[tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/8/15, Juan <juan.g71 at gmail.com> wrote:
> On Mon, 6 Apr 2015 20:35:44 -0400
> Paul Syverson <paul.syverson at nrl.navy.mil> wrote:
>> More details on the history at
>> https://www.acsac.org/2011/program/keynotes/
>> > 	I mean we don't need to repeat yet again that tor is a
>> > 	project of the US military. As such it doesn't make
>> > 	sense for it to be 'decentralized'.
>> For the technical reasons behind the degree and nature of
>> centralization and decentralization, see the above paper and the Tor
>> design paper. Also note that ironically the first few major design
>> versions made purely by govt. employees were actually more
>> decentralized. E.g. see the above paper, also
>> http://www.onion-router.net/Archives/TNG.html
>> It was only when we moved to the Tor design, that we moved to being
>> a bit less P2P with directory authorities.
> 	And what point are you making with all that hand waving? 'a bit
> 	less p2p'? That's some technical language.

Exactly. Appropriate non-technical pseudo summarization. Do you want
the whole bloody paper copied and pasted into the email? I don't - I
appreciate the link, specifically addressing your point, thank you
very much! Have you read it?


>> For more technical arguments why this is in practice more secure than
>> other designs known at the time see
>>  http://freehaven.net/anonbib/#danezis-pet2008 and
>>  http://freehaven.net/anonbib/#entropist
> 	Even assuming that the central servers are more
> 	'secure' (although that's vague - more secure for whom
> 	against what kind of attacks) the fact remains that centralized
> 	control over the network is something obviously in line with
> 	the political objectives of your employers.

May be so. And highlighting (your) concerns is a good thing. As I've
pointed out before, if I were actually in need of some level of
anonymity/security on the internet, and I were a newbie, I would be
very appreciative of your vehement notes of caution.

BUT, the TOR guys do have many published papers on many aspects of
TORs design over the years (I've even read a few of them) and they
describe why they've made certain of the technical decisions they've
made - eg centralization vs decentralization (or "a bit less p2p)).

Juan what I would like to see from your passionate desire to
communicate caution and sanity (which I really appreciate) is for you
to temper your passionate communication by, for example taking a key
technical point written about in a paper linked such as in the very
links put to you (us) here and respond in a technically meaningful
way.

I accept your notes of caution, I really do. I even appreciate them. I
think your repetition (to a degree) is acceptable. But I do not accept
-your- handwaving, especially in the light of calling out the TOR
technical foundation design documents as "handwaving". Not cool.

>> But by all means please continue justifying everything you say based
>> on what you tenaciously are sure some large organizations must intend
> 	Is your contention that your employers don't have any purpose
> 	at all?  Or that the government responsible for a global
> 	surveillance system (among many other sick crimes) also pays you
> 	to counter them? lol
>
> 	See, you can play that game only so far. You can pretend to be a
> 	'technician' who knows nothing about politics only so far.

Juan, the "game" goes both ways. You know that as well as anyone here.

No one could dispute that analysing the intent of all players involved
is a good thing to do. In fact, as you rightly point out, an
especially important thing to do in this TOR ('freedom communication
tech') environment.

Likewise, no one can dispute that (and the relevant people agree that)
some technical and other questions simply cannot be answered. We
cannot work in an idealised world, we must work in the world we live
in.

I intuit that your primary point is that the TOR devs ought
acknowledge "we can only do so much, we can only program within the
limitations of the greater environment which includes problems a, b
and c, and there are potential or real conflicts of interest due to
funding sources, etc, etc".

Frankly, I see the TOR guys acknowledge all of this.


> 	On the other hand I do realize that you are just playing a part
> 	here, for your audience of lackeys.

Juan, here is a classic statement which says nothing. On the other
hand, it implies "caution is warranted".

Also, the concept of "troll fishing" can be taken as far you choose,
of course - that is, try to expose they who you might  consider to
ultimatly be trolls (individuals with bad intent), by continually
bating and fishing for such.

It gets a little tiresome, but from a cold hard lets do the best we
can by all newbies perspective, I can't really fault you. That is,
putting up with tiresome is better than the alternative.


> 	By the way, have you and your friends received any national
> 	security letter lately?

Getting a TOR dev canary thing happen would, I say, be useful.


>> Apologies to others for failing to resist feeding the troll.

Juan's valid point is that black pots and black kettles can be hard to
distinguish. Indeed it may not be possible for us to do so.

In such an environment of uncertainty, all due caution is always warranted.

Let's never self deceive eh?

And in the interests of not self deceiving, simply set the record
straight when you feel something needs to be set straight. That's not
feeding the troll. Feeding the troll is when you get emotional and
defensive, and frankly, in the environment/world in which we live,
testing all doubt and all concerns is a good thing. Juan is robust
enough to do this publicly and for this we owe him a debt of thanks
for being so persistent. So few humans give a shit for others you see.


> 	So, you have nothing but name calling. And funnily enough whine
> 	about 'ad hominems'.  Unintentional self-parody at its best.

Indeed. Nice to see we're all so relatively robust around here :)

Keep up the good work everyone,
Zenaan