Mike Perry wrote on 03/12/12 01:57 PM:
> Thus spake coderman (coder...@gmail.com):
>
> > a lot of infrastructure to build; call it Tor 2.0:
> >
> > combine LEDBAT edge management[0] with SCTP multi-homed[1]
> > endpoints over ORCHID overlay[2] provided by IPsec telescopes[3]
> > with reliable mul
On Mon, Mar 12, 2012 at 11:57 AM, Mike Perry wrote:
> ...
> Your ideas intrigue me and I wish to subscribe to your newsletter.
my last comment for this sad, confused tangent of a thread;
it has been accosted via conjecture with too much frequency *grin*
SCTP for congestion control of transpar
Thus spake coderman (coder...@gmail.com):
> a lot of infrastructure to build; call it Tor 2.0:
>
> combine LEDBAT edge management[0] with SCTP multi-homed[1] endpoints
> over ORCHID overlay[2] provided by IPsec telescopes[3] with reliable
> multicast gradients[4] and stochastic fair queuing[5] and
On Fri, Mar 9, 2012 at 9:55 PM, The23rd Raccoon wrote:
> ...
> If you want me to analyze active timing attacks using similar Bayesian
> analysis, that might be a taller order.
as amused as i am by our favorite dumpster diver, this does bring to
mind the need for datagram transport with multiplexe
On Fri, Mar 9, 2012 at 8:52 PM, Paul Syverson wrote:
> On Thu, Mar 08, 2012 at 06:41:25AM +, The23rd Raccoon wrote:
>> has blinded the tor devs to a very serious type of active attack
>> that actually will: the crypo-tagging attack.
>
> Nobody's blinded to the possibility. Many of us knew long
On Thu, Mar 08, 2012 at 06:41:25AM +, The23rd Raccoon wrote:
> On Thu, Mar 8, 2012 at 1:39 AM, Mansour Moufid
> wrote:
> > On Tue, Mar 6, 2012 at 11:55 PM, The23rd Raccoon
> > wrote:
> >> Now bear in mind that I'm just a Raccoon, but some time ago I scrawled
> >> a proof out that showed that
On Tue, Mar 06, 2012 at 11:14:39PM -0500, Paul Syverson wrote:
> On Tue, Mar 06, 2012 at 08:15:58PM -0500, Mansour Moufid wrote:
> > On Tue, Mar 6, 2012 at 4:04 PM, Paul Syverson
> > wrote:
> > > I'm a mere four years behind in putting my work up on the web, and
> > > this one wasn't co-authored
On Tue, Mar 6, 2012, at 04:20 PM, Seth David Schoen wrote:
> and...@torproject.is writes:
>
> > The GPA is in every paper on the topic. But only Seth has the real
> > answer.
>
> I was concerned that the graphic should not make people think that
> _no one_ can ever associate them with their brows
On Wed, Mar 7, 2012 at 9:54 PM, Mike Perry wrote:
> You know, in hindsight, I don't want to sound like I'm hating on Steven
> or his work. His work was quite clear along all of the dimensions I am
> talking about, and was excellent research.
>
> He in fact did even compare 500 flows/hour to 50 fl
> Thanks to Mark Klein, we know that the NSA wiretaps in the US are
> passive in nature, not active.
We know that *back then* *one* of their possible tap systems was
passive. All thanks due of course.
> But who knows what they do [...]
... today, to whoever.
> I don't think The Man can correla
> I think that it is important to differentiate national security
> and law enforcement here.
Yes. They are two separate camps. Who now more regularly talk with
each other to varying degrees, both in the office, and in the pub.
It's likely only a legal question as to what tools either may use.
Th
On Thu, Mar 8, 2012 at 1:39 AM, Mansour Moufid wrote:
> On Tue, Mar 6, 2012 at 11:55 PM, The23rd Raccoon
> wrote:
>> Now bear in mind that I'm just a Raccoon, but some time ago I scrawled
>> a proof out that showed that the correlation accuracy of a "dragnet
>> GPA" goes down in proportion to the
On Tue, Mar 6, 2012 at 11:55 PM, The23rd Raccoon
wrote:
> Now bear in mind that I'm just a Raccoon, but some time ago I scrawled
> a proof out that showed that the correlation accuracy of a "dragnet
> GPA" goes down in proportion to the square of the number of concurrent
> users using an anonymiza
Thus spake Seth David Schoen (sch...@eff.org):
> Eva Galperin and I worked on this graphic (drawn by Hugh D'Andrade)
> that tries to show the difference between the threats Tor addresses
> and the threats HTTPS addresses.
>
> https://www.eff.org/deeplinks/2012/03/https-and-tor-working-together-pr
On Wed, Mar 7, 2012 at 20:57, grarpamp wrote:
> Going with the USA idea: what if the FBI, in the
> normal course of business, calls up all their local cable/dsl/fiber/cell
> providers and has a few lines run to each office and outhouse
> nationwide.
I think that it is important to differentiate n
Thus spake Mike Perry (mikepe...@torproject.org):
> > But passive correlation is adequate anyway, even at very low sampling
> > rates (cf. Murdoch and Zielinski, PETS 2007). This is long known and
> > well understood. It's why we have always said that onion routing
> > resists traffic analysis not
Thus spake Paul Syverson (syver...@itd.nrl.navy.mil):
> > It's time the myth of the GPA was challenged. I don't think active
> > correlation attacks can be defended against, but I think they can at
> > least be detected.
>
> Actually there are many papers over the last several years (e.g., at
> A
> The nodes must reside in commercial data centers
Subject only to Tor's defenses, such as CIDR block restrictions, a
node is a node. Going with the USA idea: what if the FBI, in the
normal course of business, calls up all their local cable/dsl/fiber/cell
providers and has a few lines run to each
On Wed, Mar 7, 2012 at 06:30, grarpamp wrote:
> Setting aside the taps, what if half the 3000 nodes are 'The Man'?
I think that's quite unlikely. The nodes must reside in commercial
data centers and run untrusted software (including necessarily
modified Tor clients), all of which exposes them to
On Wed, Mar 7, 2012 at 12:20 AM, Seth David Schoen wrote:
> and...@torproject.is writes:
>
> I was concerned that the graphic should not make people think that
> _no one_ can ever associate them with their browsing when they use
> Tor. I've been taught to think of the GPA threat (and other traffi
On Tue, Mar 06, 2012 at 08:15:58PM -0500, Mansour Moufid wrote:
> On Tue, Mar 6, 2012 at 4:04 PM, Paul Syverson
> wrote:
> > I'm a mere four years behind in putting my work up on the web, and
> > this one wasn't co-authored so nobody else did either. I'll try to do
> > something about that in my
Nice graphic :)
Some small details not worth including...
site.com under HTTPS really means site-IP to various observers
between user and webserver. site-IP may or may not mean site.com
in the presence of virtual hosting schemes.
At the exit and beyond, knowing a site user is using Tor could
be
On Tue, Mar 6, 2012 at 7:27 PM, Ted Smith wrote:
> On Tue, 2012-03-06 at 16:20 -0800, Seth David Schoen wrote:
>> I was concerned that the graphic should not make people think that
>> _no one_ can ever associate them with their browsing when they use
>> Tor. I've been taught to think of the GPA t
On Wed, Mar 7, 2012 at 02:27, Ted Smith wrote:
> I'm not a full-time PET researcher, but smarter people than myself in this
> thread seem to think the GPA is
> more of a myth than a reality.
Using https://metrics.torproject.org/csv/relaycountries.csv:
$ grep 2012-03-05 relaycountries.csv | cut
On Tue, Mar 6, 2012 at 4:04 PM, Paul Syverson wrote:
> I'm a mere four years behind in putting my work up on the web, and
> this one wasn't co-authored so nobody else did either. I'll try to do
> something about that in my copious free time this week and send a
> link.
Please do, this attack you
On Tue, 2012-03-06 at 16:20 -0800, Seth David Schoen wrote:
> and...@torproject.is writes:
>
> > The GPA is in every paper on the topic. But only Seth has the real
> > answer.
>
> I was concerned that the graphic should not make people think that
> _no one_ can ever associate them with their brow
and...@torproject.is writes:
> The GPA is in every paper on the topic. But only Seth has the real
> answer.
I was concerned that the graphic should not make people think that
_no one_ can ever associate them with their browsing when they use
Tor. I've been taught to think of the GPA threat (and
On Tue, Mar 06, 2012 at 02:04:11PM -0500, te...@riseup.net wrote 3.5K bytes in
90 lines about:
: The graphic here seems to be the EFF graphic from the OP in this thread.
: Did you mean something else? Or did you mean to say, "there's already
: one story using this graphic as proof that the NSA can
On Tue, Mar 6, 2012 at 23:04, Paul Syverson wrote:
> The suggestion was that people _stop_ working on
> defeating the GPA, which is unrealistic as both too strong (global)
> and too weak (passive).
While this may be true in the theoretical sense, it doesn't mean that
one can't make correlation at
On Tue, Mar 06, 2012 at 04:04:10PM -0500, syver...@itd.nrl.navy.mil wrote 1.5K
bytes in 33 lines about:
: Is that a typo? The suggestion was that people _stop_ working on
Yes, I meant stop. When skynet achieves consciousness, the analysis of
traffic on the Internet will be the least of our proble
On Tue, Mar 06, 2012 at 12:22:16PM -0500, Andrew Lewman wrote:
>
> At PETS in 2009[0], Paul did a talk on 'why I'm not an entropist' and
> suggested that people need to start working on defeating a mythical
> global passive adversary. Maybe in the near future some government will
> have the capabi
On Tue, 2012-03-06 at 12:22 -0500, Andrew Lewman wrote:
> On Tue, 06 Mar 2012 11:22:33 -0500
> Ted Smith wrote:
> > While I like the graphic overall, I think the "NSA as a global passive
> > adversary" element is an example of the graphic being overloaded with
> > information that will confuse/sca
On Tue, 06 Mar 2012 11:22:33 -0500
Ted Smith wrote:
> While I like the graphic overall, I think the "NSA as a global passive
> adversary" element is an example of the graphic being overloaded with
> information that will confuse/scare away most people.
So far, there is one story where Eva claims
On 6 March 2012 04:55, Seth David Schoen wrote:
> https://www.eff.org/pages/tor-and-https
Excellent stuff, thank you!
In particular well done for keeping it at just the right level of
complexity and not overloading it with information that will
confuse/scare away most people.
I like the idea o
On Tue, 2012-03-06 at 15:38 +, ix4...@gmail.com wrote:
>
> In particular well done for keeping it at just the right level of
> complexity and not overloading it with information that will
> confuse/scare away most people.
While I like the graphic overall, I think the "NSA as a global passive
Nice, I like it very much.
It also demonstrates the need for DNSCrypt, then "site.com" would also
disappear from a few places.
Can you release the source code for the demonstration? That would allow other
to build up on your work. Other things like DNSCrypt, distributed DNS,
alternative web of
Eva Galperin and I worked on this graphic (drawn by Hugh D'Andrade)
that tries to show the difference between the threats Tor addresses
and the threats HTTPS addresses.
https://www.eff.org/deeplinks/2012/03/https-and-tor-working-together-protect-your-privacy-and-security-online
The complete inter
37 matches
Mail list logo
