[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to find trust nodes?



On Wed, Sep 27, 2017 at 3:04 PM, Jason Long <hack3rcon@xxxxxxxxx> wrote:
> How can I sure a Tor node that I connected to it is secure and is not a NSA or CIA node?

Go meet the operator and conduct an anal probe on them
far more intensive and long running than an SF-86 SSBI.
Parallel to that, go image the node, try to find reproducible
source code version to it, and pay $1M for a full audit.
Then go ask Intel / AMD about what's really inside their chips.
Then verify if the chips in the box are what rolled off the fab.

Or note improved odds with tor's multiple hops, plus user
opsec and defense in depth, pursuant to reading whitepapers
detailing exploits against tor and your entire stack and usage.

A non generic answer depends on your use case and
threat model. Once you can articulate those, you'll be
closer to finding an answer. Without them, we probably
aren't able to be of much help.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk