[tor-talk] FBI cracked Tor security
mirimir at riseup.net
Tue Jul 19 03:38:13 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
On 07/19/2016 04:18 AM, Jon Tullett wrote:
> On 19 July 2016 at 12:01, Mirimir <mirimir at riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>>> On 19 July 2016 at 08:31, Mirimir <mirimir at riseup.net> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>>>>> On 18 July 2016 at 16:17, Mirimir <mirimir at riseup.net>
>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>> A few years ago, I wrote
Have you updated it to account for subverted VPN providers?
>>>>> Advising people to use VPNs which may have been subject to
>>>>> national security letters is arguably bad.
>>>> Which VPNs have received NSLs?
>>> I take it that's a no, then?
>> I account for it by distributing trust, just as Tor does.
> But your guide does not. It doesn't even mention them. Why are you
> concealing the truth from users?!?11
This gets at the trust issue:
| Using VPN services obscures online activity from local observers,
| and it also obscures location and identity from remote observers
| on the Internet. However, users are entirely vulnerable to
| betrayal by the VPN provider. With a second VPN service tunneled
| through the first, trust has been distributed, in that compromise
| would require collusion between the two providers.
That comes pretty close, I think. NSLs are really irrelevant in risk
assessment. Because NSL or not, you have no way to know who you can
trust. So you can't trust anyone.
> The point I'm trying to make is that you can't cover every base.
> Too often, attempts to do so just end up with unusable rambling
> essays on security which no one will read and which still fail to
> cover a lot of ground. You're accusing Tor of something that you
> yourself can't avoid. That's not a criticism - just a reflection of
Say what you will, this is misleading:
| Tor prevents people from learning your location or browsing habits.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cypherpunks