[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Network diversity [was: Should I warn against Tor?]



----- Forwarded message from Gregory Maxwell <[email protected]> -----

Date: Fri, 19 Jul 2013 13:42:03 -0700
From: Gregory Maxwell <[email protected]>
To: [email protected]
Subject: Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
Reply-To: [email protected]

On Fri, Jul 19, 2013 at 9:45 AM, adrelanos <[email protected]> wrote:
> Seems like high latency mix networks failed already in practice. [1]
>
> Can't we somehow get confidence even against a global active adversary
> for low latency networks? Someone start a founding campaign?

So have low latency ones, some things fail.  Today you'd answer that
concern by running your high latency mix network over tor (or
integrated into tor) and so it cannot be worse. Answering the "you
need users first, and low latency networks are easier to get users
for" concern.

The point there remains that if you're assuming a (near) global
adversary doing timing attacks you cannot resist them effectively
using a low latency network.  Once you've taken that as your threat
model you can wax all you want about how low latency mix networks get
more users and so on.. it's irrelevant because they're really not
secure against that threat model. (Not that high latency ones are
automatically secure eitherâ?? but they have a fighting chance)

On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger
<[email protected]> wrote:
>> but going much further than that may well decrease your security.
>
> How, actually?  Iâ??m aware that what Iâ??m doing is a departure from
> network diversity to obtain anonymity.  Iâ??m excluding what I
> consider unsafe based on my current understanding.  It might be that
> in the end Iâ??ll be unable to find anything that does not look unsafe
> to me.  I donâ??t know what then.

Because you're lowering the entropy of the nodes you are selecting
maybe all the hosts themselves are simply NSA operated, or if not now,
they be a smaller target to compromise.  Maybe it actually turns out
that they all use a metro fiber provider in munich which is owned by
an NSA shell company.

In Germany this may not be much of a risk. But if your logic is
applied to someplace that is less of a hotbed of Tor usage it wouldn't
be too shocking if all the nodes there were run by some foreign
intelligence agency.
_______________________________________________
tor-talk mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5