[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 29 Jun 2014 16:14:18 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Jun 2014 19:27:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=CJoZmxacsoU1I/ba9Zd2q3+iB878UkofGBHwImNb1vU=; b=kpmEz4bKiYjSxaTkEilTjzuTdGBStxjnt8FaiM1jD0TfXxUhQKUjpxBKSaXarSxf/r ApqgvQz18LYNPxXvrJlH+OZNd9eyVvOqrtWWXPHCUKLehPJxrgyHi8eFgAJUx98RKjfF Vz8j311vgBXn0ZbKOTHhr8H3vs/4nc7DZrTibl7gu/ZyLascbeB5uOJGC4cJgdTkgFkF cZYgWfjy4Fx3j7zNRKJ6PzMByNER8pvE3+T7J2TMiKfQpXBgs+a5EOC5J3xyvl2YyPJD yzctJK2DzkIpCf+tO1ChR918477McXsFgjGKS+Yg2BnrlYky4kUIvCKiT3zoMPhuDNZt 3pEQ==
In-reply-to: <20140629182427.00004bd3@unknown>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJVRA1Tydi5nB544ggjZM2BvPXC=zGr_8AReO0qP_pxQ3me4UA@xxxxxxxxxxxxxx> <CAD2Ti2_F_Zbt8uL5s=hNXaNapnof2KSOPZFVgN3B-qxp5JtQqA@xxxxxxxxxxxxxx> <CAJVRA1QzUniu3cLgqLitZR7tp4TchrqD+Ak_Os0Hrm2Oe9aScw@xxxxxxxxxxxxxx> <DUB121-W20A3812716DFD202050E82C81B0@xxxxxxx> <20140627153801.0000732c@unknown> <CAJVRA1SWot6NxuTQp+KTYRz-f2HWy0S+N=CHRQ2aWgeX1j_5Lg@xxxxxxxxxxxxxx> <20140628111900.00000808@unknown> <DUB121-W272A32F9E91A912C390F4FC81A0@xxxxxxx> <CAOsGNSRgZfy7Z5UgNeDR5pR1E4n2zkB2U9=2w8uQhUfw+C_Raw@xxxxxxxxxxxxxx> <DUB121-W1569A0B26038589393C77C8050@xxxxxxx> <20140629123120.GG7408@xxxxxxxxxxxxxx> <20140629182427.00004bd3@unknown>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, Jun 29, 2014 at 2:24 PM, Juan <juan.g71@xxxxxxxxx> wrote:
> ...
>         YouÂve been officially threatened by one of the ÂleadersÂ of the
>         Âtor familyÂ for (unlike me) politely point out torÂs obvious
>         flaws.

"pointing out obvious flaws" - as in, "it's so easy to protect against
traffic analysis!  just make one end invisible!"

?

...

in the interest of adding even a minuscule bit of signal back to this
discussion, let's get technical.

1) compute the cost of global traffic analysis.  we have big data mark
to put a ball park on it, but the point is: the cost is non zero and
non trivial.

2) compare to other mechanisms of compromise, whether through remote
exploitation, technical surveillance, surreptitious physical access,
etc.

3) compare to possible *well researched/designed* solutions against
traffic analysis.

the math appears to be #1 is expensive on already maximized
intelligence community budgets.  possible?  of course.  actually
applied?  not so clear.[0]

re #2, it is cheaper in every sense, to pwn the application layer and
end point directly. this is well documented by years of industry
experience, and more recently through covert budget details leaked.

finally, #3: this is fucking hard! to point a fine point on it.  if
you've designed and implemented a low latency traffic analysis
resistant anonymity protocol with great usability and modest
requirements please post here with the info; i for one would love to
see how you solved a few of the hard details involved. ;)

best regards,

0. i have more to say, but also en route to Paris.  'till then,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: coderman
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mark McCarron

References:
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: coderman
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: grarpamp
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: coderman
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mark McCarron
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Juan
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: coderman
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Juan
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mark McCarron
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Zenaan Harkness
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mark McCarron
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Roger Dingledine
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Juan

Prev by Author: Re: [tor-talk] hardware acceleration OK or not?
Next by Author: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
Previous by thread: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
Next by thread: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
Index(es):
- Author
- Thread