[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Harvard student used Tor to send bomb threats, gets caught by old-fashioned policework
I agree that we need to make Tor so simple and so bulletproof that it is not possible to use something like timing to make deductions. The fact that only one student may have used Tor introduces another vulnerability that needs to be removed in some manner. We do need to use examples of people using Tor for evil purposes to learn how to make it useful for people who use it for good purposes. We can not distinguish between the two, but we will never know if we have succeeded unless we have examples of failures.
--
Christopher Booth
On Thursday, January 2, 2014 6:41 PM, Tempest <tempest@xxxxxxxxxxxxx> wrote:
tor@xxxxxxxxxxxxx:
>
> In the spirit of Jake's 29c3 talk, I think we can decide as a community
> not to brush off high-profile attacks against people using Tor with
> arguments like "oh, it was an old Firefox vulnerability and some users
> weren't running the latest available code" or "oh, obviously universities,
> companies, and maybe ISPs retain enough data to make 'standard police
> work' enough to de-anonymize someone using Tor."
"rtfm" applies since info on torproject.org, in addition to other
sources, mentions the threats you are concerned about in regards to
identity correlation. some people will read it. some won't. it should
not take a genius to understand that signing in to any service with
identifying credentials for the purpose of net connectivity is not the
smartest of methods if your networking activity could result in you
being prosecuted. i'm not implying i'm against any steps to make the
process more user friendly. but, in this example of the alleged bomber,
it just doesn't really apply. this is someone who acted in haste without
taking the time to rtfm. as hard as you may try, you cannot protect
against that.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk