[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using VPN less safe?



On Mon, 25 Jan 2016 10:25:20 -0500
Paul Syverson <paul.syverson@xxxxxxxxxxxx> wrote:


> "20,000 In League Under the Sea: Anonymous Communication, Trust,
> MLATs, and Undersea Cables" available at
> http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popets-2015-0002.xml?format=INT


	As far as I can see, most if not all of the paper deals with a
	way to organize information about 'network topology' but
	there's no concrete data regarding which
	systems/relays/cables/people/IXPs/ASs/whatever are
	'compromised'.

	...though the section on cables and cooperation between so
	called nation states seems to suggest that virtually all the
	world's infrastructure is 'compromised'?
	
	Also, is there a more concrete analysis of what can be
	achieved by monitoring traffic on those cables? Specifically,
	how easy it is for your government to find users and especially
	servers in the tor network or similar networks (i2p, freenet
	etc)


	There's also mention of 'user beliefs' and 'trust'. That
	strikes me as weird. You seem to be saying that routes
	can be choosen according to users' beliefs, not according to
	real world facts? It doesn't matter if system X is hostile,
	what matters is what the user believes about system X? Am I
	missing something? 

	And what's the engineering definition of trust? And the units
	used to measure it? 
 

> 
> This is ongoing evolving research. This is not ready for deployment
> for everybody's Tor clients to do their own trust-aware route
> selection.  And, one of the observations of this work is that you
> should probably always use the default settings unless you have
> specific other adversaries in mind and understand how diverging from
> the pack will affect you.  What this work will do is help people who
> want to use different route selection choices to understand those
> choices, and it will eventually impact the default and alternative
> route selections built into the Tor software.  
> 
> It also focuses just on route selection.  Tor does other things to
> diversify trust.  For example, Tor's binaries have for the last few
> stable releases reflected reproducible (or determistic) builds, which
> means that people can independently verify that the officially
> distributed binaries are compiled from the officially distributed
> source programs. If they did not match, anyone could test and expose
> that.  See
> https://blog.torproject.org/category/tags/deterministic-builds
> 
> aloha,
> Paul

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk