Tor Stinks re Traffic Analysis and Sybil (as do other networks)
grarpamp
grarpamp at gmail.com
Sat Nov 23 00:21:08 PST 2019
> recommend utilizing Tor to combat government surveillance
If users adversaries operate under whichever governments
classification levels such as TOP SECRET FVEY, and especially
if the users are doing something that such govts would take
personal affront to, such users need to do some serious thinking.
> low-latency
This phrase is misused by many as if it were some kind
of litmus test for determining TA resistance... it is not.
It's likely possible to create a LL network that traffic analysis
cannot penetrate even with every single link tapped.
Latency, purely by itself, does not define whether
or not a network is secure against traffic analysis.
Latency (whatever level therein) really refers to
the useability different categories of apps would
have at such level... the user experience.
> "All ... systems as currently designed and deployed are essentially
> broken against The Man"
Surely generally true by now. Tor's nearly 25 year old design
since inception is nothing more than a bunch of free proxies
that users chain through (same as VPN's). Perhaps a
bit better than VPN by maybe weighting traffic towards busy,
plus an assortment of other things, and some more worse than
VPN due to obvious simplicity of infesting the network with a
nasty case of Sybil to the tune of 100+ nodes a month in
some months. Luckily the dumb ones are caught, but it's
not those that users should worry about.
Like VPN, Tor is good at giving users a different IP that the everyday
world of civilian / commercial endpoints has a hard time tracing.
But hardly so good at resisting what Govt's and GigaCorps
can now analyze and attack. Even independant smalltime
researchers are confirming TA and Sybil methods against
Tor and many other overlay networks.
As to the *PA's listed before, they've had the thought,
vantage, access, coordination, tech, money, etc
to TA, and certainly to Sybil, just about any overlay
network since about the time such networks came
into being. 1995 2000 2005 and if by 2010 and Snowden
people weren't assessing that capability exists, even
based only on opensource research, well pity the fool.
TA, Sybil, *PA's, GT-1's etc are no longer just some sidebar
caveats in highbrow whitepapers to be dismissed and buried.
There needs to be new networks deployed that take
those as their top design considerations over all others.
> https://www.schneier.com/blog/
Schneier seems much more a friend of govcorp (ie Counterpane),
and a generic blogwonk, than any sort of genuine users activist
taking any sort of strongly voiced principled stand on anything
that matters.
As Chiefs on Tor Board one might look for Schneier and Blaze
to be publicly saying and doing some project, Tor or other,
regarding TA, Sybil, or even disproving them if they weren't real
threats, or at least something... instead Tor and other nets
are often crickets on that. (Old congressional testimonies are
also oldsauce, stir up some new hot chili.)
Note also that Tor doesn't need to actually care about its users
security to play whatever legal test and game in the courts
that it and it's lawyers are lined up waiting to play (remember
Tor was tied with EFF for many years for various reasons).
How are users to be indemnified by anyone, if not first by
themselves using the security of a network itself, and if
the network is not capable, then what.
Regardless of whether Tor etc is good or bad or none
of the above, holding a near monopoly in the space
on cashflow, legal, steering tech, discourse, twatterverse
populism, etc... for ~10-15 years... is not good situation.
Competition is healthy. And while the design of today's
networks is largely unchangeable by nature of being deployed,
their adversaries are adapting to leverage clearly whitepapered
weaknesses in those designs since years.
New networks... from internet overlay, fiber, radio,
carrier pigeon, dropgangs... need to be researched,
coded, and deployed by new players.
Anyway, have some traffic noise generators...
http://trackmenot.io/
https://adnauseam.io/
More information about the cypherpunks
mailing list