[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Metrics in Iran and other countries
On 9/7/2016 9:40 PM, Mirimir wrote:
True. I said they make it clear that Tor Browser probably isn't enough
- especially against powerful adversaries. I didn't say they explain in
logical order, what else is required.
Possible the instructions to make it as anonymous as humanly possible is
reserved for the people that mostly pay for it.
-----BEGIN PGP SIGNED MESSAGE-----
On 09/07/2016 11:05 AM, Joe Btfsplk wrote:
#4 The Tor Project is pretty clear that Tor Browser by itself is
probably not enough to provide reasonably reliable anonymity.
Tor Project doesn't make that clear enough, in my opinion.
It's not that surprising since Whonix isn't part of Tor Project. They do
mention it in blogs. But, they mention NoScript, depend on its
functionality - and it's not connected with Tor Project. Lots of things
they don't mention.
From minimal knowledge, Whonix allows Tor to retain entry guard
selection across sessions.
But could allow certain things to remain in the OS between sessions that
theoretically could identify them. Probably very low risk compared to
other OSes, considering benefits gained. Still, Tails & Whonix have
very small staffs and tiny budgets compared to OS X, mobile OSes or most
Linux distros. If it was life or death situation, it'd be hard to trust
Tails or Whonix completely.
Putting tor daemon and userland in separate VMs would have prevented
user compromise. Whonix does that, but there's no mention of Whonix on
Tor Project's site. If you dig around there, you can find old stuff
about the TorBOX project, which Whonix developed from. I have no clue
why Tor Project refuses to even mention Whonix. It's very strange.
Where Tails is amnesic across sessions, but loses the entry guard. They
do discuss Tails quite a bit.
I'm not sure about any network that depends almost totally on unknown
relay operators & no way to check the operators out. As if any
government couldn't plant agents as relay operators, that could pass the
most rigorous, face to face interview, interrogation or background check
by Tor Project.
Since it's supposed common knowledge the US Navy or military still uses
the network, seems like it'd be very risky for them unless they were
*positive* that their enemies - or group - aren't running a substantial
number of entry and exit nodes.
One theoretical way they could be sure that aspect is not a huge risk
is, if they're positive US agencies are running a substantial number of
the relays. Otherwise, aren't they're taking as big a chance as average
users? Leaving things to chance doesn't sound like modern military
tactics of super powers. I'm sure I missed something.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to