On Sun, Jun 29, 2014 at 2:24 PM, Juan <juan....@gmail.com> wrote: > ... > You´ve been officially threatened by one of the ´leaders´ of the > ´tor family´ for (unlike me) politely point out tor´s obvious > flaws.
"pointing out obvious flaws" - as in, "it's so easy to protect against traffic analysis! just make one end invisible!" ? ... in the interest of adding even a minuscule bit of signal back to this discussion, let's get technical. 1) compute the cost of global traffic analysis. we have big data mark to put a ball park on it, but the point is: the cost is non zero and non trivial. 2) compare to other mechanisms of compromise, whether through remote exploitation, technical surveillance, surreptitious physical access, etc. 3) compare to possible *well researched/designed* solutions against traffic analysis. the math appears to be #1 is expensive on already maximized intelligence community budgets. possible? of course. actually applied? not so clear.[0] re #2, it is cheaper in every sense, to pwn the application layer and end point directly. this is well documented by years of industry experience, and more recently through covert budget details leaked. finally, #3: this is fucking hard! to point a fine point on it. if you've designed and implemented a low latency traffic analysis resistant anonymity protocol with great usability and modest requirements please post here with the info; i for one would love to see how you solved a few of the hard details involved. ;) best regards, 0. i have more to say, but also en route to Paris. 'till then, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
