David Benfell writes: > I'm seeing this as a nightmare. If it isn't possible to disguise the > fact you're using or serving tor--and last time I did a tcpdump on my > outside interface, it stuck out like a sore thumb--doesn't that > undermine its usefulness? (And I assume you mean SSL could be used to > encrypt content, not the destination of a tor server.)
Different people have different threat models. Tor fits well into the threat model of people in places where privacy-enhancing technologies are legal to use. It currently isn't as much help to people who could get in trouble just for using these technologies. It doesn't seem that anyone has solved the problem of how to make a publicly-deployable privacy technology whose users can't be identified as privacy-enhancing technology users by an eavesdropping adversary*. So we might say that there are potentially a lot of people whose threat models haven't been addressed well by the state of the art. * Whether this is true depends on what counts. If people are allowed to use SSL or VPNs, are allowed to send what could be cover traffic over them, are allowed to use them for a long time starting fairly abruptly, and have access to means of publicity about proxy locations and access methods that the adversary might not hear about, they might have a chance. I think that's a lot of conditions. -- Seth Schoen Staff Technologist [EMAIL PROTECTED] Electronic Frontier Foundation http://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
