On Tue, Aug 6, 2013 at 8:43 PM, Kyle Maxwell <[email protected]> wrote: > ... > The key, obviously, is the primary assertion that the NSA runs "lots" > of Tor nodes.
it is incorrect to assume this is for attacking anonymity of Tor users. more likely these nodes are used as trusted guards and exits in circuits the $TLAs use for their espionage and offensive operations. a good anonymity network encompasses all users :) > I've seen this assertion before, and while it's > certainly a reasonable assumption, I don't know if anybody outside the > NSA actually has hard evidence for that. if you were to 0wn the Tor network and clients you would know. > Runa Sandvik's excellent > talk[1] at DEF CON 21 started to address this, but clearly more work > remains to be done here. is there a transcript of this talk? for all the mention of inaccuracies in this errata post there were reports of inaccuracies and invalid assumptions in the DEF CON 21 talk as well. > Other criticisms are > really about operational security: sending non-encrypted traffic (e.g. > HTTP) over Tor ... these operational issues have been and will continue to be the largest risk to Tor users by far. this is evidenced by history of past vulnerabilities and the focus on active, offensive capabilities by these organizations. in short: errata post misguided and incorrect. but still useful for the issues it brings to light and the improvements made to Tor that many seem unaware of. -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
