[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Meeting Snowden in Princeton



benjamin barber <barberb@barberb.com> writes:

> August 22nd NSA and GCHQ agents 'leak Tor bugs', alleges Andrew Lewman

Not sure what the significance of this is in context.

> November 9th Tor hidden services taken down with arrests

Not nearly as many as originally reported, and they were all making the
mistake of using a couple of centralized hosting providers.
Hosting security can't really be delegated.

> December 19th Directory Auth's threatened to be siezed

Didn't happen, probably in part because dirauths are geographically distributed
and this would require international cooperation of LEAs, something they
aren't great at.

> December 26th Lizard Squad attacks Tor dir auths.

Attack was foiled the same day (obvious family of new relays was obvious),
and Lizard Squad spent the day on #tor and #nottor trying to save face
by claiming they hadn't even meant to attack anything.

Also they weren't even attacking the dirauths, they were ignorantly trying to
perform a Sibyl attack, which the existence of dirauths makes impossible.

> Feb 16th Tor joins Memex to index hidden services

Not important, unless you fundamentally misunderstand hidden services.
If you want a hidden service not to be indexable, the
"stealth" authentication protocol of HiddenServiceAuthorizeClient (in
which each authorized client gets its own domain, which doesn't
resolve without the appropriate authentication key) is at your
disposal. Anyone should assume that anything offered via a server that
does not require authentication to see its content can and will be indexed.

Public "hidden services" are hidden in the sense that the hosting location is
obfuscated, not in the sense that they can't be webcrawled. That's out of scope
(and also one of the reasons why "hidden service" is an unfortunate and
imprecise name). There are even YaCy (p2p search bot) instances running inside
the .onion TLD, as well as several search engines.

More indexing could make the public content on .onion more useful, and it would
also be a handy reminder to people (like you) that .onion content is public,
unless it uses authentication as I mentioned above.

> March 1st Tor cooperates with LEO

Tor has been giving talks to LEOs since its initial
release as a public software project. This isn't a new thing. It's also probably
a good thing; it gives Tor principals a chance to learn how LEOs are using Tor,
and it also gives them a chance to explain that Tor has been and remains a
neutral conduit for data. If Tor didn't speak to LEOs, there probably would be
even more misguided harassment of exit operators for content they don't control,
etc.

> March 29th Verizon PR firm gets hired by TOR

Tor needs a PR firm because it's getting drawn into pretty murky political
waters, with Pando et al. on one side and NSA Director Mike
"secure backdoors are possible" Rogers on the other. Tor's opponents have many
PR firms and lobbyists, so it stands to reason that Tor needs them too.

Further, who else is on a particular PR firm or lobbyist's client list doesn't
seem very meaningful to me. Such entities tend to be rather disgustingly
apolitical. Having the same firm as Verizon probably just means
that's one of the firms that works in the networking/telecommunications industry
and has experience.

> April 13th Andrew Lewman executive director leaves for an ISP (not named)

Not sure what the significance of this is in context.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk