RE: -Real- anonymity (was: The ugly side of using disk encryption)

["Hagen, Eric" <hagene () DenverNewspaperAgency com>]

TOR is a great proxy for web surfing.  Technically, it is a fully SOCKS5 compatable proxy, but you will have a hard 
time finding exit nodes that support anything other than port 80 and port 443, though I hear they do exist and it is 
possible to do otherthings such as NNTP and even SMTP (though this us rarely usable for obvious SPAM related reasons).  
I'm not a USENET user so i can't say with any degree of accuracy exactly how often NNTP works over Tor but I know that 
it CAN work and would be based on the policy of the exit nodes.

I don't see a serious security flaw with Tor, the algorithim are open source and well documented and are believed 
secure, the traffic patterns are remarkably hard to track.   If someone owned (or had detailed traffic logs) on all 3 
servers in a route, then determining the source, destination and content isn't terribly difficult, but if you have 
someone after you who is capable of reliably capturing 3 Tor nodes simultaneously, you have bigger problems than online 
anonymity.  

The statistical probability that your traffic will be vulnerable is fairly low.  Controlling all 3 nodes in a path 
amongst the hundreds online is a statistical improbability.  To obtain a 50% chance of controlling all 3 nodes of a Tor 
route, the sniffer would need to control 80% of the nodes in the Tor network.  If he controls just 10% of the network, 
your chances of having a route that has at least one hop out of his his control is 99.9%.

TCP is fairly difficult to totally secure since it is an end-to-end connection oriented service so two-way 
communicatoin is essential, but the whole dynamic Onion Router concept that Tor uses is a strong one and may provide 
the foundation for better services in the future.  I don't see anything that's as reliable (strictly for http/s) and 
secure at this point.

Eric





-----Original Message-----
From: Michael Painter [mailto:tvhawaii () shaka com]
Sent: Thursday, October 19, 2006 11:21 PM
To: Hagen, Eric; security-basics
Subject: -Real- anonymity (was: The ugly side of using disk encryption)


----- Original Message ----- 
From: "Hagen, Eric"
Subject: RE: The ugly side of using disk encryption

> > So, yes, if you are dedicated, it is possible to communicate anonymously and securely even if ISPs log everything, 
> > provided you 
> > don't get real-time traffic analysis capabilities across the entirety of the Internet.... <<

> Eric

Is TOR the "state-of-the-art" here?  How about folks who wish to read or post to Newsgroups?
I'd appreciate hearing about the latest developments in staying anonymous.   My eyes glaze over when I try to wade 
through pages 
like this:
http://freehaven.net/anonbib/topic.html

Thanks,
--Michael


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------