[tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

coderman coderman at gmail.com
Sun Jun 29 23:14:18 UTC 2014


On Sun, Jun 29, 2014 at 2:24 PM, Juan <juan.g71 at gmail.com> wrote:
> ...
>         You´ve been officially threatened by one of the ´leaders´ of the
>         ´tor family´ for (unlike me) politely point out tor´s obvious
>         flaws.


"pointing out obvious flaws" - as in, "it's so easy to protect against
traffic analysis!  just make one end invisible!"

?

...

in the interest of adding even a minuscule bit of signal back to this
discussion, let's get technical.

1) compute the cost of global traffic analysis.  we have big data mark
to put a ball park on it, but the point is: the cost is non zero and
non trivial.

2) compare to other mechanisms of compromise, whether through remote
exploitation, technical surveillance, surreptitious physical access,
etc.

3) compare to possible *well researched/designed* solutions against
traffic analysis.



the math appears to be #1 is expensive on already maximized
intelligence community budgets.  possible?  of course.  actually
applied?  not so clear.[0]

re #2, it is cheaper in every sense, to pwn the application layer and
end point directly. this is well documented by years of industry
experience, and more recently through covert budget details leaked.


finally, #3: this is fucking hard! to point a fine point on it.  if
you've designed and implemented a low latency traffic analysis
resistant anonymity protocol with great usability and modest
requirements please post here with the info; i for one would love to
see how you solved a few of the hard details involved. ;)


best regards,





0. i have more to say, but also en route to Paris.  'till then,


More information about the tor-talk mailing list