Tor's startup anonymity warning (was Re: quick question)
Scott Bennett
bennett at cs.niu.edu
Fri Sep 12 10:34:05 UTC 2008
On Fri, 12 Sep 2008 05:42:53 -0400 Roger Dingledine <arma at mit.edu>
wrote:
>On Fri, Sep 12, 2008 at 04:25:30AM -0500, Scott Bennett wrote:
>> Right. And that reminds me of an old question. When tor starts up,
>> it logs a standard disclaimer about being experimental software, don't bet
>> your anonymity on it, and so forth. Is there an intended release number or
>> date by which that disclaimer is expected to be changed or deleted from tor?
>
>When Tor 1.0 is released, and we understand good clean metrics for
>anonymity, and we're satisfied with the amount that all of our users
>achieve. :)
>
>Given the rate of discovery of great new attacks on anonymity designs
>in general, I am not optimistic that this will be anytime soon. :(
>
>But we can continue to do better, and we're doing pretty well -- Tor is
>already the best option out there. We mostly leave the warning there
>as a disclaimer to make sure that nobody gets suckered into believing
>that just because they installed Tor they are now totally immune from
>all possible worries.
>
>It makes me a bit sad that we might be pushing users onto the commercial
>snakeoil anonymity systems who studiously avoid admitting that there
>could be possible attacks. But I would feel a lot more sad if we joined
>the ranks of the folks trying to brush everything under the rug.
>
>The fact is that the state of the art in anonymity isn't yet to the point
>where we can use an anonymity tool without understanding the details of
>where and how you might be vulnerable. One day.
Roger, thanks very much for taking the time to write this down.
I know someone who tried tor and gave it up within days, citing that
message as one of his reasons for doing so. I'll forward your response
to him.
>
>But all of that said, the current phrase "This is experimental
>software. Do not rely on it for strong anonymity" probably doesn't
>capture the above very well. How can we improve it?
>
Give me a few days to ponder it in odd moments. (I'm pretty odd,
so I'll probably have some moments to spare for it.:-) I'll write up
something short and post it here when I have something ready for potshots.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-talk
mailing list