[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building a new Tor that can resist next-generation state surveillance




> On Feb 19, 2017, at 12:59 AM, grarpamp <grarpamp AT gmail.com> wrote:
> 
>> On Fri, Feb 17, 2017 at 3:42 AM, Eugen Leitl <eugen AT leitl.org> wrote:
>> Anyone here able to evaluate the merits of the proposed new architectures?
> 
> There are some websites out there listing / ranking overlay
> networks in tickmark feature and buzzword bingo tables.

Got any links you recommend for this?  (i haven't googled it yet..)


> I don't know of any project actually sitting down to brainalyze
> their overall design and operation at any level of depth.
> ie: "We kinda know what tor's doing with it's routing, and
> how to break it or not, now what about network x's routing."
> The sites just tick off 'uses onion / packet / garlic / mix routing',
> 'uses crypto x', etc, as found on the parent project website
> and that's it.
> 
>> Or do we have to wait for the proof after pudding is served?
> 
> Tor has been serving pudding for years, and has a small but
> relavant number of whitepapers outstanding against it, at least
> a few of which range hard to unfixable outside of architecture.
> Every tool will have some weakness somewhere, some you
> can live with or fix, some you can't.
> 
> Guessing that today's biggest ignored threats to overlays are:
> 1) GPA's and GAA's, operating at the wire level.
> 2) Who exactly is running the network nodes.
> n) What else ???
> 

I think it's healthy that at least that everyone is aware tor has these weaknesses, and if a GPA wants to find you, they probably will..

What concerns me are possible weaknesses that fall under your "What else?" category, although /hopefully/ there isn't a lot to that, with all the effort that has been put into showing  tors weak spots. What also concerns me is - are the developers actually engaged in new ideas to address #1 and #2, or are they more worried about the browser bundle??


> If that's reasonable, then any project trying to address
> these should get a closer look.
> 
> There also needs to be some project doing serious
> digging into disappearances, shutdowns, and court
> cases, working the darknet forums and lawyers and
> dockets, looking for any unexplainably dead canaries
> arising from each active overlay network.
> 
> Reviewing designs... designing against threats... tracking proof...
> three areas. Do it, get funding, make yourself a star.