[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor notice

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor notice
From: andrew@xxxxxxxxxxxxxx
Date: Tue, 10 Aug 2010 00:11:01 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 10 Aug 2010 00:11:07 -0400
In-reply-to: <AANLkTimGhsBNLkmPuAEG051MkwY6rPUnH=mmaY-4LTya@xxxxxxxxxxxxxx>
Mail-followup-to: or-talk@xxxxxxxxxxxxx
References: <AANLkTimGhsBNLkmPuAEG051MkwY6rPUnH=mmaY-4LTya@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacemarc@xxxxxxxxx wrote 0.4K bytes in 9 lines about:
: why in every Tor version (a/b/stable) there is "Do not rely on it for
: strong anonymity"? If not Tor, what should we use for strong
: anonymity? excluding Freenet and cryptography apps.

The challenge here is to define "strong anonymity". A possible current
definition is a state of not being identifiable within an anonymity set.
This anonymity is considered strong if it is resistant to all known
attacks on anonymity.

I think Roger wrote that line in the source to simply remind people that
Tor has a defined threat model, given the anonymity research field
is still growing, and that low-latency anonymity is inherently open to
some attacks, tor is not strong anonymity.

Tor raises the bar for de-anonymizing you to many attacks on your
anonymity on the actual internet today. This is a fine place to start
to understand what Tor does and does not provide,
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#AnonymityandSecurity

Many other tools simply state they are anonymous, without mentioning any
of the R&D on current anonymity attacks, their success probabilities,
and design flaws. If you're interested in learning more about the
current state of the field of anonymity in research, start here;
http://freehaven.net/anonbib/full/topic.html

All tools have design goals and threat models. Many just don't clearly
state what these goals and threats are to the user, but brush it under
the rug as perfect anonymity, or some other hyperbole.

Disclaimer: Roger, Nick, and Steven are the anonymity researchers,
their opinion overrules mine.

--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype: lewmanator
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Tor notice
  - From: Jim

References:
- Tor notice
  - From: spacemarc

Prev by Author: Re: Legal response to real abuse
Next by Author: Re: Restricted Exit Policy Port Suggestions?
Previous by thread: Re: Tor notice
Next by thread: Re: Tor notice
Index(es):
- Author
- Thread