| Non scrivetemi 2007-02-27, 1:12 am |
| http://blogs.law.harvard.edu/anonym...-of-our-demise/
The security community lives on papers that analyze attacks on security
tools. Although these are called =E2=80=9Cattack papers=E2=80=9D they are u=
sually done
by people who are trying to help and refine the object of the research.
When an attack paper is published, documenting an attack on the Tor
network, it=E2=80=99s often with our knowledge. The authors consult with us=
for
inside info. But invariably, someone on slashdot or other blogs will
skim the paper and say =E2=80=9COMG, Tor is broken!=E2=80=9D
Using Tor is relatively safe. If there were a published way to attack
the network that we thought made it less safe to use Tor, we=E2=80=99d tell=
you
first =E2=80=94 since, so far, the authors of every genuinely new vulnerabi=
lity
have told us before their work hit the web. We announce security
patches and other issues on or-announce@freehaven.net.
The UColorado/Boulder technical paper is an example of the evolving
research in anonymity. Refining well-known attacks from several years
ago, the researchers better documented what an attack on the network
might look and behave like. They combined a bandwidth overstatement
attack with a correlation attack.
They consulted with us on the project. We are aware of these kinds of
potential attacks =E2=80=94 but such a bandwidth overstatement attack, to be
successful, would leave fingerprints all over the Tor directories. We
have never seen such an attack =E2=80=9Cin the wild,=E2=80=9D and we think =
it no more
likely that this paper would make such an attack easier or more likely
than it was a few years ago when another version of it was documented.
The authors of the new paper have published a FAQ addressing how users
should think about their research =E2=80=94 they expressed their surprise a=
nd
regrets at the uproar. It says in part:
Q0. Most importantly, should we stop using Tor?=20
A0. ABSOLUTELY NOT! Despite our findings, Tor is the most secure and
usable privacy enhancing system available. We believe that the system
is safe for end-users, however, the system is experimental and the
developers make no guarantees about the degree of privacy that it can
provide. Let use re-iterate: Concerned users should NOT stop using Tor.
No internet security is 100%. Tor is not perfect =E2=80=94 we=E2=80=99re co=
nstantly
refining it, in a context of a hugely supportive community of
researchers. But we believe we are still the best low-latency (i.e.
allowing web surfing, not just transferring a file every few hours)
anonymity/privacy one can have online without crossing a line of
civility. Your only better option is to buy into a botnet, steal an
identity, or participate in some other crime with a victim.
We are currently seeking funding that should help us close these
vulnerabilities in Tor (and if you would like to donate or fund Tor
development, please contact me!). We have plans to close the bandwidth
overstatement vulnerability in the coming months. In the meantime, we
watch for attacks on the network, and work to be transparent in our
operations.
We appreciate that people care about Tor. If in the future you are
worried about some issue in Tor, please feel free to contact us
directly. If you read speculation about Tor, please encourage the
bloggers to check with us =E2=80=94 we=E2=80=99re very blogger friendly, an=
d part of
our purpose is to protect bloggers where blogging isn=E2=80=99t safe. Imagi=
ne
this scenario =E2=80=94 a very small risk documented in a technical paper g=
ets
sensationalized in the blogosphere. Some number of dissidents and
bloggers in places such as China abandon Tor. As a result, they might
be arrested, jailed, or disappeared.
Blogstorms can have real world consequences. Please ponder before you
write, critically examine what you read, and ask us for updates.
|