[SGVLUG] PRIVACY???

John E. Kreznar jek at ininx.com
Mon Sep 26 19:48:42 PDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dustin <laurence at alice.caltech.edu> writes:

> Minutes or hours are suitable for a non-interactive system like
> email.  Tor is good for interactive TCP things like web
> browsing--I'm not sure even those of us who remember owning 1200
> baud modems (I think there's a Commodore 64 modem out in the garage
> :-) would accept an extra 10min-3hr latency for web browsing. :-)

Almost all Web browsing from this site is via anonymizing remailers
with hours of latency.  A request goes out through a chain of
remailers to a Web-to-mail gateway and replies get posted to USENET
newsgroup alt.anonymous.messages.  A full feed of a.a.m is taken at
all times without interruption.  Messages not requested are discarded
only after they're behind closed doors here.  Web pages go into a
local archive.

Details on request.

Been doing it this way for the better part of a decade.

> By all means, use something designed for email to anonymize your
> email.  That has nothing to do with what you use for protocols that
> can't be handled that way.

But they can!  See above.

> For that matter, smtp is carried over tcp, isn't it?  Tou could
> probably be paranoid and send your SMTP packets to the anonymous
> remailer through Tor in case you're worried that someone is logging
> incoming connections to the remailer.  :-)

Let'em log.  An encrypted mixmaster message goes out of here every 30
minutes come hell or high water.  If there's no Web browsing request
or pseudonym mail, a dummy message is sent instead.  The log does no
good because the messages are indistinguishable except to the
designated recipients at the far end of the remailer chain where the
decryption keys are available.  It's been this way here for years.

> Second, I wonder if Tor is vulnerable to that particular attack.
> From the FAQ, I'd guess so, but it might take a "global adversary,"
> or at least someone correlating data both ends.

Yep.  Low latency is the enemy of anonymity.  If something pops out of
the remailer cloud at one place shortly after it entered at another,
that suggests that they're linked.

> Tor seems most vulnerable to attacks at both endpoints, where I
> suppose latency is irrelevant.

???

- -- 
 John E. Kreznar jek at ininx.com 9F1148454619A5F08550 705961A47CC541AFEF13
  Imagine there's no countries / to kill or die for  --John Lennon, 1971

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>

iD8DBQFDOLKjYaR8xUGv7xMRAitrAJ9HSsn0Eti9SkJFcJzbOXPuvFgPpACfVDEQ
ge1j0kJVmuWXQE5S9q8j4Zc=
=8Znj
-----END PGP SIGNATURE-----

More information about the SGVLUG mailing list