[tor-teachers] Questions and notes from BBC interview
Seth David Schoen
schoen at eff.org
Mon Jul 10 23:15:08 UTC 2017
Hi Isis,
Thanks for sharing these.
It looks like you stopped in the middle of answering this question:
> * What other benefits are there to Tor in comparison to the internet networks that are most widely used?
>
> As mentioned before, Tor Browser
Also, I'm not sure you and the interviewer were thinking of the same risks
under
> * There is a lot of speculation around Tor's vulnerabilities — that is it susceptible to hacking and attacks — how vulnerable is Tor?
>
> When people talk about vulnerabilities in software, often what they are refering
> to are memory safety violations. [...]
Pretty much your entire answer was about mitigating remote code execution
vulnerabilities, but I bet some of the people the interviewer was
referring to were thinking about high-level deanonymization attacks,
like attacks that aim to locate hidden services, or end-to-end traffic
confirmation methods that are regarded as outside of Tor's threat model
-- but that still affect Tor users' anonymity.
Mitigating RCE in either Tor or Tor Browser is super-valuable, but I'm
not sure that's the kind of vulnerability people most often have in mind,
assuming that they know about particular classes of vulnerabilities
at all. They could also be thinking of surveillance methods that are
mainly based on observation or manipulation of network traffic, which
loom pretty large in academic research on anonymity systems and in some
real-world examples of deanonymization of Tor users or services.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-teachers
mailing list