[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Building a new Tor that can resist next-generation state surveillance

Subject: Building a new Tor that can resist next-generation state surveillance
From: jnn at synfin.org (John Newman)
Date: Sun, 19 Feb 2017 07:32:14 -0500
In-reply-to: <CAD2Ti2_MZEwyVg1j2=HxLpC0jNyjbMWEd_xuZokXi-FL6ME24w@mail.gmail.com>
References: <CAD2Ti2-GosBLqsR-NC-frcG+X68h+3AW9JuNm+oesJRQ=xn44Q@mail.gmail.com> <CAD2Ti2-n2x+F_DU5B_Lb_a8UpUbkf1ti7gh2eycm=pRKzDtE2w@mail.gmail.com> <[email protected]> <CAD2Ti2_MZEwyVg1j2=HxLpC0jNyjbMWEd_xuZokXi-FL6ME24w@mail.gmail.com>


> On Feb 19, 2017, at 12:59 AM, grarpamp <grarpamp at gmail.com> wrote:
> 
>> On Fri, Feb 17, 2017 at 3:42 AM, Eugen Leitl <eugen at leitl.org> wrote:
>> Anyone here able to evaluate the merits of the proposed new architectures?
> 
> There are some websites out there listing / ranking overlay
> networks in tickmark feature and buzzword bingo tables.

Got any links you recommend for this?  (i haven't googled it yet..)


> I don't know of any project actually sitting down to brainalyze
> their overall design and operation at any level of depth.
> ie: "We kinda know what tor's doing with it's routing, and
> how to break it or not, now what about network x's routing."
> The sites just tick off 'uses onion / packet / garlic / mix routing',
> 'uses crypto x', etc, as found on the parent project website
> and that's it.
> 
>> Or do we have to wait for the proof after pudding is served?
> 
> Tor has been serving pudding for years, and has a small but
> relavant number of whitepapers outstanding against it, at least
> a few of which range hard to unfixable outside of architecture.
> Every tool will have some weakness somewhere, some you
> can live with or fix, some you can't.
> 
> Guessing that today's biggest ignored threats to overlays are:
> 1) GPA's and GAA's, operating at the wire level.
> 2) Who exactly is running the network nodes.
> n) What else ???
> 

I think it's healthy that at least that everyone is aware tor has these weaknesses, and if a GPA wants to find you, they probably will..

What concerns me are possible weaknesses that fall under your "What else?" category, although /hopefully/ there isn't a lot to that, with all the effort that has been put into showing  tors weak spots. What also concerns me is - are the developers actually engaged in new ideas to address #1 and #2, or are they more worried about the browser bundle??


> If that's reasonable, then any project trying to address
> these should get a closer look.
> 
> There also needs to be some project doing serious
> digging into disappearances, shutdowns, and court
> cases, working the darknet forums and lawyers and
> dockets, looking for any unexplainably dead canaries
> arising from each active overlay network.
> 
> Reviewing designs... designing against threats... tracking proof...
> three areas. Do it, get funding, make yourself a star.

References:
- Building a new Tor that can resist next-generation state surveillance
  - From: grarpamp at gmail.com (grarpamp)
- Building a new Tor that can resist next-generation state surveillance
  - From: grarpamp at gmail.com (grarpamp)
- Building a new Tor that can resist next-generation state surveillance
  - From: eugen at leitl.org (Eugen Leitl)
- Building a new Tor that can resist next-generation state surveillance
  - From: grarpamp at gmail.com (grarpamp)

Prev by Date: [Cryptography] HSMs or Intel SGX? Which is harder to hack?
Next by Date: Building a new Tor that can resist next-generation state surveillance
Previous by thread: Building a new Tor that can resist next-generation state surveillance
Next by thread: Building a new Tor that can resist next-generation state surveillance
Index(es):
- Date
- Thread