To Tor or not to Tor?
rysiek at hackerspace.pl
Thu Mar 27 03:02:34 PDT 2014
Dnia środa, 26 marca 2014 17:01:45 coderman pisze:
> On Wed, Mar 26, 2014 at 2:47 AM, rysiek <rysiek at hackerspace.pl> wrote:
> > ...
> > I meant a situation in which the NSA can listen-in on any connection in
> > the
> > clearnet, including connections between Tor nodes.
> ok. this is sounding like classic traffic analysis (on the "metadata"
> rather than the content, so to speak).
> > They *can't* break the
> > encryption nor do they have the keys...
> > ...*But* (esp. if most of these nodes are in the US) they *can* observe
> > that in sequence there are packets being sent between IP1, IP2, IP3 and
> > IP4, and that these packets get smaller at each step, in a way that is
> > coherent with removing layers of Tor encryption.
> Tor cells use padding, but this alone is not sufficient to defeat
> traffic analysis.
> > What they can get from that is information; IP1 is communicating via Tor
> > with IP4.
> > So now they know whom to target with QUANTUM when they'd be using clearnet
> > for something.
> this is why i am fond of everything dark!
> namecoin to hidden services,
> no DNS, no plaintext.
> (not entirely defeating QUATUMTHEORY, but much of it!)
> > Tor encryption gets less relevant if NSA gets access to the endpoints via
> > other means, and for that they need to know whom to target. Observing
> > packets flying between Tor nodes can give them that info -- at least
> > that's a suggestion somebody made elsewhere.
> the anonymity set is large, but maybe that isn't sufficient.
> this is exactly the same argument for or against zero knowledge mixes.
> sure, they offer stronger protection from traffic analysis, but the
> anonymity set of users is tiny, making that theoretical hardness
> useless in practical terms.
> > So my question is, does that make sense? Is that a viable threat?
> depending on where you stand, and what network you egress, it may make
> absolutely perfect sense - Tor use alone drawing scrutiny that draws
> from my personal experience, _not_ in places where Tor use alone is
> suspect, it has been a essential tool.
> if you're concerned about NSA/TAO/SSO then you're speaking of two
> broad domains of concern:
> 1. pervasive, passive global intercept - this is where Tor and
> encryption come in. you've just made it harder, and turned something
> global and passive ineffective, pushing activity toward:
> 2. tailored access - the black bag jobs, weaponized exploits, HUMINT
> attacks, etc. if you've pushed your adversary to these means, you've
> achieved a COMSEC and symbolic victory.
> you don't defend against #2, you just fail less quickly...
Thanks, that's more or less what I came up with, and needed a reality check.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: This is a digitally signed message part.
More information about the cypherpunks