On 01/01/2017 11:28 PM, Rana wrote:
<SNIP>
@Mirimir, @Andreas
This assumes that there is only one entity wanting to do that. When there are multiple the game isn't that easy.
Yes, that is a great Tor feature! Dueling adversaries strengthen Tor against each other.
That's wishful thinking at best. Assuming that there are enough non-colluding adversaries attacking Tor and destroying each other's efforts is futile.
Well, from what I've read, it does interfere with some attacks.
This is not Blockchain where hundreds of thousands of greedy selfish genes are working together for non-collusion. A practically zero- effort collusion of already fully cooperating FIVE EYE agencies (US, UK, Canada, Australia, New Zealand) is needed to sprinkle several tens of rogue relays every month all over the globe, hosted at unsuspected hosters, looking perfectly bona fide. All they need is maintain some bandwidth and stability (why not?) and wait 70 days and - hop! - they are guards.
That seems plausible. I don't know how the community of relay operators works. But I suspect that, if you're right, many known and trusted relay operators must be covert operatives. While that's not impossible, it would represent a huge investment.
Sprinkling middle relays is even easier. I am not even talking about the broader 14-EYE intelligence cooperation that includes 14 countries (https://en.wikipedia.org/wiki/UKUSA_Agreement#9_Eyes. 2C_14_Eyes.2C_and_other_.22third_parties.22)
That US agencies are actively working to destroy anonymity of (hopefully only selected, but who knows?) Tor users is an undisputable fact. Your implicit assumption that Russia is also attacking Tor is, however, unfounded. I mentioned that they have the resources to do so. Russia has arguably MORE resources that the US because instead of paying for hacking services and infrastructure all they need to do is threaten to put the ringleaders of their internationally renowned criminal hacking gangs in jail. There is, however, ZERO evidence that they are going head to head with America doing that. They seem to be much more interested in attacking weakly protected email servers of DNC.
Well, who knows? Maybe Russia just has better security. China too.
But whatever. I do agree that guards are a risk. They may be malicious. And there may be other flaws that permit signaling via circuit management. So I always use Tor via nested VPN chains. And I tend to include Russian VPNs in the chains.
<SNIP>