[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor and Financial Transparency
Juan Garofalo:
> For what it's worth : trying to have a diverse and big user base, and providing security for all users seems to be impossible. You either provide relatively good security for a small number of sensitive users, or relatively lax security for 'general' users.
i have to disagree here. TOR is an anonymity network, and those require
a diverse and big user base as what is commonly referred to as the
anonymity set. only if that set cannot be targeted as a group (for
whatever reason), the whole thing makes sense and actually protects
anyone using it.
TOR is in an arms race on the obfuscation front, hence all the hassle
with bridges and so on. if/when using tor is outright outlawed (ohai,
russia?) in your jurisdiction, that is a problem.
right now, the general idea is that if lets say, lawyers, doctors and
priests made a point of using TOR, these "bona fide" groups would
protect the rest of the user base from action against all users since
they are "legally protected", "part of the establishment" or "too much
of a PR disaster as targets".
that being said, yea, there is a problem with the global passive
adversary that we have to assume NSA and "friends" to be. and i don't
really see a viable technical solution so far. not saying there aren't
any, mind you.
beyond the technical realm however, and aside from reigning in the
security deep state that has metastasized throughout the west (which
needs to be done, but it will take a lot of time), what a system like
TOR needs to become more robust in the passive adversary context is
political hacking that makes it possible to run exit nodes in really
diverse places, away from networks owned by corporations with offices in
the Five Eyes member states, because the design does hold merit against
local passive adversaries.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk