[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] German BND 2010: Tor Unsuitable

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] German BND 2010: Tor Unsuitable
From: krishna e bera <keb@xxxxxxxxxxxxxx>
Date: Thu, 21 Sep 2017 12:11:24 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Sep 2017 12:13:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyblings.on.ca; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=JHnPjJKgLhLr6Y6l1XfyjVuXG1ZtuPQ9gBLFX5+3Gq0=; b=jk1OeNizYNbYvFc3vYE3HcwMOvJS450tjjCSacrNMKL6HMn/2+crzRf+6GCQXeVr4N Ks57sr4Dr6GMWbkNMnQCwsfkSjElbRhysVoM/T462LtMWp7h3OWkEGqpCAgZyZFwAUbS iwXZNoecUQbE1L2mzJcg/QZEczLyWIhY1opns=
In-reply-to: <CAD2Ti28jNGre-dQ-pjyLgPEB-XLoJRFcmaZndNE3rKdmRB5GdQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD2Ti28jNGre-dQ-pjyLgPEB-XLoJRFcmaZndNE3rKdmRB5GdQ@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

On 21/09/17 11:25 AM, grarpamp wrote:
> https://netzpolitik.org/2017/secret-documents-reveal-german-foreign-spy-agency-bnd-attacks-the-anonymity-network-tor-and-advises-not-to-use-it/
>
> 
https://netzpolitik.org/2017/geheime-dokumente-der-bnd-hat-das-anonymisierungs-netzwerk-tor-angegriffen-und-warnt-vor-dessen-nutzung/
> https://www.reddit.com/r/TOR/comments/71cxy2/secret_documents_reveal_german_federal/
>
> 
https://www.freehaven.net/anonbib/cache/SS03.ps
> https://www.freehaven.net/anonbib/cache/timing-fc2004.pdf 
> https://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf 
> http://www.spiegel.de/media/media-35540.pdf 
> http://www.spiegel.de/media/media-35541.pdf 
> http://www.spiegel.de/media/media-35543.pdf 
> http://www.spiegel.de/media/media-35538.pdf 
> http://www.spiegel.de/media/media-35540.pdf 
> https://assets.documentcloud.org/documents/801433/doc1-1.pdf 
> https://assets.documentcloud.org/documents/1342115/timeline-correlation-jeremy-hammond-and-anarchaos.pdf
>
> 
https://edwardsnowden.com/wp-content/uploads/2014/04/2009-sigdev-conference.pdf
> 
> 
> A global passive adversary
> 
> Like all low-latency anonymity systems used in practice, Tor cannot 
> protect against „a global passive adversary“. This is defined in the 
> design document. The software documentation warns: „If your attacker 
> can watch the traffic coming out of your computer, and also the 
> traffic arriving at your chosen destination, he can use statistical 
> analysis to discover that they are part of the same circuit.“ The
> goal of NSA’s and GCHQ’s internet surveillance is to achieve exactly
> that.
> 
> A number of researchers have demonstrated this attack in practice, 
> either by simply counting transmitted packets, by analyzing time 
> windows, or correlation attacks with only a fraction of traffic. All 
> this research is public. The spy agencies followed this research,
> used it for their own purpose and turned theoretical vulnerabilities
> into real-world surveillance systems.
> 
> Very high level of surveillance
> 
> One and a half years later, the BND warned German federal agencies
> not to use Tor. The hacker unit „IT operations“ entitled its report:
> „The anonymity service Tor does not guarantee anonymity on the
> internet“. The six-page paper was sent to the chancellery,
> ministries, secret services, the military and police agencies on 2
> September 2010.
> 
> According to the executive summary, Tor is „unsuitable“ for three 
> scenarios: „obfuscating activities on the internet“, „circumventing 
> censorship measures“ and „computer network operations for
> intelligence services“ – spy agency hacking. The BND assumes „a very
> high level of surveillance within the network“


Well of course, they want to make it easy to monitor all government
traffic and discourage the public from using encryption, but as far as i
was aware Tor is still one of the best tools available and forces TLAs
to up their game.
What do they recommend for their own online communication in 2017?
Sorry i can't read technical German.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] German BND 2010: Tor Unsuitable
  - From: grarpamp

References:
- [tor-talk] German BND 2010: Tor Unsuitable
  - From: grarpamp

Prev by Author: Re: [tor-talk] How to find trust nodes?
Next by Author: Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
Previous by thread: Re: [tor-talk] German BND 2010: Tor Unsuitable
Next by thread: Re: [tor-talk] German BND 2010: Tor Unsuitable
Index(es):
- Author
- Thread