[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Escape NSA just to enter commercial surveillance?

On Thu, 14 Jan 2016 22:37:25 +0100
Andreas Krey <a.krey@xxxxxx> wrote:

> On Thu, 14 Jan 2016 14:25:20 +0000, juan wrote:
> ...
> > 	Of course. It's absurd. There's nothing hidden about
> > 	facebook's location so a 'hidden' service is...nonsense.
> You're attacking the name instead of the content.

	I'm not attacking it. I'm simply acknowledging the fact that
	the name is descriptive.

	The purpose of hidden services is to hide the location of
	the server...and that's exactly why they are called hidden

	But now the argument is that hidden services provide better
	authentication than plain https? OK.

> Accessing facebook via the onion service means that you
> know you're talking to facebook directly; 

	Accessing something through a multi hop proxy means
	'directly' for you?

> using facebooks
> via either tor or directly exposes you to the risk of
> being MITM'd, including faked SSL certs.

	The so called 'public key infrastructure' which is maintened by
	the free governments of the western liberal democracies can't be
	trusted? Oh my.

	And the same attacker that can subvert PKI can't subvert

> Even if the NSA is capable of brute forcing the onion key

	...they can impersonate any .onion service?

> facebook itself could build a canary by trying to access
> its own onion service. If the connection ending back up
> with them has strange properties they know something
> is wrong.

	And how would the user learn that? By connecting to
	https://facebook.com .... which can be MITMed too...?

	Anyway, the discussion seems too academic for me.

> ...
> > > NSA would immediately command Facebook to offer the related user
> > > identification.
> > 
> > 	...assuming facebook isn't already fowarding relevant data
> > in real time, all of the time...
> Facebook doesn't necessarily have identifying information on
> their users.

	...Not sure if you're joking? Well, they don't necesarily have
	information on EVERY SINGLE user. Just on the vast majority
	of them...

> Andreas

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to