[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and solidarity against online harassment



On 12/13/2014 03:04 PM, Mirimir wrote:
On 12/13/2014 11:28 AM, Jonathan Wilkes wrote:
On 12/12/2014 02:20 PM, Roger Dingledine wrote:
On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote:
You might like
https://www.torproject.org/docs/faq#Backdoor

We won't put backdoors in Tor. Ever.
     LOL!

     You work for the pentagon and are subjects of the US state.

     The US government has secret 'courts'  and secretly forces its
     subjects to tamper with all kinds of 'security'  systems, in the
     name of 'national security'.

     Whatever public declamations you make carry very little weight.
Hello Mr. Tor hater,

We get funding from a variety of groups, including US government groups.
We do not "work for the pentagon" but that is a separate discussion and
it shouldn't derail this one.
Hi Roger,
I'm afraid you're going to continue to hit up against this criticism for
the foreseeable future, for the following reasons:
1) The NSA's betrayal of trust on the internet (and its standards) have
all but removed good faith from the equation in the minds of a lot of
people
Yes. It seems that the NSA is aiming to compromise everything. So why
should Tor be exempt? But as others have noted, Tor software and the Tor
network are open to public inspection.

Yes, with two caveats:
* only people with sufficient expertise in network security will audit the system in any meaningful sense * it excludes the people with sufficient expertise who are under contract _not_ to release the results of their audit or knowledge of exploits to the public

  Individual relays, of course, are
not. The NSA and other adversaries can easily participate.

However, Tor is by design a Chaum-style network of untrusted nodes. As
long as one of the three nodes in a circuit is honest, users remain
anonymous. Even simultaneous attacks by non-colluding adversaries can
protect users' anonymity. In order to avoid detection, malicious relays
tend to behave at least somewhat like honest ones. So as long as enough
attackers aren't colluding, they help protect users against each other.
That is very clever.

How does the assumption that enough attackers aren't colluding hold up against revelations about the tactics of the Five Eyes?

Either way, it turns out to be extremely difficult to explain that design feature to someone, much less a general audience. And I don't mean "explain" as in they nod, "oh, right, that's neat." I mean explain such that they can repeat the essence to someone else and still be technical correct in their description.

Because of that, and because of the toxic atmosphere wide-net surveillance has created, there are a lot of potential Tor users/relay-operators who bail on the idea before even getting to that technical description. They're not conspiracy theorists-- they're just people who don't get excited about programming cleverness. We can try to think of more metaphors for them, and make more and more precision-guided arguments against the "I-dont-wanna-help-the-bad-guys" meme. But we have to remember that isn't nearly as effective as, "you can use Network B run by this other group, and it works in a similar way," or, "even Facebook is using it for location anonymity."


2) practically speaking, Tor Browser Bundle _is_ private browsing mode
for the time being.  There is no other game in town (at least in terms
of usability and being gratis)
There are also VPN services and the JonDonym network. It's true that
they're not free, in a usable way.

Right.

  It's also true that they're less
anonymous, although JonDonym is arguably close. And of course, they
can't be trusted.

Right.

  However, they can readily be combined with Tor, in
order to further distribute trust among untrusted nodes.

Tor remains a single point of rhetorical attack here. How convenient that the government-funded overlay enters the flow-diagram once more! troll the trolls. My point is that the effectiveness of that troll only starts to go away once it is Tor OR Software B that can be combined to distribute trust.


So someone looks on your resume and finds a summer at the NSA.  If the
wider free software community was adequately funded to sustainably
research and protect users privacy, that would be that. Tor would take a
temporary hit and Privacy Software B's website would temporarily see
more hits and development effort.
Son las cosas de la vida ;)

Except when there isn't a viable usable free alternative, in which case the people choosing to steer clear of Tor most likely experience a decrease in privacy. But as far as the dev effort tides, yes.


In the real world, however, there isn't a Software B.  It will be a long
time before even a Debian user can apt-get install and easily use
Gnunet.  Non-technical users see a world of NSA surveillance and a
single usable, well-maintained piece of software available for anonymous
browsing run by people funded by the U.S. government. Conspiracy
theories flourish in that type of climate.  And until there are as many
(effective) private browsers competing with each other as there are
normal browsers, these kinds of attacks will continue to be (at least
somewhat) effective.

Anyway, for those who are willing to listen to a little reason and live
in a country where encryption isn't illegal, here's a Pascal's wager for
Tor Browser Bundle use:

                         Something to hide    Nothing to hide
                         -----------------    ---------------

Tor is a honey-pot:     Tor use is BAD       Tor use is No worse than
not using Tor

Tor isn't honey-pot:    Tor use is GOOD      Tor use is GOOD
Well, it depends on who you're hiding from, and whose honey-pot Tor
might be. But the focus here is the NSA. So, worst case, using Tor is
bad if you're hiding from the NSA. But really, only fools think that
simply using Tor is enough for hiding from the NSA. You need a
multi-layered approach. I write a lot about this.

I write this restatement of the wager mostly for the people who have nothing to hide. "I've got nothing to hide, so I might as well take a dip in the anonymity pool."


Of course this doesn't work if Tor use simply lands you in jail, or gets
you disappeared by government agents.  But if that is the case you have
much bigger issues to deal with than private browsing.
Right. Escape might be the first priority.

-Jonathan

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk