[tor-dev] resistance to rubberhose and UDP questions

Jacob Appelbaum jacob at appelbaum.net
Fri Oct 5 12:07:39 UTC 2012

Eugen Leitl:
>>> 18:08 <@cjd> I trust them to make the software right, esp. since I could
>>> check if they did.
>>> 18:09 <@cjd> But a little arm twisting can change someone's motives pretty
>>> fast.
>>> 18:09 <+eleitl> Maintaining signing secrets is a problem.
>>> 18:09 <+eleitl> They should have used a P2P design.
>> Do you have a ‘P2P design’ for Tor which doesn't rely on trusted
>> parties ‘maintaining signing secrets’ and which isn't broken?
> No need to be snarky, I mean well. There are obviously ways in which
> network quorum can eliminate authorities as a single point of failure
> (see Bitcoin, Tahoe LAFS, etc).

He isn't being snarky - he's being honest and knows the research better
than most.

>> (Hint: No, you don't.)
>> Do you have any ‘P2P design’ for Tor at all which isn't broken?
> What very few people know: I'm actually a dog. W00f. I don't have the money or 
> the skills to do anything which would survive more than a friendly sandbox.
> Don't ask me for patches, I'll drag you in a wet skunk which has been dead for
> a while.
>>> 18:10 <@cjd> If someone (with government hat?) tells you they can make your
>>> life hell...   I wouldn't fault them
>>>              for doing what the man says.
>>> 18:10 <@cjd> *wouldn't fault you
>>> 18:10 <+eleitl> I'll try bugging some Tor developers about that scenario,
>>> and see how they squirm.
>>> 18:11 <+eleitl> Also, the UDP connection thing.
>>> 18:11 <@cjd> You can "stack" your circuit setup packets if you're using UDP
>>> 18:11 <@cjd> stack -> all headers in the same packet
>>> 18:12 <@cjd> cjdns does the same thing

Huh. Wow. I just... Excuse me? Who suggests that no Tor developers
haven't already had their arm twisted and stood their ground? Who
suggests that those who run a Tor Directory Authority would comply with
the "man" and what "they" say? On what evidence do they say these
things? Do they understand the moral and ethical character of the people
running those systems? No, they most certainly do not. Do they even know
the history of harassment that Tor people have faced in various
circumstances? No, they clearly do not know these things.

I certainly have had attempts, serious attempts by powerful people, to
crush my spirit, to push me out of the anonymity space and to punish me
for speaking out about anonymity as a fundamental human right.

I don't take kindly to anyone suggesting that 1) such harassment hasn't
happened and 2) if it were to happen, we'd just roll over like a bunch
of assholes.

Did I mention how offensive that uneducated kind of statement is to
people who work day and night on these problems? To those who have
struggled against state surveillance, state harassment and other
extra-legal issues?

It's bad enough that someone would suggest a bunch of broken designs
would be better. It suggests a lack of understanding of the anonymity
space and that is self-evident, hardly worth refuting. However, the rest
of the comments are just over the top in their absolutely ridiculous
nature. Such statements are totally offensive and absurd to the core.

Run Tor nodes if you're worried about the integrity of Tor nodes and the
integrity of the network as a whole; be part of the solution by taking
practical action on the matter.


More information about the tor-dev mailing list