[tor-relays] How can we trust the guards?
Mirimir
mirimir at riseup.net
Mon Jan 2 07:26:08 UTC 2017
On 01/01/2017 11:28 PM, Rana wrote:
<SNIP>
> @Mirimir, @Andreas
>>> This assumes that there is only one entity wanting to do that.
>>> When there are multiple the game isn't that easy.
>
>> Yes, that is a great Tor feature! Dueling adversaries strengthen
>> Tor against each other.
>
> That's wishful thinking at best. Assuming that there are enough
> non-colluding adversaries attacking Tor and destroying each
> other's efforts is futile.
Well, from what I've read, it does interfere with some attacks.
> This is not Blockchain where hundreds of thousands of greedy selfish
> genes are working together for non-collusion. A practically zero-
> effort collusion of already fully cooperating FIVE EYE agencies (US,
> UK, Canada, Australia, New Zealand) is needed to sprinkle several
> tens of rogue relays every month all over the globe, hosted at
> unsuspected hosters, looking perfectly bona fide. All they need is
> maintain some bandwidth and stability (why not?) and wait 70 days
> and - hop! - they are guards.
That seems plausible. I don't know how the community of relay operators
works. But I suspect that, if you're right, many known and trusted relay
operators must be covert operatives. While that's not impossible, it
would represent a huge investment.
> Sprinkling middle relays is even easier. I am not even talking
> about the broader 14-EYE intelligence cooperation that includes 14
> countries (https://en.wikipedia.org/wiki/UKUSA_Agreement#9_Eyes.
> 2C_14_Eyes.2C_and_other_.22third_parties.22)
>
> That US agencies are actively working to destroy anonymity of
> (hopefully only selected, but who knows?) Tor users is an
> undisputable fact. Your implicit assumption that Russia is also
> attacking Tor is, however, unfounded. I mentioned that they have
> the resources to do so. Russia has arguably MORE resources that
> the US because instead of paying for hacking services and
> infrastructure all they need to do is threaten to put the
> ringleaders of their internationally renowned criminal hacking
> gangs in jail. There is, however, ZERO evidence that they are
> going head to head with America doing that. They seem to be much
> more interested in attacking weakly protected email servers of DNC.
Well, who knows? Maybe Russia just has better security. China too.
But whatever. I do agree that guards are a risk. They may be malicious.
And there may be other flaws that permit signaling via circuit
management. So I always use Tor via nested VPN chains. And I tend to
include Russian VPNs in the chains.
<SNIP>
More information about the tor-relays
mailing list