On 2013-06-30, at 4:24 PM, [email protected] wrote: > I believe Anonymity is a problem orders of magnitude bigger than privacy. > Tor seems like the only serious project aiming at solving it but I think > you should be wise by choosing your enemies and Tor in its current state > is useless against government-type surveillance for the following reasongs > (IMHO): > > 1) Endpoint security: Tor is a big C project, needs much more code review > until it's considered safe. > 2) Network analysis: Tor is vulnerable to network analysis. FBI has made > arrests to people that were specifically using TOR to hide their > activities, and their use of network analysis to unmask them is documented > (Jeremy Hammond, Stratfor case). > > Given those shortcomings I think is not wise to recommend it unless your > enemy doesn't have the resources of a country. That being said, it's the > best tool at the moment, lights year ahead of other popular software like > Cryptocat, whose end-point security should be considered not only sub-par > but dangerous. (who in their right mind will consider browser crypto?)
It's definitely a new field that needs a lot of work. I invite you to read: The paper describing the improvements we're making for browser crypto: http://arxiv.org/abs/1306.5156 My blog post on the improving state of browser crypto implementation: http://log.nadim.cc/?p=33 NK > > Some months ago I tried to fix some shortcomings of Tor by wrapping it in > a higher layer and using it for simple network-analysis resistant chat. > The result was a protocol so slow that's almost unusable, if someone want > to take a look at it it's here: https://github.com/alfred-gw/torirc > > I would like to see a tor configuration flag that sacrifices speed for > anonymity. > >> Michael Rogers: >>>> So who's out there developing any useful protocols for >>>> anonymization today? *Anybody*? Could we try to start a new project >>>> (if needed) to create one? >>> >>> I'd love to see a revitalisation of remailer research, focussing on >>> unlinkability (which we know many people would benefit from) rather >>> than sender anonymity (which fewer people need, and which is prone to >>> abuse that discourages people from running mixes). >>> >> >> I'd also like to see revitalisation of remailer research. Though >> anonymity as Tor is designed is specifically about unlinkability. To >> reduce it to sender anonymity is pretty ... ridiculous. What one does >> with an anonymous communications channel is up to them - many people do >> actually want that feature for chatting, web browsing, news, email, etc. >> >> All the best, >> Jacob >> _______________________________________________ >> cryptography mailing list >> [email protected] >> http://lists.randombit.net/mailman/listinfo/cryptography >> > > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
