Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Deconstructing the security risks narrative of Haystack

Roger Dingledine arma at mit.edu
Sat Sep 18 16:22:57 PDT 2010


On Sat, Sep 18, 2010 at 12:42:25PM -0700, Daniel Colascione wrote:
> Also, I checked the Tor disclosure page at
> http://www.torproject.org/download.html.en#Warning and did not find
> anything on precisely this point. (That page is an excellent summary of
> the other issues, by the way.)
> 
> May I suggest adding a sixth entry stating that using Tor without a
> private bridge relay (and not something in bridgedb) may reveal the
> use of Tor?

Good idea. We wrote that list back when few people thought of Tor as a
circumvention tool. (I think the majority of Tor's users still think of
it as a privacy tool, not a circumvention tool, but part of the point
is that it can be both at once.)

How's this?

<li>
Tor tries to prevent attackers from learning what destinations you connect
to. It doesn't prevent somebody watching your traffic from learning that
you're using Tor. You can mitigate (but not fully resolve) the risk
by using a <a href="<page bridges>">Tor bridge relay</a> rather than
connecting directly to the public Tor network, but ultimately the best
protection here is a social approach: the more Tor users there are near
you and the more <a href="<page torusers>">diverse</a> their interests,
the less dangerous it will be that you are one of them.
</li>

Wonder what else we're still missing.

--Roger




More information about the liberationtech mailing list