tortalk at informationelle-selbstbestimmung-im-internet.de> wrote:
>> but going much further than that may well decrease your security.
>
> How, actually? I’m aware that what I’m doing is a departure from
> network diversity to obtain anonymity. I’m excluding what I
> consider unsafe based on my current understanding. It might be that
> in the end I’ll be unable to find anything that does not look unsafe
> to me. I don’t know what then.
Because you're lowering the entropy of the nodes you are selecting
maybe all the hosts themselves are simply NSA operated, or if not now,
they be a smaller target to compromise. Maybe it actually turns out
that they all use a metro fiber provider in munich which is owned by
an NSA shell company.
In Germany this may not be much of a risk. But if your logic is
applied to someplace that is less of a hotbed of Tor usage it wouldn't
be too shocking if all the nodes there were run by some foreign
intelligence agency.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list