[tor-dev] Effect of padding on end to end correlation false positive rate

Mirimir mirimir at riseup.net
Fri Oct 23 02:24:03 PDT 2015


On 10/22/2015 01:46 PM, Juan wrote:
> On Wed, 21 Oct 2015 01:37:54 -0600
> Mirimir <mirimir at riseup.net> wrote:
> 
>> On 10/21/2015 12:09 AM, Juan wrote:
> 
>> Tor is open-source, and collaborative. Arguably, anyone with requisite
>> skills and resources can subvert it. But it is true that the Five Eyes
>> have the best resources for traffic analysis.
> 
> 
> 	That's the thing. So maybe 'subvert' wasn't the best choice of
> 	word here, but the idea is that if you take into account
> 	anglo-american surveillance, then tor doesn't perform as
> 	advertised. 

The Tor Project doesn't claim that Tor protects against targeted attack
by global adversaries. I could go on at length. But instead, please see
<https://www.ivpn.net/privacy-guides/adversaries-and-anonymity-systems-the-basics>.

> 	Using passive analysis they can undermine the tor
> 	network without actually 'subverting' a single coma in the code.
> 
> 	(plus, they prolly can make analysis more efficient by
> 	tampering with traffic, again without touching the code)

I don't doubt that.

>>> 	And frankly, do you think the US military would shoot
>>> 	themselves in the foot by creating something that 'aids'
>>> 	'terrorists' and that they can't subvert? There's no reason
>>> for them to do that so it's safe to conclude that they didn't do it.
>>
>> It's hard to say. Only idiots use tools with backdoors.
> 
> 
> 	That really depends on the nature of the backdoor. It's
> 	certainly risky to backdoor something, but it's less risky if
> 	the people who create the backdoor (say the nsa) are the same
> 	and only people who have the resources to access it. And the
> 	'backdoor' may be simply a less-than-ideal system...like tor.

It's possible.

>>> 	Freenet is truly p2p (unlike tor), the storage is
>>> 	decentralized (unlike tor) and the developers don't get
>>> 	millions of dollars from the pentagon (as far as I know). 
>>
>> Well, adversaries can use malicious P2P nodes. It's true that Freenet
>> is about the same size as Tor (http://www.asksteved.com/stats/ vs
>> https://metrics.torproject.org/networksize.html). But with Tor, what's
>> relevant is the number of possible circuits. With ~1700 entry guards,
>> ~1000 exit relays and ~2300 non-entry/non-exit relays, about four
>> billion distinct circuits are possible.
> 
> 	But faster relays are used more frequently no?
> 
> 	Anyway, my point was that as far as publishing documents go
> 	freenet looks like a a better and more serious design than tor. 

Maybe, but different goals. Me, I like Dissent. See Feigenbaum and Ford
(2015) Seeking Anonymity in an Internet Panopticon. Communications of
the ACM 58:10, 58-69. Preprint at <http://arxiv.org/abs/1312.5307>.

<SNIP>




More information about the cypherpunks mailing list