|
|
|
|
|
|
by tatterdemalion
4260 days ago
|
|
|
Okay, but I don't think TOR is crowding out projects like that; they aren't really directly comparable and they are used for different purposes. & how serious of a threat is traffic correlation? If someone's targeting you at both ends, do they really need to deanonymize you? Is the threat limited to NSA monitoring literally all traffic entering and exiting the TOR network and then correlating it all? How effective is that at deanonymizing traffic? |
|
|
The Tor project gives a good summary of their threat model, and the steps they take to mitigate attacks on anonymity. (See my other comment thread.)
That being said, I would expect only government agencies (US intelligence, Chinese intelligence, etc) have any reasonable chance of breaking Tor, and likely, it would require prolonged targetted attacks.
Generally speaking, it's easier for those same people to attack other links in the chain (such as targeting the Firefox version used to make the Tor browser). In that sense, Tor is "good enough" for most practical use. That being said, if your adversary was truly the NSA and you absolutely couldn't have a message intercepted, I wouldn't use Tor.
I was just commenting on the fact that Tor exists on a certain part of the spectrum of security vs ease of use, in a theoretical sense, and "better" depends partly on your threat model and particular use case.