Some legal trouble with TOR in France
Eugen Leitl
eugen at leitl.org
Mon May 15 14:48:59 UTC 2006
On Sat, May 13, 2006 at 10:02:41AM -0700, Eric H. Jung wrote:
> Given the recent enlightenments about the US National Security Agency's
> illegal activities (gathering millions of telephone records from
> average citizens, etc), what is the technical feasibility of the NSA or
> other governmentt organizations establishing modified tor nodes/servers
> which track activity and use?
Why do you have to modify anything if you tap upstream, and do
full traffic analysis? Or install a rootkit which phones home,
though that is detectable in principle (not something I could
detect, but again: remember the threat model Tor was designed
for).
If your node runs outside your control (and not even
on tamper-proof hardware) clearly anyone who cares enough
can get at the data. But this comes at a cost, and if someone
spends a lot of effort to decipher what turns out perfectly
legitimate traffic then Tor's already fully validated in my book.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060515/97f6fa1c/attachment.pgp>
More information about the tor-talk
mailing list