[cryptome] Re: TOR Article

• From: Jason Iannone <jason.iannone@xxxxxxxxx>
• To: "cryptome@xxxxxxxxxxxxx" <cryptome@xxxxxxxxxxxxx>
• Date: Tue, 11 Nov 2014 09:21:50 -0700

The author of the Pando article spends a great deal of time discussing
the motivation for developing tor and tying the developers to defense.
While those ties are interesting and notable, saddling the first
thirty paragraphs with this information leaves a bad taste in my
mouth.  The discussion of exit node management and the protocol's
focus on performance are key.  NSA's efforts to build in weakness are
well known and it's not much of a stretch to associate built-in
weakness to the decision to favor high performance nodes[1].

The fact that tor has many use cases doesn't mean its broken.  In
fact, the government use case may be one of its more valuable selling
points.  If it's good enough for CIA, it's good enough for me.  The
foundation is, so far as we know, solid[2].

[1] 
http://csrc.nist.gov/groups/ST/crypto-review/documents/dualec_in_X982_and_sp800-90.pdf

[2]https://dl.dropboxusercontent.com/u/23931727/Dining%20Cryptographers%20-%20Chaum.pdf


On Tue, Nov 11, 2014 at 7:49 AM, Shaun O'Connor <capricorn8159@xxxxxxxxx> wrote:
> that was a good one Douggie and I agree entirely with your sentiments on
> privacy, security  etc.
> what bothers me is the way people are being misled into entrusting their
> privacy to third parties in the mistaken belief that so doing will give them
> more freedom to get on with whatever they are doing.
>
> Personally my view is if one wants to maximise operational security ( i'll
> call it opsec in future) then it behoves them to get their hands dirtly and
> learn the craft rather then rely on someone else to do it for them. there is
> always a tradeoff between convenience and control.
>
> ATB
> Shaun
> ps
> Will look at the links later .
>
> On 11/11/2014 13:08, doug wrote:
>
> http://pando.com/2014/07/16/tor-spooks/
>
> I thought that this was an interesting article.  I don't use TOR, I have
> never tried it because I know its origins...and I can't think of any
> knowledge or activities I pursue as being so valuable or secret as to be a
> threat to the state.
>   Using technology for hiding the online activities of spooks is a different
> ball game from ordinary users using it thinking that their activities, legal
> or otherwise will be anonymous, is a product of too much cannabis oil.  TOR
> has different functions for different people and organisations.  It is used
> to hide the activities of spooks behind the activities of other users, the
> thinking is that the more of the public that use it, the easier it is for
> them to hide.  rAnother advantage is that if enough of the security
> community is convince, then they will recommend its use to every one else.
> The US government gives such stuff away to liberation fighters and
> revolutionaries whilst its private enterprise sells the antidotes to the
> software to those very secret services to which it is opposed.  And the
> politicians, in my view, know very little about it, believing that they are
> spreading human rights, American, British and Western style, all over the
> dictatorial world.  However, the growth of the technology, the cheapness of
> software and storage and the increasing sophistication and wealth expended
> on intelligence and security in the world community has undermined any
> superficial safety in using such software as TOR, truecrypt and some secure
> operating systems, in my view.  I am not an expert in such matters,
> particularly the technical side, but so often in history people have been
> misled into thinking that their communications are secure that they have
> been sorely decieved when "the weel laid plans o' mice and men,  gang aft
> astray..."  as Robert Burns said in "To A Mouse", and they finish up with
> their homes, their lives and their families, as well as their dreams
> destroyed.
>
>  Apart from communications with my banks, I don't use encryption, though I
> have experimented with it a little bit. I know of old that if the security
> or intelligence agencies want to access such information then they can.  All
> encrypted communications are recorded until they are deciphered...as policy.
> All TOR communications, from going to the website, downloading and
> installing, as well as using are monitored. Wouldn't you, if your mission
> put you in charge of the safety security and intelligence on  behalf of the
> people and government?  It's a bit naive to think otherwise, in my humble
> opinion.
>
>   When using the internet, one has to access it at some point, and that is
> generally through an ISP and an i.p. address, the same thing occurs when one
> receives a communication. It doesn't matter whether it is a phone, or a
> laptop, even a wireless connection.  As soon as one goes onto the internet
> then the activity is recorded, if not acknowledged. Those are the weakest
> points in my view.   When one boils a kettle one knows where the energy
> comes from, one knows that the kettle is a container, and, though one may
> not know exactly where the bubbles arise when the container boils, one knows
> when it will boil, the length of time it takes to boil and one can record
> the degree of entropy and the physical emergence of the bubbles of gas into
> the liquid topography.  Doesn't take a lot to find out the cause and effect.
>
> Studying the materials at Bletchley Park methods are still of much relevance
> in my view.   see url:
> http://www.bletchleypark.org.uk/
> There is plenty of stuff on the website, well worth a visit and lots of
> links to all sorts of information, from books to memoirs and memories.
> Encryption wasn't the only system which got cracked there.  It was the cribs
> which were really important, everything from user mistakes and habits, to
> user locality, from timing and types of coding, from frequency of
> transmission and patterns within the signals, to different kinds of coding
> and encyphering machinery.  It wasn't all about betrayal by agents.  All of
> those, and more, were collated, subjected to  analysis and disparate
> findings put together, to provide a cohesive picture of the intentions,
> habits and wherewithalls of the enemy (or friendly and not so friendly
> alien).  I dare say that there are even more sophisticated methods around
> today, particularly mathematically and statistically, the software and
> storage are so cheap, and many brilliant and educated minds are put together
> collectively in huge warehouses and think tanks to solve the problems.
> Poachers become gamekeepers and vikki verki.
>
> From recent utterings by various personalities, political leaders and senior
> officers of agencies involved in the collection of information and its
> analysis, they aren't about to stop any time soon, and I cannot see a
> situation in the near future where personal privacy and security are going
> to improve.   The safety of the system compared with the privacy and
> security of the individual is deemed more important, though they would say
> that they are protecting both. The fear and the pressure is too great for
> all information, all data not to be collected so that governments aren't
> taken by surprise.  We also know of course, that governments, more often
> than not, often do get taken by surprise, even when the information is
> presented to them on a plate...they don't believe it, much in the same way
> as analytical thinking can sometimes get in the way of truth and reality.
> Belief systems play a very important role, compared with evidence based,
> factual analysis, I have noticed.
>
> Also, the temptation to go that one step further and to continue interfering
> in the natural processes of historical development in the name of
> anti-communism, anti-Cuba, anti-Sovietism and now anti-Russia and anti-China
> and anti Islam and pro western democratic belief systems means, just like
> that "Inside the CIA" book of the 1970's about Latin America, the world of
> international politics will remain a morass and a jungle, with the rule of
> law, international, or national, playing little role, with plots and plants
> blowing up in the faces of the perpetrators as well as destroying the lives
> of the innocent.  Did the US intervention in Latin America change the course
> of history?  Did it save the world from Communism and bring about human
> rights and democracy to the peoples of the world?  Did it leave the people
> of the United States in a better world economic, political and sociological
> and cultural position in the world of today...who knows.  Hollywood has all
> the answers.
> Just a few thoughts on the current developments.
> ATB
> Dougie.
>
>
>
> --
> PRIVACY IS A BASIC RIGHT - NOT A CONCESSION

• Follow-Ups:
  • [cryptome] 3 Cryptographers at Dinner Mathematical Model
    • From: doug

• References:
  • [cryptome] TOR Article
    • From: doug
  • [cryptome] Re: TOR Article
    • From: Shaun O'Connor

Other related posts:

• » [cryptome] TOR Article- doug
• » [cryptome] Re: TOR Article- Shaun O'Connor
• » [cryptome] Re: TOR Article - Jason Iannone

1. Home
2. cryptome
3. Archive
4. 11-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---