[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project 2008 Tax Return Now Online



Thus spake Jonathan D. Proulx (jon@xxxxxxxxxxxxx):

> While I do think it's good to see the funding there are two points that
> are important to remember.
> 
> 1) this is a freesoftware project the code is there for all to see,
> hopefully clueful people other than the US Government are reading it.

Yes. The larger threat is that funders can stear funding in a general
direction. Say, by prioritizing performance over censorship
resistence, or censorship resistence over anonymity research.

So far however, it appears that everyone involved is on the same page,
and believes that performance, usability, censorship resistence, and
general anonymity research are *all* important to our goal.
 
> 2) no matter who's funding it the US gov't could read the code (see
> above) and would continue to (potentially) have a near global view of
> internet traffic.
> 
> To a large extent freesoftware defends agains the worst abuses funders
> can demand (1), but I wouldn't fully trust TOR against China either (2) 

As an aside, while a global adversary is not something the Tor
research and development community feels it is currently capable of
defending against in general, there are limits to the ability of
even a global adversary to perform accurate dragnet analysis of all
Tor traffic.

This is primarly due to the Base Rate Fallacy:
https://conspicuouschatter.wordpress.com/2008/09/30/the-base-rate-fallacy-and-the-traffic-analysis-of-tor/
http://archives.seul.org/or/dev/Sep-2008/msg00016.html

In other words, the average Tor user doesn't have a lot to fear, IMO.

However, once you are targeted specifically by a global adversary, or
if you are visiting sites that are targeted by a global adversary,
your odds of escaping detection do go down drastically.

The big problem that Tor faces is that most schemes to protect against
this sort of adversary are either costly, unproven, or both. There
were a couple of promising papers at PETS this year, but they need to
have a bit more time to be reviewed by the research community.  They
also add non-negligible overhead.

http://petsymposium.org/2010/program.php



-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpeTewQe23vB.pgp
Description: PGP signature