On Wed, 2014-09-17 at 17:07 -0700, Seth David Schoen wrote:
> Ted Smith writes:
>
> > There's a reason why the NSA has "Tor Stinks" presentations and not
> "I2P
> > stinks" presentations.
>
> I don't know of a good basis for estimating what fraction of NSA's
> capabilities or lack of capabilities we've learned about.
It's not perfect, but using the available information is all we can do.
Absence of evidence *is* evidence of absence, though it isn't proof of
absence.
Further, i2p just isn't worth that treatment because it's shoddily
developed by a handful of underfunded developers and it has a totally
untested security model. Tails *just* got burned by i2p and wisely
disabled it.
All complex systems have bugs, and finding those bugs is a function of
the aggregate intelligence of your developer base. Unless you can argue
the 5 contributors to i2p are geniuses, then there's no way i2p has
fewer bugs pound for pound compared with Tor. Tor just has way more
intelligent people hard at work both on the code and the theory.
To further drive this home, here are other things I'd expect to have
happened if i2p was somehow better or even equivalent to Tor:
* i2p should have attracted academics to the low-hanging fruit of
showing their unique routing system correct
* i2p should have attracted developers to the relatively popular
project of helping defeat censorship and protect privacy (there
are probably an order of magnitude more Java developers than C
developers, so i2p even has an advantage here!)
* i2p should have hosted security-critical sites like the Silk
Road
* i2p should have been used by botnets for c&c
* i2p should have been mentioned in some leak from some shadowy
security agency
* The major selling point of i2p should be "proven security over
alterantives" rather than "developed by anonymous people and not
funded by the american government", which are secondary rather
than primary advantages of the software and are respectively
entirely uncorrelated and only weakly correlated with the
security of the software
None of these things have happened, and while there are alternative
explanations, one simple and probable explanation is just that i2p isn't
as good.
> I think that's only approximately or indirectly true of people working
> in an organization like NSA or GCHQ.
This is nonelethess a good point and something I'll remember.
--
Sent from Ubuntu
Attachment:
signature.asc
Description: This is a digitally signed message part
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk