<div class="gmail_quote"><font class="Apple-style-span" face="verdana, sans-serif"><br></font><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><font size="2"><font face="verdana,sans-serif">Wow, you can't trace TOR users? Guess you're not as cool as HD Moore:</font></font><div>
<font size="2"><font face="verdana,sans-serif"><br></font></font></div><font face="verdana, sans-serif"><a href="http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114" target="_blank">http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114</a></font><div>
<font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif"><a href="http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114" target="_blank"></a><a href="http://digg.com/news/technology/HD_Moore_cracks_TOR" target="_blank">http://digg.com/news/technology/HD_Moore_cracks_TOR</a></font></div>
<div><font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif"><a href="http://digg.com/news/technology/HD_Moore_cracks_TOR" target="_blank"></a>As for the rest. Do I take you at your word for it? No. Do I beleive you? Sure. Those are actually mutually exclusive, unless you're gullible. </font></div>
<div><font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif">I don't intend to write on this topic again. I really don't care to fight for "internet anonymity" because in reality, it's a flawed and noble idea and doesn't impact me. I really don't think it's important at all, except maybe for Pedos, Criminals or people just obsessively fascinated with encryption and privacy. I've noticed a lot of people so very obsessed with privacy as to miss the point of security and also enable criminal actions. That's sad. Maybe I'm a prick or maybe you're an idealist but at this point that doesn't matter either. Exploiting TOR to ID a particular user is possible (given certain circumstances, especially if it's habitual use I'd hazard to guess). The average user that's using TOR and nothing else could probably be ID'd so it's not a stretch to say "tor users can be ID'd". Does it matter if it exploits what you use with TOR? I personally don't think so. I suppose PGP is still secure too, right? lol</font></div>
<div><br></div><div><font face="verdana, sans-serif"></font><a href="http://blog.crackpassword.com/tag/gpu-acceleration/" target="_blank">http://blog.crackpassword.com/tag/gpu-acceleration/</a></div><div><br></div>
<div><a href="http://blog.crackpassword.com/tag/gpu-acceleration/" target="_blank"></a>GL</div><div><br></div><div>HF</div><div><br></div><div>Don't flame. :)</div><div><div><div class="im"><font size="2"><font face="verdana,sans-serif"><a href="http://www.securityfocus.com/news/11447?ref=rss" target="_blank"></a><br clear="all">
</font></font>The information transmitted in this communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, retransmission, dissemination, copying or other use of, or taking of any action in reliance upon, this information, or any part thereof, by persons or entities other than the intended recipient, is strictly prohibited and may be unlawful. If you received this in error, please contact the sender immediately and delete and destroy this communication and all copies thereof, including all attachments.<br>
<br><br></div><div><div></div><div class="h5"><div class="gmail_quote">On Tue, Sep 28, 2010 at 2:19 AM, Jacob Appelbaum <span dir="ltr"><<a href="mailto:jacob@appelbaum.net" target="_blank">jacob@appelbaum.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On 09/27/2010 11:04 PM, Thomas Stowe wrote:<br>
> Wow, the only assertion I made was that TOR is compromised and you basically<br>
> just told everyone to completely ignore what I've said.<br>
<br>
</div>What do you base your assertion on? It sounds like FUD to me and so<br>
based on that alone, yeah, I'd suggest people not listen to you on this<br>
topic.<br>
<div><br>
> Look, I know you're<br>
> passionate about TOR and that's great - you guys made a really cool suite of<br>
> software but don't take this wrong when I say this because I don't mean it<br>
> as a personal slight. You're naive. You think that it's okay to run an exit<br>
> node and it's wrong to push people in the direction not to run exit nodes,<br>
> even in the case that they will have their computers taken and have charges<br>
> pending against them and be forced to spend money out of pocket to promote<br>
> anonymity. That's a dream that we all have - no consequences.<br>
<br>
</div>People can configure their Tor relay in accordance with their risk<br>
tolerance. I think that legally, it's pretty safe to run a Tor relay in<br>
the USA. I've consulted with lawyers for many years on the topic, I've<br>
spent nearly eight years of my life on the EFF legal couch. I think that<br>
while I'm not a lawyer, I'm comfortable with the legal risks presented.<br>
The DMCA actually has one good thing in it and it provides a kind of<br>
safe harbor for network operators. Read the page on this directory<br>
authority as an example:<br>
<a href="http://rgnx.net:443/" target="_blank">http://rgnx.net:443/</a><br>
<br>
Also read this:<br>
<div><a href="http://www.torproject.org/eff/tor-legal-faq.html.en" target="_blank">http://www.torproject.org/eff/tor-legal-faq.html.en</a><br>
<br>
</div><div>> The reality is<br>
> that things do happen to people and I don't really care if the guy from<br>
> Germany became a developer for TOR after he had gone through hell with the<br>
> law. The relevant fact is, he did go through hell with the law and everyone<br>
> sane looking out for their own survival should consider that not running an<br>
> exit node would be and is a good decision. It's stupid to endanger yourself<br>
> for a cause that's dead before it's gotten off the ground. Personally, I'm<br>
> not going to a privacy-martyr and I don't think anyone else should ever<br>
> consider it.<br>
<br>
</div>Way to fight for what you believe in!<br>
<div><br>
> Are you saying that with the TOR code not being compromised<br>
> that it equates to saftey?<br>
<br>
</div>For certain values of safety? Sure.<br>
<br>
This is a good overview:<br>
<a href="https://www.torproject.org/overview.html.en#whyweneedtor" target="_blank">https://www.torproject.org/overview.html.en#whyweneedtor</a><br>
<div><br>
> Can't TOR developers find users causing problems<br>
> or<br>
<br>
</div>No. That's the entire point. We cannot trace users.<br>
<div><br>
> possibly a law enforcement exit-node honeypot set up to be used to catch<br>
> users causing problems?<br>
<br>
</div>If you sniff an exit node, you're not able to trace it back to the user<br>
who initiated the connection - that's the entire point of an anonymity<br>
system. It's not an empty promise, it's a design of the system itself.<br>
<div><br>
> With encryption export laws, current attitudes of<br>
> law and requests made to companies and groups dealing in security by<br>
> governments, are we wrong to hold the TOR network suspect because we don't<br>
> understand or haven't looked at the source code?<br>
<br>
</div>Yeah, you're wrong for the reasons above and because you haven't looked<br>
at how the system works *even a little bit* before making wild<br>
statements that are absolutely false.<br>
<div><br>
> I believe your statement<br>
> regarding that there is no backdoor but I still won't take your word for it<br>
> and I honestly don't have the time to look over the code or search for<br>
> novel, new exploits that have yet to be found that would reveal TOR users'<br>
> identities.<br>
<br>
</div>What? You just contradicted yourself a few times there.<br>
<div><br>
> I didn't state that there is one, I said that there I don't<br>
> trust it and there might possibly be one. That's an opinion, logically based<br>
> upon other events that are ongoing in global use of the Internet and<br>
> technologies. <sarcasm on> But you're right, "TOR anonymity" is more<br>
> important than my possible legal fees or spending a week in jail until it's<br>
> figured out that it wasn't me accessing whatever it was that I could be<br>
> arrested for. <sarcasm off>. But then again because you refuted me by<br>
> stating that everything I stated was bullshit and of course you proved your<br>
> point by stating you're a TOR dev so you must be right by way of having<br>
> authority on the subject. I don't find you to be objective in your<br>
> criticism, but "that's only my opinion" based upon you being a dev and how<br>
> passionate you seem to be. If I was going to make a claim like "it's<br>
> backdoored", I would've posted code to back it up and not speculated based<br>
> upon many other things in the world. It's not as if our government were<br>
> capable on spying on all of us if they wanted in many ways, is it? :P I'd<br>
> say my statements are correct, sane and hold the best interest of TOR users<br>
> who might run an exit node first and the EFF and their "campaign for<br>
> privacy" second but really showed that I care for both.<br>
><br>
<br>
</div>What the hell happened to Noisebridge? Are you kids huffing NO2 again<br>
near the keyboards?<br>
<div><br>
><br>
> I sometimes wonder if people think that poking fun at my signature or<br>
> stating that it's idiotic means a damned thing beyond that they were pretty<br>
> much mentally masturbating to the fact that they could insult the fact that<br>
> I have it in my e-mails. Glad I could help you get off. It's not so much an<br>
> ice-breaker to me as one might think as it is a tell of where your mind is<br>
> and where you come from that you'd waste energy and time on it.<br>
><br>
<br>
</div>Wowza; you're a real prick. I wonder if you will even try to understand<br>
the things I've linked for you in this "discussion" - it sure feels like<br>
a waste of time.<br>
<div><div></div><div><br>
All the best,<br>
Jake<br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net" target="_blank">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br>