[tor-relays] Tor Advocacy, Political & Artistic

dawuud dawuud at riseup.net
Fri Dec 29 13:01:54 UTC 2017 

On Fri, Dec 29, 2017 at 02:38:41AM +0100, Duncan wrote:
> Hello,
> 
> I'd like to pick up on this. It is worth remembering that Tor itself is not conceptually difficult - it is an anonymizing network for TCP traffic that builds circuits across multiple nodes.

...for streams not TCP. Tor does not transport TCP, it transports streams.
As it turns out TCP also transports streams as do UNIX domain sockets
both of which can play nice with Tor via SOCKS protocol.

I think understanding Tor's adversary model is quite difficult.
But then if you aren't describing any attacks then it might be easy to
fall into a habit of considering it simple whereas it is not.

> Tor does not care about the data. This is your responsibility. You need to ensure it does not transmit information that might be used to deanonymize you. 
> 
> Most people think of this information as your IP address, but more subtle information can be used to build up a profile about you. Using Tor Browser is often essential for all the groups you mentioned, if their goal is anonymity while browsing the world wide web.
> 
> I think what you need to understand is that everyone judges risk differently, and some of them judge it badly. Some people refer to 'threat models', but this is considered by some to be a somewhat awkward term. In any case, judging risk would often involve considering certain scenarios, and a realistic idea of the capabilities of some adversary. The EFF have quite a good guide on judging risk, which I like: https://ssd.eff.org/en/module/assessing-your-risks

If you don't like the term threat model then try adversary model.
That web page doesn't really even scratch the surface of Tor's adversary model
but seems to be describing basic concepts of what an adversary model is.

> It's quite possible you don't really have an adversary. Some people do, but many people just want to protect themselves from routine internet surveillance. In any case, Tor Browser is probably still your best bet. Some people might consider a system like Tails to be desirable.
> 
> Therefore, I don't think there is anything conceptually difficult about understanding Tor. It is more about understanding peripheral issues which are more subtle. Fortunately, using Tor Browser effectively isn't as difficult as some would suggest, once one gets a basic idea of managing identities and the like.

Disagree. Understanding the attacks on Tor is understanding Tor's adverary model.
Merely describing how Tor is supposed to work is a good start but not really sufficient
for a comprehensive adversary model. The Tor Project website has got a decent FAQ
that I would refer people towards. And if wishing for a deeper understanding there
are quite a few papers about Tor on anonbib, some of them describing attacks and defenses.

> All the best,
> Duncan
> 
> 
> On 28 December 2017 11:55:29 CET, Kenneth Freeman <kencf0618 at riseup.net> wrote:
> >
> >
> >On 12/18/2017 12:15 PM, Vasilis wrote:
> >> Hello Kenneth,
> >
> >> Thank you for running an exit relay.
> >> Anonymity is useful for all creatures. :)
> >
> >Just a relay, but anonymity is needful.
> >
> >>> I have been told that Tor is conceptually difficult to wrap your
> >head
> >>> around, but these are useful mission fields.
> >> 
> >> Any specifics on what is the conceptually difficulty to Tor?
> >
> >The need to be anonymous, how to configure your threat model, and how
> >the anonymity is provided by Tor. An LGBT kid has different gestalt
> >than
> >a cop or a whistle blower. Joe Six-Pack might just want to avoid ad
> >tracking; a human rights activist might want to avoid being killed.
> >Etc.

> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171229/ee06a705/attachment.sig>

More information about the tor-relays mailing list