[tor-talk] FBI cracked Tor security

Mirimir mirimir at riseup.net
Mon Jul 18 14:17:08 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/18/2016 07:33 AM, Jon Tullett wrote:
> On 18 July 2016 at 14:57, Mirimir <mirimir at riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>> 
>>> Haroon Meer, who I greatly respect in the security space,
>>> describes UX complexity in terms of his mum. As in, "could my
>>> mum do this?" and if the answer is no, it's too complex for the
>>> average user. I like that.
>> 
>> His mum probably shouldn't be using Tor.
> 
> Why not? Are you able to say with certainty that they are not at
> risk and shouldn't be using Tor? Sounds like a risky assumption.
> Not that it's applicable here, but activists' families are not
> uncommonly at high risk. I'd caution against assuming you know
> someone's risk profile better than they do. And that, in a
> nutshell, is why I don't think Tor should be making such an
> assumption in its recommendations to users in general.

Giving clueless folk an illusion of safety is arguably bad.

>>> It's probably far more meaningful to help users understand
>>> that spectrum, self-assess where they fall on it and what their
>>> risk profile may look like as a result, and pointers to
>>> resources which would align with that.
>> 
>> That sounds good to me. Except that there's nothing on the Tor
>> Project site about Whonix, and virtually nothing about
>> proxy-bypass leaks.
> 
> Why should there be mention of Whonix? It's an independent
> project.

What about <https://www.torproject.org/projects/projects.html.en>?

> Proxy bypass, maybe, but that's in there with all the other
> potential risks, and again, Tor can't document all of them.

Tor Project has made a huge deal over the PlayPen pwnage. Demanding
that the FBI release information about its NIT. But they can't be
bothered to actually explain how users could have been protected?

> I think we agree that we'd like to see more documentation, we just 
> aren't agreeing on how much more. Me, I'd like to see them
> document threats a bit more with links to discussion and solutions.
> You'd like them to be a great more specific in one particular
> direction. Ultimately, as I've said before, that balance is one the
> Tor maintainers decide, and presumably they don't do so
> arbitrarily.

It's not just "one particular direction". It's the vulnerability
that's arguably compromised the most people. Or maybe second only to
the relay early exploit, which they did patch eventually.

>>> "Just use VirtualBox and Whonix" is not meaningful advice. It's
>>> a great fit for a very specific subset of users, but many (I
>>> would guess "most") users are not in that subset, and for
>>> everyone else it'd just be some combination of confusing,
>>> overwhelming, unnecessary, or insufficient.
>> 
>> I'm not arguing that all Tor users should use Whonix. I'm arguing
>> that the Tor Project ought to mention that as an option.
> 
> Why Whonix and not Tails? Why not any other tools?

Tails is on <https://www.torproject.org/projects/projects.html.en> but
not Whonix. Why is that?

> That's a rhetorical question - I'm sure there are pros and cons
> either way and it could be argued at length without conclusion. I'm
> not convinced Tor should be promoting either; same way I'm not
> convinced Tor should be promoting any specific tools. There will
> always be others, and they may be better suited to users depending
> on their circumstances.

Sure. Except that proxy bypass has been a major fail. Do you disagree?

>>> The key question to you, as someone advocating that specific 
>>> toolset, would be: for what type of user is VirtualBox+Whonix
>>> the optimum solution, and how would Joe Random identify if he
>>> is that sort of user?
>> 
>> 1) Specify how much ones time is worth: X USD/hr.
> 
> Why is money relevant? Where do you live, that freedom and torture
> is measured in $/hr? :)

Because I'm a anarchocapitalist ;)

Make it qualitative, if you like.

>> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y
>> USD.
> 
> Again, why is cost the metric? It's relevant for a narrow subset
> of users in a Tor context, and a broader subset in a general
> security context, but I don't see the relevance here.
> 
> Even if it were relevant, you've just asked a potentially 
> technically-incompetent user to conduct a very complex risk
> analysis. A lot of CIOs can't do an accurate risk assessment, but
> you want Haroon's mum to do it?

It's not complex.

If there are no substantive risks, use Tor browser. If being pwned
will be a life-changing event, at least use Whonix.

>> 3) Divide Y by X to get time investment justified to avoid
>> pwnage.
> 
> 3.1. Is that a meaningful number to anyone? What does it mean? What
> is the ratio above which Whonix is the remedy for all my ills? What
> do I do if I'm below it? Does it know about exchange rates and cost
> of living? What about...you get the idea. Meaningless calculations
> give meaningless conclusions.

My point is that a few days of study and work is justified for anyone
who faces substantive consequences from compromise.

> There must be lots of better ways. For eg, I would guess that a
> risk flowchart would be pretty effective. A short series of "Are
> you concerned about X?" questions would easily infer a risk
> profile, which would map to suggested tools and behaviours. For
> example: "Law enforcement authorities are known to attack [link to
> explanation] Tor users by compromising servers on the Tor network.
> Are you concerned about this type of attack?"

A few years ago, I wrote
<https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjOTiAAoJEGINZVEXwuQ+KnsH/ifoU8oFryMNncjzEcu1mbQk
b6BPsQ94wrPqQsJZsEZRPEqJDig02/QRvjnCXBLJMp53QcM6UVHm4dKzsNebZRIx
nVu89GGoDH94Aq+oMYgo6VW726iMsx2MxyflWyNQl44APe0tpjQXplm/ax/VXsEm
utagv6WNa3EBkgpcGd/Zo9BlWfMcoJmBcQn7GU5nKQzagkOaQ1uUoTtpFQhojyWa
YdS5IKiE1vfNJ629eNsfEYMwz4WqyYFuPN2pBDZhqX9u5aHSgmZssGVJpEdDzzCm
+SjOgNFd6IgJnc3s/s0xwDX9Xfj/qFPNb4e3IrUFCUuZQyZNbFmKhE566b2W5tw=
=d5bz
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list