On Mon, Aug 07, 2017 at 09:32:20AM +0200, Jon Tullett wrote: > On 4 August 2017 at 02:05, Paul Syverson <paul.syver...@nrl.navy.mil> wrote: > > On Thu, Aug 03, 2017 at 04:38:49PM -0700, Jacki M wrote: > >> Comments on Paul Syverson Proposed attack? > >> Paul Syverson - Oft Target: Tor adversary models that don't miss the mark > >> https://www.youtube.com/watch?v=dGXncihWzfw > >> > > More seriously. The point of this work is not to propose attacks per se > > but to observe that a Tor adversary intending to target individuals or > > specific groups might be much more effective against those targets > > Enjoyed the video - thanks Paul. It cut off before Q&A...were there > any particularly good questions from the audience?
Ermm probably? I just don't recall completely now weeks later, though I remember we did fill up the remaining time. Let's see, I had an exchange with ermm maybe Prateek Mittal, where in response to his question I emphasized that we weren't suggesting ignoring the prospects of a hoovering adversary. In fact hoovering might be the source of some of the inputs an adversary might use to decide to target an individual, group, or destination. But, it would then be more likely for the reasons I presented, for an adversary to follow a targeting strategy even if it had hoovering capabilities already set up. Another point that was raised to me in a side comment after the Q&A was that what I said about evidence for onionsite fingerprinting from the Oakland poster by Juarez et al.could have been interpreted differently than I intended. They showed in that work that identifying a circuit as an onionsite connection (vs. not an onionsite connection) via fingerprinting from the middle relay on the client side was 99.98% effective. They didn't address fingerprinting specific sites therein. I stand by our claim that given the smallness of the space and other factors that such fingerprinting is likely for current Tor and onionspace to be very effective. (Once we make all my grand-vision changes to onionspace that I'll talk about in my ESORICS keynote paper, that could well change. But that's c. 5-10 years away at this point.) Which leads us to... > > Curious to know - at a practical level, have you actually tried any of > it in practice, or had any contact with anyone who has? I mean, do the > results in practice mirror the predictions in terms of distribution > and probability ito deanonymising potential targets? No we haven't yet tried this in practice. As usual, it is hard to set up an experiment like that in a way that adequately protects user safety and privacy. There is work in progress that has gone through review by the Tor Research Safety Board and will use PrivCount to gather information about the amount of activity on a particular known and public onionsite. But it's still very much in the works. HTH, Paul -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
