[tor-talk] Tor and Financial Transparency

Juan Garofalo juan.g71 at gmail.com
Mon Sep 16 22:55:08 UTC 2013


>I have yet to see other than an ad hominem argument in your
>statements, Roughly, 
>
>A. Entity x is evil. 
>B. Entity x funded the building of y. 
>C. If A and B are true, there can be no adequate answer
>   to "Why should we trust y?"*
>D. Therefore, we cannot trust y.


        But I didn't say "there can be no adequate answer". What I'm saying is that given A and B, initial distrust is a rational response. I don't think this rational distrust can be described as an ad hominem. 

        And I can go further, I can say we have A, B, and so in this or that *particular case* there may be no adequate answer, or there is no adequate answer. 

        But fine. There isn't much point in keeping quarreling about the exact definition and usage of "ad hominem".

        
>*No matter how much more open the funding, design, and coding are than
>anything providing similar functionality and no matter how much more
>public, independent, scientific, widespread, repeated analysis y is
>subject to than anything else out there.


        And of course all that helps to dispell part of the distrust.


>If you want to engage in discourse and use reasoning outside the
>bounds of valid argument as recognized by the group you are talking
>to, and when the distinction is pointed out to you and you are asked
>to explain, you simply reiterate your position without making any
>attempt to explain why those you are talking to should abandon there
>criteria and adopt yours, then you will be (correctly) perceived as
>trolling. I was trying to suggest a way for you to avold trolling,
>unless that was your goal. 


        I'm not sure I fully follow. And I'm surprised by something that looks like an appeal to 'group thinking'? Sorry, I can't find a better word for this 

        "valid argument as recognized by the group"

        I'm not sure what standard for discussion you're advocating, but what I seem to understand is that if I don't stick to your standard(whatever that is), then I'm trolling?

`       But, all right. No point in engaging in endeless discussion about the meaning of 'trolling' either.

        

>> 
>>         There's an interesting ambiguity here, it seems. First it's
>>         stated that onion routing doesn't protect against 'big' (in
>>         network terms) adversaries. But then no hard data is given
>>         about how 'big' the adversaries really are.
>
>Ermm. I pointed you at our paper, the first paper attempting to
>quantify that in a meaningful way using the best available data.
>And, as I recall you thanked me for it.


        Yes. I took a quick look at it first and asked how those results affected hidden services, but I didn't get an answer.

        I've now read it thoroughly. The use of an internet map and circuit simulator is interesting. So, after something like ten years, there's an analysis that tries to get a complete and quantified picture of the system. Better late than never, I guess. 

        Maybe in 2002 the assumption that the internet was too big and complex for it to be succesful monitored was correct, but that assumption doesn't look too valid now? 



>> 
>>         How well is Tor preserving the anonimity of its users? Well,
>>         there are "hard problems" to answer that question...
>> 
>
>And yes, this is a hard problem. Science and technology are lousy with
>hard problems, and this is one of them. 


        I'm not denying it's a hard problem. And it's a hard problem that doesn't help Tor's reputation since it makes it hard to know how well Tor is performing. But you knew that.



> 
>>         
>>         I asked "Why should Tor be trusted", given its connections
>>         to a criminal organization.
>> 
>>         That's not even an argument. It's basically a question. And
>>         seems like a pretty reasonably question to me, by the way.
>> 
>>         You can even drop the bit about criminality if it upsets you. 
>> 
>>         Product X is meant to defeat one of the main objectives of
>>         the very company that manufactures product X. Shouldn't the
>>         users of X take a closer look at what that means?
>>         
>
>Setting aside the huge implicit composition and division assumptions
>you are making, myself and others in this thread have already explained
>that we feel our time is better spent designing a process and 
>then working in a way that is fault tolerant against such concerns.

        
        Even if I drop the composition, the picture is still odd. Organization M has the goal of spying on every 'foreign' living soul. Organization M starts and mostly funds project X that goes against M's goal. Something is off. 


        But, OK. You are of course free to use your time in whatever way you feel it's appropriate. 


>Those are merely hard problems rather than intractible ones, but feel
>free to look at whatever you like. I hope I'm not being too presumptuous
>in saying that you already have as much of an answer as those who
>work on Tor can give you about that.


        Yes, I see that. I must admit I mostly got a fair hearing from you.



>Well no not exactly. I was being a bit terse with "set up for",
> but I've already been overlong in so many respects. As Roger has already
>explained somewhere (I forget sorry) quite well: It's not enough to
>have open design.  You need to have good documentation of the code and
>of the design


        And that makes it easier for people to audit the system and so the audit is more likely to happen, I see that.


        Anyways, thanks for the discussion. 




>(cf. https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/000-index.txt
>) so others can understand what you are doing, build there own, etc.
>You need to make data available so that people can easily do strong
>and repeatable analysis not just of the design but of the deployment
>and usage (cf. https://metrics.torproject.org/ ) You need to spend a
>lot of time doing your own research
>(cf. https://research.torproject.org/techreports.html) as well as
>collaborating with others and also running around to research groups
>around the world who might have lots strong expertise but not a grasp
>of the hard problems and why they matter. If you don't they probably
>won't try to solve nearly as many of your problems; they'll solve
>other problems or misconstrue yours. Roger was probably the main
>person doing that for a long time, but in an effort to not have him
>explode it is now a separate job, handled this year by Nick Hopper on
>sabbatical from the Univeristy of Minnesota. This is a partial list
>(this message is already too long) of how Tor is designed and operates
>to receive lots of scrutiny rather than just being available for
>scrutiny.
>
>-Paul
>
>> 
>> 
>>         
>> >as much scrutiny
>> >and verification as pretty much anything out there---and mostly
>> >more so than anything else out there.
>> >And, on a meta level, there is
>> >public discussion of the current limits and attempts to improve that,
>> >e.g., open hardware and deterministic builds. And since you are so
>> >focused on funding, there is also public discussion of how the Tor
>> >Project Inc. attempts to diversify its funding. If you can offer more
>> >than ad hominem reasons why this approach is flawed by design, I
>> >believe the opportunity to see how to improve Tor would be welcome.
>> >
>> >HTH,
>> >Paul



More information about the tor-talk mailing list