Building a new Tor that can resist next-generation state surveillance

[grarpamp]

> it's healthy that at least that everyone is aware tor has these weaknesses

"overlays" means any given overlay, or all of them, not exclusively tor.

> are the developers actually engaged in new ideas to address #1 and #2

The overlays with large user bases in production use today all
originated from earlier schools of thought... formed well before
Snowden publicly proved the threats above once and for all. This doesn't
mean schools are invalid or did not have such adversaries well in mind.

Simply that today, the design whitepapers of any overlay network
(certainly any new networks) will be expected to devote pages to
any ability they might have to nullify those threats. In other words,
people will be actively looking for those abilities as features now.

> Generally speaking, higher speed and capacity
> equates to lower security.  High bandwidth, low latency connected
> protocols present the worst case scenario; low bandwidth, high latency
> unconnected protocols present the best case scenario.

While generally a historical summary, this isn't necessarily true.

It seems possible to build a LL+HB overlay that will defeat GPA's
from observing who is talking to who when. Just babble all the time
while idle and yield when some other traffic is talking through you.

GAA's are a totally different bitch and contain many different
possible threats under one acronym. The historical summary
probably carries more weight against these types.

It's hard to obtain HB or LL over a LB or HL network
(unless parallelizing the LB), while LB or HL over a
HB or LL network could be interesting.

> NNTP

... does a pretty poor job of hiding the original poster's
injection event before it's had a chance to cascade
far enough through the network.

All depends on your needs.