Delivery-Date: Fri, 14 Nov 2014 20:38:08 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 1C6221E0EA7;
	Fri, 14 Nov 2014 20:38:07 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2AC1B31A84;
	Sat, 15 Nov 2014 01:38:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9978C31A6A
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 01:37:57 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id CdFsFzvIa9Xt for <tor-talk@lists.torproject.org>;
 Sat, 15 Nov 2014 01:37:57 +0000 (UTC)
Received: from mail-vc0-x230.google.com (mail-vc0-x230.google.com
 [IPv6:2607:f8b0:400c:c03::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 591EA31A1F
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 01:37:57 +0000 (UTC)
Received: by mail-vc0-f176.google.com with SMTP id la4so4183943vcb.7
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 17:37:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=uRXr1vIPJUAPqh+5asOvJpnPlhLL5DzTzTNHIjx6F8A=;
 b=t0aSAPvDaHBc+WvIGwGtoGqEwLOR3vtMOpVQeLu3HzGdlI7KPX3qFRbvv3Swyy+8W2
 N801Vc6/OBdgvV7k17zlW6b4f29Dk2LS9DEFT79IoSBxIkTqSV4m0w99h6AN9QTwL+Ny
 J52heugKceiB9QKq5IpwgbwczVXQ4E59n/WQpklVaGE5DYnzXkyD9JEMk7xyIeFmjOkR
 4XzUFNiDfMFdey489l32A3nYw11aWNbvaIvdMzPsrm+v6ik3n/0jyyQWMjIjkmSYqd78
 iBlESACg83XU9pqscWvjPTuoOzZswQMQSKcoJDNc6ggxMDthR41l/NVURUj3AtyLmrV+
 xMIQ==
MIME-Version: 1.0
X-Received: by 10.220.11.68 with SMTP id s4mr9235075vcs.15.1416015474936; Fri,
 14 Nov 2014 17:37:54 -0800 (PST)
Received: by 10.221.64.74 with HTTP; Fri, 14 Nov 2014 17:37:54 -0800 (PST)
In-Reply-To: <20141115004241.GB44443@moria.seul.org>
References: <CAD2Ti29P2sRYqq8eRASTAnx4Q6x+G208DnA-dPPBHqSLQP2AAA@mail.gmail.com>
 <20141115004241.GB44443@moria.seul.org>
Date: Fri, 14 Nov 2014 20:37:54 -0500
Message-ID: <CAD2Ti28oQO8mAgingFLU-+QF6Y6ALy7-+JowBD6Ts6MPJC36Mw@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Netflow analysis breaks Tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Nov 14, 2014 at 7:42 PM, Roger Dingledine <arma@mit.edu> wrote:
> On Fri, Nov 14, 2014 at 06:20:16PM -0500, grarpamp wrote:
>> Professor Sambuddho Chakravarty, a former researcher at Columbia
>> http://thestack.com/chakravarty-tor-traffic-analysis-141114
>> https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf
>
> I put up a few pointers here for readers to get up to speed:
> https://blog.torproject.org/blog/traffic-correlation-using-netflows
>
> There sure are a lot of things going on in Tor-land these days, but I
> don't think this has much to do with any of the other recent stories.
> Rather, some journalist thought this would be a great time to drop
> another story.
>
> In summary, it's great to see more research on traffic confirmation
> attacks, but a) traffic confirmation attacks are not a new area so don't
> freak out without actually reading the papers, and b) this particular one,
> while kind of neat, doesn't supercede all the previous papers.

'Tor Stinks', well yes, both in:
- how hard it is to for adversaries to attack using certain methods
- how poorly it defends against other methods of attack

If your threat model is the former, use with confidence.
If your threat model is the latter, stop using it.

[Of course there's a broad middle area too.]

I'd suggest it's entirely appropriate to freak out whenever any
attack appears that forces you to transition from the former category
[closer] to the latter. Particularly if it can be applied ex post
facto, such as through analysis of recorded traffic.

The piling on of similar papers may be redundant, but the message
regarding particular threat models is not.

Even with attacks with relatively high false positive rates that
also have a much greater true positive rate, adversaries in places
that don't have restrictions on such errormaking will simply round
everyone up. In that sense, they are valid messages too.


Speaking of what stinks and what can be used, where, and against
what...

Tor does a lot of research, it should put up a simple checklist
matrix page for that... attacks and uses it's good for, and those
it isn't. Link it to relevant sets of papers. And include in the
matrix comparisons to other projects like Freenet, I2P, Retroshare,
mailmixes, etc. The anonbib's of the various projects are good for
developers, but users need to see a much simpler one page matrix
on a wiki. No reason other projects can't contribute there as well.
Giving and taking comparisons is part of doing it better.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

