[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.

To: <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
From: Jason Long <hack3rcon@xxxxxxxxx>
Date: Sun, 6 Nov 2016 19:52:42 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Nov 2016 14:53:01 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478461962; bh=X96lZB2XrL2FEqAt6KbedAZZ+fhlai6LV2CnTBhuA/I=; h=Date:From:Reply-To:To:Subject:References:From:Subject; b=luczo79CmLRGaOrHf1sIQxiWS0/NMIBq88p652eWhjxQ+yTQgZxRTjX6TpiipvTMkfDJiQT8HFu5XWCcHOaUAk5p/Tw1NktuJJNS8Ma2zqnnLC4Sp9gYteNfUoZqLNMVLkEJSt2roCb6YTZ1BnKr0lEIzwdJ0x8ba44OWkqUAd/NNphZAsZeeUTvGJLr1220yPRqkEV5uyV3SfE4sXATWhQV+tE1MkEQCI/vlokuHm+JcCuIhSqPlMBNYC6xNCzMnMRNm+KB9ZF9v5CYpS7JnKYdQr6wZMC9FQ/MAlr2/DRIan2N6qYvJVN4RL1dM3ZbVwaL3FSOuVEtVQXiBr1lzw==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <518478882.1170808.1478461962022.ref@mail.yahoo.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

You said the governments can see a user bandwidth usage and it is so bad because they can understand a user use Tor for regular web surfing or use it for upload files and...  
You said governments can see users usages but not contents but how they can find specific users if Tor hide my IP?!!!!!!
--------------------------------------------
On Sat, 11/5/16, Seth David Schoen <schoen@xxxxxxx> wrote:

 Subject: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
 To: tor-talk@xxxxxxxxxxxxxxxxxxxx
 Date: Saturday, November 5, 2016, 11:36 PM

 Jason Long writes:

 > Hello Tor Developers and administrator.The
 Tor goal is provide Secure web surfing as free and Freedom
 but unfortunately some countries like Iran, China, North
 Korea and... Launch Tor bridges for spying on users and
 sniff their traffics and it is so bad and decrease Tor users
 and security. If Tor Project goal is Freedom and Anti
 Censorship then it must ban all bridges and Servers from
 those countries. Please consider it and do a serious
 job.

 Tor's
 approach to this issue is generally to look for
 ever-greater
 geographic diversity of
 servers.

 The Tor design
 assumes that there could be monitoring of servers in a
 particular network, but hopes that this
 won't be a big problem because
 most
 organizations monitoring Tor nodes can only see a part of
 the
 overall network.  In that case, they
 can hopefully only see a part of
 the path
 that a particular user's traffic takes, so they may not
 know
 where the user is and also whom the
 user is communicating with (though
 they
 might know one or the other).

 In this model, it's not necessarily bad to
 have nodes on networks that
 are hostile --
 because the people doing the monitoring get incomplete
 information.  At the same time, having nodes
 in many places can decrease
 how complete a
 picture any one network operator or government can get.
 For example, suppose that the U.S. government,
 the Chinese government,
 and the Iranian
 government are all trying to spy on Tor users whose
 traffic passes through their territory, but the
 governments don't directly
 cooperate
 with each other.  In that case, having a user use nodes in
 all
 3 jurisdictions is probably great for
 anonymity because each jurisdiction
 to some
 extent protects facts about the user's activity from the
 other
 jurisdictions, and it's hard for
 anyone to put the whole picture together.

 If people want to hide the
 fact that they're using Tor at all, and are
 using bridges for that reason, they probably
 should not use bridges
 inside their own
 country.  But those bridges could be useful to people
 in other countries who aren't trying to
 hide from the same adversary.

 If an exit node is unable to reach a lot of
 network resources because
 of censorship on
 the network where it's located, it should be possible
 to detect this through scanning and flag it as
 a BadExit so that clients
 will avoid using
 it in that role.

 There's still a problem when network
 operators pool their information or
 when
 governments can monitor networks outside of their own
 territory.
 This is a practical problem for
 path selection and also for assessing
 how
 much privacy Tor can actually provide against a particular
 adversary.
 For instance, if the U.K.
 government taps enough of the world's Internet
 links, or trades data about Tor users with
 other governments, it might
 be able to learn
 a lot about a high fraction of Tor users even if they
 don't use nodes that are in the U.K.  That
 could be hard to fix without
 adopting a
 different anonymity design or finding a way to prevent
 these
 taps and exchanges of data.

 People have been thinking
 about that kind of issue quite a bit, like in

 https://www.nrl.navy.mil/itd/chacs/biblio/users-get-routed-traffic-correlation-tor-realistic-adversaries

 and other research projects,
 and to my mind the news isn't necessarily
 that good.  But the key point is that having
 nodes on an unfriendly
 network isn't
 necessarily bad in itself unless that network actually
 sees interesting data as a result (or actively
 disrupts traffic in a way
 that doesn't
 get blacklisted from clients' path selection).  And
 that can
 sometimes happen, but doesn't
 always have to happen, and people on other
 networks can still get a potential privacy or
 anticensorship benefit in
 the meantime.

 Notice that this argument
 doesn't depend on saying that what governments
 are doing is OK, or that they don't have
 ill will toward the Tor network
 or
 particular Tor users.  It also doesn't prove that
 governments will
 fail to monitor the
 network; there's a lot of uncertainty about how
 effective governments' capabilities in this
 area are.

 Finally,
 there's an issue about identifying which nodes are
 secretly
 run by the same organizations (or
 secretly monitored by the same
 organizations!) which fail to admit it.  This
 is a form of Sybil attack,
 where one entity
 pretends to be many different entities.  If a government
 set up many ostensibly unrelated nodes, and
 clients believed they were
 actually
 unrelated, it would increase the chance that a given Tor
 user
 used several of those nodes for the
 same circuit, decreasing anonymity.
 Tor can
 probably do better about detecting this.  It's not
 certain that
 blacklisting countries would
 help much with this, because we don't know
 which governments are attempting this to what
 degrees, and because they
 don't have to
 host their nodes on IP addresses in their own
 jurisdiction!
 If the North Korean government
 wants to do this sort of attack, it can
 pay
 to set up a bunch of servers in France and Germany, which
 users and
 their Tor clients would think are
 "French" or "German" but which are
 effectively North Korean for surveillance
 purposes.

 -- 
 Seth Schoen  <schoen@xxxxxxx>
 Senior Staff Technologist             
          https://www.eff.org/
 Electronic Frontier Foundation           
       https://www.eff.org/join
 815 Eddy Street, San Francisco, CA  94109   
    +1 415 436 9333 x107
 -- 
 tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
 To unsubscribe or change other settings go
 to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
  - From: Seth David Schoen

Prev by Author: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
Next by Author: [tor-talk] Find Real IP via ISP.
Previous by thread: Re: [tor-talk] Tor 0.2.9.4-alpha is released
Next by thread: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
Index(es):
- Author
- Thread