Tor Project 2008 Tax Return Now Online

Anon Mus my.green.lantern at googlemail.com
Mon Aug 16 23:13:40 UTC 2010 

Jonathan D. Proulx wrote:
> While I do think it's good to see the funding there are two points that
> are important to remember.
>
> 1) this is a freesoftware project the code is there for all to see,
> hopefully clueful people other than the US Government are reading it.
>   

Unfortunately, whilst there are clueful people watching the software, no 
one has yet decided to publically produce and share a modified version 
of this code which protects from a Global Adversary who is analyzing the 
traffic (real time or.not).

I await that day, but believe it will not be soon, because it would be 
foolish to take on such a task, only to have the Tor project themselves 
then radically change the code and so as to make the unofficial 
modification obsolete.

> 2) no matter who's funding it the US gov't could read the code (see
> above) and would continue to (potentially) have a near global view of
> internet traffic.
>   

Well its obvious that who funds it get to make the decision as to what 
anonymity "protection" gets put in.
So if you were the Global Traffic Analysis Adversary then you would 
distract, delay, deny and defend lack of protection from your analysis. 
If you also funded the project then that would make that task easier.

So whilst there is no protection in Tor (by official policy) from the 
Global Traffic Analysis Adversary (aka US -GOV) then you can expect to 
unmasked for every usage you make of Tor. Unless of course, you were the 
US -GOV in which case you can add that protection into your Tor nodes 
and Tor clients.

For instance if I were US - GOV (i.e. it was my job to spy on your 
traffic) I would, at the very least,

1. Set up global INTEL network of private and institutional Tor servers.

These servers would be .edu, .gov, .net (running at legit ISP's), as 
well as from the homes of hundreds of operatives (police, CIA, FBI, NSA, 
Homeland Security), .mil (e.g. force bases overseas) and other .gov 
officials (embassy staff, trade orgs, propaganda orgs like Voice of 
America offices) globally.

2. On those INTEL servers, a modified Tor software would be run with 
modifications to create a supersecure subset of Tor.

These servers would either be self identifying (as the supersecure 
servers - SS) or receive a list of ips from a central server.

I'd give some of these SS servers name like anarchist, whacko, anarchist 
or anti-gov/big brov but their ip's would appear to be from telco's, 
R&D/Ops contractors..

3. Relatively minor modifications to the Tor code would add this extra 
protection and priority for the officially supersecure traffic. e.g.

i/ Higher/extra layer encription.
ii/Protection from Traffic analysis - extra long random length circuits 
(n = 3..6 variable), chaff traffic (70-90% variable chaff), multiplexed 
traffic (mixed circuit streams - TOP SECRET) and multiple route traffic 
(split circuit streams - EXTREME TOP SECRET).
iii/Traffic delivery Guarantees

4. Non-supersecure (normal) traffic would be labeled to separate its 
treatment (as well as logged with the identity ip of the originating Tor 
user. Potentially then the circuit builders Tor user ip could be sent on 
secretly, in another layer, to as far as it will go in this SSS Intel 
network)

5. Potentially, normal Tor traffic could be deliberately sent, by these 
SS servers, in specific traffic analysis timed sequences to make easier 
to pick it up when it exits the SSS Intel network by traffic analysis 
systems . A sort of traffic "signature" to be followed to the source.

> To a large extent freesoftware defends agains the worst abuses funders
> can demand (1), but I wouldn't fully trust TOR against China either (2) 
>
>   
No comment
> -Jon
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
>   

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

More information about the tor-talk mailing list