Re: Dishonest Tor relay math question - tor-talk is to lazy
So, the Tor Project Incorporated just censored 1000+ independent nodes off of the legacy tor network, and TPI is so cowardly they can't even mention the name of and link to the competing project on their blog. Wherein, the woke socialists at TPI also attempted to take a swipe at how Free-Market Voluntary Crypto Economics can help get needed things built, which is funny thing to do, because TPI rakes $Millions Fiat per year for decades into its centralized coffers and still has only a weak 20+ year old network to show for it, but in under one year this competing project is pathing many both potential, and now operational, ways forward. Speaking of money... Remember the time TPI accepted $2M in ETH from a donor after fraudulently claiming that the v2 onion key NFT that TPI was selling was the first publicly known hidden service operating on the network and was thus a prized auction item... that was a lie, it was not the first. Speaking of censorship... Remember the time when TPI spoke of tor-talk as a list where people could speak freely and critique tor... that was a lie, TPI censored dozens of people and messages critiqueing tor and Tor, and admitted to bricking up their lists, and then permanently shutdown the list. Speaking of diversity... Remember when you could Speak Freely in your node's Contact Field and on Social Media and be welcome at tor conventions because everyone of all kinds was there simply for tor... not anymore. Tor Project censorbans nodes and operators whose opinions they don't like off of the network and out of the project, talented coders contributors analysts etc... for exposing inconvenient truths, and for refusing to be conformed to their non-diversity of virtue-signalling thought police. And now for utilizing the opensource tor protocol. Anyway... after 10+ years of the Truth About TPI and tor getting out, the Tor Project Incorporated is now being routed around at all levels, new projects have found their voice and no longer defer to TPI. TPI's attempts to market and retain its funding stream are being questioned by donors regarding the issues within TPI and tor. While tor is good at what it can do, and stinks at what it can't, the Tor Project itself is no longer the only game in town for what the future of comms networks will look like. And the forks of tor and competing networks are now being formed and rolled out. The future has potential again. Some design elements of the tor software protocol will live on into the Next Generation of Overlay Networks, and in the new Global Distributed P2P-owned Fibre/RF Nets that are being built out. And the Tor Project Inc, which has ever since been trending more like a closed-source Corporation, has been marked as deprecated by many. Speaking of the time when Individual, Corp, or Govt whitepapers and attackers were thwarted against Traffic Analysis and Sybil of the Tor Network... "Tor Stinks -- NSA, vulns known since before 2012" You can now build a better Overlay Network than Tor, and a better P2P Private Electronic Cash System than Bitcoin.
Re: Dishonest Tor relay math question - tor-talk is to lazy
https://arstechnica.com/information-technology/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/ https://news.mit.edu/2015/tor-vulnerability-0729 These attacks were known to the non-TOP-SECRET public research groups at least 8 years ago. Tor Project Inc refused to provide any notice of them to their userbase, and did nothing to address the vulnerabilities. Tor Project Inc people don't advertise these obvious vulnerabilties because it would hurt their cushy $100+k/yr liberal retirement cash cow if users ever found out and forked away from tor to new networks that deploy anti-analysis defenses such as fulltime chaff and other potential technologies. Tor Project Inc's pattern of bad behaviour of putting its users at risk of harm is as noticible as the traffic that tor's analytical adversaries have been exploiting since before 2012. "Tor Stinks -- NSA, vulns known since before 2012"
Re: Dishonest Tor relay math question - tor-talk is to lazy
The hypocrite anti-freespeech frauds at Tor Project Incorporated have deleted frontend mailman links to the Tor-Talk Archives and shutdown the tor-talk mailing list claiming that it was "unused". However any search for "tor-talk" on this list will prove that that's a straight up fucking LIE. The TRUTH is that the TPI has CENSORED dozens of messages off their list to prevent embarrassing truths and valid conversations about TPI and tor from reaching their users, funders, devs, and the press. And now they've deleted frontdoor from view thus burying archives which contained some valuable embarassing proofs over the years. FreeSpeech and users and others did not "unuse" the tor-talk list, TPI are the ones who censorbanned everyone off it, especially those critique in favor of users, thus making it useless for users. TPI dictators were too cowardly to even post tor-talk to ask subs if they still wanted use it, doesn't matter, the TPI doctrine would have censored and ignored all the replies seeking to keep it anyways. Freedom of Speech used to exist at TPI, now they're dangerous hypocrites. Gus and pals and all the rest at TPI are censors who are putting tor users at risk. TPI is obviously so desperate of being publicly exposed of tor's flaws and conflicts of interest and everything else that they have waged censorship for years. Shame on Tor and all its cowardly cabal. ps: Links and files full of tor internal comms are always welcomed here and to this inbox.
Re: Dishonest Tor relay math question - tor-talk is to lazy
> Tor design has stayed 25 years old, while threats advanced light years, yet > Tor Project Incorporated chooses silence refusing to even publicly > speculating on design weakness in such wide public needed and vocal manner > so as to inform warn users of some real issues. "Tor Stinks -- NSA, vulns known since before 2012" Tor Project Incorporated (TPI) has been putting users at risk since decade[s]. Yet people still refuse to listen, and to act to publicly call them out on it, and to act and design and deploy better networks. And they still refuse to listen even when heavy hitters like Snowden tell them that speculating and facting on decades worth of advancements is very prudent to do now. And top TPI people will refuse to post about or directly acknowledge without weaseling away what Snowden is saying and how it relates to tor. He doesn't directly note these two areas, but the idea that Network Analysis and Sybil have not also far advanced in 10 years... is dangerously stupid and must be addressed. ps: TPI's continued censorship of all these threads off their lists proves that the Tor Project is corrupt and must now be confronted and countered in public by the public. Snowden Warns Today's Surveillance Technology Makes 2013 Look Like "Child's Play" Authored by Julia Conley via CommonDreams.org, "We trusted the government not to screw us," said Edward Snowden. "But they did. We trusted the tech companies not to take advantage of us. But they did. That is going to happen again, because that is the nature of power." With this week marking 10 years since whistleblower Edward Snowden disclosed information to journalists about widespread government spying by United States and British agencies, the former National Security Agency contractor on Thursday joined other advocates in warning that the fight for privacy rights, while making several inroads in the past decade, has grown harder due to major changes in technology. "If we think about what we saw in 2013 and the capabilities of governments today," Snowden told The Guardian, "2013 seems like child's play." Snowden said that the advent of commercially available surveillance products such as Ring cameras, Pegasus spyware, and facial recognition technology has posed new dangers. As Common Dreams has reported, the home security company Ring has faced legal challenges due to security concerns and its products' vulnerability to hacking, and has faced criticism from rights groups for partnering with more than 1,000 police departments—including some with histories of police violence—and leaving community members vulnerable to harassment or wrongful arrests. Law enforcement agencies have also begun using facial recognition technology to identify crime suspects despite the fact that the software is known to frequently misidentify people of color—leading to the wrongful arrest and detention earlier this year of Randal Reid in Georgia, among other cases. Last month, journalists and civil society groups called for a global moratorium on the sale and transfer of spyware like Pegasus, which has been used to target dozens of journalists in at least 10 countries. Protecting the public from surveillance "is an ongoing process," Snowden told The Guardian on Thursday. "And we will have to be working at it for the rest of our lives and our children's lives and beyond." In 2013, Snowden revealed that the U.S. government was broadly monitoring the communications of citizens, sparking a debate over surveillance as well as sustained privacy rights campaigns from groups like Electronic Frontier Foundation (EFF) and Fight for the Future. "Technology has grown to be enormously influential," Snowden told The Guardian on Thursday. "We trusted the government not to screw us. But they did. We trusted the tech companies not to take advantage of us. But they did. That is going to happen again, because that is the nature of power." Last month ahead of the anniversary of Snowden's revelations, EFF noted that some improvements to privacy rights have been made in the past decade, including: The sunsetting of Section 215 of the PATRIOT Act, which until 2020 allowed the U.S. government to conduct a dragnet surveillance program that collected billions of phone records; The emergence of end-to-end encryption of internet communications, which Snowden noted was "a pipe dream in 2013"; The end of the NSA's bulk collection of internet metadata, including email addresses of senders and recipients; and Rulings in countries including South Africa and Germany against bulk data collection. The group noted that privacy advocates are still pushing Congress to end Section 702 of the Foreign Intelligence Surveillance Act, which permits the warrantless surveillance of Americans' communications, and "to take privacy seriously," particularly as tech companies expand spying capabilities. "Despite calls over the last few years for federal legislation to
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 4/6/23, efc@swisscows.email wrote: > On Thu, 6 Apr 2023, grarpamp wrote: >> On 4/5/23, efc@swisscows.email wrote: >>> So you wouldn't say that Tor is good since it is the least worst way for >>> people to browse? >> >> Users getting jailed or murdered by the State's traffic >> analysis and sybil systems is for them perhaps the worst >> way to die. Does voting for least worst politicians get you >> much of anything in your lifetime, vs ignoring, defunding, >> routing around and removing them all permanently. > The same goes for users. Some do get jailed If has been repeatedly suggested for years that people start a canary project to search for any suspected "analytical breakthroughs [William Binney]". Start collating and dissecting all court cases involving Tor and other leading supposedly resistant protocols and cryptoprivacy. Analyze cases, Interview the subjects. A Jewel that is used, is a Jewel that can be discovered, and you can bet that many Jewels are being used, in a trivially discoverable haphazard fashion, so as to guide infer as to what the current state and use of the real Family Jewels are. >From Wikileaks to Snowden to the recent Twitter Files and even more revelations of mass political corruption and info operations, only fools would believe there is nothing in operation worth finding... or at least worth rationally speculating on in yearly Symposium dedicated to that. An approximate to some degree on "information" can be derived by careful postulation and calculatory estimates supported by history, current facts, funds, intents, trends, open sourced info, etc. History shows these have often wrote what later turned out to be true. > But I do give you this much, no one should use this service in the belief > that it is a foolproof way to hide your tracks and > I think the project should be very clear about that. Watch Tor's videos, some say a roomfull of canaries could drop dead and TPI would still not include any potentially embarrassing clarity about adversarial attacks in their talks. In fact, in the rare times when TPI ever mention this fact of the slide deck "Tor Stinks -- NSA, vulns known since before 2012" they twist it and dodge and weasel around the obvious between the lines fact of that slide deck regarding the adversaries existing and advancing attacks. And how many times in last year did Tor Project disclose these at least 11+ year old facts, among others, to its users... ZERO. Tor Project literally committed changes to their front page and other pages that removed long standing warnings to their users, yet the design and security of the tor network did not improve in any manner that would support the removal of such warnings. In fact, some analysts would say that tor has grown continually weaker, relatively speaking, at the feet of advances in its adversaries analytical and active capabilities. > I like the principle "free, informed, > consent" and if there is no information, there can be no free, informed > consent. Again, in just this month alone, TPI has yet again, completely censored information that users could use to help determine their own risk and consent. Not only did TPI censor it, they made no attempt to refute it, thus crediting it by default. >> The real solution is to both fork tor, and also to >> design and compete entirely new network overlays. >> >> "Tor Stinks -- NSA, vulns known since before 2012" >> > > I was not aware of this, so thank you very much for informing. When it > comes to forking tor there is another problem though, and that is all the > infrastructure. Like FB, tor has some strong networking effects so > starting from scratch would be tough. I do hope that someone does fork > though, and that a new, stronger and less woke project might take over > instead. As to forks, if forks want an instant nodebase, for so long as the protocol of the new fork is able without safety compromise to remain backward compatible with the old tor, the new fork can simply do API module to import old tor's live nodelist and route its traffic over old tor nodes as desired. Besides, at this point Tor Project is so bad as a project that any well announced fork (and any entirely new competing network designs) would have volunteer node operators showing up in no time. TPI has been so busy vacuuming up all the Money Talk and Conferences in the room, which is a suspect in itself how that [psyop] has happened, that some Devs Users Operators and Funders have forgot they have the Right and Freedom and Imperative to Code and Launch and Fund competing projects. And to speak freely about and critique elephants in rooms. > I tried to reach out to persuade them to develop an "addon" Another addon called OnionCat is being killed by Tor (hardly under any non-nebulous reasons that cannot be acceptably modularized) thus killing all users apps that do use, and all development of all future apps that could use, the protocols it provides. Given capacity and security
Re: Dishonest Tor relay math question - tor-talk is to lazy
silence can be anything (discourage, censorship, user error, disruption, bugs) re tor: nym is the new tor? yes/no?
Re: Dishonest Tor relay math question - tor-talk is to lazy
On Thu, 6 Apr 2023, grarpamp wrote: On 4/5/23, efc@swisscows.email wrote: So you wouldn't say that Tor is good since it is the least worst way for people to browse? Users getting jailed or murdered by the State's traffic analysis and sybil systems is for them perhaps the worst way to die. Does voting for least worst politicians get you much of anything in your lifetime, vs ignoring, defunding, routing around and removing them all permanently. I think want does not exclude the other. I could vote for the least worst, at the same time I could tax plan aggressively and route around. I don't work at the moment, but I have managed to plan my way down to around 9% taxes or so. The same goes for users. Some do get jailed but at the same time I am convinced that low profile targets benefit even though it is not perfect. But I do give you this much, no one should use this service in the belief that it is a foolproof way to hide your tracks and I think the project should be very clear about that. I like the principle "free, informed, consent" and if there is no information, there can be no free, informed consent. It is definitely not perfect but perhaps it could generate more noise in which to bury the few signals that are out there? The real solution is to both fork tor, and also to design and compete entirely new network overlays. "Tor Stinks -- NSA, vulns known since before 2012" I was not aware of this, so thank you very much for informing. When it comes to forking tor there is another problem though, and that is all the infrastructure. Like FB, tor has some strong networking effects so starting from scratch would be tough. I do hope that someone does fork though, and that a new, stronger and less woke project might take over instead. As a fun side note though, I do know how quirky the tor guys can be. Many years ago I tried to reach out to persuade them to develop an "addon" or separate project utilizing parts of tor that would be a global, decentralized DNS system without the hops to reduce latency. I was met with complete silence, so I would not be surprised if things get ignored. ;)
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 4/5/23, efc@swisscows.email wrote: > So you wouldn't say that Tor is good since it is the least worst way for > people to browse? Users getting jailed or murdered by the State's traffic analysis and sybil systems is for them perhaps the worst way to die. Does voting for least worst politicians get you much of anything in your lifetime, vs ignoring, defunding, routing around and removing them all permanently. > It is definitely not perfect but perhaps it could generate more noise in > which to bury the few signals that are out there? Sure. Defenses to those two attacks have been reasonably discussed on this list, and on the Tor lists back when they used to let the occaisional open critique post get past their censor team, and to this day Tor Project Incorporated refuses to implement them. Most people fail to consider that tor's origins are US Military which doesn't need perfect to operate only better enough than their competitors yet still able to defeat them, and that many of Tor's staff, even new ones, are Govt agents and Govt funded payees sucking at the teat of Govt for their mortgage and lifestyle. So is it really any wonder that Tor Inc has not adopted fixes and censors open critique while falsely advertising safety. The real solution is to both fork tor, and also to design and compete entirely new network overlays. "Tor Stinks -- NSA, vulns known since before 2012"
Re: Dishonest Tor relay math question - tor-talk is to lazy
So you wouldn't say that Tor is good since it is the least worst way for people to browse? It is definitely not perfect but perhaps it could generate more noise in which to bury the few signals that are out there? On Wed, 5 Apr 2023, grarpamp wrote: "Download Tor Browser to experience real private browsing without tracking, surveillance, or censorship. -- Tor Project Homepage, April 2023" The Tor Project Incorporated is flat out lying and has been putting its users at risk since decade+. "Tor Stinks -- NSA, vulns known since before 2012"
Re: Dishonest Tor relay math question - tor-talk is to lazy
"Download Tor Browser to experience real private browsing without tracking, surveillance, or censorship. -- Tor Project Homepage, April 2023" The Tor Project Incorporated is flat out lying and has been putting its users at risk since decade+. "Tor Stinks -- NSA, vulns known since before 2012"
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 3/1/23, professor rat wrote: > Since our AI reinforcements from the future just arrived A lot of those are general purpose, not universal solutions. > they should have Tor sorted by Xmas. But you can rest assured that the specific problem of "tor" has already been sorted by algo and ASIC in the multiple Bluffdales around the world since at least over a decade. > CYPHERPUNK 2027 Clock keeps ticking. How much are you wagering on that event horizon? > Since world war threatens again Best prepare. > we can't have a generalized collapse of govts soon enough, amirite?
Re: Dishonest Tor relay math question - tor-talk is to lazy
/2 https://arxiv.org/pdf/1801.02265.pdf https://arxiv.org/pdf/1808.07285v1.pdf These two papers are over five years old. Tor Project Incorporated knew about them and their classes of attacks and refused to tell their users about them and the risks to their safety. Tor Project Incorporated also refused to tell their $donors about these papers and Tor's failure to bother addressing them. Yet no media ever wonders why or bothers to call them out. https://twitter.com/NameRedacted247 #TwitterFiles In fact, the media, which have been proven to be agents of the deep state, often cheers Tor, and media like the NYT run onion leak drop sites, while correlators watch their connections like hawks. "... they can correlate ... this was understood ... not just when we first made Tor, but for pre-Tor versions of onion routing. ... the paper being discussed substantially improves [attacks] ... ... reduce your sense of alarm ... ... the novelty is somewhat overstated -- Paul Syverson US Military Employee 2023/02" Lol Tor Project Executives and Principal devs knew, yet still foisted, and are still foisting, Tor upon the world anyway. And Tor Project Inc removed all warnings about tor from their frontpage and other places over decade ago. Tor Project Inc has placed tor users at risk.
Re: Dishonest Tor relay math question - tor-talk is to lazy
Tor Project Incorporated has for decades still refused to openly, loudly, publicly, and routinely acknowledge and tell its users the flaws and problems that people on this list have been saying for many years, and have been censorbanned off Tor channels for speaking the embarassing facts about Tor... one of which is that overlay networks that do not use fulltime traffic padding are garbage and nothing but a datamine for global TLA's... https://arxiv.org/pdf/1801.02265.pdf
Re: Dishonest Tor relay math question - tor-talk is to lazy
https://www.techdirt.com/2014/10/06/documents-released-silk-road-case-add-more-evidence-to-parallel-construction-theory/ https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8 https://www.courtlistener.com/?q=%22tor%22%20%22foreign%20law%20enforcement%22%20%22fla%22=r_by=score%20desc_after=05%2F05%2F2019 https://casetext.com/case/united-states-v-anzalone-16 https://casetext.com/case/united-states-v-bateman-22 https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack/ https://www.vice.com/en/article/qjp7eq/fbi-paid-charity-for-hacking-tools-ni https://www.washingtontimes.com/news/2023/jan/10/fbi-reveals-it-uses-cia-and-nsa-spy-americans/ The FBI Won't Say Whether It Hacked Dark Web ISIS Site https://www.vice.com/en/article/z34dx3/fbi-wont-say-hacked-dark-web-isis-site-nit The FBI somehow obtained the IP address of someone who allegedly visited an ISIS-related site on the dark web. The DOJ is blocking discussion of the issue from entering the public docket. by Joseph Cox January 11, 2023, 2:00pm Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → U.S. government lawyers are hampering efforts that could reveal how the FBI managed to obtain the real IP address of an alleged visitor to an ISIS website on the dark web, according to court records reviewed by Motherboard. The case involves Muhammed Momtaz Al-Azhari, who was charged in May 2020 with attempting to provide material support to ISIS. According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--that is, one hosted on the Tor anonymity network--it should have been difficult for the site owner's or a third party to determine the real IP address of any of the site's visitors. Advertisement Do you know anything else about the FBI's use of NITs? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph@vice.com. Yet, that's exactly what the FBI did. It found Al-Azhari allegedly visited the site from an IP address associated with Al-Azhari's grandmother's house in Riverside, California. The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS's media arm. Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible. Now, in a recent series of filings, Department of Justice lawyers won`t say how the agency accessed Al-Azhari`s IP address, and are blocking discussion of the issue from entering the public docket. "In discovery, the Government has declined to provide any information related to its TOR operation," Samuel E. Landes, the defense attorney working on the case, wrote in a filing published Tuesday. The news highlights the Department of Justice`s continued and intense secrecy about its use of hacking tools, despite them becoming more popular in a wide range of types of criminal investigations. The knock-on effects of that secrecy can be that defendants do not have access to details of how they were identified, and don't have an opportunity to effectively challenge its legal basis. In some cases, prosecutors have also lost chances of convictions because keeping the tools secret was deemed more important than winning a case. Advertisement In the motion filed Tuesday, Landes writes that government prosecutors have successfully demanded his motion to compel for more information be marked as a "highly sensitive document." That designation is used for documents that may be of interest to the intelligence service of a hostile foreign government, and use of which by the foreign government would likely cause significant harm, Landes filing says. Landes' latest filing is a subsequent motion asking the court to reconsider giving that designation to his earlier motion. Tech The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant Joseph Cox 11.22.16 [IMG] Landes points to how the FBI's use of network investigative techniques (NITS)--the DOJ's euphemism for hacking tools--is far from a secret, having been used in multiple cases over the years. He says he also found an exhibit filed in other cases with similar issues and is widely available on the internet. Despite the public availability of this information, the government asked the court to treat the motion to compel as a highly sensitive document, Landes writes. The Department of Justice declined to comment. In other cases, the DOJ has
Re: Dishonest Tor relay math question - tor-talk is to lazy
Back in the days people were used to using mixmaster etc, whereas others migrated to then-modern p2p systems like i2p [and the word on the digital street was that "real" anonymous people had custom built onions that propagated through compromised systems -- and one saw a lot of those, and there were simple tools all around] If you look back at the history of mixmaster, it really stagnated at a point, and it looks now like a struggle of very few devs to keep a maintained codebase. I don't know, of course, I was never involved with mail relays, but it's an interesting parallel to the Tor situation. Similarly, it is quite hard, nowadays, for me, to find modern anonymity research papers. As Tor was getting more criticized, a lot of new research was cropping up. It used to be that most of the internet was anonymous, really. A lot of the norms or topics of discussion still assume this, when it has possibly been no longer true in general. A bit of a chicken-and-egg situation: you may need to be anonymous to produce a popular anonymity product that works. Still, they have been happening. Any project or paper people would point out nowadays? Tor still seems quite useful.
Re: Dishonest Tor relay math question - tor-talk is to lazy
> "Tor Stinks -- NSA, known since before 2012" Tor Project: Still Infested With Many Conflicts Of Interest, and with many problems that have been outlined for decade, not weeks, that Tor Project and its minions still put users at risk by refusing to mention, not least because it wouldn't be good for business. People should write code for new overlay networks to route around them. The Role of the Tor Project Board and Conflicts of Interest https://blog.torproject.org/role-tor-project-board-conflicts-interest/ by isabela | October 3, 2022 Over the last couple of weeks, friends of the Tor Project have been raising questions about how Tor Project thinks of conflicts of interest and its board members, in light of the reporting from Motherboard about Team Cymru. I understand why folks would have questions, and so I want to write a bit about how the board of directors interacts with the Tor Project, and how our conflict of interest process works. The Role of the Board First off, a word about non-profit boards of directors. Although every non-profit is unique in its own way, the purpose of a board of an organization like The Tor Project, with a substantial staff and community, is not to set day-to-day policy or make engineering decisions for the organization. The board's primary role is a fiduciary one: to ensure that Tor is meeting its obligations under its bylaws and charter, and “hire/fire” power over the executive director. Although staff members may consult board members with relevant expertise over strategic decisions, and board members are selected in part for their background in the space, the board is separate from the maintenance and decision-making on Tor's code, and a board seat doesn't come with any special privileges over the Tor network. Board members may be consulted on technical decisions, but they don't make them. The Tor Project's staff and volunteers do. The Tor Project also has a social contract which everyone at Tor, including board members, has to comply with. When we invite a person to join the Board, we are looking at the overall individual, their experience, expertise, character, and other qualities. We are not looking at them as representatives of another organization. But because Board members have fiduciary duties, they are are required to agree to a conflict of interest policy. That policy defines a conflict as “...the signee has an economic interest in, or acts as an officer or a director of, any outside entity whose financial interests would reasonably appear to be affected by the signee's relationship with The Tor Project, Inc. The signee should also disclose any personal, business, or volunteer affiliations that may give rise to a real or apparent conflict of interest.” Handling Conflicts of Interest Like most conflict processes under United States law, non-profit conflicts rely on individuals to assess their own interests and the degree to which they might diverge. The onus is often on individual board members, who know the extent of their obligations, to raise questions about conflicts to the rest of the board, or to recuse themselves from decisions. It also means that conflicts, and perceived conflicts, change over time. In the case of Rob Thomas's work with Team Cymru, the Tor Project staff and volunteers expressed concerns to me at the end of 2021, spurring internal conversations. I believe it is important to listen to the community, and so I worked to facilitate discussions and surface questions that we could try to address. During these conversations, it became clear that although Team Cymru may offer services that run counter to the mission of Tor, there was no indication that Rob Thomas's role in the provision of those services created any direct risk to Tor users, which was our primary concern. This was also discussed by the Board in March and the Board came to the same conclusion. But of course, not actively endangering our users is a low bar. It is reasonable to raise questions about the inherent disconnection between the business model of Team Cymru and the mission of Tor which consists of private and anonymous internet access for all. Rob Thomas's reasons for choosing to resign from the board are his own, but it has become more clear over the months since our initial conversation how Team Cymru's work is at odds with the Tor Project's mission. What's Next We at Tor, me, the board, staff and volunteers, will continue these conversations to identify how to do better from what we have learned here. I have been working with the board to see where things can be done better in general. One of these initiatives is changing the Tor Project's board recruitment process. Historically, recruitment for board slots has been ad hoc - with current board members or project staff suggesting potential new candidates. This selection process has limited the pool of who has joined the board, and meant that we do not always reflect the diversity of experiences or
Re: Dishonest Tor relay math question - tor-talk is to lazy
"Arti 1.0.0 is released: Our Rust Tor implementation is ready for production use. -- Tor Project Inc" Doesn't matter what language you write it in, or what bells and whistles you add to it and advertise, tor's fundamental underlying design and operations are still subject to traffic analysis (including exposure of onion services) and infiltration. Tor Project Incorporated (aka $$$) is putting its users at risk by refusing to speak openly frankly and routinely about these problems, and by refusing for 20 years to do anything substantive about them at the protocol and ops level. $$$ and or spy friendly? Along with the problems, those questions remain unanswered. And while tor has remained stagnant, tor's adversaries have advanced light years since this disclosure was made... "Tor Stinks -- NSA, known since before 2012" Long past time for development and adoption of new competing network overlays.
Re: Dishonest Tor relay math question - tor-talk is to lazy
The NSA actively targets projects like Tor, to reduce and coopt their effectiveness. Appelbaum wrote about and cited this in his thesis. > It would be no surprise if spy agency workers were employed in Tor. It is no surprise if they are also employed in other anonymity, privacy, security, and software and hardware freedom projects. It is of interest how much, where, and to what ends.
Re: Dishonest Tor relay math question - tor-talk is to lazy
"Communication in a world of pervasive surveillance ... 2.8.1 – Sabotage ... The NSA estimated in 2011 that they performed around one thousand attacks against VPN sessions per hour and NSA projected it would soon be performing one hundred thousand such attacks in parallel per hour. It is reasonable to assume that this number is significantly higher after more than a decade." Tor is not immune to such things... attacks and advances in attacks. Yet everyone still refuses to talk about that, and Tor Project Incorporated and it$ minion$ $till apologize$ for it$elve$ and refuse$ to acknowledge that "Tor Stinks -- NSA" Tor's users are at risk because of Tor Project Incorporated and its minions, and its money and money sources, among other things. And Tor now officially advertises offering secret paychecks to its minions, and still masks its players. As some say, more better to hide the corruption and protect its corrupt actors and hide chains of employer and funder relationships. Regardless, so much for their bogus meme of transparency and openness. Tor Project literally hired a CIA agent, and at least one of its Board of Directors had ongoing carnal relationship with at least one NSA agent. For real. And Tor Project Inc censorbans all people who mention any of these things (and more) off all their comms forums. And remember that FOIA request from the free independent tor user community that got ignored and craftily closed. Seems Tor Project Incorporated has some big things to hide. "Of the three, OpenVPN is a protocol without a basis in formal specifications or peer review except where TLS or DTLS is concerned. IPsec is a pro- tocol built by committee as part of the Internet Engineering Task Force (IETF) Re- quest for Comments (RFC) process. Both are understood to have been weakened [ins14b,BBG13,PLS13,Lar13] 2 by the NSA intentionally. The techniques are not entirely understood but it appears that the NSA uses every option available when they deem it necessary. What they deem necessary is not always what is expected. This includes sending people to standardization meetings to sabotage the security standards as well as sending people into companies to perform so-called cryptographic enabling; this is how NSA euphemistically describes sabotaging cryptography or security. It is difficult to overstate the level of subterfuge understood to be attributed to the NSA, both by external investigations and by their own internal documents. The normally classified and thankfully leaked black budget [GM13a] shows hundreds of millions of dollars budgeted and specific successes against specific U.S. domestic and international companies."
Re: Dishonest Tor relay math question - tor-talk is to lazy
https://www.hackerfactor.com/blog/index.php?/archives/944-Tor-0day-Snowflake.html https://www.hackerfactor.com/blog/index.php?/categories/19-Tor Tuesday, 21 December 2021 Back in 2020, I wrote nine blog entries about Tor that covered a wide range of vulnerabilities. Many of them were well-known to the Tor Project (some nearly a decade old!) but had never been addressed and had no viable mitigation options or alternatives. Other issues were brand new and first disclosed on my blog. (The last blog entry begins with a summary of the vulnerabilities.) Of all of the vulnerabilities and concerns that I raised in 2020, the Tor Project didn't address any of them. Zero. Over the past year, there were over a dozen updates for the Tor daemon (and that's not counting the pre-releases). There were also over a dozen updates to the Tor Browser (from version 10.0.8 to 11.0.3), but most of these were basically incorporating updates from Firefox. The main Tor-specific changes were the deprecation and removal of onion v2 support (replaced by v3 addresses) and the formal release of snowflake as a pluggable transport. Some of my "Tor 0day" blog entries mentioned a lack of good pluggable transports for when someone blocks direct and indirect (bridge) connections. Snowflake introduces another connection option, but it has its own serious limitations and is far too detectable. Still Viable Exploits My "Tor 0day" blog series focused on one specific scenario: Can someone watching the network traffic determine if you (specifically you) were using Tor? For example, many companies do not permit Tor within the corporate network. This restriction prevents malware from downloading past the corporate anti-virus scanners and deters someone from potentially leaking company-confidential information. These companies don't mind if you use Tor on your home network and home computer; just not on anything that touches the company's network. For these companies, it is one thing to have a rule about "no Tor", but it's another to enforce the rule by detecting and immediately blocking anyone who violates the rule. This threat vector is also seen when countries block access to Tor. Earlier this month, the Tor Project made an announcement that Russia was blocking Tor. What they didn't mention was that these blocks were made possible using the exact same methods disclosed in my blog series a year earlier. Moreover, the Tor Project had known about these issues for years. The Tor Project's alert about Russia was really just a complaint that people were blocking their service through exploits that the Tor Project hasn't felt like fixing. The Open Observatory of Network Interference (OONI) is an organization that tracks online censorship. About 10 days after the Tor Project's announcement, OONI posted their report. According to OONI, it wasn't all of Russia blocking Tor; it was 15 out of 65 subnets. Moreover, each censorship instance used a different blocking method: In some cases though (such as on AS42437), OONI data suggests that access to torproject.org is being interfered with by means of a TLS man-in-the-middle attack, while in other cases (such as on AS51570), we observe that the connection is reset once the TLS handshake has been initiated, suggesting the use of Deep Packet Inspection (DPI) technology. If the censorship was government-sponsored, as the Tor Project suggested, then I would expect it to be much more widespread and consistent. This looks like individual blocking efforts. As OONI noted, the blocks followed a "recent spike in the use of Tor bridges (used for circumventing Tor blocking) in Russia." To me, this looks like ISPs having a problem with Tor users. Tor is often viewed a bad neighborhood since it is often associated with other criminal activities, like human trafficking and drugs. By blocking Tor access, these services reduce the number of bad actors on their networks. This censorship also means that these ISPs could easily detect Tor bridges (as noted in my second Tor 0day blog entry.) If the Tor Project actually provided anonymous or less detectable bridges, then this filtering would never have happened. Similarly, this year Tor researcher Nusenu found that one persistent threat group (KAX17) had managed to create thousands of Tor nodes. With that many nodes, they can easily decloak hidden services and track individual users. This group has been around since at least 2017 and the Tor Project's efforts to remove them have been ineffective. (See my 6th blog entry for more details.) Pluggable Transports Tor uses pluggable transports as alternative protocols for connecting to the Tor network. My second blog entry shows how to detect and block all production pluggable transports. Moreover, code had been deployed and was working in real-time on high-volume networks. (As an aside: as far as I know, my code is not being used for those Russian blocks.) I had previously mentioned that the Tor Project had dropped
Re: Dishonest Tor relay math question - tor-talk is to lazy
> https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/ > A mysterious threat actor is running hundreds of malicious Tor relays... Gizmodo: Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users. https://gizmodo.com/someone-is-running-hundreds-of-malicious-servers-on-the-1848156630 "Tor Stinks -- NSA"
Re: Dishonest Tor relay math question - tor-talk is to lazy
https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/ A mysterious threat actor is running hundreds of malicious Tor relays... If you knew how many nodes have been both removed since years, and how many are still running and coming every day, you would shit yourself. Not 10's, not 100's, not 1000's... But Tor Project censors and fails to disclose that because it wants to keep certain thing$ flowing in. People have tried pointing the problems out for safety of the tor users to consider on their own, but Tor Project censors that. Yes, it is true that Tor is subject to rampant node infestation and has been since decades... Tor Project even hired a CIA agent, and a wife of another agent, and military contractors, and more. People in that article are not first to find or speak of mass bad nodes, but Tor Project has liked to bury it. What is also true about Tor Project Incorporated, is that when people bring up the fact of Sybil and Traffic Analysis attacks on tor, bring that and many other problems with the Tor Project up in any of their public fora, the Tor Project and its staff people all freespeech hypocrites repeatedly CENSOR and prevent tor users from seeing that free speech, they kick you out of their little project, etc. Tor has literally in their own action item words "bricked up" their fora. Very much is wrong with Tor Project $ince years now. Latest was false advertising defrauding NFT buyer of $2M. It's long past due, not just to be forked away from all that mess, but for entirely new projects to startup from new people, develop new overlay networks with active fulltime anti-TA chaff in the base layer, WoT's and other anti-Sybil mechanisms, etc. All which can see by search the famously quote... "Tor Stinks -- NSA".
Re: Dishonest Tor relay math question - tor-talk is to lazy
>> Thing is, I don't trust Claudia to get it right (we have a history... ). history? ‐‐‐ Original Message ‐‐‐ On Saturday, October 16, 2021 1:34 PM, Peter Fairbrother wrote: > On 16/10/2021 10:12, Stefan Claas wrote: > > > On Sat, Oct 16, 2021 at 10:24 AM Peter Fairbrother pe...@tsto.co.uk wrote: > > > > > > Though there's no such thing as 100% anonymity, security, etc... > > > > there are certainly different comparative magnitudes of it available > > > > today, and higher ones are probably quite achievable with some > > > > work on new alternative models. > > > > > > Examples? > > > > https://nymtech.net/ > > Regards > > Stefan > > I had a look at the whitepaper - Claudia has outdone herself in > describing a system which could maybe work - but, and I quote, "The > specific algorithms and implementation details of each part of the > system will be fleshed out in separate documents." > > There is no proof, or even enough details, to show that it will or even > could work. It's all sweeping statements and claims, backed up by - nothing. > > Thing is, I don't trust Claudia to get it right (we have a history... ). > > The loopix part looks interesting, at first glance. Though "a > measure of sender and receiver unobservability" is not exactly reassuring.. > > Peter Fairbrother publickey - privacyarms@protonmail.com - 0x6ECBFF11.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Dishonest Tor relay math question - tor-talk is to lazy
On Sat, Oct 16, 2021 at 3:34 PM Peter Fairbrother wrote: > I had a look at the whitepaper - Claudia has outdone herself in > describing a system which could maybe work - but, and I quote, "The > specific algorithms and implementation details of each part of the > system will be fleshed out in separate documents." > > There is no proof, or even enough details, to show that it will or even > could work. It's all sweeping statements and claims, backed up by - nothing. > > Thing is, I don't trust Claudia to get it right (we have a history... ). > > > > The loopix part looks interesting, at first glance. Though "a > measure of sender and receiver unobservability" is not exactly reassuring.. Well, I mentioned Nym, because, once in production, it could be an alternative to Tor. They already have a test net running, consisting of several thousand mix nodes and a couple of gateways. The funding they received this year was a couple of million, so let's see how this pans out. Regards Stefan
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/16/21, Peter Fairbrother wrote:
> except an observer can see when you are sending real
> traffic, somewhere within the burst. And maybe correlate that with some
> other network i/o
No, all a network tap can see is that you are moving
encrypted packets, they can't see inside them as to
chaff/wheat/content, can't time count or characterize
match them with any other node's traffic or perturb you
across the cloud because you've already negotiated strict
perform-or-die link contracts out your NIC with all your
nexthop nodes, and them out their own NIC to their peers
thus breaking discoverable network ripples ("bursts"), etc.
> assuming there is some other traffic on the network,
> how does the attacker know that A's solitary traffic is to onoin1 and
> not to someone else?
Doesn't matter if or where the rest of the net is saturated,
only A and onion1 need matched up, and if you're not doing
fulltime TA defenses then opportunities will exist to match,
so they tap A, run or tap onion1... including just tapping as
much net as they can from any sufficient vantage points such
as Tier-N ISPs, cablecorp landings, top secret cable taps...
dump all the nodes traffic into the pattern matcher, run matches
lining up all the bursts bumps waves megabytes jitters mouseclicks
sessions coffee breaks etc that they can see, game over.
As NSA said, you're probably not going to deanon
every stream every time upon demand, but...
- You don't have to, users will emit more chances for you.
- Matching engines software and hardware have advanced light
years ahead of where they were 10++ years ago when
those slides were generated, while tor has remained static [1].
The Tor Project and its people knew of the traffic analysis problem
since day one 20+ years ago, and have done almost nothing
since then to attempt to defeat it to any magnitude of reduction, and
have refused to prominently disclaim the problem to their funders
and users, instead choosing to bury it, taking down such warnings
and "bricking up" and censoring all their public comms channels
against such embarassing truths and points of consideration.
That's fraudulent, dispicable, hypocritical, stifling development, etc.
You decide.
But most importantly, and eventually, if not already, some
unsuspecting users who were tricked into buying the
glossy sales flyers are going to get fucked by it.
[1] More or less same for most nets in current use, and nets in R,
but subject is about big whale Tor, and its influence on the space.
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 16/10/2021 10:12, Stefan Claas wrote: On Sat, Oct 16, 2021 at 10:24 AM Peter Fairbrother wrote: Though there's no such thing as 100% anonymity, security, etc... there are certainly different comparative magnitudes of it available today, and higher ones are probably quite achievable with some work on new alternative models. Examples? https://nymtech.net/ Regards Stefan I had a look at the whitepaper - Claudia has outdone herself in describing a system which could maybe work - but, and I quote, "The specific algorithms and implementation details of each part of the system will be fleshed out in separate documents." There is no proof, or even enough details, to show that it will or even could work. It's all sweeping statements and claims, backed up by - nothing. Thing is, I don't trust Claudia to get it right (we have a history... ). The loopix part looks interesting, at first glance. Though "a measure of sender and receiver unobservability" is not exactly reassuring.. Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 16/10/2021 12:00, grarpamp wrote: On 10/16/21, Peter Fairbrother wrote: Except the increased bandwidth cost. And if you have to have padding between each node, or on each link, that becomes very expensive. ... [whatever FUD's/month] Again, no, users have already bought whatever speed they like from their ISP, they can't shove any more over their link than that, thus there is zero increased expense, the most speed they can ever get is literally exactly what they paid for, they cannot push R bps or N B/m more beyond what they bought, period. And as before, endpoint users on stupid byte rape plans can just opt out of base-chaff, and miss out on the extra protection. Suppose you want to download a bloated web page of 4MB in 4 seconds then Running that 24/7 for a month No, you only have to run it during the time of your download / activity, plus maybe a few more minutes to sync network metadata, test wan conditions to peer nodes, negotiate overlay speeds and chaff contracts, and start running. That's good - except an observer can see when you are sending real traffic, somewhere within the burst. And maybe correlate that with some other network i/o - in fact it almost negates any advantage of a base chaff rate. Total size of transfer - compared between whom? UserA and .onion1? But some on userA's and most of .onion1's traffic will be to other people so how does comparing their total size of transfer over a year help? A's usage may be to zero other people, and Eve runs onion1 which also has no such guarantee, thus whether its 1 minute or 1 decade it's game over for A. yes, except no - assuming there is some other traffic on the network, how does the attacker know that A's solitary traffic is to onoin1 and not to someone else? And so on Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/16/21, Peter Fairbrother wrote: > Except the increased bandwidth cost. And if you have to have padding > between each node, or on each link, that becomes very expensive. > ... > [whatever FUD's/month] Again, no, users have already bought whatever speed they like from their ISP, they can't shove any more over their link than that, thus there is zero increased expense, the most speed they can ever get is literally exactly what they paid for, they cannot push R bps or N B/m more beyond what they bought, period. And as before, endpoint users on stupid byte rape plans can just opt out of base-chaff, and miss out on the extra protection. > Suppose you want to download a bloated web page of 4MB in 4 seconds then > Running that 24/7 for a month No, you only have to run it during the time of your download / activity, plus maybe a few more minutes to sync network metadata, test wan conditions to peer nodes, negotiate overlay speeds and chaff contracts, and start running. > [there are of course other issues regarding latency in a base-chaff-flow > web system] Vapors until posted. > Total size of transfer - compared between whom? UserA and .onion1? > But some on userA's and most of .onion1's traffic will be to other people > so how does comparing their total size of transfer over a year help? A's usage may be to zero other people, and Eve runs onion1 which also has no such guarantee, thus whether its 1 minute or 1 decade it's game over for A. > Plus, with a randomly-variable delay, how do you accurately know the > amount of traffic sent in your year? > > TCP ramps - but he doesn't have any close-grained timing info, so how > does the adversary detect when TCP ramps happen? > > Backoffs - but he doesn't have any close-grained timing info, so how > does the adversary detect when backoffs happen? Users of any network probably exhibit more degenerate edge cases, and at a higher frequency, than analysts they think they do. Futher, some networks allow anonymous yet unique discrimination by an endpoint among far end clients via the pubkeys they use. > All very well, but how do you do anonymous browsing without TCP? > ... > without TCP / over UDP is probably doable, but it wouldn't be browsing Web currently requires TCP, but the underlying generic transport network, like packet switches, doesn't care what gets emulated or chopped into packets in order to move over it, whether chaff or wheat. > allowing a little padding and timing jitter here and there. And browsing > without TCP / over UDP is probably doable, but it wouldn't be browsing > as we know it) You can run anything over a physical base layer of link level chaff. Go read about how ATM networks work. Chaff link contracts take place of your inability to be the WAN's physical network bucket clock, you can't own that... but you can own the clock, randomizer, repeater, counter, statistical analyzer, and enforcer that is your CPU... and own the logical link out your NIC across whatever WAN to your peer nodes. > allowing a little padding and timing jitter here and there. A low ratio [flow padding, jitter] isn't going to mask a relatively big and or otherwise unique transfer. > low latency There's that FUD phrase being used again as if it means something [when] it doesn't. > low added cost There's that FUD phrase being used again as if it means something [when] it doesn't. > a gpa that was and is not achievable. "Tor Stinks -- NSA"... that was over 10 years ago from a slide deck indicating that they didn't have to "deanon" all the time, meaning between the lines, that they could "deanon" (and other ways and exploits). Regardless, pretending that they, and even independent actors, are not light years farther ahead today, might be quite fatal. And refusing, like Tor Project does, to prominently warn users of the problems, to permit free open uncensored talk of the problems on their fora, is irresponsible to complicit. > Without a need to trust anyone except the math. Can you trust your own enforcement of the expected parameters of a contract that you negotiated? > Examples? Clearnet, vs tor. Tor, vs all manner of other overlay networks. All prior nets, vs whatever is done new in the future. Not saying there aren't other fine methods or in parallel to achieving degrees more TA resistance, particularly with single application overlays. However generic transport overlays may be more useful to more users via not having to run a separate network for each application, and can tend to have more devs helping out.
Re: Dishonest Tor relay math question - tor-talk is to lazy
On Sat, Oct 16, 2021 at 10:24 AM Peter Fairbrother wrote: > > Though there's no such thing as 100% anonymity, security, etc... > > there are certainly different comparative magnitudes of it available > > today, and higher ones are probably quite achievable with some > > work on new alternative models. > > Examples? https://nymtech.net/ Regards Stefan
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 16/10/2021 06:45, grarpamp wrote: On 10/15/21, Peter Fairbrother wrote: Nothing about a base layer of chaff prevents "low-latency browsing" as an application. Except the increased bandwidth cost. And if you have to have padding between each node, or on each link, that becomes very expensive. Suppose you want to download a bloated web page of 4MB in 4 seconds then your base flow is >1MB/s. Running that 24/7 for a month, that's 2.5 TB per month. 500 times more than an average user's 50 GB/month.. [there are of course other issues regarding latency in a base-chaff-flow web system] Tor has vacuumed up, propagandized, sucked the funds from, steered via proceedings, and effectively killed all the competitive research and development in the space for last 20 years. Yep. Totally agree there. An entire class of TA is solely based on matching up i/o across all nodes to find matches. Certain things don't matter to such matching engines. Grandma Eggs Suck. Not if it was a randomly-variable one year delay they couldn't. If your app is "browsing", or doing any other TCP stream, yes they can, such streams have other identifiable traffic characteristics than just arrival and inter packet timing, such as total size of transfer, TCP ramps, backoffs, etc. Not even vaguely. Total size of transfer - compared between whom? UserA and .onion1? But some on userA's and most of .onion1's traffic will be to other people. so how does comparing their total size of transfer over a year help? Plus, with a randomly-variable delay, how do you accurately know the amount of traffic sent in your year? TCP ramps - but he doesn't have any close-grained timing info, so how does the adversary detect when TCP ramps happen? Backoffs - but he doesn't have any close-grained timing info, so how does the adversary detect when backoffs happen? [skip TCP stuff] All very well, but how do you do anonymous browsing without TCP? (I actually agree that TCP sucks in this case, but it isn't a total deal-breaker if the TCP data in the packet headers is encrypted - plus allowing a little padding and timing jitter here and there. And browsing without TCP / over UDP is probably doable, but it wouldn't be browsing as we know it) The TOR people (well, at least some of them - some may have had other agendas) wanted to anonymise web browsing as it existed then, a laudable aim. However that means TCP, that means low latency, that means low added cost - remember the 8th law, "A system which is hard to use will be misused, abused and unused", and that "hard to use" includes expensive in terms of resources or money or time - and against a gpa that was and is not achievable. They "settled" for some kind of anonymity against lesser adversaries, but their rationalisations of that motive suck. I don't know of any strict anonymity p2p apps. Not sure what you mean. Without a need to trust anyone except the math. Though there's no such thing as 100% anonymity, security, etc... there are certainly different comparative magnitudes of it available today, and higher ones are probably quite achievable with some work on new alternative models. Examples? Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 15/10/2021 18:03, coderman wrote: ‐‐‐ Original Message ‐‐‐ On Friday, October 15, 2021 12:09 AM, PrivacyArms wrote: To clarify my question: Is there an anonymous network (GPA) for secure/private messaging better than Tor? privacy loves company, so the unpleasant answer to your question is: no, there's nothing remotely as popular as Tor that is also a GPA resistant mix network. ... remember when people ran mixminion? :P [ https://github.com/mixminion/mixminion ] Did they? I thought it never got off the ground. Maybe some alpha version? People certainly ran Mixmaster, Len Sassaman was a close friend. But when Nick Matthewson left the Mixminion development team for Tor in 2004 (and Andrei Serjantov, who with George Danezis were the main Mixminion theory guys, went in to the quant business) the rest of the PET crowd either followed into Tor or left, and there was nobody to develop Mixminion. :( Liked the story :) Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 15/10/2021 19:24, Punk-BatSoup-Stasi 2.0 wrote: Is that so? Cause if A and B are connected through a 'high speed' fully padded link, they can replace the 'chaff' with their data at will and with very 'low latency'... And no anonymity whatsoever. Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/15/21, Peter Fairbrother wrote: > perhaps I should have said low-latency browsing. Defining what the end user application is, is required if you want to design a net to carry it. If the subject is about tor's feature as currently implemented, the application scope is therefore narrow, one of only moving TCP streams across the internet between client and server. (Users can move UDP and even raw IP over top of that with OnionCat, but that's no different, and is covered in other threads.) Nothing about a base layer of chaff prevents "low-latency browsing" as an application. > You might perhaps do a reasonably low latency anonymous twitter for > instance but not low-latency anonymous browsing. Hardly anyone has developed, released, run, and iterated over any chaffed or other designs than tor for that browsing use case, so that probably cannot yet be said. Tor has vacuumed up, propagandized, sucked the funds from, steered via proceedings, and effectively killed all the competitive research and development in the space for last 20 years. That must end, ignore and stop worshipping Tor, go compete. > It can matter if traffic is aggregated and an adversary can only see the > aggregated traffic. It can matter if the adversary uses timing > information to correlate the input and output traffic to a network > (which he almost inevitably does). Self contradicted, so then don't say they can only see the aggregate, define the cases being for the suggested answers. An entire class of TA is solely based on matching up i/o across all nodes to find matches. Certain things don't matter to such matching engines. > Not if it was a randomly-variable one year delay they couldn't. If your app is "browsing", or doing any other TCP stream, yes they can, such streams have other identifiable traffic characteristics than just arrival and inter packet timing, such as total size of transfer, TCP ramps, backoffs, etc. Tor's hidden services are especially sitting ducks. > Or if you took the timing data away. Already explained reclocking as being useful. > If it was like that, Tor could (and probably would) add a little bit of > packet size restriction, and that would probably be enough to make it TA > resistant. No, TCP streams, their bulk data, etc... endpoints still characterizable. > It's not TA-resistant because the design requirement for low latency > buggered the design. You could add lots of covertraffic but it wouldn't > help much - the lack of aggregation kills it as far as TA goes. No, a network running a base of chaff already serves the purpose that these "aggregation" functions tries to do... ie: such as networks with voids keep scheming up ways to avoid their own voids such as by steering clients to internal aggregating gravity wells, msg buffer stores, etc based upon bandwidth weight consensus or other mechanisms. > And the reason for the lack of aggregation (and no fixed packet sizes) > is because they wanted low latency. ATM networks were both low-latency, and fixed packet sizes, and millions of happy users browsed the web over them, a prior art proven and in use well before and after tor's birth. So Tor's design assumptions and direction may well have been buggered by something else... Opensource projects are as subject to rat infestation and influence as are miracle closed source commercial $nakeoil crypto hardware from fabulously and errantly trusted US and Euro locations and GovCorps, then just look at Debian, the internet's history of corrupt "standards" bodies, TOP SECRET nudges yet curiously missing the non-beneficial ones that are applied, etc... > That is not the only way to go, though it was famously used in eg the > US-USSR hotline. It is expensive. No, the hotline was made up of leased circuits, they paid the same leased line rate to the telcos whether they were sending wheat, chaff, or nothing at all over them. And they could pass precisely no more than the line rate of the circuit that they provisioned allowed, regardless of what they were sending. > And a simple base layer wastes bandwidth. Explained many times that it doesn't, chaff gets out of the way and uses the wheat as chaff replacement while wheat is present. And if an edge user stuck on stupid limited byte based billing wants to opt out of the constant chaff base, they can, they just don't get its benefits and have to fall back on whatever other defenses the network provides. > Techniques like > randomly-variable base rates, traffic aggregation, end-user sharing > (which among other things blurs the edges of the network), directed > covertraffic (where the covertraffic looks "guilty"), route splitting, > latency jittering and so on are available to defeat TA at lesser > bandwidth cost. Except the techniques don't necessarily work when your use case is TCP data streams... "browsing", file transfer, etc... all have patterns of matching i/o characteristics between endpoints and/or nodes. End-users are still end-users
Re: Dishonest Tor relay math question - tor-talk is to lazy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ‐‐‐ Original Message ‐‐‐ On Friday, October 15, 2021 12:09 AM, PrivacyArms wrote: > To clarify my question: Is there an anonymous network (GPA) > for secure/private messaging better than Tor? privacy loves company, so the unpleasant answer to your question is: no, there's nothing remotely as popular as Tor that is also a GPA resistant mix network. ... remember when people ran mixminion? :P [ https://github.com/mixminion/mixminion ] > Regarding the other question: What can criminals can do > to stay anonymous which is outside the law (hacking/stealing > computers/wifi), more? one time, a retired person noticed someone connected to their WiFi that was not a client name nor MAC ID recognized. curious, they broke out the directional antenna and packet sniffer to find out the signal was coming from the next door neighbor. odd! being retired, and knowing that they neighbor, they went next door to ask if they were having network trouble, and how they managed to leach the WPA passphrase? alas, the neighbor was none the wiser! their computer was wired into the router. yes, it had a WiFi card, but Ethernet was easier. the neighbor not so technically savvy after all. the retired one taks a look at the desktop. behold! a trojan process. the retired one worked in tech, and knew how to use a disassembler. but it wasn't even that hard - it was a compiled script, and the source was sitting in memory. - --- next the retired person geolocated the command and control host. it was in europe, another country away, but our retired friend also has friends in many countries. time for a visit! arriving on a flight to brussels, a travel agency office was observed at the C end. they lease a dedicated line for internet, it was setup a decade ago by the owner's son. they don't know how it works, but it costs 160 euros a month. "mind if i take a look at your router?" the retired one asks? ' sure thing.' a static forward is provisioned between the public port and a private internal address. checking the DHCP/IP assignments (there is a static one assigned to a mystery client) the retired one finds a client associated over wireless, another hop: this one a coffee shop across the street. - --- in the cofeee shop our retired one followed the signal analyzer to its natural conclusion : a USB powered SoC under a table with an antenna in the direction from whence just travelled! but where does it go? a dual radio SoC, not unsimilar to a pineapple, the local side was leeching coffee house WiFi for upstream. *sigh* time to tear apart the sdcard ... [ break for refreshments ] "damnit! a wireguard tunnel to a bullet proof hosting server!" our retired person is again compelled to travel. this time a friend of a friend who runs the hosting service for bitcoin and monero. sheer luck we happened to have a contact! calling in a favor, our retired adventurer found the customer. there is no contact or registrar info, of course. but this IP address looked familiar! - --- back at the coffee shop, with a new MAC ID to hunt for, a woman in the rear corner of the store sticks out as signal source. "excuse me, are you a hacker?", our retired friend asks. 'yes.. i saw you looking for something. i thought it might be me', she says with a sly smile. 'how did you find me?' [ our retired subject explains the process of recusion ... after many minutes, reaching the terminus in this tale. ] 'ah, that explain it.' she says satisfied. 'my threat model was law enforcement, not batshit crazy!' THE END. -BEGIN PGP SIGNATURE- iNUEAREKAH0WIQRBwSuMMH1+IZiqV4FlqEfnwrk4DAUCYWm0FF8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NDFD MTJCOEMzMDdEN0UyMTk4QUE1NzgxNjVBODQ3RTdDMkI5MzgwQwAKCRBlqEfnwrk4 DCSEAP9pB8KNe7Ai4wJqIaObCbvThGP9efsbDVv5X+dDTs1YIgD+J/hBJICF+zhy uWrcEy4ToP28cd3cYZlMegBiOZaeCs4= =7dJX -END PGP SIGNATURE-
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 15/10/2021 11:07, grarpamp wrote: Anonymity is hard, and low-latency anonymity is almost impossible. People keep throwing this "low latency" term around as if it's some kind of distinction, a proven generality, lesser capable to anonymity, than any other particular "latency" level. This is bogus. There is a smigdin of truth in that, but there's probably more in the simple use of the term low-latency, or perhaps I should have said low-latency browsing. You might perhaps do a reasonably low latency anonymous twitter for instance, but not low-latency anonymous browsing. Latency is just a timing measure, whether your traffic events, sessions, and characteristics occur over milliseconds, or days, traffic analysis doesn't give a shit. It can matter if traffic is aggregated and an adversary can only see the aggregated traffic. It can matter if the adversary uses timing information to correlate the input and output traffic to a network (which he almost inevitably does). You could drop a 1 year store and forward packet buffer delay on every interface in the entire tor cloud and the NSA could still analyze it. Not if it was a randomly-variable one year delay they couldn't. Or if you took the timing data away. If it was like that, Tor could (and probably would) add a little bit of packet size restriction, and that would probably be enough to make it TA resistant. That's because tor's design is hardly TA resistant, not because it's "low-latency". It's not TA-resistant because the design requirement for low latency buggered the design. You could add lots of covertraffic but it wouldn't help much - the lack of aggregation kills it as far as TA goes. And the reason for the lack of aggregation (and no fixed packet sizes) is because they wanted low latency. They also use it as apology and to avoid doing dynamic base of chaff, because they are application layer7 people who don't understand how raw packet networks work at <=L3 and how to use them to run a base layer of dynamically yielding chaff to ride your wheat over on demand. I think you are being overly optimistic/simplistic here. That is not the only way to go, though it was famously used in eg the US-USSR hotline. It is expensive. And a simple base layer wastes bandwidth. Techniques like randomly-variable base rates, traffic aggregation, end-user sharing (which among other things blurs the edges of the network), directed covertraffic (where the covertraffic looks "guilty"), route splitting, latency jittering and so on are available to defeat TA at lesser bandwidth cost. Fixed sizes of cells, etc. Yeah, that's almost a requirement. Certainly makes life easier. "Low latency" really just defines the point at which users switch from thinking "Hey this is fast enough to surf the web (or whatever their use case)", to "This shit's too damn slow to do anything, I'm out." Which is about 4 seconds for web browsing today (a few studies have been published), .. though in the days of acoustic modems it was longer .. Anonymous remailers could work They're a bit harder since a "message" gets injected into a proper random mix/cloud/buffer, and is not an e2e stream tacked up across it. Yet without chaff on every link, message size controls, etc... they can still fall to TA the same way tor does. Iirc Mixmaster has message size control. It doesn't have or need specific per-link chaff, but it does have chaff - nobody knows/knew how much, it was added by individual users. Per-link chaff might help against some injected traffic attacks, but it is not strictly necessary. but they are pretty much moribund now. Still useful if you want to use "E-Mail" addresses over "E-Mail" networks, and should continue to be developed and deployed for that legacy purpose. But for the general purpose of "messaging" they are largely now rightly replaced by dedicated p2p message network apps that don't have to compromise themselves to "E-Mail"s old protocol restrictions and trust model. I don't know of any strict anonymity p2p apps. Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
> Anonymity is hard, and low-latency anonymity is almost impossible. People keep throwing this "low latency" term around as if it's some kind of distinction, a proven generality, lesser capable to anonymity, than any other particular "latency" level. This is bogus. Latency is just a timing measure, whether your traffic events, sessions, and characteristics occur over milliseconds, or days, traffic analysis doesn't give a shit. You could drop a 1 year store and forward packet buffer delay on every interface in the entire tor cloud and the NSA could still analyze it. That's because tor's design is hardly TA resistant, not because it's "low-latency". They also use it as apology and to avoid doing dynamic base of chaff, because they are application layer7 people who don't understand how raw packet networks work at <=L3 and how to use them to run a base layer of dynamically yielding chaff to ride your wheat over on demand. Fixed sizes of cells, etc. "Low latency" really just defines the point at which users switch from thinking "Hey this is fast enough to surf the web (or whatever their use case)", to "This shit's too damn slow to do anything, I'm out." > Anonymous remailers could work They're a bit harder since a "message" gets injected into a proper random mix/cloud/buffer, and is not an e2e stream tacked up across it. Yet without chaff on every link, message size controls, etc... they can still fall to TA the same way tor does. > but they are pretty much moribund now. Still useful if you want to use "E-Mail" addresses over "E-Mail" networks, and should continue to be developed and deployed for that legacy purpose. But for the general purpose of "messaging" they are largely now rightly replaced by dedicated p2p message network apps that don't have to compromise themselves to "E-Mail"s old protocol restrictions and trust model.
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 15/10/2021 01:09, PrivacyArms wrote: To clarify my question: Is there an anonymous network (GPA) for secure/private messaging better than Tor? Regarding the other question: What can criminals can do to stay anonymous which is outside the law (hacking/stealing computers/wifi), more? Anonymity is hard, and low-latency anonymity is almost impossible. A brief history: In 1981 David Chaum described mix networks (including onion routing). This was only possible because of the then-recent invention of public key cryptography. This idea was then instantiated as the Cypherpunks anonymous remailer, then the Mixmaster remailer. A further development, Mixminion, was in the works in the early to mid noughties, but was derailed when its chief coder, Nick Matthewson, decided to work on TOR instead. Anonymous remailers could work, but they are pretty much moribund now. The same year, in "True Names", Vernor Vinge described a "feed", whereby short encrypted messages were aggregated and broadcast. Chaum described a similar idea, incorporating dummy traffic, and other plans involving private information retrieval. [2] None of these have come to fruition. So no, there are no "strict" anonymous networks in existence. By "strict" I mean mathematically provable, without requiring trusting another person. Nor are there any effective widely-deployed anonymous networks which only require trusting any one out of many people. There are several less-than-strict techniques, which may or may not work. You could "use other people's computers" by chaining through a few web proxies. You could internet cafes, hack into wifi (perhaps using a box connected via an IR link) or relay through a chain of pwned boxen. Sneaky people might well think of some more, but I wouldn't put them in an email. :) Secure messaging, as opposed to anonymous messaging, where confidentiality rather than anonymity is the requirement, is of course possible - there are several apps, or you could almost write your own (don't do it, I said "almost"!). Just make sure it is really end=to=end and there are NO dedicated [1] servers involved anywhere - there is no cryptographic need for a dedicated server in a secure messaging network. If there is one then you are trusting it to do something; and remember the 6th law: "Only those you trust can betray you." Peter Fairbrother [1] by dedicated I mean you have to use a particular server. If you have to use any one of several servers it might be OK if you (can) run your own server. Or it might not. No server is safer] [2] Chaum's 1981 MS thesis, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms" contains almost all the types of strict anonymous communication ever invented, worth a read. http://www.cs.utexas.edu/~shmat/courses/cs395t_fall04/chaum81.pdf Vernor Vinge's True Names is of course required reading: https://www.google.com/url?sa=t=j==s=web==rja=8=2ahUKEwjqu4Pr7MvzAhVTglwKHRBJBfEQFnoECAIQAQ=http%3A%2F%2Fwww.scotswolf.com%2FTRUENAMES.pdf=AOvVaw0u3GgYC_zdrgFmYrmP2DAA
Re: Dishonest Tor relay math question - tor-talk is to lazy
1) Is there a better way for anonymous communication than Tor? 2) Is there a global adversary resistant mixnet? 3) Someone mentioned the fact, that criminals have better ways of hiding than Tor? What methods do you had in mind? ‐‐‐ Original Message ‐‐‐ On Tuesday, October 12, 2021 2:50 AM, PrivacyArms wrote: > 1. Is there a better way for anonymous communication than Tor? > 2. Is there a global adversary resistant mixnet? > 3. Someone mentioned the fact, that criminals have better ways of hiding > than Tor? What methods do you had in mind? > > ‐‐‐ Original Message ‐‐‐ > On Monday, October 11, 2021 10:43 AM, grarpamp grarp...@gmail.com wrote: > > > > > Tor uses some kind of limited padding, > > > > Tor Project Inc added netflow padding after someone > > started posting on netflow, general TA, and Sybil problems. > > Then TPI censored, banned, and booted them out after > > they kept publicly posting about TA and other insidious and > > inconvenient problems such as Sybil. Now with Sybil, like before > > with padding, they never credit mention the poster's work, and try > > to phrase claim that TPI was the natural origin self impetus source > > to do the pad and Sybil just at those moments in time, when > > they had decades to do that since they knew the weaknesses > > since decades... No, they were just getting exposed is why... lol. > > Just like their netflow padding doesn't do much, > > neither does their current Sybil proposal. > > Some interest in real security surely exists, > > but it definitely gets distracted by $ponsors > > who pay for other things, all to half of said money > > for decades has been from Government, which many > > define as a problematic source of conflictive influencing. > > > > > Afaik all backbone routers can be configured for packet or per-flow > > > > At high line rates it takes serious HW to do full spyveillance > > capture or flows, sampled and aggregated flows are common > > for ISP service when those aren't needed. > > > > > can get packet logs whenever they want them. > > > > They can "get" them, but there's no need to go external > > for that when they can just troll the output of their own > > private TOP-SECRET FVEY taps that feed into their > > global internet buffers at Bluffdale and elsewhere. > > Same for what they get from their Corp-is-aware > > feeds obtained under different "authorities". > > > > > Against the elephant? Tor's padding is totally useless. > > > > Not only the elephants anymore. > > Netflow traditionally a quaint thing used by ISP's and LEA's > > to match up endpoints, subpoenas, abuse, bots, traffic > > stats, etc... it can work to some percent to follow some > > tor traffic cases, but it isn't a generalized form of TA. > > Today really anyone with a brain and some code > > can begin to general TA characterize streams of bytes > > counting and timing over various size windows, and > > hunt for that pattern where it also appeared on their > > other boxes. > > Good luck trying to make a factor of defense improvement > > against general TA without trying a fulltime enforced > > and reclocked base layer of dynamic chaff. > > Submit papers for acceptance into tor alternatives :) > > "Tor Stinks -- NSA" publickey - privacyarms@protonmail.com - 0x6ECBFF11.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Dishonest Tor relay math question - tor-talk is to lazy
> Tor uses some kind of limited padding, Tor Project Inc added netflow padding after someone started posting on netflow, general TA, and Sybil problems. Then TPI censored, banned, and booted them out after they kept publicly posting about TA and other insidious and inconvenient problems such as Sybil. Now with Sybil, like before with padding, they never credit mention the poster's work, and try to phrase claim that TPI was the natural origin self impetus source to do the pad and Sybil just at those moments in time, when they had decades to do that since they knew the weaknesses since decades... No, they were just getting exposed is why... lol. Just like their netflow padding doesn't do much, neither does their current Sybil proposal. Some interest in real security surely exists, but it definitely gets distracted by $ponsors who pay for other things, all to half of said money for decades has been from Government, which many define as a problematic source of conflictive influencing. > Afaik all backbone routers can be configured for packet or per-flow At high line rates it takes serious HW to do full spyveillance capture or flows, sampled and aggregated flows are common for ISP service when those aren't needed. > can get packet logs whenever they want them. They can "get" them, but there's no need to go external for that when they can just troll the output of their own private TOP-SECRET FVEY taps that feed into their global internet buffers at Bluffdale and elsewhere. Same for what they get from their Corp-is-aware feeds obtained under different "authorities". > Against the elephant? Tor's padding is totally useless. Not only the elephants anymore. Netflow traditionally a quaint thing used by ISP's and LEA's to match up endpoints, subpoenas, abuse, bots, traffic stats, etc... it can work to some percent to follow some tor traffic cases, but it isn't a generalized form of TA. Today really anyone with a brain and some code can begin to general TA characterize streams of bytes counting and timing over various size windows, and hunt for that pattern where it also appeared on their other boxes. Good luck trying to make a factor of defense improvement against general TA without trying a fulltime enforced and reclocked base layer of dynamic chaff. Submit papers for acceptance into tor alternatives :) "Tor Stinks -- NSA"
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 11/10/2021 04:59, Punk-BatSoup-Stasi 2.0 wrote: On Mon, 11 Oct 2021 03:18:15 + PrivacyArms wrote: Thanks. I will read the linked paper, but Tor uses connection padding. Maybe your information is out of date? Nah. Tor uses some kind of limited padding, It's designed so that routers which are configured to report per-flow totals on an entry node's traffic will aggregate more packets into the reported per-flow session totals. Marginally effective in the short term if the attacker is using per-flow logging data, but less effective against long-term correlation attacks and near-useless if the traffic data used isn't aggregated, as might be collected by GCHQ or (I'd expect) NSA in a packet-logging rather than per-flow-logging configuration. Afaik all backbone routers can be configured for packet or per-flow logging. Per-flow logging is used by ISPs to improve service and per-flow log storage is cheaper than packet-log log storage, so it is used more. But I expect the big boys, NSA, GCHQ etc, can get packet logs whenever they want them. Especially if it's only for a goodly proportion of the few thousand Tor entry and exit nodes. Against the elephant? Tor's padding is totally useless. Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
> but if you threat model is nation state, > you've got bigger problems ... :P~ The threat model of the State is Freedom, you've got to deliver that big problem to them.
Re: Dishonest Tor relay math question - tor-talk is to lazy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ‐‐‐ Original Message ‐‐‐ On Friday, October 8, 2021 8:05 AM, Stefan Claas wrote: > the assumed number of malicious nodes is much higher. > Then you do not include the assumed number of honest, but > compromised nodes. *this* is the question. i know from experience the calibur is poorly calibrated. but if you threat model is nation state, you've got bigger problems ... :P~ best regards, -BEGIN PGP SIGNATURE- iNUEAREKAH0WIQRBwSuMMH1+IZiqV4FlqEfnwrk4DAUCYWNVd18UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NDFD MTJCOEMzMDdEN0UyMTk4QUE1NzgxNjVBODQ3RTdDMkI5MzgwQwAKCRBlqEfnwrk4 DOpjAP447c849HAzEjFkZWE+Za0elFn5nAglMaaYJ/l57KjBGgD+Pd5GYWhiaOzL Ojd2vbxm9aGmXt/W86E1VQeOOlE9uzo= =12W3 -END PGP SIGNATURE-
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/10/21, Punk-BatSoup-Stasi 2.0 wrote: > On Sun, 10 Oct 2021 14:47:56 -0400 > Karl wrote: > > >> But please don't use anything less. Your web browsing is private, and it >> is appropriate that somebody should need to have probable cause and work >> hard to monitor and log it. > > > don't spread misinformation karl. There's no 'probable cause' of > anything > at play here, and the implicit claim that attaking tor is 'hard' is > bullshit. I feel irritated. Is what you are saying true? Would my expression have landed better if I hadn't used that phrase?
Re: Dishonest Tor relay math question - tor-talk is to lazy
On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother wrote: > On 10/10/2021 [offlist] wrote: > > If the US is compromised by 100%, Tor would not work at all, right? > > For providing reliable anonymity against the US and UK government > agencies in the form of the NSA and GCHQ, yes, Tor is completely useless. > But please don't use anything less. Your web browsing is private, and it is appropriate that somebody should need to have probable cause and work hard to monitor and log it. Against a lesser adversary, well there are many other possible attacks > against Tor's anonymisation - I particularly liked the hitting set > attack - and I don't keep up in detail, so while Tor probably provides > some protection I don't really know how much. > > > > There is another factor to consider though - the best position for a > code-breaking agency to be in is if they can break the code but > everybody else thinks they can't and so continues using the broken code. > > That is pretty much the position of USG/NSA with respect to Tor, which > is why USG fund 80% of it. [4] > > The phrase "bodyguard of lies" comes in here, as does eg subsection > 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can > tell a lot about what spy agencies are doing by studying the relevant > legislation) > > The result of this that while NSA and GCHQ may know, they aren't > necessarily going to tell anybody, at least not about the routine stuff. > > Even in Bin-Laden-hunt situations the most they might say is that they > got some chatter (or whatever the current circumlocution is) indicting > some intelligence may be correct or a direction for investigation. > > As for dumping everything they know about eg dark nets to the FBI or > local cops, it ain't likely to happen soon. Though it might, one day.. > > Incidentally that's why other agencies like the FBI and the NCA in the > UK at least apparently, and probably actually, do the work which leads > to criminal convictions on darknets. > > I suspect they get a little "help" from the code guys, like "you can't > use that in court" or maybe "try looking in a different direction". > > > > > > [4] It also has the to-them benefit: "to aid democracy advocates in > authoritarian states" while they can still tell who is who, if not > (mostly) what is said. To do this it has to provide some level of > protection against lesser adversaries, though that may not be a very > high level. cf the anonymity of Afghan translators who worked for the > British Army... > > > [5] (1)No evidence may be adduced, question asked, assertion or > disclosure made or other thing done in, for the purposes of or in > connection with any legal proceedings or Inquiries Act proceedings which > (in any manner)— > > (a)[...] > > (b)tends to suggest that any interception-related conduct has or may > have occurred or may be going to occur. > > > > [6] #TOR FAQ: Criminals can already do bad things. Since they're willing > to break laws, they already have lots of options available that provide > better privacy than Tor provides > > Tor aims to provide protection for ordinary people who want to follow > the law. Only criminals have privacy right now, and we need to fix that > > So yes, criminals could in theory use Tor, but they already have better > options, and it seems unlikely that taking Tor away from the world will > stop them from doing their bad things. > > At the same time, Tor and other privacy measures can fight identity > theft, physical crimes like stalking, and so on. > > > > > What about connection, cell padding? Does it help to reduce the > matching success? > > As I have said I'm not totally up-to-date on Tor, but probably not much. > > Peter Fairbrother > On Sun, Oct 10, 2021, 2:03 AM Peter Fairbrother wrote: > On 10/10/2021 [offlist] wrote: > > If the US is compromised by 100%, Tor would not work at all, right? > > For providing reliable anonymity against the US and UK government > agencies in the form of the NSA and GCHQ, yes, Tor is completely useless. > > Against a lesser adversary, well there are many other possible attacks > against Tor's anonymisation - I particularly liked the hitting set > attack - and I don't keep up in detail, so while Tor probably provides > some protection I don't really know how much. > > > > There is another factor to consider though - the best position for a > code-breaking agency to be in is if they can break the code but > everybody else thinks they can't and so continues using the broken code. > > That is pretty much the position of USG/NSA with respect to Tor, which > is why USG fund 80% of it. [4] > > The phrase "bodyguard of lies" comes in here, as does eg subsection > 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can > tell a lot about what spy agencies are doing by studying the relevant > legislation) > > The result of this that while NSA and GCHQ may know, they aren't > necessarily going to tell anybody, at least not
Re: Dishonest Tor relay math question - tor-talk is to lazy
> TorProject is censoring? I was not aware of that fact. Of course you're not aware, that's how censors work [1], they shitcan the messages so no subscribers can see them. Go look at all the messages that appear here but never made it to their lists. They're cowards from the truth because their paychecks depend on keeping the issues buried from their funders and users. Tor Project Inc is full of $hit, they lie, they censor, they're hypocrites, they hide and refuse to answer, they kick out independents, spend more time on wokestering than work product, and more. Tor Project Inc and Roger Dingledine defrauded buyer of their $2M NFT by falsely advertising was first onion when it was not. And that's all before ever looking at tor's 20+ year old design and its whitewashed failure to keep pace with advances of its adversaries. And as any search for Tor, or this phrase, on this list will tell you... "Tor Stinks -- NSA" Tor really needs forked away from Tor Project Inc and its people, and or naturally deprecated by multiple newer and better competing overlay networks. Sorry to burst your bubble. [1] Same hidden influence as when 80+% of your media outlets and social nets are owned by deep partisans of one political party and they use their companies to propagandize, filter, censor, uprank, demonetize, cancel, etc... thus steering and defrauding nations of elections via mind control of all you see and hear.
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 10/10/2021 [offlist] wrote: > If the US is compromised by 100%, Tor would not work at all, right? For providing reliable anonymity against the US and UK government agencies in the form of the NSA and GCHQ, yes, Tor is completely useless. Against a lesser adversary, well there are many other possible attacks against Tor's anonymisation - I particularly liked the hitting set attack - and I don't keep up in detail, so while Tor probably provides some protection I don't really know how much. There is another factor to consider though - the best position for a code-breaking agency to be in is if they can break the code but everybody else thinks they can't and so continues using the broken code. That is pretty much the position of USG/NSA with respect to Tor, which is why USG fund 80% of it. [4] The phrase "bodyguard of lies" comes in here, as does eg subsection 56(1) of the UK's Investigatory Powers Act 2016, see [5] below (you can tell a lot about what spy agencies are doing by studying the relevant legislation) The result of this that while NSA and GCHQ may know, they aren't necessarily going to tell anybody, at least not about the routine stuff. Even in Bin-Laden-hunt situations the most they might say is that they got some chatter (or whatever the current circumlocution is) indicting some intelligence may be correct or a direction for investigation. As for dumping everything they know about eg dark nets to the FBI or local cops, it ain't likely to happen soon. Though it might, one day.. Incidentally that's why other agencies like the FBI and the NCA in the UK at least apparently, and probably actually, do the work which leads to criminal convictions on darknets. I suspect they get a little "help" from the code guys, like "you can't use that in court" or maybe "try looking in a different direction". [4] It also has the to-them benefit: "to aid democracy advocates in authoritarian states" while they can still tell who is who, if not (mostly) what is said. To do this it has to provide some level of protection against lesser adversaries, though that may not be a very high level. cf the anonymity of Afghan translators who worked for the British Army... [5] (1)No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)— (a)[...] (b)tends to suggest that any interception-related conduct has or may have occurred or may be going to occur. [6] #TOR FAQ: Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on. > What about connection, cell padding? Does it help to reduce the matching success? As I have said I'm not totally up-to-date on Tor, but probably not much. Peter Fairbrother
Re: Dishonest Tor relay math question - tor-talk is to lazy
On 09/10/2021 22:17, PrivacyArms wrote:
What I want to know is the percentage risk of x malicious nodes to deanonymize
a user by controlling the full circuit.
there isn't a simple answer, but you can work out a lower bound like this:
First, note that the actual nodes do not need to be dishonest, the
attacker only needs to be able to get traffic data from the node's ISP
or somewhere else in the 'net.
There are three nodes in use, but the middle node doesn't matter. You
could have 20 nodes in between and they still wouldn't matter.
If both entry and exit nodes are traffic-compromised then the user can
be deanonymised by traffic analysis in roughly one session. Here I am
assuming sessions with say 10 blobs of traffic, which is low for eg an
internet site visit.
Suppose 50% of nodes are traffic-compromised, then if a user makes one
session the chances of compromise of the session are 1/4.
If the user makes 10 sessions then the probability of deanonymisation of
one of those sessions is 94%.
Note that any modes in eg the UK or US are automatically
traffic-compromised, because GCHQ and NSA can get traffic data for them
without specific warrants (and a warrant for traffic data for a Tor node
would be almost automatically granted anyway)..
Also any traffic which *goes through* the US or UK is traffic-compromised.
Peter Fairbrother
‐‐‐ Original Message ‐‐‐
On Friday, October 8, 2021 7:35 AM, grarpamp wrote:
How can I calculate how much impact X honest Tor relays have?
Is it better to calculate with bandwidth consumed (250Gbps), despite the
number of relays (~7000)?
Basically, I want to get the mathematical equation to this statement:
I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor
network!
Starting thoughts:
- Each “normal” route has three nodes involved: Guard, Middle, Exit
- I am aware of guard pinning and vanguard protection for middle relay
pinning
- Maybe it is easier to assume an infinite usage time of the network to
eliminate guard and vanguard pinning
- I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest
relays
My take on this:
Tor has approximately 7000 relays.
If I consider a number of 5% malicious relays, this would be: 350
My calculation:
(1/(7000/350))(1/(7000/349))(1/(7000/348))
= 0.000123931
= 0.0123931%
1. Is my approach correct?
Generically, assuming you're only running the
exit use case, not the HS onion case.
You'll probably want to consider some adjustments...
- There's not 7k exits, only ~1k, but it's a ratio term
so then it only matters if you're expecting different
densities of bad/good across each of the guard/mid/exit roles.
- There's not 7k guards, only ... .
- tor only uses family, /nn cidr blocks, etc once in a circuit...
effect is not 7k nodes, but G groups made up of 1-N nodes.
Read torspec, scrape consensus, determine the resultant
number G that tor actually gives itself to choose from.
- Some nodes are down, sleeping, busy, filtered, etc.
- Not all exits serve the clearnet ports you want.
- Circuits expire, nodes rotate, etc.
2. Not every relay has the same bandwidth. How could I change the
calculation to make it more realistic?
Read torspec, scrape consensus, determine how tor is
allocating clients across its bandwidth gravity well, etc.
See also...
https://metrics.torproject.org/
3. How can I add the effect of guard fixation?
4. How can I include the effect of mid-node fixation by the vanguard?
You didn't really define exactly what attack ("dishonesty")
you're trying to model, so these settings could render you
anywhere from safe, to having no effect and thus still being
subject to the exploit.
See also...
https://anonbib.freehaven.net/
https://git.torproject.org/torspec/
Re: Dishonest Tor relay math question - tor-talk is to lazy
What I want to know is the percentage risk of x malicious nodes to deanonymize
a user by controlling the full circuit.
‐‐‐ Original Message ‐‐‐
On Friday, October 8, 2021 7:35 AM, grarpamp wrote:
> > How can I calculate how much impact X honest Tor relays have?
> > Is it better to calculate with bandwidth consumed (250Gbps), despite the
> > number of relays (~7000)?
> > Basically, I want to get the mathematical equation to this statement:
> > I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor
> > network!
> > Starting thoughts:
> >
> > - Each “normal” route has three nodes involved: Guard, Middle, Exit
> > - I am aware of guard pinning and vanguard protection for middle relay
> > pinning
> >
> > - Maybe it is easier to assume an infinite usage time of the network to
> > eliminate guard and vanguard pinning
> >
> > - I guess the best is to assume a scenario with 1%, 5%, 10%, etc.
> > dishonest
> > relays
> >
> >
> > My take on this:
> > Tor has approximately 7000 relays.
> > If I consider a number of 5% malicious relays, this would be: 350
> > My calculation:
> > (1/(7000/350))(1/(7000/349))(1/(7000/348))
> > = 0.000123931
> > = 0.0123931%
>
> > 1. Is my approach correct?
>
> Generically, assuming you're only running the
> exit use case, not the HS onion case.
>
> You'll probably want to consider some adjustments...
>
> - There's not 7k exits, only ~1k, but it's a ratio term
> so then it only matters if you're expecting different
> densities of bad/good across each of the guard/mid/exit roles.
>
> - There's not 7k guards, only ... .
> - tor only uses family, /nn cidr blocks, etc once in a circuit...
> effect is not 7k nodes, but G groups made up of 1-N nodes.
> Read torspec, scrape consensus, determine the resultant
> number G that tor actually gives itself to choose from.
>
> - Some nodes are down, sleeping, busy, filtered, etc.
> - Not all exits serve the clearnet ports you want.
> - Circuits expire, nodes rotate, etc.
>
> > 2. Not every relay has the same bandwidth. How could I change the
> > calculation to make it more realistic?
> >
>
> Read torspec, scrape consensus, determine how tor is
> allocating clients across its bandwidth gravity well, etc.
> See also...
> https://metrics.torproject.org/
>
> > 3. How can I add the effect of guard fixation?
> > 4. How can I include the effect of mid-node fixation by the vanguard?
>
> You didn't really define exactly what attack ("dishonesty")
> you're trying to model, so these settings could render you
> anywhere from safe, to having no effect and thus still being
> subject to the exploit.
>
> See also...
> https://anonbib.freehaven.net/
> https://git.torproject.org/torspec/
publickey - privacyarms@protonmail.com - 0x6ECBFF11.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Re: Dishonest Tor relay math question - tor-talk is to lazy
Hi, IIRC the assumed number of malicious nodes is much higher. Then you do not include the assumed number of honest, but compromised nodes. How much would your equation help Tor users, in different locations, if ISPs would hand over to third parties who is using Tor with port 9050 and 9051, so that third parties could take further actions in the long run? Regards Stefan On Thu, Oct 7, 2021 at 10:51 PM PrivacyArms wrote: > > Dear Cypherpunks community, > > I came across a post on the Whonix forum recently. Since I am also interested > in this question I copied it here: > https://forums.whonix.org/t/math-behind-honest-tor-nodes/12464 > http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/math-behind-honest-tor-nodes/12464 > > The question (edited): > How can I calculate how much impact X honest Tor relays have? > Is it better to calculate with bandwidth consumed (250Gbps), despite the > number of relays (~7000)? > > Basically, I want to get the mathematical equation to this statement: > I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor > network! > Starting thoughts: > - Each “normal” route has three nodes involved: Guard, Middle, Exit > - I am aware of guard pinning and vanguard protection for middle relay pinning > - Maybe it is easier to assume an infinite usage time of the network to > eliminate guard and vanguard pinning > - I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest > relays > > My take on this: > Tor has approximately 7000 relays. > If I consider a number of 5% malicious relays, this would be: 350 > My calculation: > (1/(7000/350))*(1/(7000/349))*(1/(7000/348)) > = 0.000123931 > = 0.0123931% > > 1) Is my approach correct? > 2) Not every relay has the same bandwidth. How could I change the calculation > to make it more realistic? > 3) How can I add the effect of guard fixation? > 4) How can I include the effect of mid-node fixation by the vanguard? > > I would love to hear your thoughts about it and a concrete math equation > would be amazing.
Re: Dishonest Tor relay math question - tor-talk is to lazy
> How can I calculate how much impact X honest Tor relays have?
> Is it better to calculate with bandwidth consumed (250Gbps), despite the
> number of relays (~7000)?
>
> Basically, I want to get the mathematical equation to this statement:
> I run X Tor relays at Y Mb/s each and by doing so I secure Z % of the Tor
> network!
> Starting thoughts:
> - Each “normal” route has three nodes involved: Guard, Middle, Exit
> - I am aware of guard pinning and vanguard protection for middle relay
> pinning
> - Maybe it is easier to assume an infinite usage time of the network to
> eliminate guard and vanguard pinning
> - I guess the best is to assume a scenario with 1%, 5%, 10%, etc. dishonest
> relays
>
> My take on this:
> Tor has approximately 7000 relays.
> If I consider a number of 5% malicious relays, this would be: 350
> My calculation:
> (1/(7000/350))*(1/(7000/349))*(1/(7000/348))
> = 0.000123931
> = 0.0123931%
> 1) Is my approach correct?
Generically, assuming you're only running the
exit use case, not the HS onion case.
You'll probably want to consider some adjustments...
- There's not 7k exits, only ~1k, but it's a ratio term
so then it only matters if you're expecting different
densities of bad/good across each of the guard/mid/exit roles.
- There's not 7k guards, only ... .
- tor only uses family, /nn cidr blocks, etc once in a circuit...
effect is not 7k nodes, but G groups made up of 1-N nodes.
Read torspec, scrape consensus, determine the resultant
number G that tor actually gives itself to choose from.
- Some nodes are down, sleeping, busy, filtered, etc.
- Not all exits serve the clearnet ports you want.
- Circuits expire, nodes rotate, etc.
> 2) Not every relay has the same bandwidth. How could I change the
> calculation to make it more realistic?
Read torspec, scrape consensus, determine how tor is
allocating clients across its bandwidth gravity well, etc.
See also...
https://metrics.torproject.org/
> 3) How can I add the effect of guard fixation?
> 4) How can I include the effect of mid-node fixation by the vanguard?
You didn't really define exactly what attack ("dishonesty")
you're trying to model, so these settings could render you
anywhere from safe, to having no effect and thus still being
subject to the exploit.
See also...
https://anonbib.freehaven.net/
https://git.torproject.org/torspec/
