Thus spake Mitar (mmitar@xxxxxxxxx): > > This is related to the "if you remove Tor from the world, you're not > > really reducing the ability of bad guys to be anonymous on the Internet" > > idea. > > This could be then analog argument as saying that if you remove one > weapon factory from the world, that there would be no difference? But > one after another and there will be. > > I cannot buy an argument saying that because situation is bad there > should be no small improvements where there could be. That's not what we're saying, but I suspect you may just be trolling. You're certainly straw-manning... > > various other techniques people have developed over the years to deal with abuse. > > Then tell me which techniques have we developed which prevent > pedophiles to use hidden Tor services? Which techniques have we > developed which prevent somebody to blackmail somebody else over Tor > network and stay anonymous? Which techniques have we developed which > can help found out which are other people in terrorist group and trace > their communication, once we discover they use Tor? The same techniques that law enforcement use when these same sophisticated adversaries use black market compromised botnets: http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_digital_forgeries.html http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html In these cases, police need to do police work: gathering technical data and examining content for evidence to aid in the investigation; and infiltrating groups and performing stings (for which they often use Tor). > > It depends where your jerks are coming from. If your jerks are all obeying > > every law and showing up from their static non-natted IP address, then > > yes, routing address is definitely related to identity. But if your > > jerks have ever noticed this doesn't work so well for them, they may > > start using other approaches and suddenly you're back needing to learn > > about application-level mechanisms > > Because current protocols were done just to solve technical problems > and not also law or other "society" problems. For example, HAM > operators and their networks had, before they started their packets > networks, already laws in place requiring them that each packet should > also contain call-sign of responsible person/station. OK, in this > particular case (as far as I know) this is not cryptographically > enforced (but this is a technical thing) but it still shows that laws > like this can work. So if countries (like they cooperate on ACTA) > would declare that it is illegal to send or route or relay any packet > without information about responsible person for it things would be > much different. You think criminals obey the law? Both China and South Korea have instituted fully authenticated "internet drivers licenses", and not only has cybercrime not vanished, it continues to flourish and profit from new markets that trade in these credentials and the use of authenticated connections through proxy. Even a fully cryptographically secured and authenticated Internet would still be *just* as vulnerable to abuse, all other things being equal. Grandma could even be required to have her iris scanned before entering her bunker to use her military-grade encrypted, authenticated PC that is otherwise disconnected from the Internet while her iris is not available. But as soon as she scans her iris, the malware on her machine would wake up and inform its masters that it is ready to do their bidding. The only way to really curtail these social problems is to properly address their root causes. Taking freedoms away seems like an easy quick fix, but in reality, there is no gain, only more insecurity. This is why Tor is not part of the problem. In fact, its use by law enforcement for stings, infiltration, and investigation indicates it is also part of the solution. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpJbk3z6RE6n.pgp
Description: PGP signature