[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Metrics in Iran and other countries



On 9/7/2016 9:40 PM, Mirimir wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/07/2016 11:05 AM, Joe Btfsplk wrote:

<SNIP>


#4  The Tor Project is pretty clear that Tor Browser by itself is
probably not enough to provide reasonably reliable anonymity.

Tor Project doesn't make that clear enough, in my opinion.
True. I said they make it clear that Tor Browser probably isn't enough - especially against powerful adversaries. I didn't say they explain in logical order, what else is required. Possible the instructions to make it as anonymous as humanly possible is reserved for the people that mostly pay for it.
Putting tor daemon and userland in separate VMs would have prevented
user compromise. Whonix does that, but there's no mention of Whonix on
Tor Project's site. If you dig around there, you can find old stuff
about the TorBOX project, which Whonix developed from. I have no clue
why Tor Project refuses to even mention Whonix. It's very strange.
It's not that surprising since Whonix isn't part of Tor Project. They do mention it in blogs. But, they mention NoScript, depend on its functionality - and it's not connected with Tor Project. Lots of things they don't mention. From minimal knowledge, Whonix allows Tor to retain entry guard selection across sessions. But could allow certain things to remain in the OS between sessions that theoretically could identify them. Probably very low risk compared to other OSes, considering benefits gained. Still, Tails & Whonix have very small staffs and tiny budgets compared to OS X, mobile OSes or most Linux distros. If it was life or death situation, it'd be hard to trust Tails or Whonix completely.

Where Tails is amnesic across sessions, but loses the entry guard. They do discuss Tails quite a bit. I'm not sure about any network that depends almost totally on unknown relay operators & no way to check the operators out. As if any government couldn't plant agents as relay operators, that could pass the most rigorous, face to face interview, interrogation or background check by Tor Project.

Since it's supposed common knowledge the US Navy or military still uses the network, seems like it'd be very risky for them unless they were *positive* that their enemies - or group - aren't running a substantial number of entry and exit nodes.

One theoretical way they could be sure that aspect is not a huge risk is, if they're positive US agencies are running a substantial number of the relays. Otherwise, aren't they're taking as big a chance as average users? Leaving things to chance doesn't sound like modern military tactics of super powers. I'm sure I missed something.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk