Once again: Tor timing attacks and a Tor confession

Mon Feb 29 05:13:30 PST 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/29/2016 06:38 AM, Georgi Guninski wrote:

> Is it theoretically possible at all to make low latency
> anonymity of sufficiently decent quality?
> 
> "sufficiently decent" is not well defined i agree.

Bingo.  How fast do you want web pages to load, vs. how much do
you want it to cost to de-anonymize your traffic?

In the case of TOR, it has long appeared to me that its leading
design objectives include competing on the speed front with
unprotected networking and VPN services.  The benefits of this
competition include a larger user base = larger anonymity set.
The drawbacks include "the government that pays for TOR also has
the capability to defeat TOR."

Last time I checked, the TOR Browser ships with NoScript turned
off by default, leaving it unprotected against a large family of
side channel attacks.  This choice also looks like a convenience
for technologically naive end users, again degrading the core
security mission for the sake of a larger user base.  In this case
we do know that hostile State actors have used the deficiency to
unmask users, via a honey pot attack exploiting javascript to
phone home and report the users' IP addresses.

Leaving fill traffic on the "to do list" forever, pending the
disappearance of vocal advocates who claim that cover traffic is
not practicable - either "impossible!" or due to a perceived
head-to-head performance contest with unprotected networking -
completes the picture of a State sponsored cryptographic tool
breakable by the State that funds it (but nobody else so far).

> Replace "sufficiently decent" by "perfect", or define it to be
> "provably intractable" and do not assume hardness not proved
> unconditionally, like P != NP.

I personally consider TOR sufficiently decent to positively lock
out routine commercial surveillance of end users.  Sufficiently
decent to provide reliable protection against NSA assets when
combined with physical OpSec, i.e. covertly using open WiFi
routers and single use disposable computers for brief one-off
sessions.  Sufficiently valuable as an NSA collection asset to
discourage routine harassment or prosecution of TOR users for
petty offenses, which would reveal to more "valuable" targets that
TOR does not protect them.

So far we are only talking about passive attacks by an actor who
can observe both ends of most TOR network connections.  More
costly active attacks could defeat /any/ anonymizing network
protocol based on onion or garlic routing protocols.  So whether
or not to "fix" TOR at the cost of alienating the bulk of its user
base due to performance issues might merit some debate.

My preferred solution:  Defund the the agencies that can and
almost certainly do defeat all current network anonymity
protocols.  My program for accomplishing this objective:  Wait.
They are hell bend on self destruction and Nature will provide.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJW1EP3AAoJEDZ0Gg87KR0LpIIP/3wB/+9xc01hLSi6nyzxzARH
tz3YlyimkNyK79z7fu1uh6ZoHu72i23Ll7z5UUNKHpqcMhJVE8+PqvdESjLCcPOj
ZLh1vwVv1+D/HRh5293i1kyIgDqwurzKxBvcJjYdjOzBPC9iCl9GpMtByVAdtn1D
z4XF6t6dcj+2MUr9zN8W2hQY8dvIircahMQwL3LlItLQJeOTN0AKH0M4YGcDC9M+
QENwQwLK3V5gRcrv0cHu8IsciO2HU8vm/tuCjyxVLxQfwhN+SAVjai08gDJ2OKp7
8Lscq9TPqlJ2e2vMX9e4aFYIWGWscJ9qPUI2DbSemRFSBC8o7VTYEQK6/1JCCcsQ
xxA3AklszTIhpeLnCjOaGuXjki6RumPq2YGb8I0hc9bY5/J6eTrXEIXzaTNhTSLp
Nn8qVyV9Bbk9BkneNEbWo2XBW54mthypwMeS0NSvbFKpY4JFGHVpeHrAvPHTiAYJ
ej0y+VlaFMhF76esR0XNEKYEAE2S1C+KWnhE7ZJ4SKI7/8eEzqNMt4nX+MrTtZVq
XUZ6eVvysH3/ck/zV6sG1i2EvFd7KeSm9SklYScjHp3HbQAHqhS0qdtmR3HZdYb3
e8KmtTLLWQ+IRHcpuBSxr7zrV8o6+SSDJOCosK0ErV/CPsjIesOjPg35Gt9WG4vG
5G/U1XG3xCNqDbaKkygT
=6qF2
-----END PGP SIGNATURE-----