[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and solidarity against online harassment

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor and solidarity against online harassment
From: Jonathan Wilkes <jancsika@xxxxxxxxx>
Date: Sat, 13 Dec 2014 16:57:16 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Dec 2014 16:57:30 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1418507839; bh=oh8TTYorT8pZzrrU3XovOYHNEsWj2+fPepgCRXpBNYc=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=L5kcHztzTTj5n1vybxH7uvKDhbvOusMSpKOZH4cpFVoM4x6vpVC4XuywAtQWxnc7REmp1bd7Ml2jbVYbWrFfAhDfmjo3i7hHmwMlj8dQkohOnwD6OcpCnV+ttkfQH4X+yNDpNG4rwWfDPZlAf8xSeXT8AFb3w+bTfMUdZTm/DtZV9hWoOsGkz4gnCWybTOqZUQFEHRa4Imz6cJtAcHz0Vyf8lNZFwqKOb++xutuVMZPiXdUoavjfCOSsyhM2FMVCpcBeLy10MiWsbLJ5LFkv1Dnvb31/funzh7lesMzqdzfHbnOI/z1D8JyORq/UKBL3njlBMOu+cWN9TKCpb+444w==
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=bfh+TJL1EV/xJ1GVMt3TXP54+w6cAVoX03RTWe2YEVYO5T/o20tykDu/oWQpf+XLtPtoNV+kmYS5q1Xlr3na0Kb3n1ff3dOH2pXsyrvIpj5/HCemxQ8ekvUlH7kHj63m6xzJ2gDi9EX+eUNB+jckjej8JBMy0YB86Z1lJzumJj/VoM12/4IN10H/sjGZib8hRdEoOrtsS/covfad7zZK5gZYQTKZOgR/+AIq29U8UydWDssUrNg11Pcqt7oNcAyB4bakng1noCZSw4wfmHdjytx39FmiA5MpYJ2VN95ctzH3kjhM5WZlISZ21Vqj3+NOeblSQWJcb1Vs0wQjcR5JsA==;
In-reply-to: <548C9BB6.9060506@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20141211220732.GG34412@xxxxxxxxxxxxxx> <CAAS2fgTNWCJcdOq6nd_XJC2e=iPCRxk-a4kiOgxQFnQ+2K8Ahg@xxxxxxxxxxxxxx> <20141211223234.GH34412@xxxxxxxxxxxxxx> <548b322b.0480e00a.1143.ffffb753@xxxxxxxxxxxxx> <20141212192012.GI34412@xxxxxxxxxxxxxx> <548C854C.6070804@xxxxxxxxx> <548C9BB6.9060506@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 12/13/2014 03:04 PM, Mirimir wrote:

On 12/13/2014 11:28 AM, Jonathan Wilkes wrote:

On 12/12/2014 02:20 PM, Roger Dingledine wrote:

On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote:

You might like
https://www.torproject.org/docs/faq#Backdoor

We won't put backdoors in Tor. Ever.

     LOL!

     You work for the pentagon and are subjects of the US state.

     The US government has secret 'courts'  and secretly forces its
     subjects to tamper with all kinds of 'security'  systems, in the
     name of 'national security'.

     Whatever public declamations you make carry very little weight.

Hello Mr. Tor hater,

We get funding from a variety of groups, including US government groups.
We do not "work for the pentagon" but that is a separate discussion and
it shouldn't derail this one.

Hi Roger,
I'm afraid you're going to continue to hit up against this criticism for
the foreseeable future, for the following reasons:
1) The NSA's betrayal of trust on the internet (and its standards) have
all but removed good faith from the equation in the minds of a lot of
people

Yes. It seems that the NSA is aiming to compromise everything. So why
should Tor be exempt? But as others have noted, Tor software and the Tor
network are open to public inspection.


Yes, with two caveats:

* only people with sufficient expertise in network security will auditthe system in any meaningful sense* it excludes the people with sufficient expertise who are undercontract _not_ to release the results of their audit or knowledge ofexploits to the public

  Individual relays, of course, are
not. The NSA and other adversaries can easily participate.

However, Tor is by design a Chaum-style network of untrusted nodes. As
long as one of the three nodes in a circuit is honest, users remain
anonymous. Even simultaneous attacks by non-colluding adversaries can
protect users' anonymity. In order to avoid detection, malicious relays
tend to behave at least somewhat like honest ones. So as long as enough
attackers aren't colluding, they help protect users against each other.
That is very clever.

How does the assumption that enough attackers aren't colluding hold upagainst revelations about the tactics of the Five Eyes?

Either way, it turns out to be extremely difficult to explain thatdesign feature to someone, much less a general audience. And I don'tmean "explain" as in they nod, "oh, right, that's neat." I mean explainsuch that they can repeat the essence to someone else and still betechnical correct in their description.

Because of that, and because of the toxic atmosphere wide-netsurveillance has created, there are a lot of potential Torusers/relay-operators who bail on the idea before even getting to thattechnical description. They're not conspiracy theorists-- they're justpeople who don't get excited about programming cleverness. We can tryto think of more metaphors for them, and make more and moreprecision-guided arguments against the "I-dont-wanna-help-the-bad-guys"meme. But we have to remember that isn't nearly as effective as, "youcan use Network B run by this other group, and it works in a similarway," or, "even Facebook is using it for location anonymity."

2) practically speaking, Tor Browser Bundle _is_ private browsing mode
for the time being.  There is no other game in town (at least in terms
of usability and being gratis)

There are also VPN services and the JonDonym network. It's true that
they're not free, in a usable way.


Right.

  It's also true that they're less
anonymous, although JonDonym is arguably close. And of course, they
can't be trusted.


Right.

  However, they can readily be combined with Tor, in
order to further distribute trust among untrusted nodes.

Tor remains a single point of rhetorical attack here. How convenientthat the government-funded overlay enters the flow-diagram once more!troll the trolls. My point is that the effectiveness of that troll onlystarts to go away once it is Tor OR Software B that can be combined todistribute trust.

So someone looks on your resume and finds a summer at the NSA.  If the
wider free software community was adequately funded to sustainably
research and protect users privacy, that would be that. Tor would take a
temporary hit and Privacy Software B's website would temporarily see
more hits and development effort.

Son las cosas de la vida ;)

Except when there isn't a viable usable free alternative, in which casethe people choosing to steer clear of Tor most likely experience adecrease in privacy. But as far as the dev effort tides, yes.

In the real world, however, there isn't a Software B.  It will be a long
time before even a Debian user can apt-get install and easily use
Gnunet.  Non-technical users see a world of NSA surveillance and a
single usable, well-maintained piece of software available for anonymous
browsing run by people funded by the U.S. government. Conspiracy
theories flourish in that type of climate.  And until there are as many
(effective) private browsers competing with each other as there are
normal browsers, these kinds of attacks will continue to be (at least
somewhat) effective.

Anyway, for those who are willing to listen to a little reason and live
in a country where encryption isn't illegal, here's a Pascal's wager for
Tor Browser Bundle use:

                         Something to hide    Nothing to hide
                         -----------------    ---------------

Tor is a honey-pot:     Tor use is BAD       Tor use is No worse than
not using Tor

Tor isn't honey-pot:    Tor use is GOOD      Tor use is GOOD

Well, it depends on who you're hiding from, and whose honey-pot Tor
might be. But the focus here is the NSA. So, worst case, using Tor is
bad if you're hiding from the NSA. But really, only fools think that
simply using Tor is enough for hiding from the NSA. You need a
multi-layered approach. I write a lot about this.

I write this restatement of the wager mostly for the people who havenothing to hide. "I've got nothing to hide, so I might as well take adip in the anonymity pool."

Of course this doesn't work if Tor use simply lands you in jail, or gets
you disappeared by government agents.  But if that is the case you have
much bigger issues to deal with than private browsing.

Right. Escape might be the first priority.

-Jonathan


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor and solidarity against online harassment
  - From: Roger Dingledine
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Gregory Maxwell
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Roger Dingledine
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Juan
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Roger Dingledine
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Jonathan Wilkes
- Re: [tor-talk] Tor and solidarity against online harassment
  - From: Mirimir

Prev by Author: Re: [tor-talk] Tor and solidarity against online harassment
Next by Author: [tor-talk] phantom protocol
Previous by thread: Re: [tor-talk] Tor and solidarity against online harassment
Next by thread: Re: [tor-talk] Tor and solidarity against online harassment
Index(es):
- Author
- Thread