Thus spake Jonathan D. Proulx (jon@xxxxxxxxxxxxx): > While I do think it's good to see the funding there are two points that > are important to remember. > > 1) this is a freesoftware project the code is there for all to see, > hopefully clueful people other than the US Government are reading it. Yes. The larger threat is that funders can stear funding in a general direction. Say, by prioritizing performance over censorship resistence, or censorship resistence over anonymity research. So far however, it appears that everyone involved is on the same page, and believes that performance, usability, censorship resistence, and general anonymity research are *all* important to our goal. > 2) no matter who's funding it the US gov't could read the code (see > above) and would continue to (potentially) have a near global view of > internet traffic. > > To a large extent freesoftware defends agains the worst abuses funders > can demand (1), but I wouldn't fully trust TOR against China either (2) As an aside, while a global adversary is not something the Tor research and development community feels it is currently capable of defending against in general, there are limits to the ability of even a global adversary to perform accurate dragnet analysis of all Tor traffic. This is primarly due to the Base Rate Fallacy: https://conspicuouschatter.wordpress.com/2008/09/30/the-base-rate-fallacy-and-the-traffic-analysis-of-tor/ http://archives.seul.org/or/dev/Sep-2008/msg00016.html In other words, the average Tor user doesn't have a lot to fear, IMO. However, once you are targeted specifically by a global adversary, or if you are visiting sites that are targeted by a global adversary, your odds of escaping detection do go down drastically. The big problem that Tor faces is that most schemes to protect against this sort of adversary are either costly, unproven, or both. There were a couple of promising papers at PETS this year, but they need to have a bit more time to be reviewed by the research community. They also add non-negligible overhead. http://petsymposium.org/2010/program.php -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpeTewQe23vB.pgp
Description: PGP signature