On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacem...@gmail.com wrote 0.4K bytes in 9 lines about: : why in every Tor version (a/b/stable) there is "Do not rely on it for : strong anonymity"? If not Tor, what should we use for strong : anonymity? excluding Freenet and cryptography apps.
The challenge here is to define "strong anonymity". A possible current definition is a state of not being identifiable within an anonymity set. This anonymity is considered strong if it is resistant to all known attacks on anonymity. I think Roger wrote that line in the source to simply remind people that Tor has a defined threat model, given the anonymity research field is still growing, and that low-latency anonymity is inherently open to some attacks, tor is not strong anonymity. Tor raises the bar for de-anonymizing you to many attacks on your anonymity on the actual internet today. This is a fine place to start to understand what Tor does and does not provide, https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#AnonymityandSecurity Many other tools simply state they are anonymous, without mentioning any of the R&D on current anonymity attacks, their success probabilities, and design flaws. If you're interested in learning more about the current state of the field of anonymity in research, start here; http://freehaven.net/anonbib/full/topic.html All tools have design goals and threat models. Many just don't clearly state what these goals and threats are to the user, but brush it under the rug as perfect anonymity, or some other hyperbole. Disclaimer: Roger, Nick, and Steven are the anonymity researchers, their opinion overrules mine. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/