[pinkyand]

> I have ever confidence that the TOR developers are trying to do something about it.

The basic architecture of TOR is limited theoretically with regards to some types of attacks it can handle.TOR developers probably cannot do anything about that.

And in some sense , supporting TOR is taking funding and attention from better anonimity technologies , that might be able to do the job , with enough development. That's another reason why the US government is investing in TOR.

[privong]

> The basic architecture of TOR is limited theoretically with regards to some types of attacks it can handle.

Would you mind providing some links on this topic? This is the first I have heard of this particular assertion and I would be interested to read more.

[ObviousScience]

The original Tor proposal has a pretty good summary of the threats they do and don't deal with, and other sections cover the project goals and how they address these threats.

> A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic; who can operate onion routers of his own; and who can compromise some fraction of the onion routers.

> In low-latency anonymity systems that use layered encryption, the adversary's typical goal is to observe both the initiator and the responder. By observing both ends, passive attackers can confirm a suspicion that Alice is talking to Bob if the timing and volume patterns of the traffic on the connection are distinct enough; active attackers can induce timing signatures on the traffic to force distinct patterns. Rather than focusing on these traffic confirmation attacks, we aim to prevent traffic analysis attacks, where the adversary uses traffic patterns to learn which points in the network he should attack.

> Our adversary might try to link an initiator Alice with her communication partners, or try to build a profile of Alice's behavior. He might mount passive attacks by observing the network edges and correlating traffic entering and leaving the network — by relationships in packet timing, volume, or externally visible user-selected options. The adversary can also mount active attacks by compromising routers or keys; by replaying traffic; by selectively denying service to trustworthy routers to move users to compromised routers, or denying service to users to see if traffic elsewhere in the network stops; or by introducing patterns into traffic that can later be detected. The adversary might subvert the directory servers to give users differing views of network state. Additionally, he can try to decrease the network's reliability by attacking nodes or by performing antisocial activities from reliable nodes and trying to get them taken down — making the network unreliable flushes users to other less anonymous systems, where they may be easier to attack. We summarize in Section 7 how well the Tor design defends against each of these attacks.

From the Tor proposal: https://svn.torproject.org/svn/projects/design-paper/tor-des...

[papaf]

Below is a link to a very readable review:

https://gnunet.org/sites/default/files/DD08Survey.pdf

[pyre]

There are attacks that can be done by making sure that you own enough of the nodes on the network. Similar to the attacks against the Bitcoin network if you controler >50% of the miners.

[tatterdemalion]

What do you think are better anonymity technologies than TOR?

[ObviousScience]

Fundamentally, there is a trade-off between anonymity and temporal correlation.

In order to be relatively fast at web browsing, Tor compromises some of the possible anonymity (by exposing itself to timing attacks and other such correlation attacks by people who own large numbers of nodes). The Tor project admits as much in their threat model.

There have been a number of other attempts (of which the early email mixes come to mind) that take the other stance, and take efforts to break traffic correlation/timing attacks by adding latency and batching to their propagation of messages.

The question of "better" depends on what your threat model is and what tradeoffs you're willing to make.

[tatterdemalion]

Okay, but I don't think TOR is crowding out projects like that; they aren't really directly comparable and they are used for different purposes.

& how serious of a threat is traffic correlation? If someone's targeting you at both ends, do they really need to deanonymize you? Is the threat limited to NSA monitoring literally all traffic entering and exiting the TOR network and then correlating it all? How effective is that at deanonymizing traffic?

[ObviousScience]

Tor is possibly crowding out things like Freenet, which aren't as good for browsing the internet, but may provide better anonymity.

The Tor project gives a good summary of their threat model, and the steps they take to mitigate attacks on anonymity. (See my other comment thread.)

That being said, I would expect only government agencies (US intelligence, Chinese intelligence, etc) have any reasonable chance of breaking Tor, and likely, it would require prolonged targetted attacks.

Generally speaking, it's easier for those same people to attack other links in the chain (such as targeting the Firefox version used to make the Tor browser). In that sense, Tor is "good enough" for most practical use. That being said, if your adversary was truly the NSA and you absolutely couldn't have a message intercepted, I wouldn't use Tor.

I was just commenting on the fact that Tor exists on a certain part of the spectrum of security vs ease of use, in a theoretical sense, and "better" depends partly on your threat model and particular use case.