Wikileaks is the Endgame

Mirimir mirimir at riseup.net
Sun Jun 26 23:33:01 PDT 2016 

On 06/26/2016 11:32 PM, juan wrote:
> On Sun, 26 Jun 2016 22:14:03 -0600
> Mirimir <mirimir at riseup.net> wrote:
> 
>>
>> Yes, VPNs will provide as much privacy as Tor does for purely local
>> adversaries. But if your adversary can get logs from the VPN server,
>> or the hosting provider, you're screwed. 
> 
> 	Yes. But how easy it is for your or my local government to get
> 	logs from an ISP in a different country? There isn't a single
> 	answer, but I suspect in general it's not that easy. So unless
> 	we are a relatively serious 'criminal' 'threat', we should be
> 	safe, I'd think.

Yes, it's not so easy. And even with help from their national
government, it would take a while. And even VPNs that log can't retain
logs forever, so you might get lucky.

> 	And if the aim is to avoid surveillance from one's local ISP,
> 	then the bar is low since ISPs don't have police powers...yet.

True. But ISPs normally aren't a treat. It's who's pushing their
buttons. Whether it's the MPAA or Los Zetas.

>> With Tor, such adversaries
>> would need to get logs from at least two of the three relays in
>> circuits. And circuits change frequently, so that means lots of
>> relays.
> 	
> 	True. So it would seem as if tor would be effective against
> 	adversaries in some particular cases...
> 
> 	But the fact remains. Against 'small' adversaries tor isn't
> 	needed and against big adversaries tor doesn't work...

Yes. But there are many mid-size adversaries. And you could also say
that Tor works against all but the global adversaries. Plus clever ones
that can exploit bugs.

>> And sure, you can nest VPNs. So a nested chain of three VPNs arguably
>> does as much as a Tor circuit. But it's static. Or at least, I haven't
>> figured out how to automate switching. And there's also the matter of
>> paying for a bunch of VPNs.
> 
> 	Yes, cost would be a problem. But it's not that tor is free
> 	either. Somebody else is paying the bill.

True. But not me.

> 	On the other hand, tor is a subsidized state project. Like any
> 	 state project the quality is limited AND it drives off
> 	 'private' investment and development. 

I have no clue what percentage of Tor code has been funded by the US
government. There are lots of volunteers, after all.

But I agree that Tor has rather dominated the space for "anonymity
systems". Every few years, I see a paper about something new, but they
never seem to go anywhere. So yes, there is a problem. But I don't think
that state subsidy is directly at fault.

>> Anyway, I hedge my bets by accessing Tor through nested VPNs.
>>
>>>> What do you use for privacy and/or "anonymity"?
>>>
>>> 	Nothing. I'd play with freenet but I don't want to install
>>> 	java, so...
>>
>> Right. I2P also runs on Java.
> 
> 	I think there's a C++ implementation now as well.

Interesting. But I still don't like I2P, because decent performance
depends on being a relay, with a public IP address and open port. One
can do it with VPNs and port forwarding. But still.

>>>> Why do you use the Internet? It's arguably just as pwned as Tor is.
>>>
>>> 	Except that when I use the internet I'm not tring to hide
>>> 	anything. 
>>
>> Well, that's cool, if it works for you. Doesn't work for me, however.
> 
> 
> 	Just in case, please don't think that I subscribe to the "I've
> 	nothing to hide" bullshit or something like that. I'd love to
> 	use a really robust darknet. But since I don't think the current
> 	darknets are to be trusted I'm doing without them, at least for
> 	the time being...

I get that. And I suspect that you're in a friendlier environment.

>>> 	And no lying piece of shit advertised the  internet as
>>> 	having anything to do with :
>>>
>>> 	"Anonymity Online."
>>>
>>> 	Or that the internet lets you  : 
>>>
>>> 	"Protect your privacy. Defend yourself
>>> 	against network surveillance and traffic analysis." 
>>
>> You have a point. But far too many people do seem to believe that
>> they're anonymous on the Internet.
> 
> 	They are, if they use tor! OK, bad joke on my part.

Many Tor users have been screwed by thinking that they were "anonymous".
But still, many more would have been screwed if they had done whatever
they were doing without any protection. Maybe some of them, such as the
ones pwned by CMU, would have been better off using VPNs. That's rather
ironic, considering how much abuse Tor supporters have heaped on VPNs.
But overall, I think that Tor has done much good.

More information about the cypherpunks mailing list