[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Some legal trouble with TOR in France



On Sat, May 13, 2006 at 10:02:41AM -0700, Eric H. Jung wrote:

> Given the recent enlightenments about the US National Security Agency's
> illegal activities (gathering millions of telephone records from
> average citizens, etc), what is the technical feasibility of the NSA or
> other governmentt organizations establishing modified tor nodes/servers
> which track activity and use?

Why do you have to modify anything if you tap upstream, and do
full traffic analysis? Or install a rootkit which phones home,
though that is detectable in principle (not something I could
detect, but again: remember the threat model Tor was designed
for).

If your node runs outside your control (and not even
on tamper-proof hardware) clearly anyone who cares enough
can get at the data. But this comes at a cost, and if someone
spends a lot of effort to decipher what turns out perfectly
legitimate traffic then Tor's already fully validated in my book.
 
-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature