[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor's startup anonymity warning (was Re: quick question)

     On Fri, 12 Sep 2008 05:42:53 -0400 Roger Dingledine <arma@xxxxxxx>
>On Fri, Sep 12, 2008 at 04:25:30AM -0500, Scott Bennett wrote:
>>      Right.  And that reminds me of an old question.  When tor starts up,
>> it logs a standard disclaimer about being experimental software, don't bet
>> your anonymity on it, and so forth.  Is there an intended release number or
>> date by which that disclaimer is expected to be changed or deleted from tor?
>When Tor 1.0 is released, and we understand good clean metrics for
>anonymity, and we're satisfied with the amount that all of our users
>achieve. :)
>Given the rate of discovery of great new attacks on anonymity designs
>in general, I am not optimistic that this will be anytime soon. :(
>But we can continue to do better, and we're doing pretty well -- Tor is
>already the best option out there. We mostly leave the warning there
>as a disclaimer to make sure that nobody gets suckered into believing
>that just because they installed Tor they are now totally immune from
>all possible worries.
>It makes me a bit sad that we might be pushing users onto the commercial
>snakeoil anonymity systems who studiously avoid admitting that there
>could be possible attacks. But I would feel a lot more sad if we joined
>the ranks of the folks trying to brush everything under the rug.
>The fact is that the state of the art in anonymity isn't yet to the point
>where we can use an anonymity tool without understanding the details of
>where and how you might be vulnerable. One day.

     Roger, thanks very much for taking the time to write this down.
I know someone who tried tor and gave it up within days, citing that
message as one of his reasons for doing so.  I'll forward your response
to him.
>But all of that said, the current phrase "This is experimental
>software. Do not rely on it for strong anonymity" probably doesn't
>capture the above very well. How can we improve it?
     Give me a few days to ponder it in odd moments.  (I'm pretty odd,
so I'll probably have some moments to spare for it.:-)  I'll write up
something short and post it here when I have something ready for potshots.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *