Delivery-Date: Mon, 30 Jun 2014 02:26:32 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 31A391E08C3
	for <archiver@seul.org>; Mon, 30 Jun 2014 02:26:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 674A12FBA1;
	Mon, 30 Jun 2014 06:26:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2CA512FB02
 for <tor-talk@lists.torproject.org>; Mon, 30 Jun 2014 06:15:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id wWyISK0M6kRf for <tor-talk@lists.torproject.org>;
 Mon, 30 Jun 2014 06:15:55 +0000 (UTC)
Received: from mail-qc0-x22c.google.com (mail-qc0-x22c.google.com
 [IPv6:2607:f8b0:400d:c01::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0820D2F41D
 for <tor-talk@lists.torproject.org>; Mon, 30 Jun 2014 06:15:55 +0000 (UTC)
Received: by mail-qc0-f172.google.com with SMTP id o8so6656435qcw.3
 for <tor-talk@lists.torproject.org>; Sun, 29 Jun 2014 23:15:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type:content-transfer-encoding;
 bh=6kd3JKqneI59Wp5qYD9jMUOL7y3uFVrbi1v4VH+bzgc=;
 b=eF6ehmN0JdHK8M+n1gZxPhanjvYKLjtyVALiZKJUIz+A1vM3SZ1oR10gh53LfwWqA7
 9+hpi3O2qzjhuRwYw6KNvLd8Gg8F/qRDIaQxYUgHqf+eOPpQFHqpFr5cAWnjSTL8Y9Wx
 NRnD/w0bHg6GgcO3VXoUndb0hVr44NDPVWo65HgEVyo+cDnvxGc8+oHN2GeWZJRcGjEc
 qB+RYiPxvu2K0f82xm+dkoc3xxNHwh+q5Qv23frQ3XT+3GyMFaqBSUH2aVTn1WBP75S0
 V9THkTKXigvpd85Nk3bQgetbt46EtPP45djinpx4SeyK63+M12hucM0aY+qHOJ4D+gi1
 w7Bw==
MIME-Version: 1.0
X-Received: by 10.224.169.20 with SMTP id w20mr57061490qay.2.1404108952714;
 Sun, 29 Jun 2014 23:15:52 -0700 (PDT)
Received: by 10.96.179.232 with HTTP; Sun, 29 Jun 2014 23:15:52 -0700 (PDT)
In-Reply-To: <DUB121-W43F2345CAFFFDA68EFB8A5C8050@phx.gbl>
References: <CAJVRA1Tydi5nB544ggjZM2BvPXC=zGr_8AReO0qP_pxQ3me4UA@mail.gmail.com>
 <CAD2Ti2_F_Zbt8uL5s=hNXaNapnof2KSOPZFVgN3B-qxp5JtQqA@mail.gmail.com>
 <CAJVRA1QzUniu3cLgqLitZR7tp4TchrqD+Ak_Os0Hrm2Oe9aScw@mail.gmail.com>
 <DUB121-W20A3812716DFD202050E82C81B0@phx.gbl>
 <20140627153801.0000732c@unknown>
 <CAJVRA1SWot6NxuTQp+KTYRz-f2HWy0S+N=CHRQ2aWgeX1j_5Lg@mail.gmail.com>
 <20140628111900.00000808@unknown>
 <DUB121-W272A32F9E91A912C390F4FC81A0@phx.gbl>
 <CAOsGNSRgZfy7Z5UgNeDR5pR1E4n2zkB2U9=2w8uQhUfw+C_Raw@mail.gmail.com>
 <DUB121-W1569A0B26038589393C77C8050@phx.gbl>
 <20140629123120.GG7408@moria.seul.org>
 <20140629182427.00004bd3@unknown>
 <CAJVRA1Rmky8cgEvdViQAAcJ1kFUzjQhCHqgsgP19c33-hbDWkQ@mail.gmail.com>
 <DUB121-W43F2345CAFFFDA68EFB8A5C8050@phx.gbl>
Date: Sun, 29 Jun 2014 23:15:52 -0700
Message-ID: <CAJVRA1T+vF-7oX6HC5d5UaBDpOrdSUCRjbUbX+cAFm_0S--DmA@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and
	Anonymity
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sun, Jun 29, 2014 at 4:53 PM, Mark McCarron <mark.mccarron@live.co.uk> wrote:
> ...
> We already know from the Snowden releases that the physical infrastructure for this is in place.  That it spans at least 33 nations covering all major fiber links.  Within the US, all traffic is copied verbatim at major exchanges.  In other nations, metadata can be shared to complete the picture.

this is just one part of a series of costs; how much raw DPI capacity
(it is finite)? how much memory/storage for backtrace to some hours
window? 30day window? how much engineering time (earth human hours) to
implement the collection, classification, and analysis of all flows in
daily time? in near-real-time (<60sec)? how is accuracy beyond doubt
identified? how much does additional accuracy in shorter time cost?



> We know that the physical infrastructure and regulatory frameworks are there, thus that must be going somewhere and as its metadata, that implies traffic analysis.
>
> So, its a patchwork model and the costs are spread across many nations and information sharing to isolate sites is policy driven.

you trivialize too much; over and under estimate.  justify the costs
you quantify in detail - what you throw around above betrays a lack of
understanding of the constraints of collection at global scale.


as i keep restating another way, no matter how many times you call it a cop out:
  if global traffic analysis against Tor is expensive, the ability to
pwn every endpoint with rare exception so cared about, using Tor or
not, is cheaper - your reasonable adversary will do that!
 ... more value for less money.

(this is perhaps one of the more interesting details to emerge across
the Snowden leaks - the technical constraints and evolution of the
offensive platform (TAO) and the scale (SSO/GAO) of the technical
processes (QUANTUM*/TURB*|TURM*) applied and where the most resources
are applied year over year.)



last but not least, please note that i am in Paris for the drinking
chocolate.  ;)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

