Re: [tor-talk] Duda pregunta por favor

[Kragen Javier Sitaker]

On Fri, Apr 01, 2011 at 09:35:00AM -0600, Pablo Velo de Swaan wrote:
> oigan tengo entendido que la última version del tor button es la
> 1.2.5. pero no es compatible con mozila firefox 4. Bueno, esperemos 1
> añito a que estos pendejos de vidalia saquen una versión más
> actualizada que sea compatible ...

Translation:

"Listen, I guess the latest version of TorButton is 1.2.5. But it's not
compatible with MOzilla Firefox 4. Well, do we wait a year for those
Vidalia motherfuckers to release a more up-to-date version that's
compatible"

Translation of subject:

"Question, please"

I note that the only question I can find in the text seems to be
rhetorical.

Should future Spanish-speakers run their text through Google Translate
before posting it (with the Spanish version appended, perhaps, to clear
up ambiguities and translation errors)?  Or should we just exclude them
from participating in the list?

Kragen
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and Financial Transparency

[Kragen Javier Sitaker]

I broadly agree with you (as I assume everyone does) that Tor is still
worthwhile even though it doesn't try to defend against the global
passive adversary.  However, I think you made a number of overreaching
statements in your defense of Tor, some quite dangerous, and I want to
call those out here.

On Wed, Sep 11, 2013 at 11:18:01PM -0400, Nathan Freitas wrote:
> This is the same as saying that any safe or vault can be opened ...
> sensitive documents, don't we?

There are any number of safes that have been opened with, say, a thermic
lance, only to discover that the contents have been incinerated in the
process.  Brute force does not always work even in the case of physical
safes.

> This is a basic security metaphor that must be understood. There are
> no absolutes. It is about how hard you make your adversary work.

We do have to accept that in the physical world, but in general in
information security we do not; we can aspire to much better.  Most
currently-deployed cryptosystems cannot be broken by known means within
the lifetime of the universe to date, for example.  Tor is excellent,
but we should not become complacent and stop seeking to do better.

> For combating mass dragnet activities, Tor is fantastic.

We have limited evidence on whether Tor can keep the NSA from
mass-dragnet deanonymizing you.  It points to yes, but we have to be
careful, because Tor was not designed to defeat that threat model, and a
number of weaknesses have been found.

> Finally, one of the most promising uses of Tor are around
> whistleblowing services like Globaleaks, which require a Tor hidden
> service to access. In that case, the global adversary problem does not
> exist, as the Tor exit and the web service are on the same box.

Even Tor hidden services are not designed to defeat the global passive
adversary.  If, hypothetically speaking, you have traffic analysis
(passive or active) that can trace circuits through the Tor network, you
can probably figure out where hidden services are, and who is using
them, and perhaps even who they are communicating with through them
(particularly if the hidden service uses Comet).
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk