On Wed, 16 Oct 2013 19:42:41 -0500 Joe Btfsplk <joebtfsplk@xxxxxxx> allegedly wrote: > On 10/16/2013 4:50 PM, Roger Dingledine wrote: > > On Sun, Sep 01, 2013 at 10:10:56PM -0400, Roger Dingledine wrote: > >> > >> Yep. They're part of the Tor research community. I have plans for > >> writing a blog post about the paper, to explain what it means, > >> what it doesn't mean, what we should do about it, and what > >> research questions remain open. > > Here it is: > > > > https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters > > > > --Roger > I read the paper - good job. Some of it will be over the heads of > some, but that's unavoidable unless make it 10+ pages, in newbie > language, then few would read it all, so... > I'm not bashing Tor here, so leave your pitchforks in the barn. Just > asking questions, making observations that may / may not have an > answer or even be useful. > > One thing jumps out, Tor doesn't know for sure who's running Guard or > exit nodes - & can't unless they start doing (regular, repeated) > extensive personal interviews, background checks, giving polygraph > tests, injecting sodium pentathol to those wanting to run nodes. I > guess more so for Guards. There are so many things wrong with this thesis that it is difficult to know where to start. There is the obvious point that there is no entity called "Tor" who can know anything about anything. There is only a community of developers, researchers, system administrators, relay operators etc, some of whom are known well (or partly) to others. So there is no entity "Tor" which can undertake your "checks". Nor is Tor just a set of software, processes and infrastructure. It is a disparate community of people who place (varying) degrees of trust in other people. Users trust that the software does what is supposed to do, that the developers know what they are doing, that there are no exploitable (deliberate or accidental) flaws in either the software or the architectural model. And yes, they trust relay operators to provide "safe passage". To suggest that some (who?) set of the Tor community should subject some other part of the community to some form of vetting which includes (your words) "(regular, repeated) extensive personal interviews, background checks, giving polygraph tests, injecting sodium pentathol" is offensive in the extreme. And in my particular case you could kiss my relay goodbye. Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk