[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Question for those who say "Tor is pwned"



	
	by-the-way

	http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

	Users Get Routed: Traffic Correlation on Tor by Realistic
	Adversaries

	"Tor is known to be insecure against an adversary that can
	observe a userâs traffic entering and exiting the anonymity
	network." 

	"Our analysis shows that 80% of all types of users may be de-
	anonymized by a relatively moderate Tor-relay adversary within
	six months. Our results also show that against a single AS
	adversary roughly 100% of users in some common locations are
	deanonymized within three months (95% in three months for a
	single IXP). Further, we find that an adversary controlling
	two ASes instead of one reduces the median time to the first
	client de-anonymization by an order of magnitude: from over
	three months to only 1 day for a typ- ical web user; and from
	over three months to roughly one month for a BitTorrent user.
" 



On Mon, 20 Jun 2016 19:11:29 -0400
Kevin <kevinsisco61784@xxxxxxxxx> wrote:

> I would like to know this as well.
> 
> 
> 
> On 6/20/2016 7:07 PM, Anthony Papillion wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > I see a lot of people talking about how Tor is pwned by the US
> > Government and is insecure 'by design'. I'm assuming that they know
> > this from a thorough analysis of the source code, which I freely
> > admit I haven't done. So, since you guys actually have taken the
> > time to audit the source and find the vulnerabilities that would
> > allow Tor to be so easily pwned, could you explain it to me and,
> > preferable, post relevant sections (or links to sections) of the
> > source you're basing your statements on?
> >
> > I'd really like to investigate these vulnerabilities myself but the
> > code is too massive for one person to realistically audit by
> > themselves so links would be very helpful.
> >
> > Thanks!
> > Anthony
> >
> > - -- 
> > OpenPGP Key:    4096R/0x028ADF7453B04B15
> > Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
> > XMPP?Jabber:    cypher@xxxxxxxxxxxxx
> > SIP:            cajuntechie@xxxxxxxxxxxxxxxx
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQIcBAEBCgAGBQJXaHcgAAoJEAKK33RTsEsVXzkP/1Pk47AhZUMjzGbKivACMWaE
> > HnmWeuGE7ORdmHuc5ex7tKpNHGoryHrLoLWWRCAcdqAs0UD84X9JlVMB9o9gUk+m
> > Y0gtMQFQEuS3gyaLKnOEBWgog4Ir+uI7CBFSo5pJ/Ch+mH2tORb3eXo5liUOXjxQ
> > hZeK3dTDD3tbFpZw9/nkhQPgiPajaF8iBoQZbdpslnITXNOH/ML7E8YPmzkG5g/V
> > l9vpsLCO1FXLiGADLOMTaCKRnAjA1rhNF8g8a1qYz95yJm4f7o6TyUA0fc7Hd3BP
> > qcloz0fOo2AQqpAkUGeRVvsCcdL63zo5Tu3AJH8LwuivBjeTQG4jVfHQyJLFfLZA
> > H7Vg7tg/Lc/sDB9fu/f1Q5sFm983TZoWZzpYkkGClHkLOWxeE8v4YNEBbuuhHdFe
> > zwsQaOxefJP/fUym/CuOqnZbLdEHGQxVwhAKDjTYz2H1CPKDyBcmVXD3SLL4SGvo
> > rWRf3Fjg44E7cVMGAXgbhAeIgZbnLDjdfvhJh9fcq+xy9fnBfDg0Bvn7xSlfOXnS
> > 8rzTIxCkHL1pj8y+5bHiivVeZcHNeKiYzHn0pFEYRsml2JlRki7beUWkdHP4TDjh
> > 1itbC3QG3gHbVLZ+ZKyeve/nX1V/Bqqhgao6g+rL8rZUTqG8jEp/lpkRg6wcPRGK
> > YVlaF2yMZsBKBi7PRyAT
> > =KXtj
> > -----END PGP SIGNATURE-----
> 
> 
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
> 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk