[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dead links to blog.torproject.org and the Streisand effect

Hash: SHA1

On 02/03/2017 06:47 AM, Georgi Guninski wrote:
> Why are Tor deleting their own pages on blog.torproject.org?
> They have something to hide, lol?
> From @Kinney's domain, near end: 
> http://pilobilus.net/comsec-101.html |See How to handle millions
> of new Tor clients on the TOR Blog. 
> https://blog.torproject.org/blog/how-to-handle-millions-new-tor-client
This returns Page Not Found for me.

Well isn't that nice?  Dropping content relevant to the TOR Project's
hostile and abusive workplace environment is one thing.  It indicates
grossly incompetent management, defending itself by bold malfeasance.
 The project's commitments to supporting "human rights" and
"transparency" stand exposed as empty posturing.  If the TOR Project
was going to correct deficiencies in its corporate culture, they would
have at least made a start by now, but nope, that's off the table.

> Still alive on archive.org: 
> http://web.archive.org/web/20131010204046/https://blog.torproject.org/

heard tell that the Archive is getting a mirror site in Canada.
That's a Good Thing.

So I just updated the article in question.  The bits relevant to the
security and otherwise of the TOR network now say:

TOR SECURITY ISSUE - Posted September 6, 2013: The TOR Network is
apparently under attack from a large scale actor who presently owns
3/4 of the client nodes in the TOR network. Until proven otherwise -
or the attack stops - it must be assumed that a major State actor
(most likely the U.S., Israel, China or Russia) may be able to
identify nearly all TOR users and match their IP addresses to their
exit node traffic. The TOR Project believes that this attack is the
work of an ordinary Windows botnet, and they may be right. See
[hyperlink] How to handle millions of new Tor clients [/link] on the
TOR Blog.

[ begin new content ]

TOR SECURITY ISSUE II: On 2/3/2017 I learned that the article
describing the above security issue has been removed from the TOR
Project's website. A copy of the missing page is avaialble at
archive.org, follow [ hyperlink ]this link [/link ]. The TOR Project
maintains that "transparency" is one of its greatest strengths, so the
disappearance of important technical information with a direct bearing
on the security or otherwise of the TOR network is cause for grave

Is the missing page a result of a random error by a person working in
a toxic, abusive corporate environment? Very possibly. Public
statements from the TOR Project, and dissenting statements from
individuls inside the TOR Project, paint a picture of gross
malfeasance in personnel management and vicious personal vendettas run
rampant: See The Crucifixion of IOError for an introduction to the can
of worms that ate the TOR Project. But disappearance of vital
historical information relevant to the security and otherwise of the
Onion Routing network could also be something worse: An attempt to
remove data necessary to accurately estimate the Onion Routing
network's baseline security. Any way I look at it, I come to the same
conclusion: It's time to downgrade estimates of the security provided
by TOR - again.

[ end new content ]

Even if one makes the most pessimistic assumptions, TOR remains
useful. It will continue to punch through school, corporate and even
national network firewalls. TOR negates surveillance by network
service providers and makes users effectively invisible to
surveillance and profiling by corporate actors. TOR will continue to
reliably protect wireless connections at public venues from
eavesdropping or manipulation by J. Random Hacker. But TOR users who
have reason to believe that the NSA or another State actor would ever
actually do anything with information collected about their
TOR-cloaked activities, such as share it with a law enforcement agency
or hostile government, or deny/revoke a security clearance, should
adjust their security model accordingly.


Version: GnuPG v2.0.22 (GNU/Linux)