-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/08/2016 03:25 PM, The Doctor wrote: > On Mon, 6 Jun 2016 20:25:49 -0400 Steve Kinney > <ad...@pilobilus.net> wrote: > >> several other hostile actors. I surface this concept every year >> or so, but so far nobody seems interested in discussing it. >> Maybe it's just too discouraging to think about. No matter who >> created it or > > If the argument that we're all screwed anyway is made in a > sufficiently detailed way, and the technique described can be > reasonably implemented by a sufficiently motivated actor (a single > person at the very least)
As a student of propaganda, I see two-value reasoning like this as either a cognitive error by a naive writer, or an attempt by a sophisticated writer to encourage and exploit two-value reasoning in others. Either way, the appropriate response is the same: Call the respondent's emotionally driven irrational snap judgment what it is, and put the focus back on practical realities. Two value judgments of security tools and protocols are assertions that they are either "secure" or "insecure." But in real life, there are no absolutes - least of all in the sphere of network security. If one insists on a guarantee that any particular tool or technique will always work, the answer is always "impossible, so why bother - you're screwed anyway." That is why propagandists employed by State and Corporate actors do promote this attitude. Those who can be pulled into two-value reasoning will either be defeated by the false assumption that their chosen "unbreakable" methods provide 100% security against all adversaries, or refuse to deploy /any/ security measures because "we're all screwed anyway." That latter position is easier to sell, because it provides a rationalization for ignorance and laziness. But either way, the bad guys gain major advantages because their targets are following bad advic e. I do not make an argument that "we're all screwed anyway." I do present (what I think is) a novel and seldom if ever discussed general technique for defeating anonymizing mix networks that rely on distributed routing protocols, where the routers operators are effectively "anonymous" and any number of routers can be stood up by one adversary. I only point out that this can be done by using VPN connections from a cloud server running modified router instances, to a large number of physical endpoints masquerading as legitimate routers. This method is very similar in terms of physical deployment to a known NSA program called "More Cowbells" and could, in principle, be deployed via the same "Packaged Goods" boxes which per report are already widely distributed around the world to implement the said NSA program. > ... why bother responding? If things are as bad as you say, what's > the point? If the attack I describe is practical - and there seems to be a consensus that it is - the points, plural, are: 1) Users who have been encouraged to believe that their comms can be hidden from a well funded adversary just by using the anonymizing network overlays available today, need to know about practicable attacks available against the tools in question, so they can make informed judgment calls and adjust their tactics accordingly. 2) Developers of anonymizing network overlay technology need to know, so they can evaluate the threats presented, work toward creating countermeasures, and adjust the performance claims made for their products accordingly. 3) Advocates of anonymizing network overlay technology need to know, in order to adjust their expectations and representations accordingly, and contribute to mitigations or solutions as best they are able. One practical counter-attack to the threat model I call a Hydra (one body, many heads) is stupidly simple: Create more traffic than the Hydra can handle, by transitioning the whole network infrastructure - or a significant fraction of it - to anonymized mix networking. This response is not practicable today, but one may be permitted to hope for the best in the long term: The See IETF RFC 6973, Privacy Considerations, which recognizes privacy as a fundamental network security and quality of service issue and provides a rational framework for addressing the specific issues relevant to privacy in networking. Until or unless anonymized routing becomes as much a part of routine network comms as, for instance, SSH/SSL, we will just have to make do with existing conditions, mitigating threats against available tools by adjusting our trust models to reflect the real world, and applying physical security methods to enhance network security where and as this is considered desirable. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXw1IvAAoJEECU6c5XzmuqfEAH+wS/NWlC01mxnsVtFmSMYzMp 2o6p20H/jrvUWqUI1m6B4Yke0WfXW90OdHlFlqBUBM3yVTk73H6Klryk/HWVTzJ1 HTXrHa8Gl56QnQ5z8zMqn85yCBZxgAoOv1EQf0S/c+twgLINspFVaecvSoNPx2n0 Po/gvvvkVtue/9dWSCsOtKzEkXq64HDRGkjfBuh4rEfX4XajljUGMnpxjrHGImBo Qwdp6QqLHja05bTbT0xEqMgPOSPUEC71rDOTRtEDWFizH4rIopor5DdXEetYPT5V nxck5jR3QNqOzyyNvGB4fcgtbIKQTeukI7MokM66ynHHJV/4oXCKyxT5LrK/k6c= =IIWv -----END PGP SIGNATURE-----