[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and HTTPS graphic



On Tue, 2012-03-06 at 12:22 -0500, Andrew Lewman wrote:
> On Tue, 06 Mar 2012 11:22:33 -0500
> Ted Smith <tedks@xxxxxxxxxx> wrote:
> > While I like the graphic overall, I think the "NSA as a global passive
> > adversary" element is an example of the graphic being overloaded with
> > information that will confuse/scare away most people.
> 
> So far, there is one story where Eva claims the NSA can break tor
> easily, see this Tor and HTTPS graphic as proof:
> 
> https://secure.security.nl/artikel/40574/1/%2522NSA_kan_Tor-gebruikers_identificeren%2522.html
> 

The graphic here seems to be the EFF graphic from the OP in this thread.
Did you mean something else? Or did you mean to say, "there's already
one story using this graphic as proof that the NSA can break Tor"?

> If your adversary is any rumored global passive adversary that can watch
> and record the entire Internet at once, then you've probably already
> lost the game.
> 
> At PETS in 2009[0], Paul did a talk on 'why I'm not an entropist' and
> suggested that people need to start working on defeating a mythical
> global passive adversary. Maybe in the near future some government will
> have the capability of being the global passive adversary.
> 
> [0] http://petsymposium.org/2009/program.php
> 

Your use of the words "rumored" and "mythical" are exactly why I don't
think a global passive adversary should be in an educational graphic for
people who don't know what Tor is. A global passive adversary seems very
unlikely now, and it seems even more unlikely that such an adversary
would be able to act on intelligence gained from being in that
position. 

It is true that Tor is weak against a global passive adversary, but
there's no reason, from my point of view, to include that in material
geared towards non-PET researchers. Maybe Seth could comment on why the
EFF decided it was necessary to include it?

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk