[leakycap]

I'm not here to defend Tor

But the calculator states that if the investigating party has $150,000 a month budget for all targets they have a 100% certainty of getting your IP address... obviously this is false, so what else has the author claimed that is also not true?

[saithound]

Pretty much everything claimed on this site is false or grossly misleading.

[iamnothere]

Not only is it misleading, but given how it’s presented, it’s clearly FUD in the interest of the author’s pet cause (campaigning against Tor use due to a perceived association with CSAM).

[braunjohnson]

Tor isn't without its weaknesses, but this author is simultaneously claiming child predators are successfully evading law enforcement despite their identity only coming at the relatively low price of ~$150k.

[bnl_umass]

Really? Tell me why.

[saithound]

The primary claims of the site, both made without any evidence (presumably by you), are that

1. Tor is primarily used to distribute CSAM,

2. a single organization with a budget of $150k could deanonymize every Tor user simultaneously.

Since pretty much every firat world law enforcement organization can cough up this amount in spare budget, either

- at least one of the claims above is false; or

- there's a global conspiracy involving every major law enforcement organization in the planet being taken over by pedos.

In fact, both claims (you?) made without evidence are simply false.

Having published calculations for the second claim is like having published calculations for "the Sun went supernova yesterday". The conclusion is blatantly wrong, so the calculations have a mistake, and an intellectually honest author would double check them, find that mistake, then retract the claim (or would not have made it in the first place).

[bnl_umass]

1. I said “extensively” used for csam. What’s my source/evidence for that claim? This list of peer reviewed papers, cases, and government reports: https://csam-bib.github.io.

2. My site shows a mathematical model of security that Tor provides in terms of its design for relays alone. I say on the site I’m not including staff and other costs. In fact bringing someone to court is a further cost. My point in making the site is to quantify solely the costs that the design brings to the table. You can then compare that design to some other anonymous system. Or compare it to a doublespend attack on bitcoin or to brute force decryption. That’s important for users.

Unlike the Tor Project, I’m being transparent by showing assumptions, the math, and the code. Do you have a better model? Great, then publish it. I’m trying to start a formal conversation. The Tor Project should be relying on science, and not strong assertions, to ensure its security.

And while there are costs to, say, bring someone to court for csam, do you believe all adversaries are going to do that? That’s why it’s not part of the costs I model.

Finally, to be more clear, Onion Services in particular are the problem when it comes to CSAM (and ransomeware). Tor Browser is not the issue when it comes to CSAM.

[bnl_umass]

The math and the code is all there. I’d love to have a discussion about what the real value is. Further, why hasn’t the Tor Project provided this calculation? Why hasn’t anyone? I think it’s necessary.

[janci]

The assumption is the adversary controls x of N nodes. When x=N the probability of discovering the onion service IP is 1. But the adversary can not achieve this situation as he only controls the additional nodes. The existing nodes still stay in the network, they do not disappear. The ratio is not x/N but x/(x+N).

The formula is wrong and it all falls apart.

[emeryberger]

You can adjust the code on the page easily (it’s open source javascript) to determine the question you are after, which is a valid one: if an adversary starts today and adds x nodes to the existing network, what is their success rate?

BUT the author asked a different (but valid) question: assuming the adversary controls x out of N existing nodes, what is the success rate? I am unclear: is the assertion that everyone’s relay is honest today? From a privacy standpoint, that’s not a great assumption.

[janci]

No, the author is presenting an idea that $25 a month can buy you a node. That fits adding a new node to the network, not taking over an existing node.

[bnl_umass]

I am the author. I am telling you are wrong about that.

[leakycap]

We are all, in unison, saying you -the author- is the one who is wrong.

Posting some words on a URL does not make them factually accurate.