Comment by jstanley
Comment by jstanley a year ago
The best attack against Tor is convincing people not to use it.
If anyone tries to convince you Tor is not safe, ask yourself: cui bono?
Comment by jstanley a year ago
The best attack against Tor is convincing people not to use it.
If anyone tries to convince you Tor is not safe, ask yourself: cui bono?
Wonder what has replaced “Xkeyscore” given the wide adoption of TLS. I know ISPs, especially national ISPs like AT&T (see: titanpointe - 33 thomas st, nyc) would feed data to NSA since traffic at the time was mostly via http (rather than https). I suppose the unencrypted dns queries are still useful (although DNSSEC is supposed to defend against snooping/deep packet inspection)
>Wonder what has replaced “Xkeyscore” given the wide adoption of TLS.
Cloudflare is a US-based company that does MITM attacks on all traffic of the websites that it protects. It's part of how their DDoS mitigation works.
Many people still use large US-based mail providers such as Outlook or Gmail.
Many large services use AWS, GCP or Azure. Perhaps there are ways for the NSA to access customers' virtual storage or MITM attack traffic between app backends and the load balancer where TLS is not used.
It is MITM, but is it an attack? Literally the website owner hires Cloudflare explicity to decrypt and filter the traffic. Attack implies that it's unwanted behavior, yet the reality seems to imply that its wanted behavior by the site owner at a minimum, although continued use of the site by visitors also suggests that they want that behavior (or they'd go elsewhere).
Isn’t the attack assuming that NSA/FBI/TLO has full access to the MITM connection at will? I mean that doesn’t seem too far fetched does it give various revelations over the years and things like The Patriot Act actually passing when it’s obviously unconstitutional
Load Balancing && WAF or CDN enablement usually suggests at least a decrypt step or two in the HTTP(s) chain. WAF for layer7 payload inspection, or the default wildcard cert'ing your Cloudflare site for instance.
There's also significant aggregation of traffic at handfuls of service providers amongst service categories, all generally HTTP(s) type services too ... Mail, CDN, Video, Voice, Chat, Social, etc. Each of these are still likely to employ Load Balancing & WAF.
Most WAF/Load Balancing providers have documentation about when/where to perform decrypt in your architecture.
How many Cloudflare sites are just using the Cloudflare wildcard cert?
From there, plenty of 3 letter agency space to start whiteboarding how they might continue to evolve their attack chain.
Often the connection between the load balancer and app backend also uses TLS. I've operated a large / complex service on AWS and all internal communications at each level were encrypted.
Of course, in principle, a cloud provider could tap in anywhere you're using their services – ELB (load balancer), S3, etc. I presume they could even provide backdoors into EC2 instances if they were willing to take the reputational risk. But even if you assume the NSA or whoever is able to tap into internal network links within a data center, that alone wouldn't necessarily accomplish much (depending on the target).
Worse is how most email providers require SMS confirmation or a secondary email.
A lot of pages are now behind CF, hosted on AWS,... It would surprise me if these providers didn't share their data with the 3-letter agencies.
I'd argue any data center of cloudflare is just as valuable to fiber tap, just like the undersea fiber cables.
DNSSEC is an authentication mechanism. It does not encrypt queries or responses.
You might be thinking of DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT).
There's also DNSCurve.
DoH and DNSSEC don't use ECH (encrypted client hello)
From what I remember, only DoT uses ECH
https://media.ccc.de/v/chaoscolloquium-1-dns-privacy-securit...
ECH can be used regardless of DoT, DoH, dnscrypt, or plain as long as your resolver passes HTTPS queries.
You can easily test this: dig @8.8.8.8 https pq.cloudflareresearch.com
Lots of juicy Internet protocols are still running in cleartext. OCSP, for example, and DNS, as you noted. And the IP-level metadata of TLS connections is still enough to uniquely identify which entities are communicating with each other in many situations. I very much doubt XKeyscore has been retired.
>> Wonder what has replaced “Xkeyscore” given the wide adoption of TLS.
A nationwide invisible firewall, with man in the middle decryption and permanent storage of all unencrypted data. All run by the major backbones and ISPs.
> If anyone tries to convince you Tor is not safe, ask yourself: cui bono?
It could be for insidious reasons, or because the speaker legitimately believes it. "If anyone tries to convince you you shouldn't use Rot13 as an encryption scheme, ask yourself- cui bono?" Silly example, but the point is, just about *everything* could be explained equally by either evil lies or honest warnings.
Same was true of Truecrypt.
After the core team disbanded there was a full security audit which uncovered some very minor issues.
People never really trusted Veracrypt though. Quite interesting how that turned out.
IIRC there were a lot more options by the time of the Truecrypt-Veracrypt shift. Truecrypt was around when drive encryption was otherwise an expensive enterprise software thing, but I think Bitlocker was included with Pro versions of Windows by the time of Veracrypt so that probably became the easiest free option - and probably with better compatibility as well.
this presumes that anyone would trust bitlocker.
Being able to sniff a key as it transits a local bus is a very different kind of compromise of "trust" than believing that something is preemptively backdoored by a threat actor. It is deeply mysterious that Microsoft don't simply use TPM encrypted sessions to prevent this, though.
IIRC the Home editions of Windows now do have drive encryption at least if signed into with a Microsoft account, but they have almost no features for managing that encryption beyond turning it off or getting the recovery key from the MS account.
At the time I was talking about, Bitlocker drive encryption on Windows 7 required either Enterprise or Ultimate, and for a 2-5 person office with no domain and a couple laptops they wanted encrypted outside the office Truecrypt was a perfectly viable option.
Bitlocker, LUKS and FileVault are the new standard(s).
Veracrypt is a curiousity, not beloved the way truecrypt was.
I’d love to see hard numbers for this, just my outside impression.
In fact, when trying to find old forums that I was part of during that era, I failed; and found only this: https://discuss.privacyguides.net/t/why-people-still-believe...
"Unsafe" is not enough data.
Safer or unsafer than ISP or VPN, is the question.
(I presume safe means private here)
Especially “the solution to an unsafe Tor is more Tor!” it feels like I’m at a charity drive.
How does that work technically, if I am connecting with SSL?
The only thing I see is seeing which IP addresses are using Tor, when, and how much traffic exchanged, but mostly it will be a bunch of reused residential IPs? If you know who you are looking for anyway better to work with their ISP?
With the exit nodes, you know which IP addresses are being looked up. You might get an exit node IP when investigating a crime say. Raid that person, but can you find anything more?
This isn't an argument, but a question.
In that case we're talking at cross-purposes, so I'll reserve judgment.
I'm concerned with what let's call Gorhill's Web-- that is, the experience glued together by gorhill's Ublock Origin that is viewed by the vast majority of HN commenters on a day to day basis.
What you're describing is the Web-based Wasteland that is experienced by the vast majority of non-technical users who view the web without an ad blocker.
Encouraging Wasteland users to use TBB may well be an overall improvement for them. But there are more and more popular parts of the web that are practically unusable without an ad blocker-- e.g., fake download buttons, myriad other ad-based shenanigans, multiple ads squeezed into short pieces youtube content that ruins the music, etc. And there's an older segment of the population who at I cannot in good conscience move away from Gorhill's Web.
If Tor uptake somehow spikes to the point that some services can no longer get away with discriminating against exit nodes, then great! But in the meantime, I and many others have solid reasons for encouraging more and more Ublock Origin use among a wide variety of users.
And as you point out, there are technical reasons why the ad blocker lists are at odds with TBB design goals. Thus, I find the top poster's "cui bono" comment low effort and unhelpful.
Edit: clarification
I don’t think it’s true that the vast majority of HN users use ad blockers. I don’t, and I don’t find the web “practically unusable”.
> cui bono?
You look for the person who will benefit, and uhh...uhh you know, uhh, you know, you'll uhh, uhh. Well, you know what I'm trying to say.
- VI Lenin
Society benefits when people refrain from illegal and immoral activities.
Politicians and the powers-that-be benefit from slowly adding to the existing pile of what's considered illegal and immoral. They build that pile as a levee against threats to their power; to maintain the status quo.
Immoral is as subjective as it gets and is therefore an awful yardstick.
I would assume very likely yes?
There definitely are legit use cases for it and in an ideal world, I think all traffic should go over onion routing by default to protect them.
But in reality today besides a handful of idealists (like me some years ago), and legitimate users, like protestors under oppressive regimes - I would assume the biggest group with a concrete interest to hide would be indeed pedophiles and other dark net members and therefore use it.
I'm pretty sure many people use Tor for other things than journalism and CP.
Tor is a privacy tool. Much of what we do in our lives is on the internet, and privacy is important. Tor helps people enjoy privacy in a medium that they are increasingly dependant on.
I have no idea who is using Tor other than that I heard it can be used by people requiring privacy from governments, e.g. whistleblowers. It also seems to have broad support from the tech industry so I'd be surprised if it was in fact primarily used for illegal or "immoral" purposes. That's why I'm asking.
did your search button break? lmgtfy
https://www.urbandictionary.com/define.php?term=scare+quotes
this is a helpful answer, downvoting it would be extremely bad form
After the Snowden revelations regarding FOXACID and QUANTUM going largely undressed in the tor project, people have every right to feel sketched out with using ToR for anything. "We're still helping people" just isn't a good enough argument for most people.
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_a... https://blog.torproject.org/yes-we-know-about-guardian-artic...