[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Question for those who say "Tor is pwned"



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 6/20/2016 6:35 PM, juan wrote:
> On Mon, 20 Jun 2016 18:07:12 -0500 Anthony Papillion
> <anthony@xxxxxxxxxxxxxxx> wrote:
> 
> I see a lot of people talking about how Tor is pwned by the US 
> Government and is insecure 'by design'. I'm assuming that they
> know this from a thorough analysis of the source code,
> 
> 
>> No. You don't need to look at the source code to know that 
>> 'people'(the US gov't) who can monitor traffic going into the tor
>> network and out of it can correlate the traffic and 'deanonymize'
>> users.
> 
>> It should also be obvious, for instance, that if an attacker 
>> happens to control the 3 nodes used to build a circuit, he can 
>> also 'deanonymize' the user.

True. However, I'm not sure how that's a 'pwned by design' thing
(which ascribes malicious intent to the Tor Project). You know who is
to blame for the 'owning the route' problem? We are. How many people
use Tor but won't run a node of their own? And. yes, I realize that a
lot of people might not be technical enough to run one but there are
places you can pay to do it for you.

>> All that has nothing to do with any 'vulnerabilities' or 'bugs'
>> in the code.
> 
>> Other basics facts about tor, like the users are being abused as
>> cover by the US military, are matters of basic logic. If you are
>> the US military and create an 'anomity' network, and you're the
>> only user, your network is useless. You NEED a 'diverse user
>> base' to hide your criminal activity.

But, if you are the US military and you were designing a network to be
'insecure by design', using route owning is a really crappy way to do
it. Essentially, anyone can deanonymize anyone. Even the mighty US
Government isn't safe because, what's stopping China from deploying
even more nodes than the US and thus being able to deanonymize US
spooks using the network? It would be a never-ending game of
one-upsmanship that would, essentially, result in greater security for
users. And, if they're doing that, why aren't more US spies being
busted by China or Chinese spies being busted by the US? Oh, I know!
They are just keeping /really/ quiet about it so we don't suspect that
Tor is compromised, right?

Don't get me wrong, I don't believe there are no problems with Tor.
But I think we need to look at how such ownership would work in
practice. Ultimately, it would end up in a major international
competition that would benefit users.

Anthony


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXaIEyAAoJEAKK33RTsEsVvcMP/2KhPmTUrQEaBe0wQxbP8cFd
wlLlrOkIm2gvnkm3TAiZZuWJP61vZTT1zeOKabr3jaU3pgIMJMu6z74mtxThgReb
GgyDpvdIDUo6XoH/kBTawhXmXzqCBFg905Vkg8uuM8hmpwlTeD61RyZB+9u4h+CR
zzoqdfX5XNv1Qw8R2Q0HD0ue3kEN0QJ4rIl7i+N4K8eFcH2mvElj6rHkN/SqsiZJ
xnpzNDFpm3e0rrUNbcIjyl0Q/nfuSv3smmE1e1rmfhHBEIgq07kqhnl7szx7yW7L
+x4a1fW2k9S7mEqi+Sobv6Zj2truCgEGJqUKTWuytav9EvRTBezd67HGa1fiYJ71
Td1HRuvDzf8FLIfYYM8+H1kDRoYVkDGagT3n/U+nDN7WRE24y6Tw8cZzZA1QOd95
kOzTDTNSF7CNuq98KRqt5dtSlzvvko0lPvoK82PjPlxiVNroCxzxbYGqv0KaFBgn
JeDc8YaKMpuGhiit8BpFVf8uB0FMxqcI3NfD2z5Fvs+kXEhxJoOqoe2DkMCsqdOe
FDAwQEZxkQ/8VGp8qUpnZI40/tkCezQq/47PTkb0WX1riD2VKJxgb64X/26Vm/po
SCam467JCPEytUhFKL7nhqITtX8AKTdb+zyB0EAACcaZgJHR4XhJH6atqlIebVMC
5MW2aEdAD8DVIQEKikCI
=D27J
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk