Re Building a new Tor that can resist next-generation state surveillance

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Patrick Sinz <patrick_sinz () yahoo com>
> Date: February 14, 2017 at 10:30:30 AM EST
> To: "dave () farber net" <dave () farber net>, ip <ip () listbox com>
> Subject: Re: [IP] Building a new Tor that can resist next-generation state surveillance
> Reply-To: Patrick Sinz <patrick_sinz () yahoo com>
>
> Building the next "personal" privacy platform is a fascinating endeavor, intellectually satisfying.
> It is also a mostly "wrong" solution, looking at life in authoritarian regimes what really happens is that a
> "happy few" group has a rather "free" life, using prestige, financial influence, and privacy tools to avoid most
> of the negative interactions with their state, and the rest can go on being oppressed.
> In reality it is a way to extract the very people who might push for reforms from the global pool of potential 
> activists.
> As long as the majority of people are actually fine with state interference, no technical tool will solve the social 
> issues.
> Tor is interesting and useful for some people, but it will never change the mind of an enforcer of religious morals 
> nor of a scared voter who would like to have a strong man with "real" authority to fix the boggey man that under his 
> bed that stops him from sleeping well.
>
> nb: but I'm sure it is very interesting to write code that will randomly modify the 3D acceleration profile of web 
> rendering  so that you can play WoW over Tor without being tracked, but it will not rally change the world.
>   my 2 (euro)cents
>       [ps]
>
>
> From: Dave Farber <dave () farber net>
> To: ip <ip () listbox com> 
> Sent: Tuesday, February 14, 2017 2:18 PM
> Subject: [IP] Building a new Tor that can resist next-generation state surveillance
>
>
> ---------- Forwarded message ---------
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: Tue, Feb 14, 2017 at 7:52 AM
> Subject: [Dewayne-Net] Building a new Tor that can resist next-generation state surveillance
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
>
>
> [Note:  I thought it would be timely to post this article from back in Aug 2016 that I missed back then.  DLH]
>
> Building a new Tor that can resist next-generation state surveillance
> Tor is an imperfect privacy platform. Ars meets the researchers trying to replace it.
> By J.M. PORUP
> Aug 31 2016
> <https://arstechnica.co.uk/security/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/>
>
> Since Edward Snowden stepped into the limelight from a hotel room in Hong Kong three years ago, use of the Tor 
> anonymity network has grown massively. Journalists and activists have embraced the anonymity the network provides as 
> a way to evade the mass surveillance under which we all now live, while citizens in countries with restrictive 
> Internet censorship, like Turkey or Saudi Arabia, have turned to Tor in order to circumvent national firewalls. Law 
> enforcement has been less enthusiastic, worrying that online anonymity also enables criminal activity.
>
> Tor's growth in users has not gone unnoticed, and today the network first dubbed "The Onion Router" is under constant 
> strain from those wishing to identify anonymous Web users. The NSA and GCHQ have been studying Tor for a decade, 
> looking for ways to penetrate online anonymity, at least according to these Snowden docs. In 2014, the US government 
> paid Carnegie Mellon University to run a series of poisoned Tor relays to de-anonymise Tor users. A 2015 research 
> paper outlined an attack effective, under certain circumstances, at decloaking Tor hidden services (now rebranded as 
> "onion services"). Most recently, 110 poisoned Tor hidden service directories were discovered probing .onion sites 
> for vulnerabilities, most likely in an attempt to de-anonymise both the servers and their visitors.
>
> Cracks are beginning to show; a 2013 analysis by researchers at the US Naval Research Laboratory (NRL), who helped 
> develop Tor in the first place, concluded that "80 percent of all types of users may be de-anonymised by a relatively 
> moderate Tor-relay adversary within six months."
>
> Despite this conclusion, the lead author of that research, Aaron Johnson of the NRL, tells Ars he would not describe 
> Tor as broken—the issue is rather that it was never designed to be secure against the world’s most powerful 
> adversaries in the first place.
>
> "It may be that people's threat models have changed, and it's no longer appropriate for what they might have used it 
> for years ago," he explains. "Tor hasn't changed, it's the world that's changed."
>
> New threats
>
> Tor's weakness to traffic analysis attacks is well-known. The original design documents highlight the system's 
> vulnerability to a "global passive adversary" that can see all the traffic both entering and leaving the Tor network. 
> Such an adversary could correlate that traffic and de-anonymise every user.
> But as the Tor project's cofounder Nick Mathewson explains, the problem of "Tor-relay adversaries" running poisoned 
> nodes means that a theoretical adversary of this kind is not the network's greatest threat.
>
> "No adversary is truly global, but no adversary needs to be truly global," he says. "Eavesdropping on the entire 
> Internet is a several-billion-dollar problem. Running a few computers to eavesdrop on a lot of traffic, a selective 
> denial of service attack to drive traffic to your computers, that's like a tens-of-thousands-of-dollars problem."
>
> At the most basic level, an attacker who runs two poisoned Tor nodes—one entry, one exit—is able to analyse traffic 
> and thereby identify the tiny, unlucky percentage of users whose circuit happened to cross both of those nodes. At 
> present the Tor network offers, out of a total of around 7,000 relays, around 2,000 guard (entry) nodes and around 
> 1,000 exit nodes. So the odds of such an event happening are one in two million (1/2000 x 1/1000), give or take.
>
> But, as Bryan Ford, professor at the Swiss Federal Institute of Technology in Lausanne (EPFL), who leads the 
> Decentralised/Distributed Systems (DeDiS) Lab, explains: "If the attacker can add enough entry and exit relays to 
> represent, say, 10 percent of Tor's total entry-relay and exit-relay bandwidth respectively, then suddenly the 
> attacker is able to de-anonymise about one percent of all Tor circuits via this kind of traffic analysis (10 percent 
> x 10 percent).”
>
> "Given that normal Web-browsing activity tends to open many Tor circuits concurrently (to different remote websites 
> and HTTP servers) and over time (as you browse many different sites)," he adds, "this means that if you do any 
> significant amount of Web browsing activity over Tor, and eventually open hundreds of different circuits over time, 
> you can be virtually certain that such a poisoned-relay attacker will trivially be able to de-anonymise at least one 
> of your Tor circuits."
>
> For a dissident or journalist worried about a visit from the secret police, de-anonymisation could mean arrest, 
> torture, or death.
>
> As a result, these known weaknesses have prompted academic research into how Tor could be strengthened or even 
> replaced by some new anonymity system. The priority for most researchers has been to find better ways to prevent 
> traffic analysis. While a new anonymity system might be equally vulnerable to adversaries running poisoned nodes, 
> better defences against traffic analysis would make those compromised relays much less useful and significantly raise 
> the cost of de-anonymising users.
>
> The biggest hurdle? Despite the caveats mentioned here, Tor remains one of the better solutions for online anonymity, 
> supported and maintained by a strong community of developers and volunteers. Deploying and scaling something better 
> than Tor in a real-world, non-academic environment is no small feat.
>
> [snip]
>
> Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>
>
>
> Archives  | Modify Your Subscription | Unsubscribe Now         



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170214114814:5E835F72-F2D5-11E6-8E68-5195BCDDB970
Powered by Listbox: http://www.listbox.com