[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] !!! Important please read. !!!




Regards,

Mark McCarron

> Date: Wed, 8 Jan 2014 14:40:11 +0100
> From: a.krey@xxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] !!! Important please read. !!!
> 
> On Wed, 08 Jan 2014 13:17:47 +0000, Mark McCarron wrote:
> ...
> > > > In fact, the EU mandates that this data be held for 2 years:
> > > > http://en.wikipedia.org/wiki/Telecommunications_data_retention#European_Union
> > > 
> > > No, it doesn't. The requirement is for access ISPs to log the association
> > > between user and ip addresses over time, and for email/voip providers
> > > to log all mail transfer/voip connections. Access providers are not
> > > required to log each individual TCP connection, and that would be needed
> > > for finding out even regular guard users.
> > > 
> > 
> > At a technical level, it is a two part system.  We have the unclassified system which records user's IP addresses.  Then we have the classified system (i.e. PRISM, Warrentless wiretaps, etc) which records which servers connections are made to.  When combined, this satisfies the EU mandate which as can be seen requires that "destinations" be recorded.
> 
> It requires the 'destinations' for email and voip, specifically, not
> for other kinds of communication. Besides, your paragraph reads like
> PRISM etc. are necessary to comply with the EU mandate ('when combined,
> this satisfies...').

It can be argued that email and voip are merely abstractions of a packet switched transfer.  You can bet your last dollar that the interpretation used by the government applies to all forms of communications.

> 
> > No, its not.  Traffic obfuscation techniques can eliminate the global view.  It just needs to be implemented correctly.
> 
> How? A user can only interact with a service while he is online ->
> correlate user online times with service usage times of a given persona
> -> voila.
> 

Traffic analysis is based on the statistical analysis of the differences at the physical layer.  We eliminate the differences to the point where no one can tell fake connections from real connections.  It is trivial to implement.

> ...
> > We need to improve Tor.
> 
> And how? Bear in mind that we are dealing with a global *active* adversary
> that may well be capable of looking into tor nodes.
> 

...that is looking into Tor nodes.  Always assume your adversary has succeeded and add more security.

> Andreas
> 
> -- 
> "Totally trivial. Famous last words."
> From: Linus Torvalds <torvalds@*.org>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 		 	   		  
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk