[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Question for those who say "Tor is pwned"

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Question for those who say "Tor is pwned"
From: juan <juan.g71@xxxxxxxxx>
Date: Mon, 20 Jun 2016 21:19:27 -0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Jun 2016 20:18:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:to:subject:in-reply-to:references:mime-version :content-transfer-encoding; bh=oBhEIadfKlORvab/YLZotSfVS7rSbncU2aS0swHunL0=; b=XYbP5Io7ZN5EXG7rnEVpvRNAZVHpcXlUSD9XW0Yz6KSF/Eo7O9msg6ns3z98tAH87M tgiLpWBnow/sofWTsqdzOH54+Kssr+Tn5UlWRyy58bSLoaKejdVqOpgdo1bbnRabstOg kBYhHZFdlQtGxICV3XuoU7GrJlWdjbveUpoNW/YeeFQR7+8dgkWSphZsWaPJEXvbFq4O vU6hbWNEhqlP58ruvxk7hti9zz7UOViwlqUOK82xfJ9bIAOcLu/bag2si7kp0Iy0wVUx 8axhGua5swHQXIDjxz5kZfIRksVKqCvBJqGpWfNCPR50OvqfJ5eCvpsRv7W0MsnPqPO0 FQow==
In-reply-to: <7d8592cc-4000-7438-8dac-38d3b20d7f98@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <82802cd6-e80a-5fdc-4b17-6d89fac1dfe7@xxxxxxxxxxxxxxx> <57687d86.8e63370a.a7ab0.21c9@xxxxxxxxxxxxx> <7d8592cc-4000-7438-8dac-38d3b20d7f98@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, 20 Jun 2016 18:50:10 -0500
Anthony Papillion <anthony@xxxxxxxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 6/20/2016 6:35 PM, juan wrote:
> > On Mon, 20 Jun 2016 18:07:12 -0500 Anthony Papillion
> > <anthony@xxxxxxxxxxxxxxx> wrote:
> > 
> > I see a lot of people talking about how Tor is pwned by the US 
> > Government and is insecure 'by design'. I'm assuming that they
> > know this from a thorough analysis of the source code,
> > 
> > 
> >> No. You don't need to look at the source code to know that 
> >> 'people'(the US gov't) who can monitor traffic going into the tor
> >> network and out of it can correlate the traffic and 'deanonymize'
> >> users.
> > 
> >> It should also be obvious, for instance, that if an attacker 
> >> happens to control the 3 nodes used to build a circuit, he can 
> >> also 'deanonymize' the user.
> 
> True. However, I'm not sure how that's a 'pwned by design' thing
> (which ascribes malicious intent to the Tor Project). ]


	That was an example of stuff you can know about tor without
	looking at the source code, not necessarily an example of
	malicious intent.

	What tor designers knew from day zero is that a 'global passive
	adversary' - that is their boss the US gov't - can simply ignore
	the routing inside the network and look at the network's edges.

	


> You know who is
> to blame for the 'owning the route' problem? We are. How many people
> use Tor but won't run a node of their own? And. yes, I realize that a
> lot of people might not be technical enough to run one but there are
> places you can pay to do it for you.
> 
> >> All that has nothing to do with any 'vulnerabilities' or 'bugs'
> >> in the code.
> > 
> >> Other basics facts about tor, like the users are being abused as
> >> cover by the US military, are matters of basic logic. If you are
> >> the US military and create an 'anomity' network, and you're the
> >> only user, your network is useless. You NEED a 'diverse user
> >> base' to hide your criminal activity.
> 
> But, if you are the US military and you were designing a network to be
> 'insecure by design', using route owning is a really crappy way to do
> it. 

	Yes, but I didn't say that having (a certain
	percentage of) compromised nodes was the biggest problem
	(altough it can be a problem).

	The biggest problem are so called 'global passive
	adversaries' which in practice means the US gov't.


	

> Essentially, anyone can deanonymize anyone. Even the mighty US
> Government isn't safe because, what's stopping China from deploying
> even more nodes than the US and thus being able to deanonymize US
> spooks using the network? It would be a never-ending game of
> one-upsmanship that would, essentially, result in greater security for
> users. 

	How? Half the nodes owned by the US gov't, half the nodes owned
	by the chinese gov't == greater security?




> And, if they're doing that, why aren't more US spies being
> busted by China or Chinese spies being busted by the US? Oh, I know!
> They are just keeping /really/ quiet about it so we don't suspect that
> Tor is compromised, right?

	Wrong. You seem to be focusing on just one thing I said, and
	missed the point.

> 
> Don't get me wrong, I don't believe there are no problems with Tor.

	I mentioned a couple which you seem to have purposedly ignored.



> But I think we need to look at how such ownership would work in
> practice. Ultimately, it would end up in a major international
> competition that would benefit users.
	

> 
> Anthony
> 
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJXaIEyAAoJEAKK33RTsEsVvcMP/2KhPmTUrQEaBe0wQxbP8cFd
> wlLlrOkIm2gvnkm3TAiZZuWJP61vZTT1zeOKabr3jaU3pgIMJMu6z74mtxThgReb
> GgyDpvdIDUo6XoH/kBTawhXmXzqCBFg905Vkg8uuM8hmpwlTeD61RyZB+9u4h+CR
> zzoqdfX5XNv1Qw8R2Q0HD0ue3kEN0QJ4rIl7i+N4K8eFcH2mvElj6rHkN/SqsiZJ
> xnpzNDFpm3e0rrUNbcIjyl0Q/nfuSv3smmE1e1rmfhHBEIgq07kqhnl7szx7yW7L
> +x4a1fW2k9S7mEqi+Sobv6Zj2truCgEGJqUKTWuytav9EvRTBezd67HGa1fiYJ71
> Td1HRuvDzf8FLIfYYM8+H1kDRoYVkDGagT3n/U+nDN7WRE24y6Tw8cZzZA1QOd95
> kOzTDTNSF7CNuq98KRqt5dtSlzvvko0lPvoK82PjPlxiVNroCxzxbYGqv0KaFBgn
> JeDc8YaKMpuGhiit8BpFVf8uB0FMxqcI3NfD2z5Fvs+kXEhxJoOqoe2DkMCsqdOe
> FDAwQEZxkQ/8VGp8qUpnZI40/tkCezQq/47PTkb0WX1riD2VKJxgb64X/26Vm/po
> SCam467JCPEytUhFKL7nhqITtX8AKTdb+zyB0EAACcaZgJHR4XhJH6atqlIebVMC
> 5MW2aEdAD8DVIQEKikCI
> =D27J
> -----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Question for those who say "Tor is pwned"
  - From: Paul Syverson

References:
- [tor-talk] Question for those who say "Tor is pwned"
  - From: Anthony Papillion
- Re: [tor-talk] Question for those who say "Tor is pwned"
  - From: juan
- Re: [tor-talk] Question for those who say "Tor is pwned"
  - From: Anthony Papillion

Prev by Author: Re: [tor-talk] Question for those who say "Tor is pwned"
Next by Author: Re: [tor-talk] Question for those who say "Tor is pwned"
Previous by thread: Re: [tor-talk] Question for those who say "Tor is pwned"
Next by thread: Re: [tor-talk] Question for those who say "Tor is pwned"
Index(es):
- Author
- Thread