[private] Re: [tor-talk] http://jacobappelbaum.net/

Steve Kinney admin at pilobilus.net
Mon Jun 6 10:00:06 PDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 06/06/2016 08:18 AM, Александр wrote:
> Unambiguous and comprehensive response from Jacob Appelbaum himself
> to all this dirty slander toward him! If this kind of response
> "does not enough" for you, people, - just go fuck yourself.
> 
> http://www.twitlonger.com/show/n_1soorlp
> 
> Jacob Appelbaum · @ioerror 6th Jun 2016 from TwitLonger Berlin,
> June 6, 2016

Anyone who is visible on the Internet for any substantial length of
time will attract both admirers, wannabe rivals and self appointed
"watchdogs" regardless of anything said or done in real life.  Widely
broadcast accusations backed by no verifiable independent sources only
indicate that someone, somewhere is pissed off.

To the people who "know" that TOR is a complete sham designed to
compromise unwary users, Appelbaum ranks with Hitler, Stalin and
Attila the Hun.  To those who "know" that TOR is the bestest weapon in
the whole Freedom Fighter arsenal, he is the noblest of heroes.  Both
views are dead wrong.  Whether TOR is harmful or helpful depends
entirely on how well its users understand both what it does, and what
their potential adversaries can do about it.

Since the Five Eyes & aligned regimes can easily afford to literally
own and monitor a majority of nodes in any distributed anonymous
routing network (ask me about the Hydra protocol), neither TOR nor any
other planned or proposed anonymizing network provides more than fig
leaf security against that particular cluster of adversaries.  The
same goes for BRICS aligned adversaries.  But even against this
category of attack, TOR may be a useful component in a physical
security protocol for hit-and-run network access.  Against less
capable surveillance actors, TOR is "good enough" unless the operating
system it runs on has itself been compromised.

The largest proven security hazard with TOR is that end users will
disclose their identity in the content of cleartext at an exit node,
either literally or by engaging in stereotyped behavior matching a
profile developed from open public sources, i.e. textual analysis
attacks.  No "airtight" security protocol has ever survived contact
with end users.

:o)








-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXVawWAAoJEECU6c5Xzmuqnd4H/06n6JWk1NDv8k7+snwAFNYH
8EJed9XNVPe3PSVX1gKX2WIE72tV+LjKzPciY01ld4ze01XAUIhu2Kw5+NsqAnI7
at1AegXZRo73cHO6Ys3YfIQohQMZqfnKDnq2oaBWnkddGd/Ar9PtcneKbXDtLX2A
39+DYCJCB+4OSA+TTpTaZTILHop9N1PAxp7fXNi0KK2QPxKW9ICfNl17wi1TuuSu
vmDV5ONiBtheNRiMhwkrwFUNHrz9wvBZnZ6aaz5Zf2IvWT6QvFvUMylQgtxgzBL+
rgBxMD8ASCE79Ka+KEYq+Xw8uBkOf5uJE+L0yEuQUxm/xZmNQXDk+uaiu9VGV8U=
=omZK
-----END PGP SIGNATURE-----



More information about the cypherpunks mailing list