Re: [tor-talk] Escape NSA just to enter commercial surveillance?

Fri, 15 Jan 2016 10:34:45 -0800 

On Thu, 14 Jan 2016 22:37:25 +0100
Andreas Krey <a.k...@gmx.de> wrote:

> On Thu, 14 Jan 2016 14:25:20 +0000, juan wrote:
> ...
> >     Of course. It's absurd. There's nothing hidden about
> >     facebook's location so a 'hidden' service is...nonsense.
> 
> You're attacking the name instead of the content.

        I'm not attacking it. I'm simply acknowledging the fact that
        the name is descriptive.

        The purpose of hidden services is to hide the location of
        the server...and that's exactly why they are called hidden
        services.

        But now the argument is that hidden services provide better
        authentication than plain https? OK.

> 
> Accessing facebook via the onion service means that you
> know you're talking to facebook directly; 

        Accessing something through a multi hop proxy means
        'directly' for you?

> using facebooks
> via either tor or directly exposes you to the risk of
> being MITM'd, including faked SSL certs.


        The so called 'public key infrastructure' which is maintened by
        the free governments of the western liberal democracies can't be
        trusted? Oh my.

        And the same attacker that can subvert PKI can't subvert
        tor?

> 
> Even if the NSA is capable of brute forcing the onion key

        ...they can impersonate any .onion service?


> facebook itself could build a canary by trying to access
> its own onion service. If the connection ending back up
> with them has strange properties they know something
> is wrong.

        And how would the user learn that? By connecting to
        https://facebook.com .... which can be MITMed too...?

        Anyway, the discussion seems too academic for me.
        

> 
> ...
> > > NSA would immediately command Facebook to offer the related user
> > > identification.
> > 
> >     ...assuming facebook isn't already fowarding relevant data
> > in real time, all of the time...
> 
> Facebook doesn't necessarily have identifying information on
> their users.


        ...Not sure if you're joking? Well, they don't necesarily have
        information on EVERY SINGLE user. Just on the vast majority
        of them...




> 
> Andreas
> 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to