[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor's startup anonymity warning (was Re: quick question)

To: or-talk@xxxxxxxxxxxxx
Subject: Tor's startup anonymity warning (was Re: quick question)
From: Roger Dingledine <arma@xxxxxxx>
Date: Fri, 12 Sep 2008 05:42:53 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 12 Sep 2008 05:42:57 -0400
In-reply-to: <200809120925.m8C9PU0G001557@xxxxxxxxxxxxx>
References: <200809120925.m8C9PU0G001557@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Fri, Sep 12, 2008 at 04:25:30AM -0500, Scott Bennett wrote:
>      Right.  And that reminds me of an old question.  When tor starts up,
> it logs a standard disclaimer about being experimental software, don't bet
> your anonymity on it, and so forth.  Is there an intended release number or
> date by which that disclaimer is expected to be changed or deleted from tor?

When Tor 1.0 is released, and we understand good clean metrics for
anonymity, and we're satisfied with the amount that all of our users
achieve. :)

Given the rate of discovery of great new attacks on anonymity designs
in general, I am not optimistic that this will be anytime soon. :(

But we can continue to do better, and we're doing pretty well -- Tor is
already the best option out there. We mostly leave the warning there
as a disclaimer to make sure that nobody gets suckered into believing
that just because they installed Tor they are now totally immune from
all possible worries.

It makes me a bit sad that we might be pushing users onto the commercial
snakeoil anonymity systems who studiously avoid admitting that there
could be possible attacks. But I would feel a lot more sad if we joined
the ranks of the folks trying to brush everything under the rug.

The fact is that the state of the art in anonymity isn't yet to the point
where we can use an anonymity tool without understanding the details of
where and how you might be vulnerable. One day.

But all of that said, the current phrase "This is experimental
software. Do not rely on it for strong anonymity" probably doesn't
capture the above very well. How can we improve it?

--Roger

References:
- Re: quick question
  - From: Scott Bennett

Prev by Author: Re: Error help: Tunnel to dirserver failed
Next by Author: Re: invitation to directory server operators
Previous by thread: Re: quick question
Next by thread: invitation to directory server operators
Index(es):
- Author
- Thread