[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security on EC2

On Sat, Feb 4, 2012 at 8:09 PM, Marco Gruà <kork@xxxxxxxxxxxxxxx> wrote:
> with https://cloud.torproject.org/ actively promoting it,
> I have been thinking about Tor vs. EC2 for a while.

I'm unqualified to say anything about the specific questions wrt VM
system security... but I thought it might be worthwhile to offer a bit
of caution related to risk saliency.

Whatever risks you decide exist in EC2 here probably also exist in
many other services (certainly ones that are similar to EC2, but
probably also in ones that look less like it). Arguably they exist in
all cases where the operators don't have physical control over the

If these risks are discussed as risks of EC2, rather than more general
risks of virtualization, or systems owned by third parties then people
may avoid EC2 in favour of alternatives which are less secure in

If I were a hostile force which was able to compromise some hosting
providers but not EC2, raising public concerns about the security of
EC2 specifically would be a smart tactic on my part. :)

Food for thought.
tor-talk mailing list