[tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

mick mbm at rlogin.net
Thu Oct 17 17:32:51 UTC 2013

On Wed, 16 Oct 2013 19:42:41 -0500
Joe Btfsplk <joebtfsplk at gmx.com> allegedly wrote:

> On 10/16/2013 4:50 PM, Roger Dingledine wrote:
> > On Sun, Sep 01, 2013 at 10:10:56PM -0400, Roger Dingledine wrote:
> >>
> >> Yep. They're part of the Tor research community. I have plans for
> >> writing a blog post about the paper, to explain what it means,
> >> what it doesn't mean, what we should do about it, and what
> >> research questions remain open.
> > Here it is:
> >
> > https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
> >
> > --Roger
> I read the paper - good job. Some of it will be over the heads of
> some, but that's unavoidable unless make it 10+ pages, in newbie
> language, then few would read it all, so...
> I'm not bashing Tor here, so leave your pitchforks in the barn. Just 
> asking questions, making observations that may / may not have an
> answer or even be useful.
> One thing jumps out, Tor doesn't know for sure who's running Guard or 
> exit nodes - & can't unless they start doing (regular, repeated) 
> extensive personal interviews, background checks, giving polygraph 
> tests, injecting sodium pentathol  to those wanting to run nodes.  I 
> guess more so for Guards.

There are so many things wrong with this thesis that it is difficult
to know where to start. There is the obvious point that there is no
entity called "Tor" who can know anything about anything. There is only
a community of developers, researchers, system administrators, relay
operators etc, some of whom are known well (or partly) to others. So
there is no entity "Tor" which can undertake your "checks".

Nor is Tor just a set of software, processes and infrastructure. It is a
disparate community of people who place (varying) degrees of trust in
other people. Users trust that the software does what is supposed to
do, that the developers know what they are doing, that there are no
exploitable (deliberate or accidental) flaws in either the software
or the architectural model. And yes, they trust relay operators to
provide "safe passage".

To suggest that some (who?) set of the Tor community should subject
some other part of the community to some form of vetting which
includes (your words) "(regular, repeated) extensive personal
interviews, background checks, giving polygraph tests, injecting sodium
pentathol" is offensive in the extreme.

And in my particular case you could kiss my relay goodbye.



 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20131017/455f78d3/attachment-0001.sig>

More information about the tor-talk mailing list