Delivery-Date: Thu, 18 Sep 2014 10:30:40 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4EA101E0B9F;
	Thu, 18 Sep 2014 10:30:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6AF6C240A0;
	Thu, 18 Sep 2014 14:30:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AFDFC23F84
 for <tor-talk@lists.torproject.org>; Thu, 18 Sep 2014 14:30:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0fD5QwGurB0C for <tor-talk@lists.torproject.org>;
 Thu, 18 Sep 2014 14:30:28 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7A18221FF9
 for <tor-talk@lists.torproject.org>; Thu, 18 Sep 2014 14:30:28 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 777C351A05
 for <tor-talk@lists.torproject.org>; Thu, 18 Sep 2014 07:30:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1411050625; bh=aH91p+d6c8LPYu2x9JZdIsEVep5FjIdQMqZ8gxirp9k=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=HOLSPGaKP4GCQgaoEMw63gHKPpMj67oXdUSWwJs7/itd/K53BH8RrF0EyAQSDo07D
 2wpCQttVEyZ2rQoRun8c66ncEd9mcaEwogg9q1Isr428kjhUvX675/j/8xQF6wpb5i
 V9LMX93J1yo3Qim85NTmXl4eYAgPKfwZD0sRsrVE=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: tedks) with ESMTPSA id 25BDF4288D
Message-ID: <1411050624.21331.14.camel@anglachel>
From: Ted Smith <tedks@riseup.net>
To: tor-talk@lists.torproject.org
Date: Thu, 18 Sep 2014 10:30:24 -0400
In-Reply-To: <20140918000733.GR5127@sescenties.(null)>
References: <156b8eed2e9dc784c15c238afc028330.squirrel@bitmailendavkbec.onion>
 <CAD2Ti29evbkQ5vRJxkEbx=L+hKypUsVdZY7aFuCkktXU=xMpsA@mail.gmail.com>
 <1410994840.10492.7.camel@anglachel>
 <20140918000733.GR5127@sescenties.(null)>
X-Mailer: Evolution 3.10.4-0ubuntu2 
Mime-Version: 1.0
X-Virus-Scanned: clamav-milter 0.98.4 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] wake up tor devs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7522893783426710583=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============7522893783426710583==
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature"; boundary="=-jEUYbISZlB2oOIGWo4bC"


--=-jEUYbISZlB2oOIGWo4bC
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2014-09-17 at 17:07 -0700, Seth David Schoen wrote:
> Ted Smith writes:
>=20
> > There's a reason why the NSA has "Tor Stinks" presentations and not
> "I2P
> > stinks" presentations.=20
>=20
> I don't know of a good basis for estimating what fraction of NSA's
> capabilities or lack of capabilities we've learned about.

It's not perfect, but using the available information is all we can do.
Absence of evidence *is* evidence of absence, though it isn't proof of
absence.=20

Further, i2p just isn't worth that treatment because it's shoddily
developed by a handful of underfunded developers and it has a totally
untested security model. Tails *just* got burned by i2p and wisely
disabled it.=20

All complex systems have bugs, and finding those bugs is a function of
the aggregate intelligence of your developer base. Unless you can argue
the 5 contributors to i2p are geniuses, then there's no way i2p has
fewer bugs pound for pound compared with Tor. Tor just has way more
intelligent people hard at work both on the code and the theory.=20

To further drive this home, here are other things I'd expect to have
happened if i2p was somehow better or even equivalent to Tor:=20

      * i2p should have attracted academics to the low-hanging fruit of
        showing their unique routing system correct
      * i2p should have attracted developers to the relatively popular
        project of helping defeat censorship and protect privacy (there
        are probably an order of magnitude more Java developers than C
        developers, so i2p even has an advantage here!)
      * i2p should have hosted security-critical sites like the Silk
        Road
      * i2p should have been used by botnets for c&c
      * i2p should have been mentioned in some leak from some shadowy
        security agency
      * The major selling point of i2p should be "proven security over
        alterantives" rather than "developed by anonymous people and not
        funded by the american government", which are secondary rather
        than primary advantages of the software and are respectively
        entirely uncorrelated and only weakly correlated with the
        security of the software

None of these things have happened, and while there are alternative
explanations, one simple and probable explanation is just that i2p isn't
as good.


> I think that's only approximately or indirectly true of people working
> in an organization like NSA or GCHQ.

This is nonelethess a good point and something I'll remember.

--=20
Sent from Ubuntu

--=-jEUYbISZlB2oOIGWo4bC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAABCgAGBQJUGuyAAAoJEKaCJLFA4NfCkcAP/Rcec8iIqtl8u4S98IepXxea
84/8C3PfIxXT9Mva5cWtcUwV3sNIqZvJzw5C3gsiqDRJJW3vhw88NEbMGVzG6ThE
zKOErw0uNiZP6FCqKMvcR/bZ01kpVKVhxLOmGxPl3S4BlIeFxU3NUplSY7idPoYG
LKcxZRWvBfySozLQbog8SmCoDM7WLCs1IhtozzE6FqGq/YXfaLqzhiV1e66Gke/E
hzcHHjUYmCpBEIRyoS0C0mUWN3+YYYDtDBdKLqUSuIf0G+QtizFdh9n5dgKL7cCV
Od1Hl0DOcvWJfDTuZfwTc/ecptQdjOcHMCNLCu3CBn1ChY1ZnsGmzfREcXprvgRc
fq0AokBoS9KtM3VjN320Q219zjyu0Tm2IExPvRuhHzQ9/cy6nvHIqQ14IId/4zUV
35Gahgh14pBkgTOMz5gM+elRGLW23RI8kZxJLhHwpAbPQmpMOG5VeQOY3A8+ykmZ
1zhbWJhqnlbRa03A2mW20jpEX2p0+0/9GpYYhy9kwi7sKa0bSCXZjxGPa400rj/J
Ul9eBWzjVffk6n96x9yIk8bXdDQ2gfvXSp+lA6WEcHd3sxRbobYIjMh40j00L3ik
gH4YRhjniMJH7TUTuQpH83kHOoiNsAfz67OXwiOzJkfDTpH4dd9caXpeInNDreqv
9DNu2y+DM0qFjYmGYRa8
=FX6/
-----END PGP SIGNATURE-----

--=-jEUYbISZlB2oOIGWo4bC--


--===============7522893783426710583==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============7522893783426710583==--

