[tor-dev] Effect of padding on end to end correlation false positive rate

Mirimir mirimir at riseup.net
Wed Oct 21 00:37:54 PDT 2015 

On 10/21/2015 12:09 AM, Juan wrote:
> On Tue, 20 Oct 2015 19:55:02 -0600
> Mirimir <mirimir at riseup.net> wrote:

<SNIP>

>>>> On the other hand, you do come off as a sock ;)
>>>
>>> 	Go figure. And I counted you as an ally of sorts. So tell
>>> 	me, whose 'sock'? 
>>
>> I do consider you an ally, of a sort. And your perspective is
>> valuable. But your unremitting nihilism has been getting to me. And
>> it smells like sock to me.
> 
> 
> 	Oh, I'm pretty nihilistic about anything good ever coming from
> 	the US government, both from the 'public' part of it and from
> 	the 'private' part like facebook, intel or any other american
> 	firm. Granted, the rest of the 'free world' is hardly better. 
> 
> 	I used to have a more 'mainstream' and bening view of the US
> 	'private' sector. But I know better now.
> 
> 	But I'm not nihilitic about everything...yet =P

Me neither. Sometimes, though ...

>> In particular, I also have concerns and reservations about Tor. It's
>> true that the US military funded its development.
> 
> 	I think the proper verb tense is present.

True.

>> And it's true that
>> they probably still use it.
> 	
> 	that they use it is clearly stated in torproject.org 
> 
> 	"who uses tor : military and law enforcement"

Well, that's what the website says. I have no way to verify that ;)

>> But maybe think of it this way: we have military-grade anonymity. 
> 
> 	You have 'military grade' anonimity depending on who's your
> 	adversary (to use their military jargon)

True.

> 	If your adversary just happens to be the military who created
> 	tor you only have problems. 

Tor is open-source, and collaborative. Arguably, anyone with requisite
skills and resources can subvert it. But it is true that the Five Eyes
have the best resources for traffic analysis.

> 	And frankly, do you think the US military would shoot
> 	themselves in the foot by creating something that 'aids'
> 	'terrorists' and that they can't subvert? There's no reason for
> 	them to do that so it's safe to conclude that they didn't do it.

It's hard to say. Only idiots use tools with backdoors.

>> And
>> in any case, as far as I know, it's the best anonymity tool we've got.
>>
> 
> 	Tool for what? If, for instance, you want to publish documents,
> 	isn't freenet a better alternative? 

I don't believe that either Freenet or I2P are large enough to provide
strong anonymity. And both (along with most P2P systems) require that
nodes be discoverable. That complicates using them with VPNs and Tor.

It might be possible to run Freenet nodes as onion services. That works
well enough for Tahoe-LAFS. I've been meaning to test that. Also IPFS.

> 	Freenet is truly p2p (unlike tor), the storage is
> 	decentralized (unlike tor) and the developers don't get
> 	millions of dollars from the pentagon (as far as I know). 

Well, adversaries can use malicious P2P nodes. It's true that Freenet is
about the same size as Tor (http://www.asksteved.com/stats/ vs
https://metrics.torproject.org/networksize.html). But with Tor, what's
relevant is the number of possible circuits. With ~1700 entry guards,
~1000 exit relays and ~2300 non-entry/non-exit relays, about four
billion distinct circuits are possible.

> 	Now, I wouldn't actually recomend freenet because I haven't
> 	done much homework regarding it, but at least it deserves a 
> 	mention I think. 

Yes, it does. But neither it nor I2P provide anonymous access to the
general Internet.

More information about the cypherpunks mailing list