[tor-talk] Tor and Financial Transparency

Nathan Freitas nathan at freitas.net
Thu Sep 12 06:44:40 UTC 2013 

On 09/12/2013 12:31 AM, Kragen Javier Sitaker wrote:
> I broadly agree with you (as I assume everyone does) that Tor is still
> worthwhile even though it doesn't try to defend against the global
> passive adversary.  However, I think you made a number of overreaching
> statements in your defense of Tor, some quite dangerous, and I want to
> call those out here.

Overreach maybe, but I do not think I veered into the "quite dangerous"
territory. Still, when you start trying to reason through discussion
like these, you can easily go down that road.

> There are any number of safes that have been opened with, say, a thermic
> lance, only to discover that the contents have been incinerated in the
> process.  Brute force does not always work even in the case of physical
> safes.

Right, but you can hypothetical talk about nanobot atom-disassemblers,
who can safely chew through the safe, and how the safe was not designed
for that potential eventuality, and so it is flawed.

I personally assume, that someone could always open the safe, and access
the contents within. What I consider is, are the requisite resources to
do so equal with my value as a target? Will the adversary even know I
have the safe in the first place? I don't think most normal humans on
the planet have access to thermic lance proof safes.

>> This is a basic security metaphor that must be understood. There are
>> no absolutes. It is about how hard you make your adversary work.
> 
> We do have to accept that in the physical world, but in general in
> information security we do not; we can aspire to much better.  Most
> currently-deployed cryptosystems cannot be broken by known means within
> the lifetime of the universe to date, for example.  Tor is excellent,
> but we should not become complacent and stop seeking to do better.

Agreed. I am not saying be complacent. I am just trying to counter the
perspective that because Tor cannot do something, that it is
fundamentally flawed, broken, or without value.

>> Finally, one of the most promising uses of Tor are around
>> whistleblowing services like Globaleaks, which require a Tor hidden
>> service to access. In that case, the global adversary problem does not
>> exist, as the Tor exit and the web service are on the same box.
> 
> Even Tor hidden services are not designed to defeat the global passive
> adversary.  If, hypothetically speaking, you have traffic analysis
> (passive or active) that can trace circuits through the Tor network, you
> can probably figure out where hidden services are, and who is using
> them, and perhaps even who they are communicating with through them
> (particularly if the hidden service uses Comet).

Okay, but that is different than the entrance/exit correlation that most
people speak about when they are discussing global adversaries.

Anyhow, I've made my one comment per month, for better or for worse.
Considering the private email response I have received from Juan, it
probably was not a useful effort on my part to engage.

+n

More information about the tor-talk mailing list