[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Paid performance-tor option?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Paid performance-tor option?
From: Arrakis <arrakistor@xxxxxxxxx>
Date: Mon, 18 Aug 2008 12:25:20 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 18 Aug 2008 13:25:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=z0B5vgUeHhZSQHHc8/xUf1zmO1ukiZ4XIdJr5dD97vI=; b=VAG2CQC140p4jlkxIfbDxX1b2MGMnOONTEVh6xp+Q7RHuTsHRBrdHWIPgqQMBezXAt hviIXo1Ty+oOLD5zNG4chLTxPYgGEwQQNQAJ37+Vlw5fStnfDNnEbVd/TEQMQfYvzfuq ydes/6K+uKu9ZQmhH2pLwmfMWfTHzURsldcp0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=NqsGmSc0dmpUWjldlSSuIYMRAZslxujmaVEY1xxB44KK2hQq43idGQaRrM0F+00+Rj uJF1Yr2X5lfLLOsuL2z2Qh81hYWvldGZc4V1Plhu0HUXjn/xaB2RZ3m/OkFfmGXpYMtG th2gU7Md9K3+u5SPbo5EpFki4+BkgLaCulx9U=
In-reply-to: <b8dea49e0808180848l5527dd09kf9da1238ba111427@xxxxxxxxxxxxxx>
References: <48A9932D.3060704@xxxxxxxxxxx> <b8dea49e0808180848l5527dd09kf9da1238ba111427@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

Mac,

For high bandwidth in addition to low latency, you are correct
that commercial anonymity is the only option. However there are a
lot of issues with commercial anonymity, and anonymity that is
not purely P2P designed. These issues can result in worse privacy
if you don't pay attention to the circumstances of your provider.

Beyond that, many of them have high political risk, and high
legal risk so they are not analogous to Tor, which is distributed and
decentralized, barring authoritative directory servers.

Political risk refers to the possibility of integrity being compromised
due the actions of the country or countries in which the network operates
in. A data retention law, for example, would severely hamper efforts in
anonymity. That means providers like relakks, swissvpn, etc turn into a
honeypot. This also applies to JonDos, as the operators are located in
Germany and the EU, which has a data retention directive in addition to
being a plethora of surveillance societies. To battle this, all of your
traffic must be end-to-end encrypted, but can still be subject to traffic
analysis for context. JonDos however is a slightly different beast. This
is because they operate a mixed-trust model. You are trusting the
operators not to do exit node injection, and it also requires rerouting
through three entities because they do not trust each other. In that
way it is similar to tor.

Other commercial networks, that are single entity, typically have one-hop
or two-hop proxies because they are not disguising origination from
themselves, as that isn't in their threat model. Centralized one-hop
proxies should always be avoided for non-trivial communications or
integrity. The known multi-hop proxies are ironkey, jondos, xerobank,
and cryptohippie.

Legal risk deals with centralization of the operation/operators. These
corporations are governed in surveillance societies, or low-privacy
areas, and are instantly compromised if a record is requested by any
agency of authority. Examples of services with high legal risk are
findnot, anonymizer, ironkey, and cotse.

To attain similar anonymity as tor, with a single trust domain
such as a corporation, they would have to be distributed in server
location, and decentralized in operations. This narrows your choices
down to just two choices that I know of: xerobank as mentioned by
rochester and cryptohippie. Both are incorporated in low risk areas,
and have multi-jurisdictional networks.

There are many providers, all with different levels of integrity
and competence, which should be considered by the user. These come
into play with items like the privacy policy, logging, source
availability of software being used, etc. Other issues are what
type of protocol they use. Beware of L2TP alone, as it does not have
encryption, and thus content is exposed, and only context is
obscured. Beware of PPTP, as it is known to leak DNS. On the relakks
network it leaks 100% the last time I checked. SSH is good, but make
sure you are piping your traffic through it. OpenVPN is a good
choice, and so is IPSec, but again you'll need a good implementation
to prevent leaks, which is often OS dependent.

The bottom line is that providers aren't the same, and anonymity has no
metric of measurement for easy comparison, yet. It's all apples to
oranges. Consider what your needs are, who your potential adversary is,
and do your homework before you buy or demo anything. If you don't, in
many cases, you may as well be CCing your traffic directly to echelon,
as many of the providers are being monitored or are known to proactively
provide logs to law enforcement.

Steve

Rochester TOR Admin wrote:
> Since you've come to your own conclusions please go see Xerobank
> http://www.xerobank.com or one of those other services available.
> 
> On Mon, Aug 18, 2008 at 11:20 AM, macintoshzoom
> <macintoshzoom@xxxxxxxxxxx>wrote:
> 
>> PERFORMANCE and freeness from big-bro-s influent area is a must for tor and
>> for the world benefiting tor.
>>
>> JONDONYM, formerly JAP, have just established this.
>> ( https://www.jondos.de/en/ )
>>
>> If tor is incompetent to find HUGE funding for free, it may be time to
>> setup an international tor paid option.
>>
>> Mac.
>>
>>
>>
>

References:
- Paid performance-tor option?
  - From: macintoshzoom
- Re: Paid performance-tor option?
  - From: Rochester TOR Admin

Prev by Author: Re: The pirate bay, torrent and TOR
Next by Author: Re: Paid performance-tor option?
Previous by thread: Re: Paid performance-tor option?
Next by thread: Re: Paid performance-tor option?
Index(es):
- Author
- Thread