[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Financial Transparency

For some reason, just the message to which I'm responding below out of
this entire thread got caught in a spam trap that I rarely check (once
every month or three) because it very rarely catches messages I
want. The thread has long ago moved on. I respond inline below, but
feel free to ignore.

On Fri, Aug 30, 2013 at 07:06:57PM -0300, Juan Garofalo wrote:
> At 11:33 AM 8/30/2013 -0400, Paul S. wrote:
> >> >> 1. Respect our efforts on this front. We're doing our best with
> >> >> what we have 2. Provide citations to support your conspiracy
> >> >> theories of Tor's subversion
> >> > 
> >> > Tor is funded by the US government. Your own sources.
> >> 
> >> Indeed, it is.
> >
> >Right. And since no doubt at some point Juan Garofalo or someone else
> >in this discussion will yet again "discover" 
>         But I didn't claim I discovered anything, and if you think I
>         learned about Tor's history yesterday, you are mistaken.

No idea what you have learned when, only what you say. My goal here
though was to preempt anyone participating in or reading the thread
making such a "discovery" hence "Juan Garofalo or someone else in this
discussion". This seemed a valid concern since you mentioned repeatedly
a U.S. government role but did not at all mention that larger history.

>         The fact that I chose to comment on Tor's politics yesterday
>         doesn't mean I haven't been aware of those issues for a
>         (far) longer time...
>         I'm also making the general point that Tor is not useful
>         against 'nation states', which go figure, happen to be the
>         biggest threats to freedom - especially the US state. Is
>         that no news at all? It isn't. And yet it sems to me it
>         needs to be underscored.
> >what we make every effort to be as open and pretty loud about as is
> >practical, Tor isn't just funded by the U.S. government it was
> >designed by U.S. government employees and contractors based on
> >technology invented by U.S. government employees. You might see my
> >"A Peel of Onion" for the history.  It's on my homepage
> >http://www.syverson.org/
> >
> >> 
> >> > Tor doesn't work against a 'global adversary'(that is the US
> >> > government). Your own sources.
> >> 
> >> Note quite global, but at important places. Not sure how
> >> fine-grained it is.
> >> 
> >
> >For the latest developments in making the adversary models and
> >network models as fine-grained as possible and the subsequent
> >analysis you can see our forthcoming paper "Users Get Routed:
> >Traffic Correlation on Tor by Realistic Adversaries".  It's not on
> >anonbib or my own homepage yet, but one of my co-authors has posted
> >the pdf. See http://ohmygodel.com/ And note that some of the issues
> >identified have already resulted in changes to implemented Tor
> >versions. And no Tor isn't perfect.  Design improvements are
> >ongoing. Constructive help would be nice.
>         Thanks for the Johnson pointer.         
>         I'm not sure if/why you're expecting technical help from me,
>         or if it's a rhetorical trick along the lines of "either
>         start coding or shut up"

Please stop constructing rhetorical straw men. I didn't say or imply
either of those things. First, many times when we note that there are
open problems to work on, we note in general that constructive
contributions would be welcome. (Cf. many comments/posts by Roger.)
Sometimes people indicate an assumption that if they are not in some
inner cabal that their helpful contributions are not welcome. It is
thus usually good to remind everyone that the Tor community works in
quite the opposite way.  Most people involved in creating Tor
including, e.g., Andrew Lewman, now Executive Director, of the Tor
Project Inc. first got involved simply by volunteering constructive
suggestions/code/design/etc of one sort or another and then growing
into a larger position. For anyone looking to help, see for example
Second, people who make clueful constructive criticisms of design are
usually amongst the best to ask for help in improving designs. Sorry
if what I said offended by leading you to infer that I thought you
coud be such a person.

> >> > Biggest 'hidden' server on the network apparently taken
> >> > down...by the US government.
> >> 
> >> As it seems this was not the fault of the 'hidden service
> >> system', most likely one hidden-service failed due to the
> >> software that was used, which lead to the takedown of all
> >> hidden-services affiliated with the one that failed.
> >> 
> >> > But you know what? I never said tor was 'subverted' by the US
> >> > government. Tor isn't 'subverted' - it just flawed...by design.
> >> 
> >> Fair enough, if that's what you believe, then please make your own
> >> thing. Create something better than Tor.
> >
> >Right exactly. 
>         Wrong exactly. The argument that I can't comment on what you
>         do unless I run a multimillion sofware project (and 'better'
>         than Tor) is invalid.

Another straw man. Nobody said that. You _did_ say that Tor was flawed
by design without offering any support of that claim.  What you have
not done is comment in a constructive way. If you have only ad
hominems and broad criticisms made without support, then you can
comment, but apparently not usefully. You thus leave people with little
to say beyond, "Sorry you don't like our stuff, maybe you can do
something better." If you have something constructive to say, please

> >See all the research on the issues trade-offs, threats,
> >designs, etc. that Tor Project Inc. employees, government employees,
> >university and corporate researchers, and lots of others have done
> >trying to design for a diverse userbase. www.freehaven.net/anonbib/
> >is a fine place to start. If you can come up with better designs,
> >we would love to have them. 
>         And again the same pointless personal attack. Well, at least
>         you didn't tell me to take my meds and fuck off.

I see no attack in this at all, personal or otherwise. I gave a
pointer to where people can find much of the work that has been done,
which I do think is a fine place to start. And if anyone can come up
with better designs, we _would_ like to have them.

>         The thing is, I do not need to come up with better designs
>         (that can't work anyway against serious adversaries), in
>         order to take a look at what you do.

That is absolutely true, and I never said otherwise.  Many of the good
papers cited above do not provide better designs. They "take a look" at
existing systems to improve our understanding of what those systems
provide and what they do not. Pushing the science forward does not
happen simply by creating new designs. Indeed a field that only
designs and without taking a careful look at how they work and don't
work is not in a good position to determine which designs are better.

>         For what it's worth : trying to have a diverse and big user
>         base, and providing security for all users seems to be
>         impossible. You either provide relatively good security for
>         a small number of sensitive users, or relatively lax
>         security for 'general' users.

Well, much of the above mentioned work, and other work as well
attempts to spell out carefully how much security is given to how many
users of what kind. Can you be more precise about what you mean by
"seems to be impossible". As to your second statement, I simply
disagree. Unless you are talking about something steganographic
or the like, all of my research has generally come to exactly the
opposite conclusion. Cf. my "Why I'm not an Entropist".

> >Please share those rather than the allegations you keep making but
> >offer no support for, such as "Tor isn't 'subverted' - it just
> >flawed...by design."

The appeal remains. And as you noted, you don't need to have designs
to suggest.  Substantiated and constructive critical comments are
welcome too.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to