To Tor or not to Tor?

rysiek rysiek at hackerspace.pl
Thu Mar 27 03:02:34 PDT 2014 

Dnia środa, 26 marca 2014 17:01:45 coderman pisze:
> On Wed, Mar 26, 2014 at 2:47 AM, rysiek <rysiek at hackerspace.pl> wrote:
> > ...
> > I meant a situation in which the NSA can listen-in on any connection in
> > the
> > clearnet, including connections between Tor nodes.
> 
> ok. this is sounding like classic traffic analysis (on the "metadata"
> rather than the content, so to speak).
> 
> > They *can't* break the
> > encryption nor do they have the keys...
> 
> ok.
> 
> > ...*But* (esp. if most of these nodes are in the US) they *can* observe
> > that in sequence there are packets being sent between IP1, IP2, IP3 and
> > IP4, and that these packets get smaller at each step, in a way that is
> > coherent with removing layers of Tor encryption.
> 
> Tor cells use padding, but this alone is not sufficient to defeat
> traffic analysis.
> 
> > What they can get from that is information; IP1 is communicating via Tor
> > with IP4.
> > 
> > So now they know whom to target with QUANTUM when they'd be using clearnet
> > for something.
> 
> this is why i am fond of everything dark!
> namecoin to hidden services,
>   no DNS, no plaintext.
> 
> (not entirely defeating QUATUMTHEORY, but much of it!)
> 
> > Tor encryption gets less relevant if NSA gets access to the endpoints via
> > other means, and for that they need to know whom to target. Observing
> > packets flying between Tor nodes can give them that info -- at least
> > that's a suggestion somebody made elsewhere.
> 
> the anonymity set is large, but maybe that isn't sufficient.
> 
> this is exactly the same argument for or against zero knowledge mixes.
> sure, they offer stronger protection from traffic analysis, but the
> anonymity set of users is tiny, making that theoretical hardness
> useless in practical terms.
> 
> > So my question is, does that make sense? Is that a viable threat?
> 
> depending on where you stand, and what network you egress, it may make
> absolutely perfect sense - Tor use alone drawing scrutiny that draws
> conflict.
> 
> from my personal experience, _not_ in places where Tor use alone is
> suspect, it has been a essential tool.
> 
> 
> if you're concerned about NSA/TAO/SSO then you're speaking of two
> broad domains of concern:
> 
> 1. pervasive, passive global intercept - this is where Tor and
> encryption come in.  you've just made it harder, and turned something
> global and passive ineffective, pushing activity toward:
> 
> 2. tailored access - the black bag jobs, weaponized exploits, HUMINT
> attacks, etc.  if you've pushed your adversary to these means, you've
> achieved a COMSEC and symbolic victory.
> 
> you don't defend against #2, you just fail less quickly...

Thanks, that's more or less what I came up with, and needed a reality check.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140327/1f67fcfa/attachment-0001.sig>

More information about the cypherpunks mailing list