[tor-talk] Tor is anti-censorship software

Thu Jun 30 19:10:42 UTC 2016

On Wed, Jun 29, 2016 at 11:54:04AM -0400, Mansour Moufid wrote:
> On Thu, Jun 23, 2016 at 11:56 AM, Paul Syverson
> <paul.syverson at nrl.navy.mil> wrote:
> 
> > Vitriol aside, the problem is that you don't get to just apply your
> > own intuitive decisions about the meaning of technical terms and then
> > complain based on that.
> 
> The audience of the Tor project, ever since it's provided a convenient
> browser rather than just source code, is the average user, not the
> technical community.  So when the Tor project website promises
> "anonymity," they are not using the technical definition.

I agree completely, which is why I said in an earlier message in this
thread

  If you have a better single word than 'anonymity' that conveys to
  people who don't want to read all that technical mumbo-jumbo what
  Tor provides, I think we would all be happy to use it. (Well I would
  anyway.)

Intuitions are fine, and necessary for any of us to function in the
world. But once you start to unpack them and talk about whether
something _really_ has property X, then you are moving beyond what
the "average user" is concerned with.

> 
> > The Tor Project remains the exemplar of being up front about what it
> > provides and doesn't, what needs improvement, what people have found
> > about weaknesses etc. (I know simply saying nobody is doing it better
> > is not an excuse for not trying harder, but it is a standard of
> > reasonableness). "Anonymity" has some intuitive meaning that has been
> > articulated to multiple meanings as lots of precise mathematical and
> > technical analysis teases intuitions out. If you have a better single
> > word than 'anonymity' that conveys to people who don't want to read
> > all that technical mumbo-jumbo what Tor provides, I think we would
> > all be happy to use it. (Well I would anyway.)
> 
> If it were just about which words to use, the term "unlinkability"
> has been proposed before.  But words aren't the problem.
> 
> Here's another term in the advertising material that has a specific
> technical definition: traffic analysis.  Tor is advertised as a
> protecting against traffic analysis (by governments a.k.a. global
> adversaries) which it does not and couldn't possibly do.

I think your definition is misleading, and I suspect most (all?) who
work in this area would agree with me.  Specifically, it is misleading
to assume 'traffic analysis' must imply a global adversary, whether
observing, active, or a combination of the two. The nutshell way I
have expressed this protection going way back before Tor was that
onion routing generally protects against traffic analysis not traffic
confirmation: it protects against an adversary doing traffic analysis
on a flow it sees. Such an adversary will not learn the
source/destination from that analysis. If the adversary does traffic
analysis in two places, it will most of the time be able to confirm
that it is looking at the same flow of traffic in both places.  This
is a nutshell, but I stand by it as basically correct. Details are
more subtle, e.g., sometimes website fingerprinting can reveal something
about the destination, subject to closed-world assumptions, etc.

>
> The advertising doesn't correspond to reality, because it's false
> and dishonest, not because the user is dumb.

Why do you imply the user is dumb? I certainly reject that
characterization of users. I assume that, like myself, most users
can't give an accurate description capturing every important property
of most of the tools they use, microchips, automobiles, airplanes,
etc.  That's not because they're dumb, but because nobody can, or
indeed should try to, know all the important things about everything
they rely on. What I think Tor does well (but could always do better)
is get the gist of things across, and then (more than most other
communities or organizations) provide the means for anyone who has the
time, tools, and inclination to fruitfully probe as far as they wish.

aloha,
Paul