On Fr, Jul 19 2013, Gregory Maxwell wrote:
On Fri, Jul 19, 2013 at 10:03 AM, Jens Lechtenboerger
<[email protected]> wrote:
but going much further than that may well decrease your
security.
How, actually? I’m aware that what I’m doing is a departure
from network diversity to obtain anonymity. I’m excluding what
I consider unsafe based on my current understanding. It might
be that in the end I’ll be unable to find anything that does
not look unsafe to me. I don’t know what then.
Because you're lowering the entropy of the nodes you are
selecting maybe all the hosts themselves are simply NSA
operated, or if not now, they be a smaller target to compromise.
I don’t buy the entropy argument. If the NSA compromises Tor
nodes, wouldn’t they target as many nodes as possible, regardless
of guard selection strategies?
Note that I’m avoiding guards that they can monitor without having
compromised them.
Maybe it actually turns out that they all use a metro fiber
provider in munich which is owned by an NSA shell company.
What are the implications then? All metropolitan area customer
data of that provider turned over to the NSA? As I wrote a couple
of minutes ago on this list: If that happens everywhere in
Germany, I don’t see a technical solution, just political ones.
In Germany this may not be much of a risk. But if your logic is
applied to someplace that is less of a hotbed of Tor usage it
wouldn't be too shocking if all the nodes there were run by some
foreign intelligence agency.
Exactly. Citizens there would be driven by other motives than me.
First, they would need to figure out whether they worry more about
their own government or about foreign ones. Then they need to
decide whether Tor can help and, if so, what nodes to avoid.
Best wishes Jens
_______________________________________________
tor-talk mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
