Dear Guardian : stop being retarded.

Saturday, 05 October, Year 5 d.Tr. | Author: Mircea Popescu

dexX7 Attacking Tor: how the NSA targets users' online anonymity << i recommend this one, very rich of information
mircea_popescu dexX7 it's really very badly written, nonsensical goop.
mircea_popescu i can't imagine schneider actually penned that. he must have sent sometyhing that got "edited for clarity"
dexX7 are you saying "the content is inconsistent" or "the presentation is just bad"?
mircea_popescu i am saying that numerous concepts are employed in a way which belies unfamiliarity with the field, and the general structuring of the narrative is such that you suspect the author does not have a birds eye view of the topic.
mircea_popescu neither of those goes with the alleged author, unless he was very very drunk at the time.
mircea_popescu but anyway, i guess now i have to go into details as otherwise this is all useless nonsense. brb.

Let's consider the damned thing.

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

The problem with this paragraph is chiefly its circular nature. It proceeds as : "A is B, the work to B is done by C, which is part of D, which is where most people doing B stuff work. D is tasked with the job of D."

Related to that problem, but distinguishable from it, the very poor formalism employed. On top of common currency terms such as "world" or "employees", the following exotic concepts are involved : 1. Tor ; 2. NSA ; 3. Application Vulnerabilities Branch ; 4. Systems Intelligence Directorate ; 5. Data ; 6. Communications systems. None of these are defined, explicitly or even implicitly in the text.i None of these work in any particular way in the context, nor is it indeed possible on the strength of the text presented to distinguish any from each other or from a box of shoe wax.

Flowing directly from the "exotic concept soup" problem, the liberal use of otherwise meaningless interjections known as "buzzwords". The most egregious case is the "around the world" finale, which in no way adds any meaning but merely creates the (false) impression in the reader that he has generally understood the text on the grounds of familiarity, having recognised a semantic symbol seen other places. This very cheap sort of fake comprehensibility, together with the absolute poverty of meaning being conveyed, and supported by the conceptual confusion at the root of the construction mark this text as the product of an anonymous representative of the unthinking herd of cattle (such as, for instance, a journalist) rather than the product of a technical expert (such as, for instance, Bruce Schneier).

The three problems described, ie. lack of knowledge of the field (as shown in poor, absent or dysfunctional implicit definitions for terms used), lack of understanding generally (as shown in nonsensical constructions that are both logically unsuited for the task at hand and ineffectual from a praxis standpoint) and a tendency to fake comprehensibility through the "recognition=understanding" trick do not subside as the text progresses, but indeed build to an eventual fever pitch. Consider :

one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.

The opening "one" requires that the subsequent text briefly explain the particulars of the one item considered along its specific differences that allow it be distinguished from "another" similar item. This may only proceed once a general category has been established (which the text itself fails to do). Here's a cannonical example :

[Animals are conventionally considered those live beings which use hemoglobin to transport respiration gases to and from cells, thus allowing them to grow significantly past diffusion size]. One such animal is the finch. In the case of the finch, as with most birds, the metabolic rates are relatively high, which supports the large energy cost of flight, and also results in a higher body temperature. Other animals with lower metabolic rates are usually terrestrial or aquatic.

Now consider how the "computer security" write-up would sound if the same structure it employs were preserved to describe the much more familiar topic of animal biology :

One animal that exists involves the parabronchi, a collection of small air capillaries that have cross-current gas exchange and thus provide oxygen. This happens to birds when they are in flight through the air, and then they can land on a branch.

So rendered, it's quite obvious that the author is simultaneously very, very bad at biology and also very, very bad at thinking in general. Unless the author is mentally handicapped such text would not normally be an acceptable submission past freshman year in junior high. The unfortunate happenstance that cryptography, machine security and more generally the Internet or programming of numeric machines are entirely exotic, Martian topics for most of the population, much more so than the banal characteristics of birds in spite of same population spending more time keyboard warrior-ing than birdwatching, does not meaningfully alter the sad state of the text being considered.

It's still very bad, even if most readers lack the requisite factual knowledge to readily discover the appalling quality of the writing. It is much worse in its effects than simple stupidity however, because inasmuch as young or otherwise naive minds read nothing but this goop, they naturally end up with very distorted expectations as to what thinking looks like when captured in written form, and generally as to how the business of the mind proceeds along its merry way.

It's still very bad, and it still gets worse :

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet.

The putative "vast capability to monitor" is introduced without explanation. This is bad form. A number of four words without immediate meaning or any particular manner to distinguish one from the other are also introduced. They serve no purpose within the text, except for the exact same purpose served by "around the world" in the first paragraph considered : they create a superficial similarity with other broken texts produced by other broken minds on the topic, and by virtue of this broken process a superficial impression in the mind of the reader that he has gained familiarity, and thus ease with the topic at hand.

This is all a fraud : asked "what is Oakstar ?" the avid student of the topic of journalistic nonsense will promptly answer something along the lines of "one of the four codenames" and expect a gold star for his intellectual performance. Unfortunately for him, the gold star is reserved for the response that reads "one of the arbitrary and otherwise meaningless strings employed for unknown reasons by a troop of illiterate monkeys belabouring unexplainably under the delusion that they are discussing computer security, the Internet and US privacy infringement."

Moving on,

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.

This is the very dreary banal. Using unfortunately-not-as-powerful-as-advertised data analysis tools with codenames such as "Cisco router", every single computer in the history of the web sifts through the enormous amounts of traffic such as they are in its day and time, routing it all every which way as requested. There is literally nothing here, and the need for a codename is grossly exaggerated, let alone three of them!

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.

Do I even need to consider this ? Completely nonsequitur, planted here about in the manner and after the fashion of commercial copy for pinksheet fraud and miraculous tooth whitening. Seriously, a TV show in a country that speaks a different language showed screenshots of someone else's tool that did something for the conveyance of which both video and still pictures are notoriously inadequate ? I am impressed, I can only hope they also showed footage of someone typing on a keyboard without ever touching the space bar or either shift, and in general limiting themselves to pressing a lot of F keys.

If my argument for the higher metabolism of finches was something along the lines of "last month Brazilian TV news show Fantasticoii showed"... I am sorry, I have to take a break at the point where the news show showed showings. Is this text intended to be read by brains made out of wood shavings ?

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users.

This statement is nonsensical on its face. It essentially says that whatever makes an item indistinguishable from another of its class also makes it stand out from all the others in the class. This would be the exact equivalent of the paralogism embodied in selling mass produced identical shirts inviting the wearer to "be unique" through the use of a mass marketed uniform item. This approach to writing is wrong.

On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

In nucet, that which distinguishes damns yet damnation is impersonal. This is not an embodiment of reasoning, this is pure metaphysics (and banal metaphysics at that) re-written by unskilled hands to appear technical in nature. It is not, and I must say it's sad to consider just how much and how varied ignorance the author betrays by writing down a thousand words on a topic he doesn't understand.

After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.

Considering that in the previous paragraph it was being held as impossible "for the NSA to know who the user is, or whether or not the user is in the US", it comes as a surprise to see the opening of this current paragraph treating the exact opposite as a given. What the original author intended to convey, and what the mangled remains of his text fail to even vaguely suggest, is that Tor users are in principle and as advertised indistinguishable from one another, but may be in most circumstances distinguished from non-Tor users, and also in some circumstances may be in fact distinguished from one another, contrary to what Tor is advertised to do. This version is still tenseiii, but at least it doesn't read like chickens pecking at a keyboard penned it.

As a side serving, the mysterious and unexplained process of using "secret servers" to redirect to other, presumably equally "secret servers" belies the following problem : how do we distinguish between putative "sets" of "different" equally secret, unidentifiable servers ?

All this offensive offal aside, the actual facts of the matter are :

  • That the NSA, alongside other nations' dedicated programs, currently are and historically always have, watched as broad a spectrum of signals as feasible on the day's technology. This includes the Internet, it includes the sounds perceptible on the ocean floor, it includes radiopulsar emissions from outer space and everything else.
  • That contrary to planted disinformation of which the Guardian article is a fine example, the NSA has complete and unlimited, instantaneous access to any and all information passed through the TOR network in its entirety, as a matter of course and by design.
  • That the NSA, through a program of dubious legality that is nevertheless well documentediv introduces false information into legal proceedings, such as most recently falsely claiming to have had identified Ross William Ulbricht through an amusing collection of "rookie mistakes" on his part, when in fact he was identified through the normal, ordinary working of the Tor network.
  • That since the embarrassing Snowden defection, the USG has been marshaling any resources available in an attempt to represent the by now well known and well documented, fundamental and intentional Tor vulnerabilities as unrelated to Tor itself, but a function of "bundles", "secret servers acting as matchmakers", "codenames" and assorted goop. This is understandable, as the significant upfront investment made by the USG in creating the Tor network has not yet been defrayed by the few prosecutions of gullible kids it has so far allowed.

Now, would it be possible, dear Guardian, to hire some people that can actually write ? Instead of having social sciences undergrads butcher Bruce's text to the degree it only serves to further intellectually embarrass those you seek to protect ?

———
  1. There are available an array of methods to implicitly define terms of art and exotic concepts in texts intended for a mass audience, such as the simile, or effectual limitation etc. []
  2. What a name for a news show, it sounds exactly like what onion.tv would name it. []
  3. Because the correct statement would be "Tor is broken", which statement the author does not wish to make for purely political reasons. []
  4. Reuters, Washington Post etc. []
Category: Trilema Presei
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

40 Responses

  1. Anotheranon`s avatar
    1
    Anotheranon 
    Saturday, 5 October 2013

    Let's just focus on one aspect:

    [A} The very feature that makes Tor a powerful anonymity service,
    [B] and the fact that all Tor users look alike on the internet,
    [C] makes it easy to differentiate Tor users from other web users.

    To:

    [A] Tor has a distinguishable feature
    [B] Tor users look alike
    [C] All Tor users are distinguishable

    Thus whenever [A] Tor has a distinguishable feature and [B] Tor users look alike, [C] all Tor users are distinguishable.

    --

    On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

    [B] NSA is unable to distinguish a Tor user from another Tor user

    ---

    After identifying an individual Tor user on the internet,
    the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers,
    with the codename FoxAcid, to infect the user’s computer.

    The term "individual" Tor user may be misleading, but because [B] Tor users look alike, it follows that individual Tor users look alike, too, and this boils down to: _all_ Tor users are (potential targets, redirected and) infected.

    Did I miss something here? This seems critical, because of the huge difference between "some Tor users" and "all Tor users".

  2. Mircea Popescu`s avatar
    2
    Mircea Popescu 
    Saturday, 5 October 2013

    The perennial problem with self contradictory axioms is that any conclusion can be derived from them. So I don't think in that sense anyone can answer whether you did or didn't miss something here.

    That aside, "based on my training and experience" as well as general fucking common sense, it would stand to reason that the theoretical construct proposed by the NSA (in lieu of a naked admission of just how broken Tor actually is) to explain how it obtains supposedly encrypted / otherwise unavailable information would work in the manner you describe, which is to say it would infect all Tor users indiscriminately. This is actually coherent with documented NSA practice of scooping up everything and re-defining "collection" to mean "looking through the data we have already collected" rather than the more normal "collecting data in the first place". Because if you're not a terrorist you have nothing to fear from having your computer infected.

  3. Yes, "parallel construction." But it is possible that "this cigar is just a cigar."

    I admit that I am quite enamored of the "TOR is a honeypot, lock stock and barrel" hypothesis. But it would be a considerably more solid hypothesis if they cornered someone other than DPR - who by all indications really is an idiot, one who more or less wrote several public, signed confessions.

  4. Mircea Popescu`s avatar
    4
    Mircea Popescu 
    Saturday, 5 October 2013

    That'd be quite difficult, seeing how nobody of any import ever seriously used the thing. Its structure is tailored for the bleating kind, its fundamental proposition "come be unique with all the rest of us". That's quite the opposite of how competence works.

  5. > nobody of any import ever seriously used the thing

    MP, here is a very educational exercise. Switch on a TOR exit node (ten minutes' work) and run 'ettercap' (or the like) there for a week or so. Prepare to be very surprised.

  6. Mircea Popescu`s avatar
    6
    Mircea Popescu 
    Saturday, 5 October 2013

    Actually this isn't such a bad idea, perhaps one of the bloggers perusing Trilema for his amusement & enlightenment will try that exercise. Not the worst way to go about establishing oneself.

  7. http://seekerblog.com/2006/01/31/the-murray-gell-mann-amnesia-effect/

  8. Pretending a secret communication tool developed by a US Gov. agency and offered "for free" to the world would protect one from snooping by US Gov. agency is utter nonsense. Like writing a paper pretending Microsoft has any trouble silent installing updates on internet connected PC's.

  9. Mircea Popescu`s avatar
    9
    Mircea Popescu 
    Saturday, 5 October 2013

    Certainly on the first part. Microsoft however... I'm not so sure. Half the time they have trouble installing updates even if the user is actively trying to do so.

  10. Kind of disappointed. I'm not interested in Schneier et al. (he finally managed to upgrade his key from DSA 1024, but still uses windoze - ?).

    In short,

    > That contrary to planted disinformation of which the Guardian article is a fine example, the NSA has complete and unlimited, instantaneous access to any and all information passed through the TOR network in its entirety, as a matter of course and by design.

    Evidence or GTFO, Mircea.
    (You'll do whatever you like but it doesn't have the same ring to it.)

    Do you propose they cracked DH key exchange, or own the vast majority of nodes, or have zerodays in core Tor codebase, or wtf? Or do you mean that all the people (e.g. me) who've met other people who run a considerable portion of the network are gobmint spies / talking bullshit (I suppose the latter is kind of reasonable)?

    I assume you know how onion routing works. I assume you know of previous mix(master, etc.) networks, of research that has gone into understanding lower-latency anonymity systems such as Tor, and all the very much ongoing research that people do in order to understand the limitations of Tor (see the Anonbib, in particular, one of the more interesting very recent papers, http://freehaven.net/anonbib/#ccs2013-usersrouted). I also assume you know of Tor's history (Roger Dingledine wrote Tor, got funding from NRL, people joined in (Nick Mathewson in particular), later on funding from EFF; majority of current Tor funding still comes from USG, which sucks balls indeed.) If not, if you haven't even gotten acquainted with this context, what the hell are you blabbering about, even?

  11. Apropos: note that user deanonymization over time is a very realistic threat. But that "instantaneous access to any and all information passed through the TOR network in its entirety, as a matter of course and by design" part - both the universal quantifiers as well as the "by design" do sound very far fetched to me. Could you point me to your research? (hint: "omg parallel construction of course they wont tell how they got to SR" / "look how much sense it would make" is not research, which you of course know. Hence my confusion in regards to your stance.)

  12. Mircea Popescu`s avatar
    12
    Mircea Popescu 
    Thursday, 17 October 2013

    Don't get too fired up by this. Let's start obliquely, considering a case much remote from our (or anyone else's) actual point of interest.

    A certain tard you may know of has the following to say recently :

    I'm a opensource coder (still here and giving tools for the people since 3+ years), and no money supported by friends around me. I'm not trying to get sympathy, but some people are under the mistaken assumption we (Intersango) were some kind of rich company.

    This is in fact a kid who's lived in poverty his entire life, and after blowing the one shot at getting out will doubtlessly spend the remainder of his life in poverty - it's one thing to be poor and without friends, it's another to be poor and with powerful enemies.

    Nevertheless, for that vanishingly short interval during which he was either factually or deludedly having a shot, he represented the "Bitcoin Consultancy" as an actual market leader, thought leader, serious business, rich company and what have you. Because "that's what's done", or so he perceives it. For that short half year or so in early 2012 I was still laughing at them, all of them, including Patrick "I accidentally emailed everyone everyone's address" Strateman, but I was the only one doing so (and people were saying "proof or GTFO, Mircea", of course).

    So now, to come to terms : I have no idea if you are a mole or not, and for that matter I have only a vague idea who you are. Nevertheless, you must admit that your skills in distinguishing whether those people talking to you actually are what they represent themselves or actually aren't what they represent themselves may be, at least in principle, lacking. For that matter, the one person that did in fact run a considerable portion of the network is currently in jail, under child porn charges. For that matter it was discovered only a month after the fact that his websites were being used.

    So basically... you know some people over the Internet. What's that worth, and why do you think it's worth anything ?

  13. Right, fair enough. Let's see now. I'm not entirely sure what to do with the red herring / a kind of association you're trying to draw, but that can be addressed later on.

    As you might agree, Russel's teapot is a great concept (burden of proof, striving not to shift it to other people, all that.) It's not much use debating any kind of argumentative illustration of you not having proved anything: it is simply not productive. It would be much more productive, honest (and I'd say, genuinely interesting)) if you actually tried to support your claims. Because there might be some support, and if you have any, please do share. Otherwise I'll resort to trying to understand technical research that's being done (even if NSA is doing x times that behind closed doors, and what have you not.) ;)

    Now. Are you seriously suggesting that because you predicted that the intersango dude is lame and would fail and everybody was trying to ask you to bear the burden of proof - that you will be right this time? Maybe yes; but that's so woo my head starts hurting. :( You are associating one kind event and, crucially, one kind of context with another. Are you sure they are comparable? Again, I'm not the one claiming things. (I guess I'm a sneaky bastard who has the easy way out?)

    > For that matter, the one person that did in fact run a considerable portion of the network is currently in jail

    See, things like this make me consider the idea that you don't really know how Tor works, which is crucial if you want to say its design was premeditated by someone with sinister goals. I mean, it's really considerably / much less secure than originally thought (though depends on whom you ask, etc etc), but you should at least get acquainted with its architecture and stuff, you know? Tor hidden services were added as an afterthought, and Tor is/was mostly about exit relays, not hidden services. (It's been iterated again and again by core devs that hidden services need more support and attention (https://blog.torproject.org/blog/hidden-services-need-some-love , etc.)) But no matter. Thing is, the *network* is composed of Tor relays. The majority of traffic is not hidden service traffic. The exit nodes bear a lot of the weight. The point is, when there's one or several servers (serving lots of different hidden services) like in the case of FH, it's still only those several servers in a large relay network. "Running considerable portion of the network" is simply incorrect (afaik). I'm sorry to be nitpicking, I'm simply kind of sad to think that everyone else will simply assume you are right when it might seem that you don't know how Tor works. I mean, it's their fault and everything, but still.

    (Re: end, I happen to have met core devs in person this summer - but you are right, this means absolutely nothing. Perhaps it's simply human nature - I've worked with my mentor there (also a core developer) over the summer, and I choose to claim to know him as a person; if I am mistaken and they're all in here for the long con, and doing all those personal consultations for people from Syria etc is just a guise - well then my cognitive abilities fail to the extent that I shouldn't be able to be trusted to carry out *any* kind of argument. Which is one avenue to take, for sure. In that sense, consider my impromptu response as expressing generic sadness, and my frustration with being naive. But I choose to maintain that the core people who wrote the first implementation of Tor were (i) smart enough not to get sidetracked / tricked by anyone; (ii) not evil (in whatever relevant sense.))

  14. Mircea Popescu`s avatar
    14
    Mircea Popescu 
    Thursday, 17 October 2013

    As you might agree, Russel’s teapot is a great concept

    If you're preoccupied by the entire procedural angle, I could point out that you're belabouring under a triple misapprehension.

    The first is that you would see this as some sort of scientific endeavour. This is completely wrong : we are not discussing science here, we are discussing business, and politics, and on occasion when I feel so inclined we maybe dabble in anthropology. Consequently, Russel's teapot may be as great a concept as cubic wheels, it has very little bearing.

    To better understand this, the standard of evidence for civil proceedings is "a preponderence of evidence", significantly weaker a standard than the "reasonable doubt" used in criminal proceedings, it in turn a significantly weaker standard than "scientific proof".

    And since we're on the topic, a tendency to represent circumstances that are squarely not scientific in scientific terms makes what you call a red herring quite germane to our discussion. The same sort of mild autism drives both.

    The second is that you seem to imagine yourself some sort of judge, or court, or otherwise empowered to solicit anything from me. This couldn't be more widely inappropriate, the relation that exists between us is strictly that I will say as much or as little as I feel like and you're absolutely welcome to like it just fine. You're not owed proof for anything, and taking into consideration that proof is generally speaking in business as well as in politics quite valuable, you're a strange man indeed to imagine simply asking as if you're owed other people's expensive shit.

    The third and last is that the burden of evidence always and in all circumstances solidly rests on he who makes the affirmative statement. If you wish to prove to me any particular one thing about TOR, such as for instance that it works in any one certain way, you're more than welcome to do so, and if I disagree it will be sufficient for me to point to one single example where this TOR thing didn't in fact work as you propose it works. This situation can never be reversed, and you can under no circumstances demand of me to prove that the broken cup is indeed broken, and how, and where's the missing pieces spread inside the shag. Go ahead, carry water with it.

    This aside, there's nothing wrong with you trying to understand technical research that's being done, just as long as you strongly hold on to two very important points. One, that security strictly depends on chain integrity, and if you have a very good and secure chain fifty links long that dangles at the top end you've still got nothing and the entire "understanding" effort has been as much masturbation. The other is the same thing, in the form of the point discussed above, about the autism and all that.

    Now. Are you seriously suggesting that because you predicted that the intersango dude

    In a word, yes. I am stating, quite seriously, that to the man that has a long list of correct predictions behind him, derpanon doth not come asking for proofs. We're not equals in this story, as much as that may conflict with what misguided teachers might have told you about how the world works. Like it or not I'm your elder, and you're stuck dealing with me as your elder, not as your equal.

    “Running considerable portion of the network” is simply incorrect (afaik)

    Where's your teapot now ? It's one thing to go about being all scientific and whatnot. It's another to go about imagining you're the judge and I'm the respondent, somehow, inexplicably. It's quite the motherfucking third to imagine that because you live in your own head the I in afaik is worth two shits. Who the fuck are you and how did you get the idea you get to think in the first place ?

    core devs

    On the anthropological side of things, it sometimes seems to me human society is veering dangerously close to this scavenger world cargo cult where poorly educated, intellectually destructured youths worship a complete rendition of the old nonsense.

    Do core devs wear special robes yet ?

    they’re all in here for the long con

    This is not what was said, this is what you have had in your head and so preferred to read. What was said was that the poorly educated, intelectually destructured youths of today don't have the mental werewithal to understand what's going on, at all. Something like a dork in an airport, holding on a bag because some chick in a low cut top told him to. Is he a narcoterrorist, in it for the money ? No, he's just a dork.

    doing all those personal consultations for people from Syria

    I think we may close on this note. How old are you ?

  15. Ok, good, I feel elated, tbh. :) But this is it, hopefully.

    > Russel’s teapot

    Fair enough, this is not an appropriate frame of mind. I think you understand where I'm coming from, though; but there's no way I can repel generic "onion routing doesn't work because the more general mechanism / state of affairs / x doesn't work /' is different from what you think it is." Why not reduce the blog to a simple "I'm awesome" masturbatorium in that case, though? :) (yes, I've a shitty sense of humour)

    Likewise, this is your blog and so on and you have no obligation, by the very definition of the type of venture that you do here. I'm sorry to have been rude (I was.)

    > This aside, there’s nothing wrong with you trying to understand technical research that’s being done, just as long as you strongly hold on to two very important points. One, that security strictly depends on chain integrity, and if you have a very good and secure chain fifty links long that dangles at the top end you’ve still got nothing and the entire “understanding” effort has been as much masturbation.

    A totally honest question: by "chain integrity", do you mean (a general type of) onion routing (of whatever sorts), or something more metaphorical? I'm genuinely curious, because if the former, it's not as if people are not thinking about it, either.

    > Like it or not I’m your elder, and you’re stuck dealing with me as your elder, not as your equal.

    Of course, OK. I simply expected something more concrete, as far as "I'm right" goes. But, I totally see what you mean. I'm delighted that you are responding, even.

    >> “Running considerable portion of the network” is simply incorrect (afaik)

    > Where’s your teapot now ?

    Bad wording on my side. Should have been: "as far as I recall the nomenclature/definitions of 'network' and so on." (See https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt ("1. System overview") and somewhat https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt , but I assume you're not actually interested to read anything more from me, so I won't ramble more. much.)

    > Do core devs wear special robes yet ?

    No, they write public research and open source code. It's a term. It has a reference, in the sense of an extension: I could point them out. They do stuff. I can follow their commits, when not completely destructured. It's a useful denotation. You're the one to presume here.

    > What was said was that the poorly educated, intelectually destructured youths of today don’t have the mental werewithal to understand what’s going on, at all. [...] I think we may close on this note. How old are you ?

    FWIW, I tried to do some sarcasm there, and failed. Also for statistics and fun, I'm 22 +/- 1 - and I do feel young - but the comments are so inviting! - here are a couple of pitchforks: Ψ Ψ

    Anyway, I'll go back to assuming that there isn't a genius in Romania who has figured out client deanonymization in real time, and hence back to my deranged state. Cheers!

  16. Mircea Popescu`s avatar
    16
    Mircea Popescu 
    Thursday, 17 October 2013

    Ha! If you think Trilema doesn't easily reduce to an I'm awesome masturbatorioum you've not been paying attention. It's a blog, you know ?

    A totally honest question: by “chain integrity”

    I mean a reference to the actual first rule of security. Consider cases :

    1. The door to the horse barn is solidly locked in place, by two Clapco D-29 deadbolts (the most impenetrable lock on the market today) and one chewed bit of licorice gum stuffed in the frame. The windows are well closed, this has been last checked half hour ago. The wall is without structural defect of any kind. The horses have long left.

    2. Alexandra has never left the house since six months ago when she married John except to go places with him or his mother. Therefore her child is John's.

    Security is in that sense quite alike science : you can't extrapolate fifty years of records BACK into time to then create a "dataset" which you use to extrapolate into the future. It just doesn't work that way.

    I assume you’re not actually interested to read anything more from me, so I won’t ramble more.

    I don't particularly mind, it's the OTHER thing that goes with the blog. For that matter, I find the fuckwits that start blogs to benefit from the earlier discussed advantages but then get indignant that the participants to the conversation don't fit better into the preselected audiences one'd see in a lecture hall quite amusingly deluded. You either control the message or the audience. If you start a blog and expect to wield the "because fuck you, that's why" stick at will you'd better be comfortable talking to absolutely anyone, and in terms comprehensible to them. If you're not either able or willing to do that it's time to drop the pretense and go phd.

    It has a reference, in the sense of an extension

    It also has, or moreover is developing a problem.

    I can appreciate the intellectual beauty and moral elegance of the published code part, you'll have to appreciate the practical difficulties of reading. Nobody reads.

    who has figured out client deanonymization

    If this was the concern we could have resolved it a lot sooner. I don't currently have code that can satisfy the implied test. I'm not trying to make it, either, this particular field is of marginal interest to me at the moment. This, of course, doesn't make Tor any less broken.

  17. анон`s avatar
    17
    анон 
    Friday, 18 October 2013

    I’m 22 +/- 1 - and I do feel young

    this nsa - anonymous thing is becoming some bad false-flag joke.

  18. анон the joke could be worse. I once saw a puppy David Freese to death.

    (Go Dodgers)

  19. Mircea Popescu`s avatar
    19
    Mircea Popescu 
    Thursday, 14 November 2013

    Time. Time cures all disagreements :

    asciilifeform http://cryptome.org/2013/10/nsa-tor-disinfo.htm
    mircea_popescu hahaha
    mircea_popescu man, i tell you, being right about things i know about, like business, when everyone who thinks themselves just as qualified was wrong, and it took months is one thing. i know business.
    mircea_popescu but being right about shit i don't know about, like this....
    asciilifeform told ya it was 'b-team'
    mircea_popescu it's a wholle different flute of champagne
    mircea_popescu so you did, so you did.

  1. [...] is the #1 threat you face. Appallingly coded pieces of crap made by mentally feeble dorks (such as Tor or Bitdaytrade) are defeated through technical means all the time, sure. Nevertheless, if you're [...]

  2. [...] write blogs on the topic of computer security. [↩]Most recently half hour ago. [↩]From Dear Guardian : stop being retarded : That contrary to planted disinformation of which the Guardian article is a fine example, the NSA [...]

  3. [...] article even includes an oblique reference to Schneier in footnote 3. [↩]Roughly a restatement of the well known Parkinson law of triviality. While it's true that [...]

  4. [...] is why prophecies are such an important tool in the faithster'si bag of tricks. Making good use of the difference between science and business discussed here recently a particularly competent (or particularly lucky) faithster might just as well convince a large [...]

  5. [...] is all about and all for adolescents with nary a clue of anything and a rather tenuous grasp of the few teapots they know about. It then becomes politically expedient to manipulate the userbase : if your definition of a thing [...]

  6. [...] Tor is a complex topic (not least because it is a honeypot, not a legitimate service). Perhaps best left aside herbijudlestoids I guess it will be hard for me to convince you Bitcoin [...]

  7. [...] guy did come out with a book recently, which doesn't really merit a mention by name but which The Guardianix and the rest of the establishment have been duly pushing. Perhaps it's the case that it's not the [...]

  8. [...] you glad you've been still using Tor, much after MP told you to gtfo, because whatever, you're just equal to MP except for those places where you know better, and [...]

  9. [...] your nudies on the iPad, it worked just for all those other retardedii chicks. ———theguardian.com, wsj.com, washingtonpost.com, forbes.com, cnet.com, bloomberg.com, businessweek.com, you name [...]

  10. [...] be told, Tor is not just a honeypot, run by the USG in the manner of crankbait. It's also the much larger pile of idiots flocking [...]

  11. [...] which nobody reads ; new media companies nobody cares about. But yes, it is a last gasp, and yes it is quite [...]

  12. [...] the secret for good #3 magic is leadership. If your god isn't awesome, nobody will be bothered to hear the droning story of his mediated [...]

  13. [...] designing a game so started a game publisher. IPO collected ~10k BTC. October 5th, 2013 : Published plain statements as to the true nature and actual function of the Tor network - dismissed at the time by the more [...]

  14. [...] wallets, "trade" "Bitcoins" on Bitfinex, answer "legitimate" KYC questions, pay your taxes, read the newspaper, and dream about how you're still going to get to participate in the future. Someone's going to [...]

  15. [...] selves. Anyway, I told the guy in no uncertain terms what exactly are the odds of me ever running NSA's alt-Tor, which yielded the funniest bit in the entire exchange yet : Dragan Slatjovic // Staff Thanks for [...]

  16. [...] the cables ? They were going to do the usual "sit on the goodies and work them over with the Guardian" routine they do, except an "unknown" Romanian blogger decided to publish a subsection. Sixteen [...]

  17. [...] at any point, if not everyone was equally public about the matter. The workings of media, be it "mainstream" or "social" or otherwise as propaganda instruments devoid of other utility or value shouldn't, for [...]

  18. [...] and in the same way, and for the same exact reasons, and to the same degree. Not just this, or that, but everything you ever had, everything your forefathers ever left you, as well as the possibility [...]

  19. [...] Tor/onion/the rest of the crap, for another instance - you can't read what was said unless you're the NSA or any of the other guys spying on Tor traffic as a matter of course. There's always some gimmick [...]

  20. [...] to make him respectableiii, but we also don't happen to give much of a shit about all that -- it's tor after all, for the love of [...]

  21. [...] Assange wanted to leak to the NYT, Der Spiegel, and the Guardian. However, he wanted the NYTto publish first to avoid the U.S. charge that he was leaking info to [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.