[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and solidarity against online harassment

On 12/15/2014 08:27 PM, Juan wrote:
> On Tue, 16 Dec 2014 12:07:19 +1100
> Zenaan Harkness <zen@xxxxxxxxxxxx> wrote:
>>>> So caution, paranoia, attention to detail, proper assessment of the
>>>> risks and technical foundations/ requirements/ possibilities of
>>>> what TOR can, and more importantly cannot provide, is (in such
>>>> circumstances) of utmost importance.
>>> Yes. I write a lot about such matters.
>>> However, as Jonathan Wilkes noted yesterday, there's a risk of
>>> frightening away users and potential relay operators. For better or
>>> worse, Tor is the best low-latency anonymity network around. In the
>>> short term at least, hurting Tor benefits many enemies of freedom.
>> "Educating new users" must not be allowed to be seen the same as
>> "hurting tor", I'm sure Juan would agree here.
>> "Hurting tor" might not be the best term, but perhaps we can say
>> 'scare-mongering' may cause potential users to run away, thereby
>> reducing our community, and that this is undesirable; I'd hope Juan
>> would agree with this.
> 	Yes, I don't mean to get people who benefit from tor to stop
> 	using it. Or to put it another way : as long as tor weakens
> 	state power, I think it's a useful tool. But, what does the
> 	bigger picture look like? What may happen is that while tor
> 	helps some people in some ways, it also consolidates US* state
> 	power. In that case I think tor is a legitimate target.
> *and the power of 'allied' states too.

Certainly, Tor helps the US and its allies to consolidate their power.
Why else would they fund it? But mostly it helps them to consolidate
their power against other states. It's probably been used against Iraq
and Russia, for example.

But, longer term, what's important is that strong privacy and anonymity
will allow people to just say no to state power.

>> But I have to agree that whenever we see "omg tor is so ponies and
>> freedom", that Juan's voice of "whoah, slow the fuck down guys, Tor
>> and TBB cannot save you from nation-state monitoring, and make sure
>> you're aware of potential problems a b and c" is much better than no
>> genuine voice of caution.
>> And I have to say - every newcomer that appears here, must be the
>> beneficiary of our best efforts in communication, for we simply cannot
>> know if -this-particular- newbie is in need of the most careful advice
>> to be cautious or not.
>> So -because- Tor is the currently most viable "privacy of some level/
>> some sort" newtwork today, we particularly owe it to be diligent and
>> -never- fail to impress upon newcomers what they may need to keep in
>> their minds.
> 	And, newcomers, who aren't likely to know too much about
> 	security take a look at 
> 	https://www.torproject.org/
> 	and see 
> 	"Defend yourself against network surveillance and traffic
> 	analysis." 
> 	Traffic analysis? That's exactly what tor cannot prevent
> 	depending on who is doing the analysis. 

The bit about traffic analysis is ironic, I admit.

But have you read Johnson et al. (2013) Users Get Routed: Traffic
Correlation on Tor by Realistic Adversaries
<http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf>? Here we
have staff of the U.S. Naval Research Laboratory reporting: "The results
show that Tor faces even greater risks from traffic correlation than
previous studies suggested."

>>> There is no question that Tor was developed for the US military.
>>> And the Tor Project is still funded largely (and for argument sake,
>>> entirely) by the US government. But even so, I've seen no credible
>>> evidence that Tor is backdoored or intentionally vulnerable.
>>> It is true that Tor's threat model explicitly excludes global
>>> adversaries, who can break anonymity by correlating entry and exit
>>> traffic. It's also true that some proposed low-latency anonymity
>>> networks may resist traffic analysis far better than Tor does.
>>> However, these are highly technical matters, and there is much room
>>> for debate. I am by no means qualified to have an opinion on the
>>> merits.
>>> One might argue that the US government funding gives Tor an
>>> unwarranted advantage, or even that it suppresses work on
>>> alternatives. As paranoid as I am, that seems unworkable. But of
>>> course, I defer to evidence.
>> Mirimir, your words in this email might make a good start for a "Quick
>> educational caution" which newcomers ought be pointed to, say on the
>> tp.o wiki.
>> To help those who need it stay as safe as might be needed and/ or
>> possible, certainly requires helping them, as early as possible,
>> framing a mindset and certain understandings. Perhaps we can do better
>> on this front.
>> Over to others,
>> Zenaan
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to