One thing should be clear: If one is not using a bridge, it is trivial for any network observer (University firewall admin, Iran ISP) to see if one is using Tor. However, with the right bridge setup such a detection can ultimately be prevented. I guess meek is the best candidate for an undetectable bridge.
On Mon, Nov 07, 2016 at 09:56:01AM -0800, Seth David Schoen wrote: > Jason Long writes: > > > To be honest, I guess that I must stop using Tor!!!! It is not secure.I can > > remember that in torproject.org the Tor speaking about some peole that use > > Tor. For example, reporters, Military soldiers and...But I guess all of > > them are ads. Consider a soldier in a country that want send a secret > > letter to his government and he want to use Tor but the country that he is > > in there can sniff his traffic :( > > That soldier has a potential problem if the government is aggressively > monitoring Internet traffic, because they can look at the time that the > message was received and ask "who was using Tor in our country at that > time?". This happened in 2013 when someone sent a bomb threat using > Tor on his university campus. Apparently he was the only person using > Tor on campus at the time the threat was sent. > > http://www.dailydot.com/crime/tor-harvard-bomb-suspect/ > > The ability to do this doesn't require the government to operate any of > the nodes and doesn't require them to be operated in the same country. > For instance, Harvard University was able to identify this person even > though he was using only Tor nodes that were outside of the university's > network. (It might have been much harder if he had been using a bridge > that the university didn't know about, or if he had sent the threat > from somewhere outside of the campus network.) > > If there are ways of sending the letter that introduce a delay, then it > might be harder for the government to identify the soldier because then > there is some amount of Tor use at a time that's not obviously related > to the sending of the letter. There might still be a concern that the > amount of data that the soldier transmitted over the Tor network is > very similar to the size of the letter, which may be a unique profile. > (That's a concern for systems like SecureDrop because people upload > large documents with a unique size; the number of people who transmitted > that exact amount of information on a Tor connection in a particular > time frame will be very small.) > > There's lots to think about and a good reminder that the Tor technology > isn't perfect. But I wouldn't agree with the idea that there's no point > in using Tor. Lots of people are getting an anonymity benefit from > using it all of the time. > > -- > Seth Schoen <sch...@eff.org> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
