[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Iran cracks down on web dissident technology

On 3/21/2011 2:39 PM, Paul Syverson wrote:
On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote:
Last comments for a while. (All I have time for, sorry.)  I'm just
going to respond to specific issues about system threats and the
I appreciate your comments & the work of all involved w/ Tor. I read the papers you linked, though I've seen most of the material in various places.
I will not join in the speculation about what governments do or why.
Perhaps you should, because at least one govt seems to be steering the boat. Therein lies the problem (not you, specifically). My comments & MAINLY questions, weren't about typical or even very sophisticated adversaries. They concern WHY any govt would continue funding an anonymous communication project that in today's world, very real enemies can use against said govt, in a very real way, if the govt has no way to monitor it? One should ask, "Why would they do that?" It doesn't make sense unless there's more to the story. Also, in terms of adversaries against something like Tor, any advanced, well funded govt dwarfs the most sophisticated adversaries. Many govts have unimaginable technology & resources as well as legal (or not so legal) authority to demand info (from ISPs, etc.) that no typical adversary would.

The threat models, discussion of thwarting various attacks, safety in numbers, etc., are all based on assumptions like, 1) the adversaries don't have unlimited time, resources & $. That assumption is out the window if an adversary is a large govt. 2) The adversary doesn't have access to (some) info going IN and OUT of a network like Tor. Not valid for a govt. They can get what they want from ISPs - and have. The info may be encrypted going in, but they can see you're accessing a Tor node. A large govt could ALSO monitor every single exit node (& may).

There's NO comparison between people looking at open code, universities or organizations doing small studies on flaws in Tor, etc., and capabilities of a large, advanced govt. So please, I'm not talking about how many people or universities look at Tor.

Advanced govts no doubt have incredible technology regarding breaking encryption. Not a typical adversary. Since Tor was developed BY a govt, and since many talk about one of its greatest values is to allow people in "repressed" societies to communicate freely, the adversary those users need to be most concerned about, is probably the one MOST likely to breach Tor's anonymity. I doubt most people think Tor's main purpose is to hide communication between two cheating spouses.

A govt helped develop Tor for SPECIFIC reasons (we probably don't know all of them) & still funds it. Then for users around the world counting on Tor for protection from their govts, the govts would have to be considered as one of the main adversaries to Tor. Either the US is really dumb for developing a system, perfect for enemies to use against them (kinda doubt that) or there's more to the story.

I don't pretend to know the answers, but know when to ask questions. For all I know, the US wants the enemy to use Tor for plotting, thinking they're anonymous, when they're not. No one's answering my specific questions, possibly because if they knew them, they'd be in top level govt positions, sworn to secrecy. For those doubting any of this has any merit, are you still waiting for them to find WMDs in Iraq?

tor-talk mailing list