[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity



On Sun, Jun 29, 2014 at 2:24 PM, Juan <juan.g71@xxxxxxxxx> wrote:
> ...
>         YouÂve been officially threatened by one of the Âleaders of the
>         Âtor family for (unlike me) politely point out torÂs obvious
>         flaws.


"pointing out obvious flaws" - as in, "it's so easy to protect against
traffic analysis!  just make one end invisible!"

?

...

in the interest of adding even a minuscule bit of signal back to this
discussion, let's get technical.

1) compute the cost of global traffic analysis.  we have big data mark
to put a ball park on it, but the point is: the cost is non zero and
non trivial.

2) compare to other mechanisms of compromise, whether through remote
exploitation, technical surveillance, surreptitious physical access,
etc.

3) compare to possible *well researched/designed* solutions against
traffic analysis.



the math appears to be #1 is expensive on already maximized
intelligence community budgets.  possible?  of course.  actually
applied?  not so clear.[0]

re #2, it is cheaper in every sense, to pwn the application layer and
end point directly. this is well documented by years of industry
experience, and more recently through covert budget details leaked.


finally, #3: this is fucking hard! to point a fine point on it.  if
you've designed and implemented a low latency traffic analysis
resistant anonymity protocol with great usability and modest
requirements please post here with the info; i for one would love to
see how you solved a few of the hard details involved. ;)


best regards,





0. i have more to say, but also en route to Paris.  'till then,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk