Delivery-Date: Thu, 25 Jun 2015 12:56:28 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3F7791E0659;
	Thu, 25 Jun 2015 12:56:26 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 09D473654F;
	Thu, 25 Jun 2015 16:56:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E555636547
 for <tor-talk@lists.torproject.org>; Thu, 25 Jun 2015 16:56:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Yum1etRt-afH for <tor-talk@lists.torproject.org>;
 Thu, 25 Jun 2015 16:56:18 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id C1DB8364E9
 for <tor-talk@lists.torproject.org>; Thu, 25 Jun 2015 16:56:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=9PpHYf626n+Y5ioNKNrQ1176hIpk0ENymwJNV8KXIZU=; 
 b=2vFjKj1TbJGkIgGUEszz+B0W+1iK4JQyVsGg/3e/lZMGIW39Cj//iR+73E4un/eIsyjMOOYN1g7Q4KxhqmR3LmKs/yrD4jrt6Zn5sRcOHMxB7m/kreZFa0fReLu5jVEEFAAm0TvNwB5q8IK+iVAXunjljPwbKrxfUTuQvWp3kOU=;
Received: ; Thu, 25 Jun 2015 09:56:12 -0700
Date: Thu, 25 Jun 2015 09:56:12 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150625165612.GZ15647@mail2.eff.org>
References: <mailman.15.1435147202.25282.tor-talk@lists.torproject.org>
 <20150624141603.34599E04C5@smtp.hushmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20150624141603.34599E04C5@smtp.hushmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] Is this still valid?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

U.R.Being.Watched writes:

> http://www.deseret-tech.com/journal/psa-tor-exposes-all-traffic-by-design-do-not-use-it-for-normal-web-browsing/

There are some mistakes in the article -- for example the notion that
Tor "was built for a specific purpose, which was the circumvention of
restrictive firewalls" like the Great Firewall of China.

If you read the original Tor design paper from 2004, censorship
circumvention was actually not an intended application at that time:

https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

("Tor does not try to conceal who is connected to the network.")

That has subsequently changed, the project adopted anticensorship uses
as an additional goal, and nowadays Tor does sometimes try to conceal
who is connected to the network, when they ask it to.  (Sometimes this
succeeds against a particular network operator, and sometimes not.)

But the original design goal was privacy in a particular sense, and
not censorship circumvention.

My colleagues and I made an interactive diagram a few years ago to try
to explain the same concern that this article presents.

https://www.eff.org/pages/tor-and-https

One part of it is that if you use Tor without additional crypto protection
to your destination (like HTTPS), a different set of people can eavesdrop
on you than if you didn't use Tor at all.  That's definitely still
true and is always a basic part of Tor's design.  You might think those
people are better or worse as eavesdroppers than the nearby potential
eavesdroppers.  The faraway eavesdroppers might be more organized and
malicious about it, but they also might start out not knowing who you are.
Whereas the nearby eavesdroppers might physically see you, or have issued
you an ID card, or have your credit card.

As we thought when we made that diagram, probably the best solution for
this is more and better HTTPS.  At some point (which may already be in the
past), it might even be a good idea for Tor Browser to refuse to connect
to non-HTTPS sites by default, although that might be a difficult policy
to explain to users who don't understand exactly what HTTPS is and how
it protects them, and just see that Tor Browser stops being able to use
some sites that Internet Explorer can work with.

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

