On Sat, May 13, 2006 at 10:02:41AM -0700, Eric H. Jung wrote: > Given the recent enlightenments about the US National Security Agency's > illegal activities (gathering millions of telephone records from > average citizens, etc), what is the technical feasibility of the NSA or > other governmentt organizations establishing modified tor nodes/servers > which track activity and use? Why do you have to modify anything if you tap upstream, and do full traffic analysis? Or install a rootkit which phones home, though that is detectable in principle (not something I could detect, but again: remember the threat model Tor was designed for). If your node runs outside your control (and not even on tamper-proof hardware) clearly anyone who cares enough can get at the data. But this comes at a cost, and if someone spends a lot of effort to decipher what turns out perfectly legitimate traffic then Tor's already fully validated in my book. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature