Last try, as I've already spent more cycles on this than I generally have for such.
On Fri, Sep 13, 2013 at 08:02:31PM -0300, Juan Garofalo wrote: > > > > >I said nothing about being clueful in technical matters. I said that > >if you make clueful constructive criticisms you are typically likely > >to be in a position to make clueful constructive suggestions about the > >design. Many contributors to Tor, paid or otherwise, do so outside of > >the science and technology per se. If your focus is on political > >aspects that is where you could contribute, but I have yet to see more > >on that front from you than ad hominem attacks. > > > I'm not sure what 'ad hominems' you have in mind. Rather, > I'm sure that what I'm saying isn't an 'ad hominem' at all. I describe it in the last message, and spell it out in more detail below. > > On the other hand, I see that people who are skeptical of > the Tor project have been called "conspiracy theorist" and > accused of wearing 'tin foil hats'. I was asked if I was > 'taking my meds' and politely asked to "fuck off". This > thread's subject was at some point changed to "SPAM Re: > [tor-talk] Tor and Financial Transparency". Irrelevant to this exchange. I already noted to you before that I didn't say any of those things. I don't understand why you persist in bringing them up. > > All that seems more in line with 'ad hominems' perhaps? You > know the basic structure : "What X says is invalid because X > is a conspiracy theorist wearing a tin foil hat and he > didn't take his meds!" Again. I never said those things. > > Oh, and to top it off, seems that you are suggesting below > that I might be 'trolling'? Gee, that wouldn't be yet > another ad-hominem would it. > I have yet to see other than an ad hominem argument in your statements, Roughly, A. Entity x is evil. B. Entity x funded the building of y. C. If A and B are true, there can be no adequate answer to "Why should we trust y?"* D. Therefore, we cannot trust y. *No matter how much more open the funding, design, and coding are than anything providing similar functionality and no matter how much more public, independent, scientific, widespread, repeated analysis y is subject to than anything else out there. If you want to engage in discourse and use reasoning outside the bounds of valid argument as recognized by the group you are talking to, and when the distinction is pointed out to you and you are asked to explain, you simply reiterate your position without making any attempt to explain why those you are talking to should abandon there criteria and adopt yours, then you will be (correctly) perceived as trolling. I was trying to suggest a way for you to avold trolling, unless that was your goal. > > > >(Note also that you straightjacket and oversimplify Tor by limiting it > >purely to a political dimension, > >but if that is your hammer, and you > >are not simply trolling > >please use it as a tool of more than > >destruction when hitting the Tor nail. I will not engage in political > >debate, so I will have to leave that to others. Please also make sure > >that political or otherwise, your comments remain constructive and > >relevant to Tor.) > > > >Something is not a flaw in a system if it is overtly stated to be > >beyond the the scope of the system. We've said since before Tor that > >onion routing by itself does not prevent an adversary able to watch > >both ends of a connection from determining who is talking to whom. So > >you cannot validly claim this is a flaw of Tor. You can note this as > >a limitation on what it currently offers. But that is already > >frequently stated, so one must say more than that to make a > >contribution. > >Also, I have already pointed you at research by myself > >and others on the hard problems of quantifying the extent of this > >limitation and on designing to go beyond it. > > > There's an interesting ambiguity here, it seems. First it's > stated that onion routing doesn't protect against 'big' (in > network terms) adversaries. But then no hard data is given > about how 'big' the adversaries really are. Ermm. I pointed you at our paper, the first paper attempting to quantify that in a meaningful way using the best available data. And, as I recall you thanked me for it. > > How well is Tor preserving the anonimity of its users? Well, > there are "hard problems" to answer that question... > And yes, this is a hard problem. Science and technology are lousy with hard problems, and this is one of them. The work in the paper I just mentioned trying to address it builds on the work of lots of people from many countires with many diverse sourecs of funding over a decade or so, without which it couldn't give anything close to the start of an answer it provides. > > > >I'm not going to address the moral/political claims you make since > >that is outside my current bailiwick. I will simply take them as > >premises of your argument without commenting on their soundness. I > >will however note that this criticism is not valid regardless of how > >sound the premises may be. It commits a variant on a classic > >fallacy. > > > I asked "Why should Tor be trusted", given its connections > to a criminal organization. > > That's not even an argument. It's basically a question. And > seems like a pretty reasonably question to me, by the way. > > You can even drop the bit about criminality if it upsets you. > > Product X is meant to defeat one of the main objectives of > the very company that manufactures product X. Shouldn't the > users of X take a closer look at what that means? > Setting aside the huge implicit composition and division assumptions you are making, myself and others in this thread have already explained that we feel our time is better spent designing a process and then working in a way that is fault tolerant against such concerns. Those are merely hard problems rather than intractible ones, but feel free to look at whatever you like. I hope I'm not being too presumptuous in saying that you already have as much of an answer as those who work on Tor can give you about that. > > >As I used to teach my introductory logic students, if you > >reject an argument because it is given by someone evil (in your > >opinion) without addressing the merits of the argument itself, you > >commit an ad hominem fallacy. > > > Indeed. > > But I don't think that's what I'm doing here. > > > > Nate Freitas and others have given you > >lots of reasons that the work behind Tor (research, design, funding, > >code) is _by design_ set up for (and thus receives) > > Well, here there seems to be a little fallacy...? > > "is _by design_ set up for (and thus receives)" > > That would be a non-sequitur, I believe. > > From "is setup for scrutiny" does not follow "it actually > receives scrutiny" and it even less follows "it receives > qualified scrutiny". > > "Unfortunately while OpenSSL is open source, it periodically > coughs up vulnerabilities. " > > "We've also been saying that even open code like OpenSSL > needs more expert eyes." > > http://blog.cryptographyengineering.com/2013/09/on-nsa.html > > > I assume that what's true with respect to openssl is just as > true with respect to Tor. Well no not exactly. I was being a bit terse with "set up for", but I've already been overlong in so many respects. As Roger has already explained somewhere (I forget sorry) quite well: It's not enough to have open design. You need to have good documentation of the code and of the design (cf. https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/000-index.txt ) so others can understand what you are doing, build there own, etc. You need to make data available so that people can easily do strong and repeatable analysis not just of the design but of the deployment and usage (cf. https://metrics.torproject.org/ ) You need to spend a lot of time doing your own research (cf. https://research.torproject.org/techreports.html) as well as collaborating with others and also running around to research groups around the world who might have lots strong expertise but not a grasp of the hard problems and why they matter. If you don't they probably won't try to solve nearly as many of your problems; they'll solve other problems or misconstrue yours. Roger was probably the main person doing that for a long time, but in an effort to not have him explode it is now a separate job, handled this year by Nick Hopper on sabbatical from the Univeristy of Minnesota. This is a partial list (this message is already too long) of how Tor is designed and operates to receive lots of scrutiny rather than just being available for scrutiny. -Paul > > > > >as much scrutiny > >and verification as pretty much anything out there---and mostly > >more so than anything else out there. > >And, on a meta level, there is > >public discussion of the current limits and attempts to improve that, > >e.g., open hardware and deterministic builds. And since you are so > >focused on funding, there is also public discussion of how the Tor > >Project Inc. attempts to diversify its funding. If you can offer more > >than ad hominem reasons why this approach is flawed by design, I > >believe the opportunity to see how to improve Tor would be welcome. > > > >HTH, > >Paul > >-- > >tor-talk mailing list - tor-talk@lists.torproject.org > >To unsusbscribe or change other settings go to > >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
