[tor-talk] Tor as ecommerce platform

Gregory Maxwell gmaxwell at gmail.com
Sun Aug 12 05:23:57 UTC 2012


On Sat, Aug 11, 2012 at 11:51 PM, Greg Norcie <greg at norcie.com> wrote:
> Some crazy new correlation attack might be possible... but using it as
> evidence in court would be quite difficult.

Wrong mental model.

You're assuming a "lawful" attacker.  This is just fundamentally
incompatible with any definition of attacker that I care about. A real
attacker doesn't follow rules that can be bent or broken.

In this case you're assuming a particular threat set—prosecution by
law enforcement in a place where the rule of law is largely effective
and at least somewhat just.  While that may apply to people
trafficking banned goods in the US, those aren't the only users of
tools where these attacks could be applied.  If the analytic tools
reliably identify their targets, that may be all that's required for
someone to go out and kill them.  The threat against people promoting
disapproved-of political positions or religions, or people disclosing
evidence of unlawful and unethical acts by powerful parties, can be
expected to be more like the latter than the former.

Even so, fancy correlation isn't used as evidence for a conviction.
It's used to identify the actual parties, then regular focused
evidence gathering and investigation does the rest. In the US,
potentially it gets used to generate probable cause for a search, as
the bar there is so low as to be almost non-existent and there is no
before the fact adversarial process to challenge them. Even absent it,
it's trivial to manufacture ample probable cause against anyone, but
doing so doesn't scale as an investigative tool unless the targeting
has been highly focused first.

Perhaps most importantly: a child sex trafficking ring doesn't need to
convince a court of law that a new customer is certainly law
enforcement before deciding not to do business with them, and I very
much want the people doing socially important enforcement work to have
good tools and operating procedures so that they can enjoy the full
investigative benefits of privacy technology. The fact that evidence
guidelines may make non-cheaters working for social good weaker is
actually good motivation for developing protection against techniques
which are mostly useful to attackers who don't care about following
those rules.


More information about the tor-talk mailing list