[Noisebridge-discuss] oh sysadmins of noisebridge, i have a question for ye

Jacob Appelbaum jacob at appelbaum.net
Fri Jun 26 21:29:55 UTC 2009 

Christie Dudley wrote:
> I've heard some discussion and rumors on this and I find some of the things
> I'm hearing.  Some of these include:
> - Tor has become compromised (!)

Oh? Curious! I'm interested to know how and by whom. Tor is designed to
resist many different kinds of compromises. We have multiple client
implementations from different groups, servers are run by different
parties (and not by the Tor project itself) and so on.

> - People are being advised to set up secure proxies all using the same key

It's probably obvious that this is a disaster. Can you show me who's
doing that? I'm more than happy to be the voice of reason.

It's not really possible to do this with Tor and so it's probably some
kind of SSL proxy thing, right?

> - Many strange things about what (all) you need to do to remain safe
> 

Yes, most of strange things being advocated are total nonsense. Is there
anything in particular worth ripping apart?

> It concerns me that the proxy people may be dismissing other solutions due
> to the large amount of press they have enjoyed from the outset and would
> seek to maintain that sense of importance.  It would be tragic if that press
> turned ugly because of their inexperience.
> 

It seems to me that this is the case. I can't speak for everyone
involved but from what I've seen, it's pretty lame (and dangerous,
stupid, naive, etc) to encourage people to skip encryption as a first
step towards access.

If I was not in Brazil, I'd probably be meeting with people locally to
advocate some serious change. Perhaps someone can do this in my absence?
Or perhaps when I return on Monday, we can have a meet up to talk about
circumvention (with and without Tor) for helping people in Iran?

As a side note:
I actually have access to systems in Iran. Most of the people advocating
such things _do not_ have any such systems. They largely rely on rumors
and have very little technical background in circumvention. Their advice
is probably really well intentioned but it can be and is often wrong.
Additionally, it can be very narrow - one perspective of Iran's internet
is not the entire view.

Best,
Jake

More information about the Noisebridge-discuss mailing list