aort...@alu.itba.edu.ar: > I believe Anonymity is a problem orders of magnitude bigger than privacy.
I agree - though most people think the two terms mean the same thing. Lots of different terms are a similar set of things for different people. > Tor seems like the only serious project aiming at solving it but I think > you should be wise by choosing your enemies and Tor in its current state > is useless against government-type surveillance for the following reasongs > (IMHO): Whenever I see the above statement, I think to myself "gosh, I really wonder what this person suggests I should do?" or "I wonder what they would do in my shoes or the shoes of any of my friends who do not get to choose if they're playing?" - usually, there isn't much of a response. The advise of "don't do anything" is not useful - rather - "do something but understand the limits, and understand the limits of what we know" is much more useful. So then - what do you suggest to someone who wants to leak a document to a press agency that has a GlobaLeaks interface? What do you suggest to someone who wants to use a web email account that properly supports HTTPS? What do you suggest to someone who wants location privacy from their chat service? What do you suggest to someone who wants to buy themselves time and not link their entire past to some event they think might matter, thus attracting retroactive searches in the future? > > 1) Endpoint security: Tor is a big C project, needs much more code review > until it's considered safe. I agree - all C programming projects need help in this area. This is why we have multiple static analysis tools, regular code audits, multiple people doing code review for every commit, a design process for features, a design process for protocol changes, cryptographic review at an academic level and at an implementation level, and so on. It is also why we have multiple implementations as well. There is a Java version of Tor that is nearly ready for release and it will solve a number of the C implementation concerns and exchange them for Java related concerns. There are a few other Tor implementations in the wild, each serving an interesting subset of users. Diversity is important. Still - having a bug in Tor as a client is a lot less likely than in whatever application you'll use with Tor - web browsers come to mind here but other chat clients, like Pidgin or Thunderbird, they also come to mind. > 2) Network analysis: Tor is vulnerable to network analysis. FBI has made > arrests to people that were specifically using TOR to hide their > activities, and their use of network analysis to unmask them is documented > (Jeremy Hammond, Stratfor case). > What is public about Jeremy Hammond is worth reading. It suggests the FBI has the lamest of all Network analysis techniques - a very simple traffic confirmation attack. They appear to disconnect a person's internet and then they ask their snitch if the person signs off from their chat service. There are solutions - one of them is to run a second machine reachable by (Stealth) Tor Hidden Service with your chat client in gnu screen - login to that system, attach to the screen and chat away - sometimes, you'll get disconnected but no one will see it. There are social issues that are more concerning though - if you normally are quite chatty, only to stop chatting, they might suggest that not speaking is confirmation, etc. So this issue issue, like any solution, is partially a technical issue and partially a social issue. It is not fair to blame Tor for the times that you have no internet. Tor can't protect you from an internet blackout when you need to reach a service on the public internet. > Given those shortcomings I think is not wise to recommend it unless your > enemy doesn't have the resources of a country. That being said, it's the > best tool at the moment, lights year ahead of other popular software like I think if you put all countries in the same category you're doing a disservice to well, everyone. There are different behaviors - chatting to a jabber service that is a Tor hidden service is probably fine - especially if you also use TLS anyway. I do that on a daily basis - I also consider that there are nation state attackers going after me - what would be a better option? Living in the forest and writing with a pen? Hardly. People who are working on important work can protect themselves with Tor and they do so. Without Tor and without a complex education, I think they have little to no chance. Barebacking with the internet is like barebacking with Big Brother. Don't do it. > Cryptocat, whose end-point security should be considered not only sub-par > but dangerous. (who in their right mind will consider browser crypto?) > Oh man, you just opened up a can of worms that I won't even touch. If I even comment, an entire community of people will send me hate mail - which I suppose is enough said already. :( > Some months ago I tried to fix some shortcomings of Tor by wrapping it in > a higher layer and using it for simple network-analysis resistant chat. > The result was a protocol so slow that's almost unusable, if someone want > to take a look at it it's here: https://github.com/alfred-gw/torirc > This is awesome! I've git clone'd it. I'm going audit it and send you feedback/patches/etc. Thanks for hacking on Tor related software! my first thought is that you might consider making it use OTR for p2p chats on the server - there is no good multi-party OTR implementation yet, so at that point, I might just look at the mpOTR paper from Goldberg et al. A number of us worked on a spec that is so far from done that it isn't worth linking at the moment. I feel OK about not having another layer of crypto on top of a Tor HS but in your protocol's case, I'd encourage you to use Stealth Hidden Services - so at least then the only people connecting are the ones who are cryptographically authenticated in some manner. You will probably very much like Pond: https://github.com/agl/pond/ I use it daily. It is perhaps my favorite application, ever, for use with Tor. > I would like to see a tor configuration flag that sacrifices speed for > anonymity. You're the first person, perhaps ever, to make that feature request without it being in a mocking tone. At least, I think you're not mocking! :) All the best, Jacob _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
