On Sa, Jul 06 2013, Roger Dingledine wrote: > On Sat, Jul 06, 2013 at 12:46:17PM +0200, Jens Lechtenboerger wrote: >> 1. If you are using Tor, you should assume that all your network >> traffic gets stored, analyzed, and de-anonymized by intelligence >> agencies. > > I don't want to tell you to stop worrying, but depending on how much > you think these intelligence agencies collaborate, I think the "and > de-anonymized" phrase might be overstated. For example, I would not be > surprised if French intelligence doesn't has enough of a reach on the > Internet to be able to break Tor easily -- simply because they haven't > made enough deals with enough backbone providers relative to the locations > of big Tor relays. Maybe they trade data with England and the US, but > then again maybe they don't (or don't trade all of it).
I don’t worry about the French too much. I don’t think that the British need much collaboration, though. > One of the unfortunate properties of the Internet is how it's much less > decentralized than we'd like (and than we used to think). But there are > still quite a few different places that you need to tap in order to have > a good chance of beating a Tor circuit. For background, you might like: > http://freehaven.net/anonbib/#feamster:wpes2004 > http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09 > and there's a third paper in this chain of research which I'm hoping > the authors will make public soon -- stay tuned. I’ll have a look. Thanks for the pointers. >> 2. If you do not use Tor, you should be aware that your ISP could >> spy on all of your network traffic, while part of it (that part >> passing tapped IXes) gets stored and analyzed by intelligence >> agencies. > > I think you're underestimating the problem here. You say "Part of my > traffic does not need to flow through big pipes and IXes but stays in > local, untapped regions of the Internet." I think for the typical web > user, basically _every single page they visit_ pulls in a component that > goes through these 'big pipes' you refer to. Thanks for that reminder. Some of my browsers don’t do that, but it’s easy to forget. However, I wasn’t only thinking about the Web, but also things like chat and ssh, which I might torify. > In short, I think web users are in bad shape using Tor if their adversary > is "every intelligence agency combined", but they're in way way worse > shape when not using Tor. I didn’t mean to imply that “combination” was necessary. > While I'm at it -- you don't think Deutsche Telekom has a deal with > BND where they hand over all the internal German Internet traffic they > see? I’m not sure about that. > I hope the era where people say "My government is doing everything > that has been reported in the news so far, but surely they're not doing > anything else" is finally over, but I guess it will be a while yet. So do I. Best wishes Jens _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
