the tor self-parody
grarpamp
grarpamp at gmail.com
Tue Sep 19 12:11:56 PDT 2017
On Tue, Sep 19, 2017 at 2:34 AM, Mirimir <mirimir at riseup.net> wrote:
> I'm not sure how Freedom Hosting operator Eric Eoin Marques went down.
> Maybe it was the same Firefox bug and NIT malware that got many users.
> But it likely wasn't a Tor bug. I'm not aware of Tor bugs before the CMU
> clusterfuck with substantial meatspace impact.
Just as the actors below do, opsec is a learnable discipline.
There have been and can be fixable "bugs" in the code and sub
architectures and protocol bits of overlay softwares themselves,
those certainly have an impact in the overall game.
Then there are analysis and attacks all the GPA / GAA do that
can undermine probably at least some feature use case / mode
of all overlay networks in existance today. That's bad. Sybil, traffic
timing counting flow analysis, network manipulation, etc...
https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi
https://theintercept.com/snowden-sidtoday/
https://www.scribd.com/document/349261099/2016-Cert-FISC-Memo-Opin-Order-Apr-2017-4
http://www.bing.com/search?q=nsa+parallel+construction
http://www.bing.com/images/search?q=nsa+tor+stinks
Some of this is fundamental stuff, perhaps a decade of both
secret and public recent progress and thinking, that legacy
overlay / p2p network architectures generaly didn't have
squarely on their radar, at least as known production attacks,
not just plausible theory feasables, before their designs got
birthed and locked down in production.
Focusing on those leading production nets, whether trying to
rework fix maintain or attack, at least not without sound consideration
of and ability to apply current thinking to them with notable results,
may not be optimum investment.
Perhaps it is really lack of next gen architectures proposed and
in operation that can defeat those attacks (or at least target
them squarely in priority and push the cost / envelope further
out of reach) that is what "stinks".
Tor exists and is known. Others have yet to be designed, coded,
scaled up in production, presented and reviewed, kudosed and
failboated, etc. Be the [r]evolution creating tomorrow.
More information about the cypherpunks
mailing list