Re: [tor-relays] How can we trust the guards?

[Mirimir <mirimir@xxxxxxxxxx>]

On 01/01/2017 11:28 PM, Rana wrote:

<SNIP>

> @Mirimir, @Andreas
>>> This assumes that there is only one entity wanting to do that.
>>> When there are multiple the game isn't that easy.
> 
>> Yes, that is a great Tor feature! Dueling adversaries strengthen
>> Tor against each other.
> 
> That's wishful thinking at best. Assuming that there are enough
> non-colluding adversaries attacking Tor and destroying each
> other's efforts is futile. 

Well, from what I've read, it does interfere with some attacks.

> This is not Blockchain where hundreds of thousands of greedy selfish
> genes are working together for non-collusion.  A practically zero-
> effort collusion of already fully cooperating FIVE EYE agencies (US,
> UK, Canada, Australia, New Zealand) is needed to sprinkle several
> tens of rogue relays every month all over the globe, hosted at
> unsuspected hosters, looking perfectly bona fide. All they need is
> maintain some bandwidth and stability (why not?) and wait 70 days
> and - hop! - they are guards.

That seems plausible. I don't know how the community of relay operators
works. But I suspect that, if you're right, many known and trusted relay
operators must be covert operatives. While that's not impossible, it
would represent a huge investment.

> Sprinkling middle relays is even easier. I am not even talking
> about the broader 14-EYE intelligence cooperation that includes 14
> countries (https://en.wikipedia.org/wiki/UKUSA_Agreement#9_Eyes.
> 2C_14_Eyes.2C_and_other_.22third_parties.22)
> 
> That US agencies are actively working to destroy anonymity of
> (hopefully only selected, but who knows?) Tor users is an
> undisputable fact. Your implicit assumption that Russia is also
> attacking Tor is, however, unfounded. I mentioned that they have
> the resources to do so. Russia has arguably MORE resources that
> the US because instead of paying for hacking services and
> infrastructure all they need to do is threaten to put the
> ringleaders of their internationally renowned criminal hacking
> gangs in jail. There is, however, ZERO evidence that they are
> going head to head with America doing that. They seem to be much
> more interested in attacking weakly protected email servers of DNC. 

Well, who knows? Maybe Russia just has better security. China too.

But whatever. I do agree that guards are a risk. They may be malicious.
And there may be other flaws that permit signaling via circuit
management. So I always use Tor via nested VPN chains. And I tend to
include Russian VPNs in the chains.

<SNIP>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays