> I don't think I ever said that or agreed to it. I'm not > interested in *irrelevant* technical discussions. But, > for instance, I've discussed a few times why a cyberweaponlike > tor (widely supported in fake, american, privacy circles ) is > TECHNICALLY flawed - at least if we were to believe the lies > about its intended purpose. It's not flawed from the point of > view of its creators.
There are certainly known attacks on the Tor model, and I understand its technical failures in this regard. Conspiracy theories (with no disdain there -- one should question the veracity of government funded projects) about its intended purposes aside, unless a better model can be put forward that provides Tor's features, while decreasing risk, I just don't see how such criticisms are relevant on technical grounds. You liken it to a weapon, and fair enough. In the 1700's muskets were state of the art. Criticisms of their technical failures with regard to poor accuracy, slow time to reload, difficulties in wet conditions, and so on have no real merit unless/until an alternative design is presented which solves it. For me, Tor's main utility isn't in the way of anonymity so much as a robust way to reach out past firewalls, and to obviate the need for any dynamic DNS considerations, and so forth. On each network that I have to deal with, I keep one box/VM running SSH as a tor hidden service. If I, or someone else, fucks up a firewall configuration, we have a chance to use the Tor entry point to jump in and fix. We could use a VPN server for this, with an associated single-point of failure, and cost. With Tor, we get redundancy and no cost. But anonymity isn't even a stated need with this use-case. That said, you're right: Tor is very suspect in terms of providing true anonymity and protection from government surveillance. But if that is who you're worried about, there is never, and really can never, be a wholly technical/cryptographic solution to that problem. Even if you have technology that the government can't spy on, they are bound to get extra interested in you BECAUSE they can't spy on you. The solution to that problem starts, "at home", as they say. Opsec from the start. One keeps a bootable USB drive hidden in a bus-station locker or some such. When anonymous comms are desired, you leave your cell phone at home, retrieve the disk, boot up at a random public wifi spot, do what you need to do, and drop the disk back off. Avoid patterns in public hot spots that you use, and so on. Keep a strictly red/black design where no information leakage between "you" and your "alter-ego" ever cross up. Probably you'd even want to wear a disguise of some sort when doing work as your alter-ego. Separation of "privilege" all the way down. Any purely technical scheme seems doomed to failure in some way or another.