[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and solidarity against online harassment

On 12/14/2014 09:28 PM, Paul Syverson wrote:
> On Sat, Dec 13, 2014 at 01:04:06PM -0700, Mirimir wrote:
> [snip]
>> However, Tor is by design a Chaum-style network of untrusted nodes. As
>> long as one of the three nodes in a circuit is honest, users remain
>> anonymous. Even simultaneous attacks by non-colluding adversaries can
>> protect users' anonymity. In order to avoid detection, malicious relays
>> tend to behave at least somewhat like honest ones. So as long as enough
>> attackers aren't colluding, they help protect users against each other.
>> That is very clever.
> No Tor is not a Chaum-style network. It is an onion routing network not a mix
> network (See "Why I'm not an Entropist" http://www.syverson.org/entropist-final.pdf)

Thanks for the correction. It was misleading to muddle Chaum and OR. I
was trying to make the point that participation by adversaries is part
of Tor's risk model, and isn't inherently fatal to anonymity. True?

> And in particular, it is not as secure as the security provided it its strongest,
> most honest node in a circuit.

I'm not sure that I understand this. I appreciate that malicious nodes,
exploiting design limitations and bugs, can deanonymize users. And I get
that having one honest node per circuit (no matter how honest and well
configured) doesn't prevent that. Is that it?

> End-to-end correlation works just fine even if everything betweent eh entry
> and exit relasys is honest and well performing. (See "Users Get Routed:
> Traffic Correlation on Tor by Realistic Adversaries"
> http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf.

Yes, users get routed when an adversary owns both entry guard and exit,
or can intercept their traffic. Optimistically, that's a fixable design
limitation. Pessimistically, it's an inherent limitation of low-latency
anonymity networks.

But either way, none of this is evidence that Tor has been backdoored by
the US government. Your work is an excellent counterexample.

> The last comment of the paragraph is correct however.


But I wonder which one. "That is very clever." doesn't add much. More
important is "So as long as enough attackers aren't colluding, they help
protect users against each other." Is that arguable? To me it seems a
key aspect of the design.

> aloha,
> Paul
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to