[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A security concern about Tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx, hack3rcon@xxxxxxxxx
Subject: Re: [tor-talk] A security concern about Tor.
From: Jan <tor-list@xxxxxxxxx>
Date: Sat, 21 Dec 2019 11:14:35 +0100
Autocrypt: addr=tor-list@xxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBE6vxMQBEADQd2/1clVIt3IUqYtOxNgmEo++DAPNzQYsCnG392GBrvLl4sNjwpVYAPJE eV4CHogGdr7kq8Ga3ONstozQdqd3gD/fW1V1RR+hRJFrpwBYYPPAsk8hEc0roUTvDBlbKKnt GYiXMqg6FYSYWIxQb8Vz0UB7xMDpYMXh9n2qiPNGn8DM2qS8wfyub4A8SATREnpGx7F6zG6z 6AjE2BhkxlfexZeIa8MZhbid9y5ElOQBZXdUlGaEKqRyhYKrZ7jr0FLtU/pZsMtVqxWP26Rv +RBozJUPj0JJ/jsv1muWuA6nDi5Wdd+ZRxYyMEEGURo7AVRyVRP1TGJmlVHIn7kIeeS1euU/ P3qMnfcqNfEo6tXHRXGawGJD+1Sqqh/+xvqN66/EDC+OWRx2VvIIuu/35XCAonVmGhOcrxYx ZqV1SGyv1a+flElAwd9T4bmi5cY/EzQMri16pA6E7Wic2tDPAKblxgaQn97wo0oeosSu3vZ1 PlyqzQo+H9mgzZAyRZUdsekMnmCp6CZJtnrfj6KPPElpRFYIslXnCTlJVBT+Jtz2e5cOaLyi VrcFZ+edYS8MDlbltIAsxOQQpi53LPJl8TGvxyQRJf8pgI4Q27sWmXybcMKr5DY6EyM5xDHD crpBTcmtaoz5krEqEMlhf4nd4Utd/3qg1qopisZG4FKmyobdGQARAQABtBpKYW4gTHVlaHIg PHlhbm9zekBnbXgubmV0PokCVQQTAQoAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW IQSPVgd1S6S00f3qtLkW4dEgCkycrgUCXcvkggUJEt6GuAAKCRAW4dEgCkycrrDcD/4zI7Wr 883NLF0L02TnpmkA9CGNC/fzKBOeYz9cALogxbYuavJ2N7VnCE93KOW2iom5HFwLC6dE5f3/ CWxiqzbMnVso6pY2mHer24eaJGRvUXDtNnbjEtYfgYbz2MxLowwuDU0RboGpn0XpDL/16Wh/ t39fPzJDbHJQzzgg7VZFKg+5c1aZ2HxYZm+v1TETYT3+GP7GkGy+vGTblwPS1QR1QzUFzQtP /O2dMH7A4AlJ42xKOvZ/3k5CbERPT91F7V+RZ8vbYUmHKzBcIOfLqWwhUXxGxvb4Vd+anG0U CKZthLnzOOHj5oHb8OxE3TZ+1GxbwOI6fslVTYvBSl4tgQ4IMcSnukWAhq9fNcufoq3Q9Gvi JkFzkechDN5pRwqDARYavB+jMrrTnnlqkw4F5QRihOTGNceuPOLN4LjuKOXsmWQ4KiFh3o4e EkqBp06IDICwnYRJHVLXJSSA5lITVkqfDoyylFqfwwhiIs115Km4OjwdlnvOoIW0todl22xq ZMWxdutR9Yf/f4Txr+o+LPBfmsLNWIOjVegIBBCsPmM5edI3YFY1T06qETb62Gs6e60dhKpZ SwtnOSKWfNnCcd+xUmHjfqZMYY8dWk9+ZGMJgaXLrfI42R9S9f4PeJv7gkHAxOHMCUbkyOw+ JoykXVE/oKpUFudfekCLZVup8aN1b7kCDQROr8TEARAAza0UA5cGXzZ/d/Fgx8uXuM5nlzeG iUeKUWyN71DzdAadNwLHhWGl3CEx06Aaz4W44pITgo5yTAg3bUzMEc2tcSubgC5s3+iA6ExC 45Qk15/K+WfWZHVvy3MniyZi8Em+QOMz7ViC3kKQko/NFCbzQ1z8HZ8v90zxJtNG91LvT7fM A1JDTiSSHvPaQlSALBZrAh+fNmvxoHhHDnOOY8vkWvcAkaPaz5Wcn1Xl31HWkHjfA9r3noBY OqMJLGwTuvP+PfMwUHiIsvQRTXZHT5CmwdBEU0oacaXzuMRawGwpI49pXqM1kywTvfYUntIp Or3gut8IgTftDJ7u1/Bi8mdXCtL6c4NEb89yYx/iSOkFWiRx9C3cEd+WO+3lxu6OHnTdoW2F RXYDJkGb9jWZPfyjAadeL4IyaAwI97s9R74lRAGTRKMAS9bYYvYNNV6/cGCXvoAJ/9PIVSsl rV7v3K3UAH4WpiruLVkHbCYN5gE/CCR3amTVN+DJZAeEs5NHMOtpeEMZACOzaUgOcAJMACS1 ++8gcRp6+T2wK3mkFuRhgrLJKjibBBdpCghVr1qiX9srLqqAZeohji9C00qEzf8GJDMwX8+S EBT5aH85TDimvlx30L6RKXPzi58zU6qJXvYI4ikwS/m293+N/0GyKSur1illQAvVL7wJYgxP 9tgZdgEAEQEAAYkCPAQYAQoAJgIbDBYhBI9WB3VLpLTR/eq0uRbh0SAKTJyuBQJdy+SXBQkS 3obTAAoJEBbh0SAKTJyuGWgQAJZaMAqSs7lud7cW10GcZPeuLakqj3VTfN0UwTHDubRloY0Y 380kYBRdYmDpE4MPMvEwUi/SFLe8ui7r9KSN7PmgB0y3pRFbRKy6+vWWEgBs5hGYTOQ6zvs1 Fv1u/kvTKQA9TRbCQuo26zinQ1U4JYuAyO5BaCqtmPf11lDqILQUMDXbMzfelxMd1GSYCiuG sNHfi0OpAMJdArB9pFY1uOCbQc4GWUsty+rZs1yCLN4SY//wTaviy74y2sI7gyLzpvXQWkSx t2pOayS6Exuplma2eeGr4n0Jm01b30RgZBCVIDH5uHohoc/fEkOQEsOSjx9UaMkoNmEnZy7C I/2xKwS4G0/R60Pb7Qm0zWkDOsMtBwkMz/K+e9u6/5Nc8rdME/ACh7EnVA9v3w4BreDsUTbq rAOfsMt0PLEw5pn95PhtWUAQ9DLbGVwQkYvkJNc/x5m05VS3MwOBQz8IuVxwIw6jU0OdT+Sv RIE+GMOQdS6KUaioCzoMC+uY8tOOOOiFL1Hvva49eetn8r0qe7/RsQrD/CY8OxV3z7U+Rhkt KSal32LMbLpgaRB0MPlqNXgah/UMapjAFKe8ayjl/SR3PbpwKeoXv0DeVOyD58oBNz3CCoB1 G/+jPCLS94I5c5vKWAgeF1ZXtlwHwz3yQe0BxWJwAFaegu19FdOEa5uBBzPQ
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 22 Dec 2019 23:27:35 -0500
In-reply-to: <895048769.5631971.1576524528650@mail.yahoo.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <895048769.5631971.1576524528650.ref@mail.yahoo.com> <895048769.5631971.1576524528650@mail.yahoo.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0

Hei,

Am 16/12/2019 um 20.28 schrieb Jason Long:
> Hello Tor Team,
> I read some articles about Tor security 

Personally, I consider tor being a privacy tool and not a security tool:
To some extent, you can control to what extent personal information
(e.g. ip-address, browser) is known to the community.

Security is a process involving many steps (e.g. threat modelling), that
cannot be provided by tor alone. Maybe tor helps, maybe not. This is
context-depended.

> and some of them said that if the governments see your real IP address then they can't see
> the Tor traffic or websites that visited by Tor and if they can sniff Tor traffic then they can't see your real IP.
> Is it true?
> How Tor team members are sure about it? If the governments use any special devices for sniffing Tor traffics then why
> they should reveal it?

From my (rather not-so-close) point of view, much users get identified
by compromised end-devices and by their habits.

Some governments are not that reluctant on expressing their ideas
regarding purchasing information on security vulnerabilities.
Some intelligence agencies are rather proud of their
"cyber-capabilities". Some platforms (e.g. Android) an very insecure (a
bunch of critical problems each and every month, hardly patched by
device vendors).

Habits can relate to side-channels (e.g. payment, credit-cards, e-mail
addresses logged into) or data mining (e.g. analyzing texts using
Support-Vector-Machines).

IMHO "special devices" can be placed at access or core networks,
injecting exploit-payload. Some ideas have been exposed in the recent
years (Snowden / Hacking team)

> If a user use the Telegram messenger with Sock5(Tor) proxy, then is it secure?

IMHO you cannot reason about security without having a threat model
defining it. Thus: no.

Greetz,
Jan

-- 
There's a ripped off cord
To my TV screen
With a note saying:
"Im not afraid to dream"
-- Donkey Boy, Crazy Something Normal
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] A security concern about Tor.
  - From: hack3rcon

References:
- [tor-talk] A security concern about Tor.
  - From: Jason Long

Prev by Author: Re: [tor-talk] A security concern about Tor.
Next by Author: [tor-talk] A security concern about Tor.
Previous by thread: Re: [tor-talk] A security concern about Tor.
Next by thread: Re: [tor-talk] A security concern about Tor.
Index(es):
- Author
- Thread