[liberationtech] Anonymity Smackdown: NSA vs. Tor
coderman
coderman at gmail.com
Wed Aug 7 09:36:11 PDT 2013
On Tue, Aug 6, 2013 at 8:43 PM, Kyle Maxwell <kylem at xwell.org> wrote:
> ...
> The key, obviously, is the primary assertion that the NSA runs "lots"
> of Tor nodes.
it is incorrect to assume this is for attacking anonymity of Tor users.
more likely these nodes are used as trusted guards and exits in
circuits the $TLAs use for their espionage and offensive operations.
a good anonymity network encompasses all users :)
> I've seen this assertion before, and while it's
> certainly a reasonable assumption, I don't know if anybody outside the
> NSA actually has hard evidence for that.
if you were to 0wn the Tor network and clients you would know.
> Runa Sandvik's excellent
> talk[1] at DEF CON 21 started to address this, but clearly more work
> remains to be done here.
is there a transcript of this talk? for all the mention of
inaccuracies in this errata post there were reports of inaccuracies
and invalid assumptions in the DEF CON 21 talk as well.
> Other criticisms are
> really about operational security: sending non-encrypted traffic (e.g.
> HTTP) over Tor ...
these operational issues have been and will continue to be the largest
risk to Tor users by far. this is evidenced by history of past
vulnerabilities and the focus on active, offensive capabilities by
these organizations.
in short: errata post misguided and incorrect.
but still useful for the issues it brings to light and the
improvements made to Tor that many seem unaware of.
More information about the liberationtech
mailing list