[tor-talk] Tor and Financial Transparency

Kragen Javier Sitaker kragen at canonical.org
Thu Sep 12 04:31:15 UTC 2013 

I broadly agree with you (as I assume everyone does) that Tor is still
worthwhile even though it doesn't try to defend against the global
passive adversary.  However, I think you made a number of overreaching
statements in your defense of Tor, some quite dangerous, and I want to
call those out here.

On Wed, Sep 11, 2013 at 11:18:01PM -0400, Nathan Freitas wrote:
> This is the same as saying that any safe or vault can be opened ...
> sensitive documents, don't we?

There are any number of safes that have been opened with, say, a thermic
lance, only to discover that the contents have been incinerated in the
process.  Brute force does not always work even in the case of physical
safes.

> This is a basic security metaphor that must be understood. There are
> no absolutes. It is about how hard you make your adversary work.

We do have to accept that in the physical world, but in general in
information security we do not; we can aspire to much better.  Most
currently-deployed cryptosystems cannot be broken by known means within
the lifetime of the universe to date, for example.  Tor is excellent,
but we should not become complacent and stop seeking to do better.

> For combating mass dragnet activities, Tor is fantastic.

We have limited evidence on whether Tor can keep the NSA from
mass-dragnet deanonymizing you.  It points to yes, but we have to be
careful, because Tor was not designed to defeat that threat model, and a
number of weaknesses have been found.

> Finally, one of the most promising uses of Tor are around
> whistleblowing services like Globaleaks, which require a Tor hidden
> service to access. In that case, the global adversary problem does not
> exist, as the Tor exit and the web service are on the same box.

Even Tor hidden services are not designed to defeat the global passive
adversary.  If, hypothetically speaking, you have traffic analysis
(passive or active) that can trace circuits through the Tor network, you
can probably figure out where hidden services are, and who is using
them, and perhaps even who they are communicating with through them
(particularly if the hidden service uses Comet).

More information about the tor-talk mailing list