[shaddi]

Some good points here. A couple thoughts:

- If, for some reason that I can't really conceive of, you wanted to connect to a far-away access point, you'd need a highly directional antenna (due to RF physics). Doing this actually makes direction finding extremely challenging, for the same reason you can't see a laser from the side (unless it's super high power and has something to reflect off of, which is unlikely to be the case in the wifi scenario).

- End-to-end encryption plus an anonymization mechanism like Tor seems to me to be pretty impervious to attackers, assuming the implementation of your encryption and anonymization are both correct (which, admittedly, is a big if, but is not a /fundamental/ issue; you could envision a system engineered to be correct). If you have a secure, trust-worthy, out-of-band mechanism for exchanging keys with whoever you want to talk to, even if someone owns the infrastructure you're using they won't be able to decrypt your communication, or know who the source and destination are if you're using an anonymization mechanism. This also assumes you trust the person you're communicating with, etc.

I'd love for someone to correct my understanding of this if I'm wrong.

[wmf]

If you first track down the location of the access point, then you know the directional antenna is pointed at you. From there, the direction finding is easy.

I think a major part of the rant is that Tor isn't provably secure against yet-to-be-discovered attacks, and several attacks against Tor have been discovered (and fixed) over its history.

[shaddi]

Right, but the idea behind direction finding is that you can triangulate the position of the transmitter. If you just have a bearing you have to search over a large area -- these links could be many kilometers long.

Not saying it's impossible, but using highly directional antennas makes direction finding much more difficult.

[ehsanul]

I'm no security expert, but I don't think you even need an out-of-band key exchange mechanism. Just use public key cryptography [1], as used in SSH/TLS/PGP/GPG.

[1] http://en.wikipedia.org/wiki/Public-key_cryptography

[DougBTX]

I was about to write this response, but I see that it is more clearly written in the wikipedia article already:

Another potential security vulnerability in using asymmetric keys is the possibility of a man-in-the-middle attack, in which communication of public keys is intercepted by a third party and modified to provide different public keys instead. Encrypted messages and responses must also be intercepted, decrypted and re-encrypted by the attacker using the correct public keys for different communication segments in all instances to avoid suspicion. This attack may seem to be difficult to implement in practice, but it's not impossible when using insecure media (e.g. public networks such as the Internet or wireless communications). A malicious staff member at Alice or Bob's ISP might find it quite easy to carry out. In the earlier postal analogy, Alice would have to have a way to make sure that the lock on the returned packet really belongs to Bob before she removes her lock and sends the packet back. Otherwise the lock could have been put on the packet by a corrupt postal worker pretending to be Bob to Alice.

The workaround is to either exchange the public keys out of band, or distribute a certificate which can be used to verify public keys out of band.