[tor-talk] Tor security on EC2
Gregory Maxwell
gmaxwell at gmail.com
Sun Feb 5 02:35:04 UTC 2012
On Sat, Feb 4, 2012 at 8:09 PM, Marco Gruß <kork at kork.dyndns.org> wrote:
> with https://cloud.torproject.org/ actively promoting it,
> I have been thinking about Tor vs. EC2 for a while.
I'm unqualified to say anything about the specific questions wrt VM
system security... but I thought it might be worthwhile to offer a bit
of caution related to risk saliency.
Whatever risks you decide exist in EC2 here probably also exist in
many other services (certainly ones that are similar to EC2, but
probably also in ones that look less like it). Arguably they exist in
all cases where the operators don't have physical control over the
machines.
If these risks are discussed as risks of EC2, rather than more general
risks of virtualization, or systems owned by third parties then people
may avoid EC2 in favour of alternatives which are less secure in
practice.
If I were a hostile force which was able to compromise some hosting
providers but not EC2, raising public concerns about the security of
EC2 specifically would be a smart tactic on my part. :)
Food for thought.
More information about the tor-talk
mailing list