[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and solidarity against online harassment



On 12/13/2014 11:28 AM, Jonathan Wilkes wrote:
> On 12/12/2014 02:20 PM, Roger Dingledine wrote:
>> On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote:
>>>> You might like
>>>> https://www.torproject.org/docs/faq#Backdoor
>>>>
>>>> We won't put backdoors in Tor. Ever.
>>>     LOL!
>>>
>>>     You work for the pentagon and are subjects of the US state.
>>>
>>>     The US government has secret 'courts'  and secretly forces its
>>>     subjects to tamper with all kinds of 'security'  systems, in the
>>>     name of 'national security'.
>>>
>>>     Whatever public declamations you make carry very little weight.
>> Hello Mr. Tor hater,
>>
>> We get funding from a variety of groups, including US government groups.
>> We do not "work for the pentagon" but that is a separate discussion and
>> it shouldn't derail this one.
> 
> Hi Roger,
> I'm afraid you're going to continue to hit up against this criticism for
> the foreseeable future, for the following reasons:
> 1) The NSA's betrayal of trust on the internet (and its standards) have
> all but removed good faith from the equation in the minds of a lot of
> people

Yes. It seems that the NSA is aiming to compromise everything. So why
should Tor be exempt? But as others have noted, Tor software and the Tor
network are open to public inspection. Individual relays, of course, are
not. The NSA and other adversaries can easily participate.

However, Tor is by design a Chaum-style network of untrusted nodes. As
long as one of the three nodes in a circuit is honest, users remain
anonymous. Even simultaneous attacks by non-colluding adversaries can
protect users' anonymity. In order to avoid detection, malicious relays
tend to behave at least somewhat like honest ones. So as long as enough
attackers aren't colluding, they help protect users against each other.
That is very clever.

> 2) practically speaking, Tor Browser Bundle _is_ private browsing mode
> for the time being.  There is no other game in town (at least in terms
> of usability and being gratis)

There are also VPN services and the JonDonym network. It's true that
they're not free, in a usable way. It's also true that they're less
anonymous, although JonDonym is arguably close. And of course, they
can't be trusted. However, they can readily be combined with Tor, in
order to further distribute trust among untrusted nodes.

> So someone looks on your resume and finds a summer at the NSA.  If the
> wider free software community was adequately funded to sustainably
> research and protect users privacy, that would be that. Tor would take a
> temporary hit and Privacy Software B's website would temporarily see
> more hits and development effort.

Son las cosas de la vida ;)

> In the real world, however, there isn't a Software B.  It will be a long
> time before even a Debian user can apt-get install and easily use
> Gnunet.  Non-technical users see a world of NSA surveillance and a
> single usable, well-maintained piece of software available for anonymous
> browsing run by people funded by the U.S. government. Conspiracy
> theories flourish in that type of climate.  And until there are as many
> (effective) private browsers competing with each other as there are
> normal browsers, these kinds of attacks will continue to be (at least
> somewhat) effective.
> 
> Anyway, for those who are willing to listen to a little reason and live
> in a country where encryption isn't illegal, here's a Pascal's wager for
> Tor Browser Bundle use:
> 
>                         Something to hide    Nothing to hide
>                         -----------------    ---------------
> 
> Tor is a honey-pot:     Tor use is BAD       Tor use is No worse than
> not using Tor
> 
> Tor isn't honey-pot:    Tor use is GOOD      Tor use is GOOD

Well, it depends on who you're hiding from, and whose honey-pot Tor
might be. But the focus here is the NSA. So, worst case, using Tor is
bad if you're hiding from the NSA. But really, only fools think that
simply using Tor is enough for hiding from the NSA. You need a
multi-layered approach. I write a lot about this.

> Of course this doesn't work if Tor use simply lands you in jail, or gets
> you disappeared by government agents.  But if that is the case you have
> much bigger issues to deal with than private browsing.

Right. Escape might be the first priority.

> -Jonathan
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk