[tor-talk] FBI cracked Tor security

Jon Tullett jon.tullett at gmail.com
Tue Jul 19 09:50:05 UTC 2016


On 19 July 2016 at 08:31, Mirimir <mirimir at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>> On 18 July 2016 at 16:17, Mirimir <mirimir at riseup.net> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

>>> A few years ago, I wrote
>>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.
>>
>> Have you updated it to account for subverted VPN providers?
>> Advising people to use VPNs which may have been subject to national
>> security letters is arguably bad.
>
> Which VPNs have received NSLs?

I take it that's a no, then?

Point being, not only do we now know which operators have received
letters, we _can't_ know. The first rule of NSL club is you don't talk
about NSL club. I have yet to see much evidence that warrant canaries
help. And that's not the only risk; operators can be coerced, hacked,
suborned, or otherwise compromised. Belgacom, for example.

We mitigate that by layering services, but that's back to the question
of how complex an environment suits your risk profile. Not everyone
has the same nut; not everyone needs the same size hammer.

-J


More information about the tor-talk mailing list