[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Tor in Mexico
On Wednesday, November 16, 2011 12:08 AM, "Gozu-san" <gozu@xxxxxxxxxxxx>
> On 15/11/11 23:39, Mondior Folimun wrote:
> > On Monday, November 14, 2011 12:37 AM, "Gozu-san"
> > <gozu@xxxxxxxxxxxx> wrote:
> >> On 12/11/11 20:50, Mondior Folimun wrote:
> >>> To be on the safe side, someone who speaks Spanish should create a
> >>> fake email account and make sure these people know about Tor
> >>> Bridges. If the Zetas are as reckless as they seem, it might not
> >>> be too long before any Tor user who directly accesses the Tor
> >>> network from the area is in danger, regardless of what they use
> >>> Tor for. https://www.torproject.org/docs/bridges
> >> Assume that the Zetas have full admin access for all local and
> >> regional ISPs in the areas that they control. Also assume that
> >> they know Tor very well, run relays, and routinely communicate
> >> through it.
> >> How safe would it be, in those areas, to access Tor through
> >> bridges?
> > Isn't this exactly the situation for which bridges were designed?
> > For when your opponent has full control of your upstream and really
> > wants to stop you from using Tor?
> Arguably, the prudent threat model is that the Zetas will kill you if
> they learn that you're using Tor. They can access available resources
> for finding bridge addresses <http://www.torproject.org/docs/bridges>.
> And they may have connection logs, so provisional obscurity isn't
Prudent, yes.. But the product of probabilities of all of these events
seems low once you tack on bridge enumeration. Enumerating bridges is a
statistics game. You can only get a subset of them, which represents
your probability of finding a particular bridge user. Additionally, it
is possible to create unpublished bridges that are not available to the
public for discovery or use and share them directly with those in need.
I think that is why we're seeing random killings. If the Zetas have
these sorts of Internet surveillance capabilities, they don't seem to
always be inclined to pay the cost for their use if it is possible to
create fear without them.
I do think they may decide to change this policy, but most likely they
will find someone who is connecting to their target blogs directly and
torture or make an example out of them rather than going after Tor
bridge users. Tor bridge users will be much more expensive endeavor, and
killing a repeat blog commenter/user will have just as much if not more
effect to demonstrate their power. :/
http://www.fastmail.fm - Access your email from home and the web
tor-talk mailing list