[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Network diversity [was: Should I warn against Tor?]

On Fri, Jul 19, 2013 at 9:45 AM, adrelanos <adrelanos@xxxxxxxxxx> wrote:
> Seems like high latency mix networks failed already in practice. [1]
> Can't we somehow get confidence even against a global active adversary
> for low latency networks? Someone start a founding campaign?

So have low latency ones, some things fail.  Today you'd answer that
concern by running your high latency mix network over tor (or
integrated into tor) and so it cannot be worse. Answering the "you
need users first, and low latency networks are easier to get users
for" concern.

The point there remains that if you're assuming a (near) global
adversary doing timing attacks you cannot resist them effectively
using a low latency network.  Once you've taken that as your threat
model you can wax all you want about how low latency mix networks get
more users and so on.. it's irrelevant because they're really not
secure against that threat model. (Not that high latency ones are
automatically secure eitherâÂbut they have a fighting chance)

On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger
<tortalk@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> but going much further than that may well decrease your security.
> How, actually?  Iâm aware that what Iâm doing is a departure from
> network diversity to obtain anonymity.  Iâm excluding what I
> consider unsafe based on my current understanding.  It might be that
> in the end Iâll be unable to find anything that does not look unsafe
> to me.  I donât know what then.

Because you're lowering the entropy of the nodes you are selecting
maybe all the hosts themselves are simply NSA operated, or if not now,
they be a smaller target to compromise.  Maybe it actually turns out
that they all use a metro fiber provider in munich which is owned by
an NSA shell company.

In Germany this may not be much of a risk. But if your logic is
applied to someplace that is less of a hotbed of Tor usage it wouldn't
be too shocking if all the nodes there were run by some foreign
intelligence agency.
tor-talk mailing list