[tor-talk] "Safeplug"

Jacob Appelbaum jacob at appelbaum.net
Mon Nov 25 23:27:43 UTC 2013

Mike Cardwell:
> * on the Fri, Nov 22, 2013 at 06:17:24PM +0000, Jacob Appelbaum wrote:
>>> You shouldn't just route people through Tor without their knowledge.
>>> They need to understand the risks and adapt their use accordingly.
>> And what is the risk of barebacking with a network?
> When your traffic comes out of a Tor exit node, there is a significantly
> increased risk of passive and active MITM attacks against you, and also
> increased risk of being locked out of your accounts.

What data do you have on passive and active MITM attacks on all of the
internet when you compare it with Tor? As an example, what is an ISP
that mines clickstream data? If that happens with your ISP and with say
10% of Tor exit nodes but is no longer tied to your (Government Issued)
identity, could you really say that it significantly increases risk of
passive attacks? Rather, I think in some cases, it reduces the risk. The
same applies to upstream active MITM by say, OpenDNS enabled networks -
Tor will likely decrease the effectiveness of such things on the
otherwise upstream ISP network. It would also decrease the risk of both
passive and active targeted attacks.

Some systems will lock people's accounts - that is a reasonable concern.
We need these systems to better understand the Tor network, rather than
simply punt and stick with the same FUD.

>> Why should I let traffic trace back to my network?
>> Does that user gather my consent for every action that will be tied
>> to me? No.
> I did not say, "don't route people through Tor". I said, "don't route
> people through Tor without their knowledge."

Consent goes n ways. As the network operator, I hope the user will
understand that they need to protect themselves from my network and
routing choices. Similarly, I will try to protect myself and my ISP from
being harmed by a user or someone targeting one of those users.

As an example, some people wish to deploy captive portals for gathering
informed consent. This is a path of madness. In addition to the
linguistic failures, I think the last thing we need is *more* blocking
and filtering. A click through wrapper isn't useful for much other than
a CYA approach to consent which seems... sad.

Perhaps you have another way to suggest that we have informed them and
they have adequate knowledge? I think that I rarely understand the MPLS
tunnels between my DSL circuit and say, DuckDuckGo - do I really need to
understand those details to use the network?

All the best,

More information about the tor-talk mailing list