[liberationtech] Deconstructing the security risks narrative of Haystack
Roger Dingledine
arma at mit.edu
Sat Sep 18 16:22:57 PDT 2010
On Sat, Sep 18, 2010 at 12:42:25PM -0700, Daniel Colascione wrote:
> Also, I checked the Tor disclosure page at
> http://www.torproject.org/download.html.en#Warning and did not find
> anything on precisely this point. (That page is an excellent summary of
> the other issues, by the way.)
>
> May I suggest adding a sixth entry stating that using Tor without a
> private bridge relay (and not something in bridgedb) may reveal the
> use of Tor?
Good idea. We wrote that list back when few people thought of Tor as a
circumvention tool. (I think the majority of Tor's users still think of
it as a privacy tool, not a circumvention tool, but part of the point
is that it can be both at once.)
How's this?
<li>
Tor tries to prevent attackers from learning what destinations you connect
to. It doesn't prevent somebody watching your traffic from learning that
you're using Tor. You can mitigate (but not fully resolve) the risk
by using a <a href="<page bridges>">Tor bridge relay</a> rather than
connecting directly to the public Tor network, but ultimately the best
protection here is a social approach: the more Tor users there are near
you and the more <a href="<page torusers>">diverse</a> their interests,
the less dangerous it will be that you are one of them.
</li>
Wonder what else we're still missing.
--Roger
More information about the liberationtech
mailing list