Delivery-Date: Sat, 13 Dec 2014 16:57:30 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FORGED_YAHOO_RCVD,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 37CD41E1050;
	Sat, 13 Dec 2014 16:57:29 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D862632091;
	Sat, 13 Dec 2014 21:57:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9AA493208F
 for <tor-talk@lists.torproject.org>; Sat, 13 Dec 2014 21:57:21 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id GRaR_RQvzq-8 for <tor-talk@lists.torproject.org>;
 Sat, 13 Dec 2014 21:57:21 +0000 (UTC)
Received: from nm32-vm4.bullet.mail.bf1.yahoo.com
 (nm32-vm4.bullet.mail.bf1.yahoo.com [72.30.239.140])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 7B92D3208E
 for <tor-talk@lists.torproject.org>; Sat, 13 Dec 2014 21:57:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1418507839; bh=oh8TTYorT8pZzrrU3XovOYHNEsWj2+fPepgCRXpBNYc=;
 h=Date:From:To:Subject:References:In-Reply-To:From:Subject;
 b=L5kcHztzTTj5n1vybxH7uvKDhbvOusMSpKOZH4cpFVoM4x6vpVC4XuywAtQWxnc7REmp1bd7Ml2jbVYbWrFfAhDfmjo3i7hHmwMlj8dQkohOnwD6OcpCnV+ttkfQH4X+yNDpNG4rwWfDPZlAf8xSeXT8AFb3w+bTfMUdZTm/DtZV9hWoOsGkz4gnCWybTOqZUQFEHRa4Imz6cJtAcHz0Vyf8lNZFwqKOb++xutuVMZPiXdUoavjfCOSsyhM2FMVCpcBeLy10MiWsbLJ5LFkv1Dnvb31/funzh7lesMzqdzfHbnOI/z1D8JyORq/UKBL3njlBMOu+cWN9TKCpb+444w==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com;
 b=bfh+TJL1EV/xJ1GVMt3TXP54+w6cAVoX03RTWe2YEVYO5T/o20tykDu/oWQpf+XLtPtoNV+kmYS5q1Xlr3na0Kb3n1ff3dOH2pXsyrvIpj5/HCemxQ8ekvUlH7kHj63m6xzJ2gDi9EX+eUNB+jckjej8JBMy0YB86Z1lJzumJj/VoM12/4IN10H/sjGZib8hRdEoOrtsS/covfad7zZK5gZYQTKZOgR/+AIq29U8UydWDssUrNg11Pcqt7oNcAyB4bakng1noCZSw4wfmHdjytx39FmiA5MpYJ2VN95ctzH3kjhM5WZlISZ21Vqj3+NOeblSQWJcb1Vs0wQjcR5JsA==;
Received: from [98.139.215.142] by nm32.bullet.mail.bf1.yahoo.com with NNFMP;
 13 Dec 2014 21:57:19 -0000
Received: from [98.139.211.207] by tm13.bullet.mail.bf1.yahoo.com with NNFMP;
 13 Dec 2014 21:57:19 -0000
Received: from [127.0.0.1] by smtp216.mail.bf1.yahoo.com with NNFMP;
 13 Dec 2014 21:57:19 -0000
X-Yahoo-Newman-Id: 132215.35919.bm@smtp216.mail.bf1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: ke7Dee4VM1nXlwGhHmDIes9eESVC_7MfMqI6QEWZtxTBPSV
 QpyypX7GAdY31vp9Bf.hgUf62MVKvus9yQGYP_Qg1gy5yCvpQJlw8zbGQjw6
 KwvS28RM_XS4T9lLyxLBrBYtV56PhrKgjVpOFQj.EHUCqYuAJLm.l25qRo7.
 kPzyQOe88v6510_HM3etHBJUwnPh050PBLR.n7zLrApIEz3hYfkcJtkiws7h
 P9gTxMcIPjxYqB5NslpqK6qmUfjxKEsZ0H30lFG0hfLXh2q5TzhEf5Czlo0D
 D2HL8FnDb0mgb6xlcjNvEomswBlKkn50M.RPsCSH3OR3kqLtzYICV.pam7uX
 grimBPbAkf6.qHS1R1mCE87EcI5K.Mh9u4cBAoIEonjgotI5CZsEiYqgHFL3
 dQTb0M9VjbFK5MG3d7HnMSjQ4JPNphu1uVIoCwpqB4nHbcXl4Thwk4rhL_F3
 KnEItGQlnu7pEcqi_Zb3RIzu5JxzeJaWa46kcjQwTzvLvEx4bLS7K0guThZj
 R2icMqKIlKDeI6rhuZGjrbcqt4AfMF7lFaYU1n7wBvWucFZghLKx_LQXYkVT
 nQcdPK4TIT_SsbDsMQPC4Ol0G2j8kNl8ciDflYYiPtw--
X-Yahoo-SMTP: 2naF56eswBDuYDy9JW2WHf3pncV9
Message-ID: <548CB63C.1090006@yahoo.com>
Date: Sat, 13 Dec 2014 16:57:16 -0500
From: Jonathan Wilkes <jancsika@yahoo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20141211220732.GG34412@moria.seul.org>
 <CAAS2fgTNWCJcdOq6nd_XJC2e=iPCRxk-a4kiOgxQFnQ+2K8Ahg@mail.gmail.com>
 <20141211223234.GH34412@moria.seul.org>
 <548b322b.0480e00a.1143.ffffb753@mx.google.com>
 <20141212192012.GI34412@moria.seul.org> <548C854C.6070804@yahoo.com>
 <548C9BB6.9060506@riseup.net>
In-Reply-To: <548C9BB6.9060506@riseup.net>
Subject: Re: [tor-talk] Tor and solidarity against online harassment
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 12/13/2014 03:04 PM, Mirimir wrote:
> On 12/13/2014 11:28 AM, Jonathan Wilkes wrote:
>> On 12/12/2014 02:20 PM, Roger Dingledine wrote:
>>> On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote:
>>>>> You might like
>>>>> https://www.torproject.org/docs/faq#Backdoor
>>>>>
>>>>> We won't put backdoors in Tor. Ever.
>>>>      LOL!
>>>>
>>>>      You work for the pentagon and are subjects of the US state.
>>>>
>>>>      The US government has secret 'courts'  and secretly forces its
>>>>      subjects to tamper with all kinds of 'security'  systems, in the
>>>>      name of 'national security'.
>>>>
>>>>      Whatever public declamations you make carry very little weight.
>>> Hello Mr. Tor hater,
>>>
>>> We get funding from a variety of groups, including US government groups.
>>> We do not "work for the pentagon" but that is a separate discussion and
>>> it shouldn't derail this one.
>> Hi Roger,
>> I'm afraid you're going to continue to hit up against this criticism for
>> the foreseeable future, for the following reasons:
>> 1) The NSA's betrayal of trust on the internet (and its standards) have
>> all but removed good faith from the equation in the minds of a lot of
>> people
> Yes. It seems that the NSA is aiming to compromise everything. So why
> should Tor be exempt? But as others have noted, Tor software and the Tor
> network are open to public inspection.

Yes, with two caveats:
* only people with sufficient expertise in network security will audit 
the system in any meaningful sense
* it excludes the people with sufficient expertise who are under 
contract _not_ to release the results of their audit or knowledge of 
exploits to the public

>   Individual relays, of course, are
> not. The NSA and other adversaries can easily participate.
>
> However, Tor is by design a Chaum-style network of untrusted nodes. As
> long as one of the three nodes in a circuit is honest, users remain
> anonymous. Even simultaneous attacks by non-colluding adversaries can
> protect users' anonymity. In order to avoid detection, malicious relays
> tend to behave at least somewhat like honest ones. So as long as enough
> attackers aren't colluding, they help protect users against each other.
> That is very clever.

How does the assumption that enough attackers aren't colluding hold up 
against revelations about the tactics of the Five Eyes?

Either way, it turns out to be extremely difficult to explain that 
design feature to someone, much less a general audience.  And I don't 
mean "explain" as in they nod, "oh, right, that's neat."  I mean explain 
such that they can repeat the essence to someone else and still be 
technical correct in their description.

Because of that, and because of the toxic atmosphere wide-net 
surveillance has created, there are a lot of potential Tor 
users/relay-operators who bail on the idea before even getting to that 
technical description.  They're not conspiracy theorists-- they're just 
people who don't get excited about programming cleverness.  We can try 
to think of more metaphors for them, and make more and more 
precision-guided arguments against the "I-dont-wanna-help-the-bad-guys" 
meme.  But we have to remember that isn't nearly as effective as, "you 
can use Network B run by this other group, and it works in a similar 
way," or, "even Facebook is using it for location anonymity."

>
>> 2) practically speaking, Tor Browser Bundle _is_ private browsing mode
>> for the time being.  There is no other game in town (at least in terms
>> of usability and being gratis)
> There are also VPN services and the JonDonym network. It's true that
> they're not free, in a usable way.

Right.

>   It's also true that they're less
> anonymous, although JonDonym is arguably close. And of course, they
> can't be trusted.

Right.

>   However, they can readily be combined with Tor, in
> order to further distribute trust among untrusted nodes.

Tor remains a single point of rhetorical attack here.  How convenient 
that the government-funded overlay enters the flow-diagram once more! 
troll the trolls.  My point is that the effectiveness of that troll only 
starts to go away once it is Tor OR Software B that can be combined to 
distribute trust.

>
>> So someone looks on your resume and finds a summer at the NSA.  If the
>> wider free software community was adequately funded to sustainably
>> research and protect users privacy, that would be that. Tor would take a
>> temporary hit and Privacy Software B's website would temporarily see
>> more hits and development effort.
> Son las cosas de la vida ;)

Except when there isn't a viable usable free alternative, in which case 
the people choosing to steer clear of Tor most likely experience a 
decrease in privacy.  But as far as the dev effort tides, yes.

>
>> In the real world, however, there isn't a Software B.  It will be a long
>> time before even a Debian user can apt-get install and easily use
>> Gnunet.  Non-technical users see a world of NSA surveillance and a
>> single usable, well-maintained piece of software available for anonymous
>> browsing run by people funded by the U.S. government. Conspiracy
>> theories flourish in that type of climate.  And until there are as many
>> (effective) private browsers competing with each other as there are
>> normal browsers, these kinds of attacks will continue to be (at least
>> somewhat) effective.
>>
>> Anyway, for those who are willing to listen to a little reason and live
>> in a country where encryption isn't illegal, here's a Pascal's wager for
>> Tor Browser Bundle use:
>>
>>                          Something to hide    Nothing to hide
>>                          -----------------    ---------------
>>
>> Tor is a honey-pot:     Tor use is BAD       Tor use is No worse than
>> not using Tor
>>
>> Tor isn't honey-pot:    Tor use is GOOD      Tor use is GOOD
> Well, it depends on who you're hiding from, and whose honey-pot Tor
> might be. But the focus here is the NSA. So, worst case, using Tor is
> bad if you're hiding from the NSA. But really, only fools think that
> simply using Tor is enough for hiding from the NSA. You need a
> multi-layered approach. I write a lot about this.

I write this restatement of the wager mostly for the people who have 
nothing to hide.  "I've got nothing to hide, so I might as well take a 
dip in the anonymity pool."

>
>> Of course this doesn't work if Tor use simply lands you in jail, or gets
>> you disappeared by government agents.  But if that is the case you have
>> much bigger issues to deal with than private browsing.
> Right. Escape might be the first priority.
>
>> -Jonathan

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

