[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.



One thing should be clear:

If one is not using a bridge, it is trivial for any network observer 
(University firewall admin, Iran ISP) to see if one is using Tor. However, 
with the right bridge setup such a detection can ultimately be prevented. I 
guess meek is the best candidate for an undetectable bridge.

On Mon, Nov 07, 2016 at 09:56:01AM -0800, Seth David Schoen wrote:
> Jason Long writes:
> 
> > To be honest, I guess that I must stop using Tor!!!! It is not secure.I can remember that in torproject.org the Tor speaking about some peole that use Tor. For example, reporters, Military soldiers and...But I guess all of them are ads. Consider a soldier in a country that want send a secret letter to his government and he want to use Tor but the country that he is in there can sniff his traffic :( 
> 
> That soldier has a potential problem if the government is aggressively
> monitoring Internet traffic, because they can look at the time that the
> message was received and ask "who was using Tor in our country at that
> time?".  This happened in 2013 when someone sent a bomb threat using
> Tor on his university campus.  Apparently he was the only person using
> Tor on campus at the time the threat was sent.
> 
> http://www.dailydot.com/crime/tor-harvard-bomb-suspect/
> 
> The ability to do this doesn't require the government to operate any of
> the nodes and doesn't require them to be operated in the same country.
> For instance, Harvard University was able to identify this person even
> though he was using only Tor nodes that were outside of the university's
> network.  (It might have been much harder if he had been using a bridge
> that the university didn't know about, or if he had sent the threat
> from somewhere outside of the campus network.)
> 
> If there are ways of sending the letter that introduce a delay, then it
> might be harder for the government to identify the soldier because then
> there is some amount of Tor use at a time that's not obviously related
> to the sending of the letter.  There might still be a concern that the
> amount of data that the soldier transmitted over the Tor network is
> very similar to the size of the letter, which may be a unique profile.
> (That's a concern for systems like SecureDrop because people upload
> large documents with a unique size; the number of people who transmitted
> that exact amount of information on a Tor connection in a particular
> time frame will be very small.)
> 
> There's lots to think about and a good reminder that the Tor technology
> isn't perfect.  But I wouldn't agree with the idea that there's no point
> in using Tor.  Lots of people are getting an anonymity benefit from
> using it all of the time.
> 
> -- 
> Seth Schoen  <schoen@xxxxxxx>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk