IBM says Block Tor

odinn odinn.cyberguerrilla at
Wed Aug 26 22:48:01 PDT 2015

Hash: SHA1

I can understand a cautionary approach to Tor at a time when attacks
are evident - see some of my past humming and hawing about this sort
of subject (where I am posting as ABISprotocol) in an OB thread here:
But in the end despite the (vulnerabilities relating to Tor / I2P use)
at that time I didn't conclude people should stop using it, just that
they should be careful about it and be aware of the limitations of the

This particular e-mail ('IBM Advises Businesses To Block Tor') caught
my eye and seemed rather odd, because in the not-so-distant past, IBM
and Microsoft were actually studying (and even promoting) certain
types of anonymity solutions. To wit:

Direct Anonymous Attestation
"As...profiling is privacy invasive, we have proposed a way to use
direct anonymous attestation such that the detection of rogue TPMs and
actually granting/requesting the access are performed in two different
unlinkable transactions..."
(Gee, IBM, isn't that, like, the evil anonymity stuff?)

Idemix / Identity Mixer

These above two links were mentioned / highlighted last year by
Microsoft staff at the W3C 'Web Cryptography Next Steps' event which I
attended and had a position paper accepted at:

While I've never trusted Microsoft Windows (much) - having left that
platform long ago for the comfort of Linux - it does seem rather odd
that they would state (as they did in their recent article) that
"Corporate networks really have little choice but to block
communications to these stealthy networks."  You have to wonder who is
the desperate fail person who authored that conclusion to their recent

- - O


On 08/26/2015 03:51 PM, grarpamp wrote:
>  IBM Advises Businesses To Block Tor
> With Tor-based attacks on the rise, IBM says it's time to stop Tor
> in the enterprise.
> New data from IBM's X-Force research team shows steady increase in
> SQL injection and distributed denial-of-service attacks as well as 
> vulnerability reconnaissance activity via the Tor anonymizing
> service.

- -- ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
Version: GnuPG v1


More information about the cypherpunks mailing list