[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]

On Thu, Dec 15, 2005 at 02:35:06AM -0500, Roger Dingledine wrote:

> But even so, once we have a sense of what sorts of attacks are likely,
> we can also start looking at some specialized padding techniques for
> Tor users to blend together better without paying too high a price in
> overhead. The goal is not to beat arbitrary statistical attacks, but
> to increase false positives (and maybe false negatives) with respect to
> specific attacks.

Roger, the current Tor experience is already terrible as it is.
It would be far more urgent to implement quality metrics 
(throttle abusers and favor people who donate lots of bandwidth),
and only then to limit the entry barreers (Tor plugin for
browsers, simple one-click installation, NAT penetration, whatever) to
draw in more users. Injecting chaff will only drive the network
into unusability for interactive use, so only abusers with robots
are left. Please don't go there.

The current directive (which is not yet even binding law, until
passed locally) asks for logs -- on the side of commercial providers.
So your ISP sniffs Tor traffic (it's a lot of traffic), and sends
the logs to fur-browed knuckledraggers somewhere. What are they going
to with it?

They're not TLAs. TLAs may very well consider Tor broken (in fact,
I've heard such hints through the grapevine), do I care very much?

Not really, it's not my threat model. I just want to maintain
some privacy online, and not be subjected to profiling and censorship. 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature