On Tue, Jul 01, 2014 at 06:32:27PM +0100, Mark McCarron wrote: > Alex, > > You must be living in a fantasy land. The problem still remains, > Tor is vulnerable to a global view and that global view exists > according to Snowden. Further, it would appear that Tor was > designed to fit into that global view and provide US intelligence > with the locations of both users and hidden services, whilst > pretending to provide anonymity. > > I don't see anyone denying it. Do you? >
As with most of this discussion, many of your statements have been vague and provocative. Not sure which of the three, or possibly for things asserted above are the "it" that you don't see anyone denying. I'll take yet another stab. Yes Tor is vulnerable (for some but not all appropriate understandings of "vulnerable") to global observers (for some but not all appropriate understandings of "global"). This has been a documented and analyzed aspect to onion routing since before we designed Tor. Cf. e.g. "Towards an Analysis of Onion Routing Security" from 2000. As to the extent and nature of global observers that Tor is and is not vulnerable to cf. e.g. "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries" 2013. Nobody's denying it because everyone has been stating over and over to you the quantified specific ways in which it is true and ways in which it is not. There's plenty more work to be done in this space, and I hope others will make helpful contributions to it. You have elsewhere in this thread noted that resistance to traffic confirmation is not rocket science. I would agree that it's not merely rocket science; it's much harder. (OK that's probably not fair to rocket science, but there is no indication that it's any easier despite your repeated unsubstantiated allegations to the contrary.) People have already alluded to DISSENT, which is a great approach and accomplishment that makes things stronger in some ways but weaker in others. Another attempt to improve resistance to traffic confirmation including active attackers is described in "Preventing Active Timing Attacks in Low-Latency Anonymous Communication" 2010. People have denied over and over your allegations that Tor was somehow designed to be intentionally vulnerable in some way. They have already cited various aspects to the openness of the design, the extensive scientific scrutiny to which it has been subject, etc. as evidence of this. It's hard to imagine what would satisfy you at this point but perhaps this will help: I designed Tor with Roger and Nick. At all times we designed it to be as secure as we could given usability, performance, and other practicality goals (which are themselves security goals we considered, as has also been widely documented). At no point did we intentionally do anything to make the design less secure than we could think how to do while still making it as usable and practical as possible. Nor did anyone ask any of us to do so, as far as I know. My opinion (subject to reasoned _scientific_ debate) about why the Tor design is more secure for practical attacks than those designed to be putatively more secure against a widescale attacker (such as those mentioned above) is sketched in "Why I'm not an entropist" 2009. That paper could use some updating and expansion, but the basic points hold up I believe. > Its been 6 days already. People have day jobs trying to design, build, and analyze systems to protect people. I often take way longer than that to respond to substantive well-reasoned questions, as do many people with jobs and/or lives. Such people also typically expect response times proportional to the importance, urgency, and reasonableness of the questions. To such people I say please do not infer too much to the fact that I have responded to all this in a mere 6 days. aloha, Paul > > Regards, > > Mark McCarron > > > From: fuersch...@gmail.com > > Date: Tue, 1 Jul 2014 18:39:13 +0200 > > To: tor-talk@lists.torproject.org > > Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and > > Anonymity > > > > Please Mccarron, > > > > The discussion is dead. You killed it yourself by not adding anything > > meaningful as far as I have seen. You just repeat yourself again and again > > as if it's a mantra. You got statistics to back up your claims? Good - show > > them! > > You got the script you used to track the onions? Awesome! Show it so we can > > see for ourselves and use it too! > > > > As others pointed out already: give us something to work with, else you can > > just pack up and troll another list as far as I am concerned. > > > > -- > > tor-talk mailing list - tor-talk@lists.torproject.org > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
