[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Financial Transparency

On 09/12/2013 03:13 AM, Juan Garofalo wrote:

>         I made a concrete point. Tor doesn't protect individuals from particular* governments. You replied with a general truism of sorts : It's better to have more security than less security. Well, yeah, true. But that doesn't address my point, I think.  
>         *first and foremost, the US government and its 'allies'.

My response was not a general truism. It was an important lesson for
users of any system, that there is always a weakness, always an exploit,
even if Tor were engineered itself to protect from all adversaries.

I remember when the FBI arrested one member of Lulzsec by sitting
outside a potential suspects house, sniffing his wifi (potentially by
cracking it?), and seeing that there was a lot of traffic to Tor
entrance nodes. If he had only uses ethernet or a VPN to wrap his Tor
connection, it would not have happened. This is not a flaw in Tor (that
Tor does not do a better job in obfuscating entrance nodes), this is
just the reality of atoms and flesh.

When I work with Chinese and Tibetan activists, and they can actually
get an obfs3 bridge connection working inside of China, they are happy
to have it, but know it is only a matter of time before the IP is
scanned and blocked. I am eager for all of the various pluggable
transport R&D to help expand this time window to days, weeks and months,
but I am under no impressions that any implementation will solve the
problem forever. It will just force the Chinese surveillance system to
spend more processing power, more money, more energy. That is NOT a flaw
in Tor.

>         I mean, you don't think the topic is interesting and it's been discussed multiple times. Why bother replying then.

I think you have something useful to contribute, and seem like a
thoughtful person. I am just became interested in trying to push the
conversation to somewhere different than the usual territory. If you are
not interested in that, then EOM.

>> >I am just trying to steer the conversation into more
>> >interesting territory. I think you are making good points about the
>> >perception of Tor by some users ("Always Anonymous From Everyone All of
>> >the time!!!") and the reality. 
>> >Perhaps we can talk about then what Tor
>> >can do to better communicate this to users, so they can make their own
>> >decisions.
>         I'm not sure I fully grasp what you're getting at. I personally am presenting a skeptical view of Tor but maybe it's just me, in which case you don't really need to better communicate anything to other users. 
>         If on the other hand there's a more general skepticism regarding US military projects, then maybe yes, you should try to make a better case for Tor.

If we are still at the point where you are calling Tor a "US military
project" then I am not sure I can make any case that would satisfy you.

Google is a US Military Project (see USG/DARPA funding of Standard
Digital Library research in the 1990s), yet you are using Gmail, you
find value in it. If you have a mobile phone, that is largely the result
of a US Military Project (World War II), and is clearly a tool for mass
surveillance and logging. Perhaps you do not use one? Maybe.

Ultimately, I come at this as an activists looking for tactics and tools
to help me win. I am not a cryptologist, I am not a mathematician. I
believe myself clever enough, and the people I support, to use these
tools in a way that provide maximum benefit, and outweigh their risks.

Tor does a better job than any other technology product that exists to
maintain my faith that the technology does what is says on the box. That
is the best case I can make for it.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to