[tor-talk] Iran cracks down on web dissident technology

Mon Mar 21 23:17:28 UTC 2011

On 3/21/2011 2:39 PM, Paul Syverson wrote:
> On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote:
> Last comments for a while. (All I have time for, sorry.)  I'm just
> going to respond to specific issues about system threats and the
> like.
I appreciate your comments & the work of all involved w/ Tor.  I read 
the papers you linked, though I've seen most of the material in various 
places.
> I will not join in the speculation about what governments do or why.
Perhaps you should, because at least one govt seems to be steering the 
boat.  Therein lies the problem (not you, specifically).  My comments & 
MAINLY questions, weren't about typical or even very sophisticated 
adversaries.  They concern WHY any govt would continue funding an 
anonymous communication project that in today's world, very real enemies 
can use against said govt, in a very real way, if the govt has no way to 
monitor it?  One should ask, "Why would they do that?"  It doesn't make 
sense unless there's more to the story.  Also, in terms of adversaries 
against something like Tor, any advanced, well funded govt dwarfs the 
most sophisticated adversaries.  Many govts have unimaginable technology 
& resources as well as legal (or not so legal) authority to demand info 
(from ISPs, etc.) that no typical adversary would.

The threat models, discussion of thwarting various attacks, safety in 
numbers, etc., are all based on assumptions like, 1) the adversaries 
don't have unlimited time, resources & $.  That assumption is out the 
window if an adversary is a large govt.
2) The adversary doesn't have access to (some) info going IN and OUT of 
a network like Tor.  Not valid for a govt.  They can get what they want 
from ISPs - and have.  The info may be encrypted going in, but they can 
see you're accessing a Tor node.  A large govt could ALSO monitor every 
single exit node (& may).

There's NO comparison between people looking at open code, universities 
or organizations doing small studies on flaws in Tor, etc., and 
capabilities of a large, advanced govt.  So please, I'm not talking 
about how many people or universities look at Tor.

Advanced govts no doubt have incredible technology regarding breaking 
encryption.  Not a typical adversary.  Since Tor was developed BY a 
govt, and since many talk about one of its greatest values is to allow 
people in "repressed" societies to communicate freely, the adversary 
those users need to be most concerned about, is probably the one MOST 
likely to breach Tor's anonymity.  I doubt most people think Tor's main 
purpose is to hide communication between two cheating spouses.

A govt helped develop Tor for SPECIFIC reasons (we probably don't know 
all of them) & still funds it.  Then for users around the world counting 
on Tor for protection from their govts, the govts would have to be 
considered as one of the main adversaries to Tor.  Either the US is 
really dumb for developing a system, perfect for enemies to use against 
them (kinda doubt that) or there's more to the story.

I don't pretend to know the answers, but know when to ask questions.  
For all I know, the US wants the enemy to use Tor for plotting, thinking 
they're anonymous, when they're not.  No one's answering my specific 
questions, possibly because if they knew them, they'd be in top level 
govt positions, sworn to secrecy.  For those doubting any of this has 
any merit, are you still waiting for them to find WMDs in Iraq?