[liberationtech] Anonymity Smackdown: NSA vs. Tor

Jonathan Wilkes jancsika at yahoo.com
Wed Aug 7 11:47:28 PDT 2013 

On 08/07/2013 03:26 AM, Bill Woodcock wrote:
> On Aug 7, 2013, at 12:05 AM, Roger Dingledine <arma at mit.edu> wrote:
>> Consider two scenarios. In scenario one, NSA doesn't run any Tor
>> relays, but they have done deals with AT&T and other networks to be
>> able to passively monitor those networks -- including the (honest,
>> well-intentioned) Tor relays that run on those networks. They're able to
>> monitor some fraction of the Tor network capacity -- whether that's 1%
>> or 10% or 30% is a fine question, and depends on both Internet topology
>> and also what deals they've done.
>>
>> In scenario two, they do that plus also run some relays. They have to
>> deal with all the red tape of deploying and operating real-world things
>> on the Internet, and the risk that they'll do it wrong, somebody will
>> notice, etc. And the benefit is maybe a few percent increase in what
>> they can watch.
>>
>> Why would they choose scenario two?
> Geographic reach.  In order to observe exit and entry nodes that are not within the coverage footprints of the telcos with whom they have special relationships.

1) Rent VPS with CC that doesn't connect back to the agency (or hell, 
generate some Bitcoins
on a rig somewhere and pay with those)
2) Run patched version of Tor for relay or exit node that leverages Tor 
to phone home without disclosing "home"
3) Repeat

Anyone outside of the VPS and the attacker cannot know whether that 
relay/exit node
has been patched.  Now just work with the NSA's equivalent in the 
country of the exit node
to make sure the VPS remains unaware of any shenanigans (and why 
wouldn't they?).  If
they do see something weird happening from the patch and make some noise 
about it
then just gag them as the Guardian reports show they are quite good at 
doing.

Roger-- how exactly would you check to make sure something like this 
scenario isn't
happening?

-Jonathan

>
>                                  -Bill
>
>
>
>
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130807/9d987539/attachment.html>

More information about the liberationtech mailing list