[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] FBI cracked Tor security
-----BEGIN PGP SIGNED MESSAGE-----
On 07/18/2016 07:33 AM, Jon Tullett wrote:
> On 18 July 2016 at 14:57, Mirimir <firstname.lastname@example.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>>> Haroon Meer, who I greatly respect in the security space,
>>> describes UX complexity in terms of his mum. As in, "could my
>>> mum do this?" and if the answer is no, it's too complex for the
>>> average user. I like that.
>> His mum probably shouldn't be using Tor.
> Why not? Are you able to say with certainty that they are not at
> risk and shouldn't be using Tor? Sounds like a risky assumption.
> Not that it's applicable here, but activists' families are not
> uncommonly at high risk. I'd caution against assuming you know
> someone's risk profile better than they do. And that, in a
> nutshell, is why I don't think Tor should be making such an
> assumption in its recommendations to users in general.
Giving clueless folk an illusion of safety is arguably bad.
>>> It's probably far more meaningful to help users understand
>>> that spectrum, self-assess where they fall on it and what their
>>> risk profile may look like as a result, and pointers to
>>> resources which would align with that.
>> That sounds good to me. Except that there's nothing on the Tor
>> Project site about Whonix, and virtually nothing about
>> proxy-bypass leaks.
> Why should there be mention of Whonix? It's an independent
What about <https://www.torproject.org/projects/projects.html.en>?
> Proxy bypass, maybe, but that's in there with all the other
> potential risks, and again, Tor can't document all of them.
Tor Project has made a huge deal over the PlayPen pwnage. Demanding
that the FBI release information about its NIT. But they can't be
bothered to actually explain how users could have been protected?
> I think we agree that we'd like to see more documentation, we just
> aren't agreeing on how much more. Me, I'd like to see them
> document threats a bit more with links to discussion and solutions.
> You'd like them to be a great more specific in one particular
> direction. Ultimately, as I've said before, that balance is one the
> Tor maintainers decide, and presumably they don't do so
It's not just "one particular direction". It's the vulnerability
that's arguably compromised the most people. Or maybe second only to
the relay early exploit, which they did patch eventually.
>>> "Just use VirtualBox and Whonix" is not meaningful advice. It's
>>> a great fit for a very specific subset of users, but many (I
>>> would guess "most") users are not in that subset, and for
>>> everyone else it'd just be some combination of confusing,
>>> overwhelming, unnecessary, or insufficient.
>> I'm not arguing that all Tor users should use Whonix. I'm arguing
>> that the Tor Project ought to mention that as an option.
> Why Whonix and not Tails? Why not any other tools?
Tails is on <https://www.torproject.org/projects/projects.html.en> but
not Whonix. Why is that?
> That's a rhetorical question - I'm sure there are pros and cons
> either way and it could be argued at length without conclusion. I'm
> not convinced Tor should be promoting either; same way I'm not
> convinced Tor should be promoting any specific tools. There will
> always be others, and they may be better suited to users depending
> on their circumstances.
Sure. Except that proxy bypass has been a major fail. Do you disagree?
>>> The key question to you, as someone advocating that specific
>>> toolset, would be: for what type of user is VirtualBox+Whonix
>>> the optimum solution, and how would Joe Random identify if he
>>> is that sort of user?
>> 1) Specify how much ones time is worth: X USD/hr.
> Why is money relevant? Where do you live, that freedom and torture
> is measured in $/hr? :)
Because I'm a anarchocapitalist ;)
Make it qualitative, if you like.
>> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y
> Again, why is cost the metric? It's relevant for a narrow subset
> of users in a Tor context, and a broader subset in a general
> security context, but I don't see the relevance here.
> Even if it were relevant, you've just asked a potentially
> technically-incompetent user to conduct a very complex risk
> analysis. A lot of CIOs can't do an accurate risk assessment, but
> you want Haroon's mum to do it?
It's not complex.
If there are no substantive risks, use Tor browser. If being pwned
will be a life-changing event, at least use Whonix.
>> 3) Divide Y by X to get time investment justified to avoid
> 3.1. Is that a meaningful number to anyone? What does it mean? What
> is the ratio above which Whonix is the remedy for all my ills? What
> do I do if I'm below it? Does it know about exchange rates and cost
> of living? What about...you get the idea. Meaningless calculations
> give meaningless conclusions.
My point is that a few days of study and work is justified for anyone
who faces substantive consequences from compromise.
> There must be lots of better ways. For eg, I would guess that a
> risk flowchart would be pretty effective. A short series of "Are
> you concerned about X?" questions would easily infer a risk
> profile, which would map to suggested tools and behaviours. For
> example: "Law enforcement authorities are known to attack [link to
> explanation] Tor users by compromising servers on the Tor network.
> Are you concerned about this type of attack?"
A few years ago, I wrote
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
tor-talk mailing list - email@example.com
To unsubscribe or change other settings go to