On 07/21/2016 01:16 AM, juan wrote: > On Wed, 20 Jul 2016 16:24:04 +0000 > Sean Lynch <[email protected]> wrote: > > >>>> Tor IS actually secure IF YOU ARE THE FUCKING US MILITARY. >>>> If on the other hand you are one of their TARGETS then tor IS NOT >>>> SECURE. >>>> >>>> Is something unclear? >>> >>> What's your evidence for that? I doubt that it's technical, from >>> what you've shared. So it sounds like just an assumption. >>> >> >> So much about security is based on probabilities and unknowns, > > > It seems kinda obvious to me that analyzing the security of > say a symetric encryption algorithm is very different > than analyzing the security of something like tor. > > In the case of tor there a A LOT more probabilities and > unknowns involved. Also in the case of tor there are a few very > damning knowns. > > So, any advertising regarding something like tor must have a > lot more disclaimers than say, AES advertising.
I totally agree with you on that. I want Tor Project to put more disclaimers and warnings on their front page. >> and >> our own privacy is such a personal issue, that I don't think this is >> something that's going to be solved by "evidence." Some people are >> going to be uncomfortable using or supporting Tor no matter what >> because of its history, > > It's not just 'history'. Tor is fucked up because of its > nature, purpose and past and current funding. > > >> and now potentially because they blame Tor >> for what happened to Appelbaum. > > The appelbaum soap opera is totally irrelevant actually, except > that it's good because it shows that the members of the tor > project are backstabbing clowns. Indeed :) > Now, think how much trust people who don't even trust > themselves deserve. Tor is open source, so trusting software doesn't depend entirely on trusting coders. >> Personally, from having talked to people who knew him that I've known >> for years, I am inclined to believe that Appelbaum did at least most >> of what he's accused of. >> But I blame the community for tolerating it >> and saying nothing at least as much as I blame him. He could not have >> existed without the legions of fanboys who, when they saw him trying >> to force a kiss on a woman, just wished they had such big balls >> rather than being concerned over whether or not she actually wanted >> that. >> >> >>>>> It's the same argument that we make about encryption >>>>> generally. >>>> >>>> No it is not. You are *misaplying* the argument. >>> >> >> I think that what they are saying is that whether or not crypto is >> effective for a given application depends on the resources your >> adversaries are able and willing to apply to breaking it. > > > The 'traffic analysis' of tor is not even crypto. It's based on > IXPs taps, not on fancy math and number crunching. It's based on intercepts _and_ "fancy math and number crunching". >>>>> Systems with backdoors can't be secure. And you can't keep >>>>> anyone from using anonymity systems without backdoors. >>>> >>>> Yes you can if access to the backdoor requires capabilities >>>> that your enemies don't have. >>> >>> That's the fallacy about backdoors ;) >>> >> >> Agreed. It's also the fundamental fallacy behind all of the NSA's >> attempts to weaken crypto. > > > There isn't any fallacy there. They weaken crypto because that > serves their ends. > > And if they need a 'secure' cypher they won't use any of the > ones they sabotaged. > > But, again, this doesn't apply to tor. You are very suspicious ;) >>> So are you arguing that well-designed backdoors are OK? Or are you >>> just arguing that US military are dumb enough to think so. That >>> they're so confident about their superior capabilities? >>> >> >> The latter seems perfectly plausible to me. Groupthink. > > > I don't think the US military are dumb. If you do, then you are > not thinking as correctly as you should. They have done some pretty stupid things. >>>>> As I understand Juan's position, that wouldn't work for him. >>>> >>>> What wouldn't work? >>> >>> Let's assume, hypothetically, that Tor is secure for everyone. And >>> let's acknowledge that US military uses it for evil. >>> >>> If that were so, would you use and recommend Tor? >>> >>> Or would you reject it, because it's used for evil? >>> >>> > >
