Dishonest Tor relay math question - tor-talk is to lazy

Peter Fairbrother peter at tsto.co.uk
Sat Oct 9 23:02:46 PDT 2021 

On 10/10/2021 [offlist] wrote:
 > If the US is compromised by 100%, Tor would not work at all, right?

For providing reliable anonymity against the US and UK government 
agencies in the form of the NSA and GCHQ, yes, Tor is completely useless.

Against a lesser adversary, well there are many other possible attacks 
against Tor's anonymisation - I particularly liked the hitting set 
attack - and I don't keep up in detail, so while Tor probably provides 
some protection I don't really know how much.



There is another factor to consider though - the best position for a 
code-breaking agency to be in is if they can break the code but 
everybody else thinks they can't and so continues using the broken code.

That is pretty much the position of USG/NSA with respect to Tor, which 
is why USG fund 80% of it. [4]

The phrase "bodyguard of lies" comes in here, as does eg subsection 
56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can 
tell a lot about what spy agencies are doing by studying the relevant 
legislation)

The result of this that while NSA and GCHQ may know, they aren't 
necessarily going to tell anybody, at least not about the routine stuff.

Even in Bin-Laden-hunt situations the most they might say is that they 
got some chatter (or whatever the current circumlocution is) indicting 
some intelligence may be correct or a direction for investigation.

As for dumping everything they know about eg dark nets to the FBI or 
local cops, it ain't likely to happen soon. Though it might, one day..

Incidentally that's why other agencies like the FBI and the NCA in the 
UK at least apparently, and probably actually, do the work which leads 
to criminal convictions on darknets.

I suspect they get a little "help" from the code guys, like "you can't 
use that in court" or maybe "try looking in a different direction".





[4] It also has the to-them benefit: "to aid democracy advocates in 
authoritarian states" while they can still tell who is who, if not 
(mostly) what is said. To do this it has to provide some level of 
protection against lesser adversaries, though that may not be a very 
high level. cf the anonymity of Afghan translators who worked for the 
British Army...


[5] (1)No evidence may be adduced, question asked, assertion or 
disclosure made or other thing done in, for the purposes of or in 
connection with any legal proceedings or Inquiries Act proceedings which 
(in any manner)—

(a)[...]

(b)tends to suggest that any interception-related conduct has or may 
have occurred or may be going to occur.



[6] #TOR FAQ: Criminals can already do bad things. Since they're willing 
to break laws, they already have lots of options available that provide 
better privacy than Tor provides....

Tor aims to provide protection for ordinary people who want to follow 
the law. Only criminals have privacy right now, and we need to fix that....

So yes, criminals could in theory use Tor, but they already have better 
options, and it seems unlikely that taking Tor away from the world will 
stop them from doing their bad things.

At the same time, Tor and other privacy measures can fight identity 
theft, physical crimes like stalking, and so on.



 > What about connection, cell padding? Does it help to reduce the 
matching success?

As I have said I'm not totally up-to-date on Tor, but probably not much.

Peter Fairbrother

More information about the cypherpunks mailing list