[tor-talk] Tor and Financial Transparency

Paul Syverson paul.syverson at nrl.navy.mil
Fri Sep 13 18:42:41 UTC 2013


On Wed, Sep 11, 2013 at 10:59:55PM -0300, Juan Garofalo wrote:
> 
> At 02:31 PM 9/11/2013 -0400, Paul Syverson wrote:
> 
> >  Most people involved in creating Tor
> >including, e.g., Andrew Lewman, now Executive Director, of the Tor
> >Project Inc. first got involved simply by volunteering constructive
> >suggestions/code/design/etc of one sort or another and then growing
> >into a larger position. For anyone looking to help, see for example
> >https://www.torproject.org/getinvolved/volunteer.html.en 
> >Second, people who make clueful constructive criticisms of design are
> >usually amongst the best to ask for help in improving designs. Sorry
> >if what I said offended by leading you to infer that I thought you
> >coud be such a person.
> 
> 
>         In that case, thanks for suggesting I might be clueful in
>         technical matters, but I'm sorry to disappoint you. I don't
>         think I am.
> 
>         And basically, I think the problem that Tor attempts to
>         solve is a political problem. Thus, it needs a political
>         solution.


I said nothing about being clueful in technical matters. I said that
if you make clueful constructive criticisms you are typically likely
to be in a position to make clueful constructive suggestions about the
design. Many contributors to Tor, paid or otherwise, do so outside of
the science and technology per se. If your focus is on political
aspects that is where you could contribute, but I have yet to see more
on that front from you than ad hominem attacks.

(Note also that you straightjacket and oversimplify Tor by limiting it
purely to a political dimension, but if that is your hammer, and you
are not simply trolling please use it as a tool of more than
destruction when hitting the Tor nail. I will not engage in political
debate, so I will have to leave that to others. Please also make sure
that political or otherwise, your comments remain constructive and
relevant to Tor.)

> 
> 
> >> >> > But you know what? I never said tor was 'subverted' by the US
> >> >> > government. Tor isn't 'subverted' - it just flawed...by design.
> >> >> 
> >> >> Fair enough, if that's what you believe, then please make your own
> >> >> thing. Create something better than Tor.
> >> >
> >> >Right exactly. 
> >> 
> >> 
> >>         Wrong exactly. The argument that I can't comment on what you
> >>         do unless I run a multimillion sofware project (and 'better'
> >>         than Tor) is invalid.
> >
> >Another straw man. Nobody said that. You _did_ say that Tor was flawed
> >by design without offering any support of that claim.  
> 
> 
>         I don't think my claim was unsuported. But let me try again. 
> 
>         Tor cannot protect individuals from organizations that can
>         monitor 'big' parts of the internet. Organizations such as
>         the US government, for instance. In that sense Tor is
>         flawed.
> 
>         I understand that the flaw is an inherent limitation of the
>         way Tor works and it hasn't been put there 'on purpose'. But
>         the fact remains, it is a bug, or feature, of Tor's design.

Something is not a flaw in a system if it is overtly stated to be
beyond the the scope of the system. We've said since before Tor that
onion routing by itself does not prevent an adversary able to watch
both ends of a connection from determining who is talking to whom. So
you cannot validly claim this is a flaw of Tor. You can note this as
a limitation on what it currently offers.  But that is already
frequently stated, so one must say more than that to make a
contribution.  Also, I have already pointed you at research by myself
and others on the hard problems of quantifying the extent of this
limitation and on designing to go beyond it.

> 
> 
> >> >Right. And since no doubt at some point Juan Garofalo or someone else
> >> >in this discussion will yet again "discover" 
> >> 
> >> 
> >>         But I didn't claim I discovered anything, and if you think I
> >>         learned about Tor's history yesterday, you are mistaken.
> >
> >No idea what you have learned when, only what you say. My goal here
> >though was to preempt anyone participating in or reading the thread
> >making such a "discovery" hence "Juan Garofalo or someone else in this
> >discussion". This seemed a valid concern since you mentioned repeatedly
> >a U.S. government role but did not at all mention that larger history.
> 
> 
>         I understand that the connections between Tor and the US
>         military are public.
> 
>         "it was designed by U.S. government employees and
>         contractors based on technology invented by U.S. government
>         employees."
> 
>         Right. That is public knowledge, but regardless of those
>         facts being public, the implications are the same.
> 
>         The US government is a criminal organization. The biggest on
>         earth. It's a criminal organization even according to its
>         own twisted standards - they pretend for instance that their
>         criminal spying activities are 'bound' by 'law' and
>         restricted to so called 'national security' but that is not
>         the case.
> 
>         So the question remains. Why should Tor be trusted given its
>         connections to such an organization as the US military and
>         given how US 'moral' standards operate.
> 
> 
>         And let me preempt you. The above criticism is pretty
>         valid. Whether you consider it 'constructive' or not is up
>         to you, but if you're interested in true free speech (among
>         other things) you might want to think about the political
>         side of the problem, not just the technical side.
> 

I'm not going to address the moral/political claims you make since
that is outside my current bailiwick. I will simply take them as
premises of your argument without commenting on their soundness.  I
will however note that this criticism is not valid regardless of how
sound the premises may be. It commits a variant on a classic
fallacy. As I used to teach my introductory logic students, if you
reject an argument because it is given by someone evil (in your
opinion) without addressing the merits of the argument itself, you
commit an ad hominem fallacy. Nate Freitas and others have given you
lots of reasons that the work behind Tor (research, design, funding,
code) is _by design_ set up for (and thus receives) as much scrutiny
and verification as pretty much anything out there---and mostly
more so than anything else out there. And, on a meta level, there is
public discussion of the current limits and attempts to improve that,
e.g., open hardware and deterministic builds. And since you are so
focused on funding, there is also public discussion of how the Tor
Project Inc. attempts to diversify its funding. If you can offer more
than ad hominem reasons why this approach is flawed by design, I
believe the opportunity to see how to improve Tor would be welcome.

HTH,
Paul


More information about the tor-talk mailing list