home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.privacy      Discussing privacy, laws, tinfoil hats      112,125 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 111,382 of 112,125   
   Nomen Nescio to Gabx   
   Re: Extending Tor circuit lengths   
   04 Jun 25 03:13:51   
   
   XPost: alt.privacy.anon-server, sci.crypt   
   From: nobody@dizum.com   
      
   Gabx  wrote:   
      
   [ A lot of nonsense snipped ]   
      
   >Now, to be fair, extended circuits DO become somewhat more tolerable for   
   >non-real-time protocols like:   
   >   
   >- Email (SMTP/IMAP sessions)   
   >- Usenet posting/reading (NNTP)   
   >- File transfers (when you can wait)   
   >- Async messaging protocols   
   >   
   >The performance hit is still there, but users can tolerate 30-second delays   
   >for sending an email vs. 30-second delays loading every webpage.   
   >   
   >**HOWEVER** - and this is crucial - improved performance tolerance doesn't   
   >magically fix any of the other serious security issues:   
   >   
   >- You're still fingerprinting yourself as using modified Tor   
      
   No, it can't be detected, as you yourself had to admit in   
   <20250603.1748968648.950047.3845@m2usenet.local>.   
      
   >- Circuit failure rates are still 3-8x higher   
      
   Doesn't matter when responsiveness isn't an issue.   
      
   >- You're still hitting more potentially compromised nodes   
      
   Desn't matter as an adversary has to own all relays of a circuit to   
   compromize the user, which becomes harder with every additional hop.   
      
   >- Resource exhaustion on the network still happens   
      
   Doesn't matter as we transfer only a small amount of remailer data   
   compared with those who for example stream sensitive video contents.   
      
   >- Implementation bugs still exist   
      
   Only a problem when amateurs like you get active.   
      
   >- Timing attacks are still viable   
      
   For timing attacks you have to correlate traffic at a potential target   
   with that at the server he uses.  More latency with more variation as   
   provided by longer circuits makes that task much more difficult.  And in   
   case an attacker nevertheless succeeds the then obvious knowledge of a   
   latency longer than usual as an indicator of an exceptionally long chain   
   implies no additional value.   
      
   >- Sybil attackers still get more opportunities   
      
   That's exactly the Tor problem which can be addressed by using LONGER   
   circuits, which is why we refuse the standard 3-hop routing.   
      
   >   
   >Don't let "it's usable for email" fool you into thinking extended circuits   
   >are suddenly safe.   
   >The performance problem is just ONE of many serious   
   >issues.   
      
   So take advantage of anonymous remailing and use Tor only for less   
   decisive tasks like the hidden delivery of remailer packets to entry   
   remailers, which reflects the concept of OmniMix.   
      
   Thanks for your attention.   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca