[tor-talk] Escape NSA just to enter commercial surveillance?

juan juan.g71 at gmail.com
Fri Jan 15 18:32:46 UTC 2016


On Thu, 14 Jan 2016 22:37:25 +0100
Andreas Krey <a.krey at gmx.de> wrote:

> On Thu, 14 Jan 2016 14:25:20 +0000, juan wrote:
> ...
> > 	Of course. It's absurd. There's nothing hidden about
> > 	facebook's location so a 'hidden' service is...nonsense.
> 
> You're attacking the name instead of the content.

	I'm not attacking it. I'm simply acknowledging the fact that
	the name is descriptive.

	The purpose of hidden services is to hide the location of
	the server...and that's exactly why they are called hidden
	services.

	But now the argument is that hidden services provide better
	authentication than plain https? OK.

> 
> Accessing facebook via the onion service means that you
> know you're talking to facebook directly; 

	Accessing something through a multi hop proxy means
	'directly' for you?

> using facebooks
> via either tor or directly exposes you to the risk of
> being MITM'd, including faked SSL certs.


	The so called 'public key infrastructure' which is maintened by
	the free governments of the western liberal democracies can't be
	trusted? Oh my.

	And the same attacker that can subvert PKI can't subvert
	tor?

> 
> Even if the NSA is capable of brute forcing the onion key

	...they can impersonate any .onion service?


> facebook itself could build a canary by trying to access
> its own onion service. If the connection ending back up
> with them has strange properties they know something
> is wrong.

	And how would the user learn that? By connecting to
	https://facebook.com .... which can be MITMed too...?

	Anyway, the discussion seems too academic for me.
	

> 
> ...
> > > NSA would immediately command Facebook to offer the related user
> > > identification.
> > 
> > 	...assuming facebook isn't already fowarding relevant data
> > in real time, all of the time...
> 
> Facebook doesn't necessarily have identifying information on
> their users.


	...Not sure if you're joking? Well, they don't necesarily have
	information on EVERY SINGLE user. Just on the vast majority
	of them...




> 
> Andreas
> 



More information about the tor-talk mailing list