[bnl_umass]

1. I said “extensively” used for csam. What’s my source/evidence for that claim? This list of peer reviewed papers, cases, and government reports: https://csam-bib.github.io.

2. My site shows a mathematical model of security that Tor provides in terms of its design for relays alone. I say on the site I’m not including staff and other costs. In fact bringing someone to court is a further cost. My point in making the site is to quantify solely the costs that the design brings to the table. You can then compare that design to some other anonymous system. Or compare it to a doublespend attack on bitcoin or to brute force decryption. That’s important for users.

Unlike the Tor Project, I’m being transparent by showing assumptions, the math, and the code. Do you have a better model? Great, then publish it. I’m trying to start a formal conversation. The Tor Project should be relying on science, and not strong assertions, to ensure its security.

And while there are costs to, say, bring someone to court for csam, do you believe all adversaries are going to do that? That’s why it’s not part of the costs I model.

Finally, to be more clear, Onion Services in particular are the problem when it comes to CSAM (and ransomeware). Tor Browser is not the issue when it comes to CSAM.