[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Update your Tors - Tor security advisory: "relay early" traffic confirmation attack
- To: [email protected]
- Subject: Update your Tors - Tor security advisory: "relay early" traffic confirmation attack
- From: [email protected] (Cathal Garvey)
- Date: Mon, 04 Aug 2014 20:33:29 +0100
- In-reply-to: <1646193.Ui4Tkn3IjY@lapuntu>
- References: <CAJVRA1SJYCZWWgZcZsbHcq72W1JcU7kvcau8aPxCuO=+tzn+vg@mail.gmail.com> <[email protected]$> <1646193.Ui4Tkn3IjY@lapuntu>
A less controversial reading of the (US Govt Money) >>= Tor "thing" is
that, while the Tor devs may be doing their best, Tor is ultimately an
asset to the US Intelligence apparatus rather than a liability. That is,
perhaps they haven't convinced the Tor devs to insert backdoors in
anything, but Tor remains something that helpfully concentrates
dissidents while not overly inhibiting the government's ability to round
them up and imprison them when needed.
Part of this is plausible because endpoint security; 'nuff said,
especially as JS is enabled by default in the TBB.
Part of this is plausible because there are plenty of NSA docs in the
wild suggesting that while they can't anonymise everyone at once, they
also don't feel the need to as they can usually anonymise the subset
they care about eventually.
While the Tor devs seem to have a callous disregard for this line of
inquiry (which in itself is worrying), to me it's a healthy thing to
bear in mind. The bottom line is that we're dealing with a piece of
software that purports to blind the world's biggest and most politically
powerful surveillance state, yet receives virtually all of its funding
from that same surveillance state.
Draw your own conclusions based on a weighting of (ability of
individuals to hide traffic from the state) / (ability of the state to
obfuscate intelligence traffic) and taking into consideration how much
smaller the threat model is for a state apparatus with known trusted
servers and alternative traffic routes through compromised botnets and
embassies around the world.
Me, I'm more hopeful for i2p; it's just a pity that it's so oddly put
together right now.
On 04/08/14 18:36, rysiek wrote:
> Dnia Å?roda, 30 lipca 2014 18:22:41 Georgi Guninski pisze:
>> Someone here ranted against Tor and he
>> was called a troll IIRC...
>
> Nobody said Tor is perfect. But making the assumption Tor is made imperfect on
> purpose by Tor developers, because they are funded by US money (that's the
> rant you're referring to, right?) is a bit... rich.
>
--
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140804/b4b6f935/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140804/b4b6f935/attachment.sig>