[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project 2008 Tax Return Now Online

Thus spake Anon Mus (my.green.lantern@xxxxxxxxxxxxxx):

> >1) this is a freesoftware project the code is there for all to see,
> >hopefully clueful people other than the US Government are reading it.
> Unfortunately, whilst there are clueful people watching the software, no 
> one has yet decided to publically produce and share a modified version 
> of this code which protects from a Global Adversary who is analyzing the 
> traffic (real time or.not).
> I await that day, but believe it will not be soon, because it would be 
> foolish to take on such a task, only to have the Tor project themselves 
> then radically change the code and so as to make the unofficial 
> modification obsolete.

You're right, that's exactly why the work hasn't been finished yet.
Everyone smart enough to do it realized that we'd just cause git
conflicts with their work. They'd be foiled once and for all. ONCE AND

It has nothing to do with realizing that the best designs for these
sorts of networks to date still aren't certain to be foolproof or
fast, or that completing and proving such a design to be secure and
scalable under a useful threat model would be at least a master's

It has nothing to do with realizing that any naive padding solution
would be instantly broken, providing a unique fingerprint for everyone
using it, while *still* not providing substantial actual protection of
their traffic.

It has everything to do with the fact that the conspiracy is SO VAST
AND OPPRESSIVE that everyone smart enough to do this project realizes
that we'd just break their commits and there would be NOTHING THEY

Tor: 1, You Guys: 0.

It's great being on the inside.

> >2) no matter who's funding it the US gov't could read the code (see
> >above) and would continue to (potentially) have a near global view of
> >internet traffic.
> Well its obvious that who funds it get to make the decision as to what 
> anonymity "protection" gets put in.

I see you've been reading between the lines on our monthly status
reports, our roadmap docs, our trac projects, our specifications, our
proposal process on or-dev, our TODO files, and so on. Very clever of

For those not as swift as our detective here, the evidence (with full
revision history) is hiding in plain sight at:


The conspiracy is really too obvious in retrospect, especially if the
likes of you were able the figure it out. 

We should be more careful with our future conspiracies. This has been
noted in our files.

> So if you were the Global Traffic Analysis Adversary then you would 
> distract, delay, deny and defend lack of protection from your analysis. 
> If you also funded the project then that would make that task easier.

Don't forget all the University professors and grad students doing Tor
research independent of the Tor Project. They are paid off to keep
quiet, too. Most of them have island beachfront property (but under 
black ops front company names, of course). It's a pretty sweet gig.

> So whilst there is no protection in Tor (by official policy) from the 
> Global Traffic Analysis Adversary (aka US -GOV) then you can expect to 
> unmasked for every usage you make of Tor. Unless of course, you were the 
> US -GOV in which case you can add that protection into your Tor nodes 
> and Tor clients.


Of course, you could add that same protection in too. But, then, of
course, we'd break your commits. This is the one advantage of
sponsoring Tor. The US Gov't quickly realized that otherwise, we'd
break their commits too. They had no choice, really. 

It really is the best revenue model for Open Source Development yet.
We should write a book, if it weren't so damn secret...

> For instance if I were US - GOV (i.e. it was my job to spy on your 
> traffic) I would, at the very least,

You know too much, Mr. Anon Mus. The Adversary has been alerted.
Prepare to be silenced (if we're lucky).

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpqNalhis4s7.pgp
Description: PGP signature