[private] Re: [tor-talk] http://jacobappelbaum.net/

Rayzer rayzer at riseup.net
Mon Jun 6 19:33:36 PDT 2016 

From a stupid simple persec POV Tor buys you time... to make a run for
it... or whatever.

That's the best you can ever hope for. Use the time wisely.

Revolutionaries are dead men on furlough, and so are whistle-blowers.

Rr

On 06/06/2016 05:25 PM, Steve Kinney wrote:
>
>
> On 06/06/2016 02:47 PM, juan wrote:
> > On Mon, 6 Jun 2016 18:23:17 +0000 (UTC) jim bell
> > <jdb10987 at yahoo.com> wrote:
>
>
> >>
> >> Apparently there are a number of easy-to-describe improvements
> >> which could be made to the TOR protocol, such as increasing the
> >> number of hops, generating fake extra traffic, etc, which would
> >> improve it greatly.  TOR is a net positive,
>
> > Or let's try this :
>
> > Tor is a crass example of controlled opposition. No doubt
> > controlled opposition is a net positive...for the establishment.
> > And so it must be a net negative for the opposition.
>
> Since nobody asked, here's a description of why neither TOR nor any
> other existing or presently planned anonymizing protocol I know of can
> be relied on to conceal a user's identity from the Five Eyes or any of
> several other hostile actors.  I surface this concept every year or
> so, but so far nobody seems interested in discussing it.  Maybe it's
> just too discouraging to think about.  No matter who created it or
> why, TOR and similar mix networks are at best security theater,
> relative to top tier State adversaries.
>
> Quoting myself from an earlier post:
>
> Anonymized routing protocols are designed to defeat passive
> observation and limited traffic manipulation by hostile actors.  But
> what if an effectively unlimited number of compromised routers,
> subject to realtime observation and internal manipulation, were
> available to hostile actors?  Game over, I think.
>
> About 15 years ago I used online traceroute utilities and whois
> lookups to determine (roughly) where all the high performing Mixmaster
> remailers were physically located.  Over half of them, including most
> with "exotic sounding" TLDs, were apparently in the state of Texas.
>
> Then I used my data to construct "hard to compromise" chains, routing
> Mixmaster messages through national jurisdictions not likely to have
> comprehensive data sharing between their security services, and
> started sending test messages.  None of these test messages ever made
> it back to me.
>
> So I concluded that, despite its major technical superiority to other
> anonymized networking protocols, the Mixmaster network was most likely
> compromised by passive observation (one owner for a majority of
> reliable remailers) and active intervention (traffic between
> uncontrolled remailers interrupted in transit).
>
> Owning enough of the routers in an anonymizing network to negate its
> security is largely a question of money:  How much budget to you have,
> how certain do you want to be that nobody is really anonymous?
>
> If I had to neutralize an anonymous routing network, my approach would
> be to set up a cloud server running thousands of instances of the
> router software in question, customized to facilitate monitoring by a
> hypervisor.  Each of these routers would be connected via VPN to a
> unique remote host, which would function as a transparent proxy.  The
> proxy hosts could be machines owned by "friendly" actors, rooted
> consumer grade routers, purpose built appliances, conventional Windows
> botnets or some combination of these.
>
> I have not seen this method of attack described and named; I call it a
> "hydra" attack, because one body, many heads.  I think this mode of
> attack deserves competent attention (i.e., not by me) because realtime
> observation and manipulation of any desired quantity of routers would
> provide solutions to any distributed anonymous routing protocol.
>
> The only defense I can think of is to assure that message traffic
> passes back and forth between mutually hostile national jurisdictions
> before delivery.  This would be a bit of a hairball to implement, lots
> of slippery variables and potential counter-actions by hostiles would
> have to be taken into account.  But this approach could increase the
> cost and reduce the reliability of Hydra attacks against anonymizing
> protocols.  Somewhat.  Probably not enough for "life safety" application
> s.
>
> Long story short:  If you want to be /really/ anonymous in the
> presence of hostile State sponsored actors, do not rely on a
> software-only approach:  Use physical security measures to conceal
> your identity from the physical router that connects you to the
> Internet, because most or all of the anonymizing routers your traffic
> passes through may be owned and controlled by the very people you are
> hiding from.
>
> :o/
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6179 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160606/fd3ca44a/attachment-0002.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160606/fd3ca44a/attachment-0002.sig>

More information about the cypherpunks mailing list