[cryptography] To Tor or not to Tor?

Cathal Garvey cathalgarvey at cathalgarvey.me
Thu Mar 27 03:05:15 PDT 2014 

I'm in devil's advocate territory here, because I neither trust nor
distrust Tor/i2p, feeling that we can't really be sure one way or
another. But:

> Which ubiquity, in the curious case of Tor/I2P, appears to be holding
> up reasonably well so far. That is to say, who can state a case
> where a weakness in those systems (documented, or not) was exploited
> publicly to jail someone? Tor people seem to say it's possible, and
> the four horsemen have been operating in these nets for many years.
> Yet we're not seeing any canaries dropping in public. Why?
>
> And there's mountains of lesser [computer/finance] crime, filesharing,
> etc on these nets, with no sign of those actors being disrupted
> either.

Time for me to fulfil Godwin's Law and discuss Nazis! When the UK broke
Enigma, they were able to decrypt Nazi comms with their spies on UK
mainland, and by the end of the war they had turned or neatly disposed
of the lot of them. This was so effective that by the time the V2
rockets started raining down, the UK were able to feed false info back
along the wires instructing the Nazis to aim wildly off target, and
telling them that the casualties were drastic, and the (extremely
expensive) program a wild success.

In the modern day, you have a scenario where every significant opponent
of the fascists use forms of cryptography that *may* be vulnerable to
the fascists' level of technical sophistication; we don't know, really.
But if they *can* crack Tor/i2p in limited circumstances, they sure as
hell wouldn't let anybody know; including the monkies in the "lower"
agencies who might do something as dumb as prosecuting someone on
Tor-derived evidence. They would instead use the information as the UK
did on their predecessors: to identify, neutralise or (better yet) turn
them when necessary, but until that point simply to gather more
information and find more targets.

The patience of spies can look like inability or apathy, until they have
cause to act.

On 27/03/14 07:20, grarpamp wrote:
> On Wed, Mar 26, 2014 at 7:23 AM, John Young <jya at pipeline.com> wrote:
>> Ubiquitous use of a comsec system is a vulnerability
> 
> Which ubiquity, in the curious case of Tor/I2P, appears to be holding
> up reasonably well so far. That is to say, who can state a case
> where a weakness in those systems (documented, or not) was exploited
> publicly to jail someone? Tor people seem to say it's possible, and
> the four horsemen have been operating in these nets for many years.
> Yet we're not seeing any canaries dropping in public. Why?
> 
> And there's mountains of lesser [computer/finance] crime, filesharing,
> etc on these nets, with no sign of those actors being disrupted
> either.
> 
> Let's move to leaks, a civil/criminal matter. That's the one thing
> that has had perhaps even zero first person appearance on .onion/.i2p.
> Why not? (Discounting docs from criminal hacks above, submission
> portals to third party publishers, mirrors, etc.)
> What if the docs that say, places like Cryptome, have had to pull
> due to threat of legal/ToS action... were hosted and told by the
> leaker/collator themselves on these nets?
> 
> Who will carry the future gilded staffs of Cryptome, full-disclosure,
> WL, etc? And more importantly, where?
> 
> What if a new set of Top Secret Snowden-like docs were hosted on
> tor/i2p? What if they had fewer silly redactions, or more sources
> and methods? Or serious political/geo/nwo intrigue the likes we've
> not yet seen?
> 
> Are these nets only suited to street crime? Is offloading through
> the media the only suitable/safe place for high crime and politic?
> 
> If not already present on these nets (some classes noted above),
> and thus far apparently immune (perhaps foolishly so), then what
> exactly are the needed test cases that will start producing not
> just dead canaries, but public record of what killed them?
> 
> Any musing of 'To Tor or not to Tor?' must put consensus and evidence
> to these sorts of questions.
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +3538763663185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140327/e081a1e2/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140327/e081a1e2/attachment-0002.sig>

More information about the cypherpunks mailing list