[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Iran cracks down on web dissident technology



On Mon, Mar 21, 2011 at 10:09:43PM -0700, Mike Perry wrote:
> Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx):
> 
> > On 3/21/2011 2:39 PM, Paul Syverson wrote:
> > >On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote:
> > >Last comments for a while. (All I have time for, sorry.)  I'm just
> > >going to respond to specific issues about system threats and the
> > >like.
> 
> > I don't pretend to know the answers, but know when to ask questions.  
> > For all I know, the US wants the enemy to use Tor for plotting, thinking 
> > they're anonymous, when they're not.  No one's answering my specific 
> > questions, possibly because if they knew them, they'd be in top level 
> > govt positions, sworn to secrecy.  For those doubting any of this has 
> > any merit, are you still waiting for them to find WMDs in Iraq?
> 
> Despite Lucky closing the thread in response to your conspiracy theory
> in favor more productive matters, I didn't get enough sleep last night
> to be productive, so I feel like trying to inject some reason into
> this thread.
> 

I think you also did a nice job of finding the Tor relevance buried
therein. I'll respond to those parts where I think I might have
something to contribute.

> 
> To distill your argument down, you've said so far:
> 
[snip]
> 
> 4. Governments have inconceivable power.
> 
[snip]
> 
> You seem to have somewhat independently argued that #4 means that Tor
> cannot be trusted against (any) large government(s). This,
> unfortunately, may be true for some governments. Extremely well funded
> adversaries that are able to observe large portions of the Internet
> can probably break aspects of Tor and may be able to deanonymize
> users. This is why the core tor program currently has a version number
> of 0.2.x and comes with a warning that it is not to be used for
> "strong anonymity". (Though I personally don't believe any adversary
> can reliably deanonymize *all* tor users, for similar reasons as
> detailed here: http://archives.seul.org/or/dev/Sep-2008/msg00016.html
> but attacks on anonymity are subtle and cumulative in nature).
> 
> 
> The goal of Tor is to balance the interests of as many different
> parties as possible to provide distributed trust, and to raise the
> amount of resources that any one adversary must have before it can
> compromise the network. Academic research also focuses on ways to
> improve the network characteristics of tor to defend against
> wide-scale observation (think dummy traffic and Paul's topology
> research), but so far none of these approaches has proved either
> robust or lightweight enough to actually deploy.
> 
> In fact, the best known way we have right now to improve anonymity is
> to support more users, and more *types* of users. See:
> http://www.freehaven.net/doc/wupss04/usability.pdf
> http://freehaven.net/~arma/slides-weis06.pdf
> 

Distributing trust is also not just the number and diversity of users
(and relay providers) but how they are related in intentions and other
things. When going up against The Man*, you can't just assume a
uniform distribution on relays, users, and network links between those
wrt likelyhood-of-being-run-by-a-hostile/resilience-to-attack/etc
Which means numbers and even diversity isn't the whole picture. I go
into more on this in "Why I'm not an Entropist". It is also the basis
of the trust-based routing we have been working on, which is basically
how do you route if you consider the possibility that significant
portions of the network might be under the view/control of your
adversary even if the network has 10000 relays.

And since I'm really going to try to resist responding any more to
this thread, Thanks Mike for your other message containing the stab at
a soundbite-sized and coherent expression of what I was trying to say
about how the non-tech-savvy could trust Tor with the best
justification to effort ratio.

> 
[snip]
> 
> Of course, it still is concerning that any entity that can fit into
> argument #4 might be able to break tor, but hey, it's still 0.2.x.
> We're working on it ;).

Right. See above.

-Paul

*My name for a nation-state/organized-crime/your-favorite-big-scary
adversary. Gratis to Nick for enthusiastically liking this name in a
partially related discussion on trust based routing models and thus
encouraging me to use it.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk