[tor-talk] tor project website change

Mirimir mirimir at riseup.net
Fri Mar 29 13:36:55 UTC 2019


On 03/29/2019 06:07 AM, dns1983 at riseup.net wrote:
> I'm not in the position to talk about the architecture or other
> technical aspects because I'm not expert enough. I don't say that the
> network doesn't have problems.
> 
> But i think that some things you said are a bit of stretch; for example,
> why adversaries should finance tor project and publicly it if they have
> a malicious intent?

Where do you see that? I've reread his post several times, and see
nothing about "adversaries should finance tor project". It is true that
some criticize Tor because it was originally a US Navy project, and
still gets funding from US governmental entities. But that's not an
argument that I recall grarpamp ever making. Unless he's juan, anyway.

> It would be interesting to me to know what other people think about what
> you said.

The main thrust of his criticism, as I interpret it, is that Tor
explicitly doesn't protect against global passive adversaries. Let alone
global _active_ adversaries, such as the NSA. As I understand it, that
reflected both "it would be too hard to do that, without unacceptable
latency and traffic overhead" and "they don't likely exist, or if they
do, they're our friends".

Some systems have been proposed that use padding and chaff to make
traffic analysis harder. But as grarpamp says, it'd be hard for the Tor
Project to implement stuff like that in the existing Tor network. Much
harder than the v3 onion upgrade, anyway. And the other side of it is
that Tor works well enough that implementing one of the newer designs
seems unlikely. Given that potential volunteers are working on Tor.

> Il 29/03/19 03:08, grarpamp ha scritto:
>> On 3/28/19,dns1983 at riseup.net  <dns1983 at riseup.net>  wrote:
>>> I think you are affected by cognitive bias.
>> Tor is effected by lack of external thought.
>>
>>> You are blindly looking only for bad things.
>> Your adversaries are assuredly looking at those things and more.
>> If you are not looking at them, you're done in mate.
>>
>>> Of course the network is not perfect, but is the best we have
>> That's apologist talk to avoid clean slate researching
>> and creating better architectures, even to the
>> then at that point possibly legit point of being
>> able to actually make that declaration.
>>
>>> and we should make our best to improve it.
>> Tor is and will always be 20 year old architecture
>> from time before current adversary models were
>> say matured if not known. Tor's relatively
>> simple and effectively static with only marginal
>> improvements left. And has outright traded off
>> and/or discarded design models that others
>> might not today.  (And obviously Tor arch cannot
>> be substantially changed while still calling itself Tor.)
>>
>> Before declaring Tor sufficient against today threats
>> you need to analyse it against today threats
>> vs new networks being research and deploy
>> against today threats.
>>
>>> trying to delegitimate everything.
>> Those concerned with messengers vs
>> messages are prone to miss some dead canaries.


More information about the tor-talk mailing list