[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity



Well, let's see this:

> 1) compute the cost of global traffic analysis.  we have big data mark
> to put a ball park on it, but the point is: the cost is non zero and
> non trivial.

We already know from the Snowden releases that the physical infrastructure for this is in place.  That it spans at least 33 nations covering all major fiber links.  Within the US, all traffic is copied verbatim at major exchanges.  In other nations, metadata can be shared to complete the picture.

We know that the physical infrastructure and regulatory frameworks are there, thus that must be going somewhere and as its metadata, that implies traffic analysis.

So, its a patchwork model and the costs are spread across many nations and information sharing to isolate sites is policy driven.



Regards,

Mark McCarron

> Date: Sun, 29 Jun 2014 16:14:18 -0700
> From: coderman@xxxxxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and	Anonymity
> 
> On Sun, Jun 29, 2014 at 2:24 PM, Juan <juan.g71@xxxxxxxxx> wrote:
> > ...
> >         You´ve been officially threatened by one of the ´leaders´ of the
> >         ´tor family´ for (unlike me) politely point out tor´s obvious
> >         flaws.
> 
> 
> "pointing out obvious flaws" - as in, "it's so easy to protect against
> traffic analysis!  just make one end invisible!"
> 
> ?
> 
> ...
> 
> in the interest of adding even a minuscule bit of signal back to this
> discussion, let's get technical.
> 
> 1) compute the cost of global traffic analysis.  we have big data mark
> to put a ball park on it, but the point is: the cost is non zero and
> non trivial.
> 
> 2) compare to other mechanisms of compromise, whether through remote
> exploitation, technical surveillance, surreptitious physical access,
> etc.
> 
> 3) compare to possible *well researched/designed* solutions against
> traffic analysis.
> 
> 
> 
> the math appears to be #1 is expensive on already maximized
> intelligence community budgets.  possible?  of course.  actually
> applied?  not so clear.[0]
> 
> re #2, it is cheaper in every sense, to pwn the application layer and
> end point directly. this is well documented by years of industry
> experience, and more recently through covert budget details leaked.
> 
> 
> finally, #3: this is fucking hard! to point a fine point on it.  if
> you've designed and implemented a low latency traffic analysis
> resistant anonymity protocol with great usability and modest
> requirements please post here with the info; i for one would love to
> see how you solved a few of the hard details involved. ;)
> 
> 
> best regards,
> 
> 
> 
> 
> 
> 0. i have more to say, but also en route to Paris.  'till then,
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 		 	   		  
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk