[tor-talk] Tor and HTTPS graphic

grarpamp grarpamp at gmail.com
Thu Mar 8 07:38:17 UTC 2012

> I think that it is important to differentiate national security
> and law enforcement here.

Yes. They are two separate camps. Who now more regularly talk with
each other to varying degrees, both in the office, and in the pub.

It's likely only a legal question as to what tools either may use.
Then saying, 'hey, we have this program', seems not a big deal.

> yet FBI is apparently unable to locate members of pedophile
> networks who use Tor

Based on 4+ year old methods up against a first time case.
What were the lessons learned? What gaps are being filled?

> National security agencies, on the other hand, have to think about
> the "big picture", and would not put their methods of work in
> danger of disclosure

Of course. That's why I put out possible examples that would only
utilize publicly known methods. There are no secrets in anonbib.

> or indulge in otherwise risky behavior (routing tricks and the
> like, which can be discovered by regular employees).

Secret projects have secret nets with secret admins...

I'm not really suggesting that any such global or national all
seeing system is in place. Only that given budgets and current tech,
the odds are surely not zero on some of the scenarios.

Particularly concerning results available even with limited visibility.
Such as running both a HS and an entry node that a user happens to
use. Or running enough nodes that having an interesting circuit
transit all three/six is less than a rare occurance.

Scaling Note: If the network needs to scale, such as keeping nodes
very busy but not saturated, non-exit relay by default (NE-RBD)
could be metered out by way of a client self enabling it (or whatever
other scale factor) based on the client's/relay's own fingerprint.
Whether driven by release or net consensus: 0-9a-g = on, h-z = off

More information about the tor-talk mailing list