Dishonest Tor relay math question - tor-talk is to lazy

Karl gmkarl at gmail.com
Sun Oct 10 11:47:56 PDT 2021 

On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother <peter at tsto.co.uk> wrote:

> On 10/10/2021 [offlist] wrote:
>  > If the US is compromised by 100%, Tor would not work at all, right?
>
> For providing reliable anonymity against the US and UK government
> agencies in the form of the NSA and GCHQ, yes, Tor is completely useless.
>

But please don't use anything less.  Your web browsing is private, and it
is appropriate that somebody should need to have probable cause and work
hard to monitor and log it.

Against a lesser adversary, well there are many other possible attacks
> against Tor's anonymisation - I particularly liked the hitting set
> attack - and I don't keep up in detail, so while Tor probably provides
> some protection I don't really know how much.
>
>
>
> There is another factor to consider though - the best position for a
> code-breaking agency to be in is if they can break the code but
> everybody else thinks they can't and so continues using the broken code.
>
> That is pretty much the position of USG/NSA with respect to Tor, which
> is why USG fund 80% of it. [4]
>
> The phrase "bodyguard of lies" comes in here, as does eg subsection
> 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can
> tell a lot about what spy agencies are doing by studying the relevant
> legislation)
>
> The result of this that while NSA and GCHQ may know, they aren't
> necessarily going to tell anybody, at least not about the routine stuff.
>
> Even in Bin-Laden-hunt situations the most they might say is that they
> got some chatter (or whatever the current circumlocution is) indicting
> some intelligence may be correct or a direction for investigation.
>
> As for dumping everything they know about eg dark nets to the FBI or
> local cops, it ain't likely to happen soon. Though it might, one day..
>
> Incidentally that's why other agencies like the FBI and the NCA in the
> UK at least apparently, and probably actually, do the work which leads
> to criminal convictions on darknets.
>
> I suspect they get a little "help" from the code guys, like "you can't
> use that in court" or maybe "try looking in a different direction".
>
>
>
>
>
> [4] It also has the to-them benefit: "to aid democracy advocates in
> authoritarian states" while they can still tell who is who, if not
> (mostly) what is said. To do this it has to provide some level of
> protection against lesser adversaries, though that may not be a very
> high level. cf the anonymity of Afghan translators who worked for the
> British Army...
>
>
> [5] (1)No evidence may be adduced, question asked, assertion or
> disclosure made or other thing done in, for the purposes of or in
> connection with any legal proceedings or Inquiries Act proceedings which
> (in any manner)—
>
> (a)[...]
>
> (b)tends to suggest that any interception-related conduct has or may
> have occurred or may be going to occur.
>
>
>
> [6] #TOR FAQ: Criminals can already do bad things. Since they're willing
> to break laws, they already have lots of options available that provide
> better privacy than Tor provides....
>
> Tor aims to provide protection for ordinary people who want to follow
> the law. Only criminals have privacy right now, and we need to fix that....
>
> So yes, criminals could in theory use Tor, but they already have better
> options, and it seems unlikely that taking Tor away from the world will
> stop them from doing their bad things.
>
> At the same time, Tor and other privacy measures can fight identity
> theft, physical crimes like stalking, and so on.
>
>
>
>  > What about connection, cell padding? Does it help to reduce the
> matching success?
>
> As I have said I'm not totally up-to-date on Tor, but probably not much.
>
> Peter Fairbrother
>


On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother <peter at tsto.co.uk> wrote:

> On 10/10/2021 [offlist] wrote:
>  > If the US is compromised by 100%, Tor would not work at all, right?
>
> For providing reliable anonymity against the US and UK government
> agencies in the form of the NSA and GCHQ, yes, Tor is completely useless.
>
> Against a lesser adversary, well there are many other possible attacks
> against Tor's anonymisation - I particularly liked the hitting set
> attack - and I don't keep up in detail, so while Tor probably provides
> some protection I don't really know how much.
>
>
>
> There is another factor to consider though - the best position for a
> code-breaking agency to be in is if they can break the code but
> everybody else thinks they can't and so continues using the broken code.
>
> That is pretty much the position of USG/NSA with respect to Tor, which
> is why USG fund 80% of it. [4]
>
> The phrase "bodyguard of lies" comes in here, as does eg subsection
> 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can
> tell a lot about what spy agencies are doing by studying the relevant
> legislation)
>
> The result of this that while NSA and GCHQ may know, they aren't
> necessarily going to tell anybody, at least not about the routine stuff.
>
> Even in Bin-Laden-hunt situations the most they might say is that they
> got some chatter (or whatever the current circumlocution is) indicting
> some intelligence may be correct or a direction for investigation.
>
> As for dumping everything they know about eg dark nets to the FBI or
> local cops, it ain't likely to happen soon. Though it might, one day..
>
> Incidentally that's why other agencies like the FBI and the NCA in the
> UK at least apparently, and probably actually, do the work which leads
> to criminal convictions on darknets.
>
> I suspect they get a little "help" from the code guys, like "you can't
> use that in court" or maybe "try looking in a different direction".
>
>
>
>
>
> [4] It also has the to-them benefit: "to aid democracy advocates in
> authoritarian states" while they can still tell who is who, if not
> (mostly) what is said. To do this it has to provide some level of
> protection against lesser adversaries, though that may not be a very
> high level. cf the anonymity of Afghan translators who worked for the
> British Army...
>
>
> [5] (1)No evidence may be adduced, question asked, assertion or
> disclosure made or other thing done in, for the purposes of or in
> connection with any legal proceedings or Inquiries Act proceedings which
> (in any manner)—
>
> (a)[...]
>
> (b)tends to suggest that any interception-related conduct has or may
> have occurred or may be going to occur.
>
>
>
> [6] #TOR FAQ: Criminals can already do bad things. Since they're willing
> to break laws, they already have lots of options available that provide
> better privacy than Tor provides....
>
> Tor aims to provide protection for ordinary people who want to follow
> the law. Only criminals have privacy right now, and we need to fix that....
>
> So yes, criminals could in theory use Tor, but they already have better
> options, and it seems unlikely that taking Tor away from the world will
> stop them from doing their bad things.
>
> At the same time, Tor and other privacy measures can fight identity
> theft, physical crimes like stalking, and so on.
>
>
>
>  > What about connection, cell padding? Does it help to reduce the
> matching success?
>
> As I have said I'm not totally up-to-date on Tor, but probably not much.
>
> Peter Fairbrother
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8806 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211010/20966f06/attachment.txt>

More information about the cypherpunks mailing list