geeez...

Mike Perry mikeperry at fscked.org
Fri Jan 14 05:24:43 UTC 2011


Thus spake Mitar (mmitar at gmail.com):

> > This is related to the "if you remove Tor from the world, you're not
> > really reducing the ability of bad guys to be anonymous on the Internet"
> > idea.
> 
> This could be then analog argument as saying that if you remove one
> weapon factory from the world, that there would be no difference? But
> one after another and there will be.
> 
> I cannot buy an argument saying that because situation is bad there
> should be no small improvements where there could be.

That's not what we're saying, but I suspect you may just be trolling.
You're certainly straw-manning...

> > various other techniques people have developed over the years to deal with abuse.
> 
> Then tell me which techniques have we developed which prevent
> pedophiles to use hidden Tor services? Which techniques have we
> developed which prevent somebody to blackmail somebody else over Tor
> network and stay anonymous? Which techniques have we developed which
> can help found out which are other people in terrorist group and trace
> their communication, once we discover they use Tor?

The same techniques that law enforcement use when these same
sophisticated adversaries use black market compromised botnets:
http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html
http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_digital_forgeries.html
http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html

In these cases, police need to do police work: gathering technical
data and examining content for evidence to aid in the investigation;
and infiltrating groups and performing stings (for which they often
use Tor).

> > It depends where your jerks are coming from. If your jerks are all obeying
> > every law and showing up from their static non-natted IP address, then
> > yes, routing address is definitely related to identity. But if your
> > jerks have ever noticed this doesn't work so well for them, they may
> > start using other approaches and suddenly you're back needing to learn
> > about application-level mechanisms
> 
> Because current protocols were done just to solve technical problems
> and not also law or other "society" problems. For example, HAM
> operators and their networks had, before they started their packets
> networks, already laws in place requiring them that each packet should
> also contain call-sign of responsible person/station. OK, in this
> particular case (as far as I know) this is not cryptographically
> enforced (but this is a technical thing) but it still shows that laws
> like this can work. So if countries (like they cooperate on ACTA)
> would declare that it is illegal to send or route or relay any packet
> without information about responsible person for it things would be
> much different.

You think criminals obey the law?

Both China and South Korea have instituted fully authenticated
"internet drivers licenses", and not only has cybercrime not vanished,
it continues to flourish and profit from new markets that trade in these
credentials and the use of authenticated connections through proxy.

Even a fully cryptographically secured and authenticated Internet
would still be *just* as vulnerable to abuse, all other things being
equal. Grandma could even be required to have her iris scanned before
entering her bunker to use her military-grade encrypted, authenticated
PC that is otherwise disconnected from the Internet while her iris is
not available. But as soon as she scans her iris, the malware on her
machine would wake up and inform its masters that it is ready to do
their bidding.

The only way to really curtail these social problems is to properly
address their root causes. Taking freedoms away seems like an easy
quick fix, but in reality, there is no gain, only more insecurity.


This is why Tor is not part of the problem. In fact, its use by law
enforcement for stings, infiltration, and investigation indicates it
is also part of the solution.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110113/21742ebc/attachment.pgp>


More information about the tor-talk mailing list