On Wednesday, November 16, 2011 12:08 AM, "Gozu-san" <[email protected]> wrote: > On 15/11/11 23:39, Mondior Folimun wrote: > > > On Monday, November 14, 2011 12:37 AM, "Gozu-san" > > <[email protected]> wrote: > >> On 12/11/11 20:50, Mondior Folimun wrote: > >> > >>> To be on the safe side, someone who speaks Spanish should create a > >>> fake email account and make sure these people know about Tor > >>> Bridges. If the Zetas are as reckless as they seem, it might not > >>> be too long before any Tor user who directly accesses the Tor > >>> network from the area is in danger, regardless of what they use > >>> Tor for. https://www.torproject.org/docs/bridges > >> > >> Assume that the Zetas have full admin access for all local and > >> regional ISPs in the areas that they control. Also assume that > >> they know Tor very well, run relays, and routinely communicate > >> through it. > >> > >> How safe would it be, in those areas, to access Tor through > >> bridges? > > > > Isn't this exactly the situation for which bridges were designed? > > For when your opponent has full control of your upstream and really > > wants to stop you from using Tor? > > Arguably, the prudent threat model is that the Zetas will kill you if > they learn that you're using Tor. They can access available resources > for finding bridge addresses <http://www.torproject.org/docs/bridges>. > And they may have connection logs, so provisional obscurity isn't > sufficient.
Prudent, yes.. But the product of probabilities of all of these events seems low once you tack on bridge enumeration. Enumerating bridges is a statistics game. You can only get a subset of them, which represents your probability of finding a particular bridge user. Additionally, it is possible to create unpublished bridges that are not available to the public for discovery or use and share them directly with those in need. I think that is why we're seeing random killings. If the Zetas have these sorts of Internet surveillance capabilities, they don't seem to always be inclined to pay the cost for their use if it is possible to create fear without them. I do think they may decide to change this policy, but most likely they will find someone who is connecting to their target blogs directly and torture or make an example out of them rather than going after Tor bridge users. Tor bridge users will be much more expensive endeavor, and killing a repeat blog commenter/user will have just as much if not more effect to demonstrate their power. :/ -- http://www.fastmail.fm - Access your email from home and the web _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
