[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
On Sat, Jun 28, 2014 at 09:38:05PM +0000, williamwinkle@xxxxxxxxxxxxxxx wrote:
> I don't understand what Schneier means by this:
>
> "After identifying an individual Tor user on the internet, the NSA
> uses its network of secret internet servers to redirect those users
> to another set of secret internet servers, with the codename
> FoxAcid, to infect the user's computer."
Right. This is why Bruce's choice of phrase "identifying an individual
Tor user" is a poor one. Probably the better phrase would be "seeing a
flow on the Internet that they decide they'd like to attack".
Jake and I talk about the issue more in our 30c3 talk:
http://media.ccc.de/browse/congress/2013/30C3_-_5423_-_en_-_saal_1_-_201312272030_-_the_tor_network_-_jacob_-_arma.html
One of the big issues I'm still unhappy about is that they say they
never attack Americans, yet something like 13% of Tor users are coming
from America, and if you attack 1000 Tor users, statistically you can't
really say that you've never attacked an American.
And as some of the other posts in this thread explain, one of the main
features of Tor is to make it hard for you to decide *which* Tor user
you're looking at, if you only see the flow coming out of the exit relay.
Now, I'm sure they have a secret interpretation of some law that lets
them conclude they've never attacked an American, so trying to fight
this by saying they've broken the law may be a losing battle.
Also, if you happen to be not an American, all this discussion of whether
they're "really" attacking Americans or not makes you pretty angry,
because from that perspective you've already been hung out to dry.
Here are two plausible approaches I've heard for how they decide whether
to attack a given flow: a) some website out there is so bad that they want
to attack every user going to it; b) they collaborate with the website,
so when the user logs in to the account they want to target, they launch
the attack. And of course, if the website doesn't use https or doesn't
use it enough, they don't even need to collaborate with the website,
since if they're watching the flow alreadty they can just watch it login.
You might also like
http://arstechnica.com/security/2013/10/how-the-nsa-might-use-hotmail-or-yahoo-cookies-to-identify-tor-users/
where I put a lot of energy into explaining the issues to Dan.
Hope that helps,
--Roger
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk