[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Question for those who say "Tor is pwned"

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Question for those who say "Tor is pwned"
From: juan <juan.g71@xxxxxxxxx>
Date: Mon, 20 Jun 2016 20:35:29 -0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Jun 2016 19:34:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:to:subject:in-reply-to:references:mime-version :content-transfer-encoding; bh=a4b1KnXcDIeHht4cxBor/MvHjiw32hKzGdpdaMvya+8=; b=rXw0lWmE2CGZOmrs6h4y8tpl6tSKhDII9RSzqNmeKr8opuczmLO7ukyik4GG5r/ijr 5q6CPT2MRtDGgGO+XuoYbxUwvyUS0SrSvBc3PE/xulZJiNnd38Doccc8Xrv3Y/AOc0oX tI+IHQ2kkqZ+5IbqlvyZa0g7YrcUPb+UVQiRMKRX5MjaUZW5OXDXuy+XnpK2pHuG0P4S RcOlo3PzIILr4KbPyaPvTkJLTUmykac8s3oWwCv+JG0jM9qYIA2TCOdkpZeQ06x9mdVa 67XAj/fxYSptrTrF3BQl/ICJ7DMk7l+rM7XP6heNuWe1YvanzUoRNGpXNrPyd3iLZ31I H+qA==
In-reply-to: <82802cd6-e80a-5fdc-4b17-6d89fac1dfe7@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <82802cd6-e80a-5fdc-4b17-6d89fac1dfe7@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, 20 Jun 2016 18:07:12 -0500
Anthony Papillion <anthony@xxxxxxxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> I see a lot of people talking about how Tor is pwned by the US
> Government and is insecure 'by design'. I'm assuming that they know
> this from a thorough analysis of the source code,


	No. You don't need to look at the source code to know that
	'people'(the US gov't) who can monitor traffic going into the
	tor network and out of it can correlate the traffic and
	'deanonymize' users. 

	It should also be obvious, for instance, that if an attacker
	happens to control the 3 nodes used to build a circuit, he can
	also 'deanonymize' the user. 
	
	All that has nothing to do with any 'vulnerabilities' or
	'bugs' in the code. 

	Other basics facts about tor, like the users are being abused
	as cover by the US military, are matters of basic logic. If
	you are the US military and create an 'anomity' network, and
	you're the only user, your network is useless. You NEED a
	'diverse user base' to hide your criminal activity.

	If you are the US military, you want an 'experimental'
	'anonimity' network over which you have control.

	Et cetera.


> which I freely admit
> I haven't done. So, since you guys actually have taken the time to
> audit the source and find the vulnerabilities that would allow Tor to
> be so easily pwned, could you explain it to me and, preferable, post
> relevant sections (or links to sections) of the source you're basing
> your statements on?


> 
> I'd really like to investigate these vulnerabilities myself but the
> code is too massive for one person to realistically audit by
> themselves so links would be very helpful.
> 
> Thanks!
> Anthony
> 
> - -- 
> OpenPGP Key:    4096R/0x028ADF7453B04B15
> Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
> XMPP?Jabber:    cypher@xxxxxxxxxxxxx
> SIP:            cajuntechie@xxxxxxxxxxxxxxxx
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJXaHcgAAoJEAKK33RTsEsVXzkP/1Pk47AhZUMjzGbKivACMWaE
> HnmWeuGE7ORdmHuc5ex7tKpNHGoryHrLoLWWRCAcdqAs0UD84X9JlVMB9o9gUk+m
> Y0gtMQFQEuS3gyaLKnOEBWgog4Ir+uI7CBFSo5pJ/Ch+mH2tORb3eXo5liUOXjxQ
> hZeK3dTDD3tbFpZw9/nkhQPgiPajaF8iBoQZbdpslnITXNOH/ML7E8YPmzkG5g/V
> l9vpsLCO1FXLiGADLOMTaCKRnAjA1rhNF8g8a1qYz95yJm4f7o6TyUA0fc7Hd3BP
> qcloz0fOo2AQqpAkUGeRVvsCcdL63zo5Tu3AJH8LwuivBjeTQG4jVfHQyJLFfLZA
> H7Vg7tg/Lc/sDB9fu/f1Q5sFm983TZoWZzpYkkGClHkLOWxeE8v4YNEBbuuhHdFe
> zwsQaOxefJP/fUym/CuOqnZbLdEHGQxVwhAKDjTYz2H1CPKDyBcmVXD3SLL4SGvo
> rWRf3Fjg44E7cVMGAXgbhAeIgZbnLDjdfvhJh9fcq+xy9fnBfDg0Bvn7xSlfOXnS
> 8rzTIxCkHL1pj8y+5bHiivVeZcHNeKiYzHn0pFEYRsml2JlRki7beUWkdHP4TDjh
> 1itbC3QG3gHbVLZ+ZKyeve/nX1V/Bqqhgao6g+rL8rZUTqG8jEp/lpkRg6wcPRGK
> YVlaF2yMZsBKBi7PRyAT
> =KXtj
> -----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Question for those who say "Tor is pwned"
  - From: Anthony Papillion

References:
- [tor-talk] Question for those who say "Tor is pwned"
  - From: Anthony Papillion

Prev by Author: Re: [tor-talk] Food for thought
Next by Author: Re: [tor-talk] Question for those who say "Tor is pwned"
Previous by thread: Re: [tor-talk] Question for those who say "Tor is pwned"
Next by thread: Re: [tor-talk] Question for those who say "Tor is pwned"
Index(es):
- Author
- Thread