Tor notice
andrew at torproject.org
andrew at torproject.org
Tue Aug 10 04:11:01 UTC 2010
On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacemarc at gmail.com wrote 0.4K bytes in 9 lines about:
: why in every Tor version (a/b/stable) there is "Do not rely on it for
: strong anonymity"? If not Tor, what should we use for strong
: anonymity? excluding Freenet and cryptography apps.
The challenge here is to define "strong anonymity". A possible current
definition is a state of not being identifiable within an anonymity set.
This anonymity is considered strong if it is resistant to all known
attacks on anonymity.
I think Roger wrote that line in the source to simply remind people that
Tor has a defined threat model, given the anonymity research field
is still growing, and that low-latency anonymity is inherently open to
some attacks, tor is not strong anonymity.
Tor raises the bar for de-anonymizing you to many attacks on your
anonymity on the actual internet today. This is a fine place to start
to understand what Tor does and does not provide,
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#AnonymityandSecurity
Many other tools simply state they are anonymous, without mentioning any
of the R&D on current anonymity attacks, their success probabilities,
and design flaws. If you're interested in learning more about the
current state of the field of anonymity in research, start here;
http://freehaven.net/anonbib/full/topic.html
All tools have design goals and threat models. Many just don't clearly
state what these goals and threats are to the user, but brush it under
the rug as perfect anonymity, or some other hyperbole.
Disclaimer: Roger, Nick, and Steven are the anonymity researchers,
their opinion overrules mine.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568
Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype: lewmanator
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list