[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor project website change

Excuse my bad English, probably I'm not writing correctly.

In the mail of 28 March 2019 11:06:07 CET, from grarpamp, I read:


a 501(c)3 US nonprofit.
With rather curious amounts of potentially highly
user adversarial funding sources.

Il 29/03/19 14:36, Mirimir ha scritto:
On 03/29/2019 06:07 AM, dns1983@xxxxxxxxxx wrote:
I'm not in the position to talk about the architecture or other
technical aspects because I'm not expert enough. I don't say that the
network doesn't have problems.

But i think that some things you said are a bit of stretch; for example,
why adversaries should finance tor project and publicly it if they have
a malicious intent?
Where do you see that? I've reread his post several times, and see
nothing about "adversaries should finance tor project". It is true that
some criticize Tor because it was originally a US Navy project, and
still gets funding from US governmental entities. But that's not an
argument that I recall grarpamp ever making. Unless he's juan, anyway.

It would be interesting to me to know what other people think about what
you said.
The main thrust of his criticism, as I interpret it, is that Tor
explicitly doesn't protect against global passive adversaries. Let alone
global _active_ adversaries, such as the NSA. As I understand it, that
reflected both "it would be too hard to do that, without unacceptable
latency and traffic overhead" and "they don't likely exist, or if they
do, they're our friends".

Some systems have been proposed that use padding and chaff to make
traffic analysis harder. But as grarpamp says, it'd be hard for the Tor
Project to implement stuff like that in the existing Tor network. Much
harder than the v3 onion upgrade, anyway. And the other side of it is
that Tor works well enough that implementing one of the newer designs
seems unlikely. Given that potential volunteers are working on Tor.

Il 29/03/19 03:08, grarpamp ha scritto:
On 3/28/19,dns1983@xxxxxxxxxx  <dns1983@xxxxxxxxxx>  wrote:
I think you are affected by cognitive bias.
Tor is effected by lack of external thought.

You are blindly looking only for bad things.
Your adversaries are assuredly looking at those things and more.
If you are not looking at them, you're done in mate.

Of course the network is not perfect, but is the best we have
That's apologist talk to avoid clean slate researching
and creating better architectures, even to the
then at that point possibly legit point of being
able to actually make that declaration.

and we should make our best to improve it.
Tor is and will always be 20 year old architecture
from time before current adversary models were
say matured if not known. Tor's relatively
simple and effectively static with only marginal
improvements left. And has outright traded off
and/or discarded design models that others
might not today.  (And obviously Tor arch cannot
be substantially changed while still calling itself Tor.)

Before declaring Tor sufficient against today threats
you need to analyse it against today threats
vs new networks being research and deploy
against today threats.

trying to delegitimate everything.
Those concerned with messengers vs
messages are prone to miss some dead canaries.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to