[tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

Paul Syverson paul.syverson at nrl.navy.mil
Tue Jul 1 18:36:08 UTC 2014


On Tue, Jul 01, 2014 at 06:32:27PM +0100, Mark McCarron wrote:
> Alex,
> 
> You must be living in a fantasy land.  The problem still remains,
> Tor is vulnerable to a global view and that global view exists
> according to Snowden.  Further, it would appear that Tor was
> designed to fit into that global view and provide US intelligence
> with the locations of both users and hidden services, whilst
> pretending to provide anonymity.
> 
> I don't see anyone denying it.  Do you?
> 

As with most of this discussion, many of your statements have been
vague and provocative.  Not sure which of the three, or possibly for
things asserted above are the "it" that you don't see anyone
denying. I'll take yet another stab.

Yes Tor is vulnerable (for some but not all appropriate understandings
of "vulnerable") to global observers (for some but not all appropriate
understandings of "global"). This has been a documented and analyzed
aspect to onion routing since before we designed
Tor. Cf. e.g. "Towards an Analysis of Onion Routing Security" from
2000. As to the extent and nature of global observers that Tor is and
is not vulnerable to cf. e.g. "Users Get Routed: Traffic Correlation
on Tor by Realistic Adversaries" 2013. Nobody's denying it because
everyone has been stating over and over to you the quantified specific
ways in which it is true and ways in which it is not. There's plenty
more work to be done in this space, and I hope others will make
helpful contributions to it.

You have elsewhere in this thread noted that resistance to traffic
confirmation is not rocket science. I would agree that it's not merely
rocket science; it's much harder. (OK that's probably not fair to
rocket science, but there is no indication that it's any easier
despite your repeated unsubstantiated allegations to the contrary.)
People have already alluded to DISSENT, which is a great approach and
accomplishment that makes things stronger in some ways but weaker in
others.  Another attempt to improve resistance to traffic confirmation
including active attackers is described in "Preventing Active Timing
Attacks in Low-Latency Anonymous Communication" 2010.

People have denied over and over your allegations that Tor was somehow
designed to be intentionally vulnerable in some way. They have already
cited various aspects to the openness of the design, the extensive
scientific scrutiny to which it has been subject, etc. as evidence of
this. It's hard to imagine what would satisfy you at this point but
perhaps this will help: I designed Tor with Roger and Nick. At all
times we designed it to be as secure as we could given usability,
performance, and other practicality goals (which are themselves
security goals we considered, as has also been widely documented). At
no point did we intentionally do anything to make the design less
secure than we could think how to do while still making it as usable
and practical as possible. Nor did anyone ask any of us to do so, as
far as I know. My opinion (subject to reasoned _scientific_ debate)
about why the Tor design is more secure for practical attacks than
those designed to be putatively more secure against a widescale
attacker (such as those mentioned above) is sketched in "Why I'm not
an entropist" 2009. That paper could use some updating and expansion,
but the basic points hold up I believe.

> Its been 6 days already.

People have day jobs trying to design, build, and analyze systems to
protect people. I often take way longer than that to respond to
substantive well-reasoned questions, as do many people with jobs
and/or lives. Such people also typically expect response times
proportional to the importance, urgency, and reasonableness of the
questions. To such people I say please do not infer too much to the
fact that I have responded to all this in a mere 6 days.

aloha,
Paul

> 
> Regards,
> 
> Mark McCarron
> 
> > From: fuerschpiu at gmail.com
> > Date: Tue, 1 Jul 2014 18:39:13 +0200
> > To: tor-talk at lists.torproject.org
> > Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and	Anonymity
> > 
> > Please Mccarron, 
> > 
> > The discussion is dead. You killed it yourself by not adding anything meaningful as far as I have seen. You just repeat yourself again and again as if it's a mantra. You got statistics to back up your claims? Good - show them! 
> > You got the script you used to track the onions? Awesome! Show it so we can see for ourselves and use it too! 
> > 
> > As others pointed out already: give us something to work with, else you can just pack up and troll another list as far as I am concerned. 
> > 
> > -- 
> > tor-talk mailing list - tor-talk at lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>  		 	   		  
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


More information about the tor-talk mailing list