10 comments

[ 2.9 ms ] story [ 34.7 ms ] thread
My take on improving the Google translation:

Because the Tor hidden services story is just making the rounds: Tor is dead. Tor is based on the assumption that the opponent is not able to monitor the entire Internet. Then, so the assumption, one can confuse the opponent by passing traffic through a series of servers. To make the opponent unable to follow it, at least one of these servers must be located in a country where the internet is not totally surveilled.

This assumption is, in my opinion, careless up to reckless. That was fairly obvious for a while. But as always: hope is the last to die. Now, in my opinion, the time has come to officially declare this hope dead.

The only imaginable way to get anonymity on the internet is in non-real-time services. But as soon as there is a predictable temporal correlation between the different versions of the routed traffic, it is traceable to a total surveillance system such as the NSA. You would have to ensure that the forwarded traffic correlates neither in time nor in size. Or you would need continuous cover traffic, indistinguishable from the forwarded messages. This, of course, is idea of Tor, that all the other Tor users provide cover traffic for me. Using Tor one can deceive admins of web forums, stalkers and the police, but you cannot hide from the NSA this way.

By the way: I just read the definition of totalitarianism. Can any expert please explain to me how to interpret the literature in such a way that the U.S. does not fall under this definition?

(comment deleted)
I do not know if there's a word for that (imperialism doesn't seem quite right), but the US are totalitarian in regards to other countries, and they've been so for a long time. Now some of the tricks learned from speaking softly and carrying a big stick are being used domestically.
Wouldn't users navigating to .onion sites within TOR be free from a GPA (global passive adversary)?

Couldn't the TOR protocol model Perfect Dark?[1] Which uses a Mix Network.[2]

[1] http://en.wikipedia.org/wiki/Perfect_Dark_(P2P)

[2] http://en.wikipedia.org/wiki/Mix_network

1) I don't see why. It's end to end encrypted, but still who visits what is transparent.

2) Perfect Dark is not a general purpose net, but rather a file distribution mechanism, for known hashes. Not for message exchange between peers like tor or i2p.

Tor is a mix network aswell. But a low latency mix. The adversary is a way stronger than assumed, it does not seem to be safe anymore. High latency mixes (like remailers) are unaffected.

Also, Perfect Dark is 1) broken 2) closed source, so not trustworthy to begin with.

Such an overly dramatic post. If the NSA can accurately monitor the bandwidth of every device connected to Tor, then why did they go to the trouble of injecting exploit into Freedom Hosting sites? And even if they do have that capability, a protocol that masks bandwidth usage through junk data would be an expensive, but effective counter to it.
Please. It's far more likely an alternative related to Tor will arise than a complete collapse of the undernet.