[Solar-general] Why I Don't Use Tor

Mie Ene 12 14:56:34 CET 2011

On Wednesday 12 January 2011 10:00:57 Nicolás Reynolds wrote:
> Me parece que derrapó un poco al final, pero no deja de ser interesante.
>
> ------
> http://sheddingbikes.com/posts/1293530004.html
>
> Shedding Bikes: Programming Culture And Philosophy
>
> Shedding Bikes
>
> What do you think? [1]post en sheddingbikes.com
>
> By Zed A. Shaw
>
> Why I Don't Use Tor
>
> I have this hypothetical question I've been using periodically to talk
> about the relevance of ad hominem in evaluating software:
>
> What if Hitler gave you a cheese sandwich?
>
> It's a pretty simple question. Imagine you're sitting there and, yeah,
> Hitler is eating across the table from you. He's got a cheese sandwich and
> he hands it to you. "Hey, want my grilled cheese?"
>
> Most normal folks would turn him down, politely most likely but they'd
> definitely not eat a sandwich from a guy who used to slowly increase his
> doses of arsenic. But also, you're probably thinking, "No way, this guy's
> an insane mass murderer, I'm not eating that damn sandwich."
>
> Ok, change this up some more, what if you were walking by and there was a
> box labeled "Cheese Sandwich" and right under that is a Nazi Swastika. You
> gonna eat it? No Hitler involved, just a box with a cheese sandwich on it
> sitting there looking like you can eat it if you want?
>
> Sure, you might open it, look at it, maybe sniff it, but most normal people
> won't eat it. Why? Because that Swastika has suddenly got you thinking
> about the /history/ of this sandwich. Why is that on there? Where did this
> thing come from? Is it poisoned?
>
> Let's go one step further, and say you just find a random sandwich in a
> clear plastic bag on a table. Nobody's around, and you're kind of hungry.
> You going to eat it? Again, most normal people who can buy a sandwich won't
> eat it. It's just laying there. Who knows how long it's been there or what
> the hell's been done to it.
>
> Instinctively, humans have this sense of avoiding things that will poison
> them,

sólo un detalle, para el psicoanálisis no hay instinto, sino pulsión:

http://es.wikipedia.org/wiki/Pulsion

(aunque está en discusión... había un autor que explicaba por qué los humanos 
no tenemos instintos, y lo hacía con una araña... no recuerdo quién era...)

> and that involves using their memories, sense of history, and ability 
> to think ahead to predict what could happen. This is how we're able to
> figure out how to eat a huge range of stuff no other species has figured
> out. We use this finely honed sense of "that food will poison you" to avoid
> getting sick and to find food that will keep us fed.
>

parece más una actitud basada en la experiencia que en algo innato (instinto), 
pero...

> Programmers and other "logical" types seem to lose this ability when it
> comes to information. They'll frequently get /information poisoned/ with
> stupid ideas because they think the motivations and history of the person
> telling them something doesn't matter. They remove the context of the words
> and evaluate only what's said and nothing else, and then believe the most
> absurd stuff ever.
>
> This belief that any look at a speaker's motivations is "ad hominem" leads
> many smart people to believe the incredibly stupid things.
>
> Everything Has Already Been Said
>
> The reason evaluating a person's motivations matters these days is because
> there's been a massive increase in the amount of information created and
> stored over the last 500 or so years. Basically, a whole hell of a lot has
> already been said by someone else at some point. In fact, most ideas are so
> horribly unoriginal that the only thing you really have to go on when
> evaluating them is why someone could be telling you this.
>
> Let's say I tell you that my software is "language agnostic". Well, that's
> been done before in other ways, so you have to look at why I might be
> telling you that. The idea itself isn't original or that useful, but if I
> then tell you, "because I want people to be able to use the best tool and
> not get caught up in language wars," then you can evaluate the statement
> better.
>
> However, if I tell you don't look at my motivations, or where I'm coming
> from, or what I used to do, and claiming "ad hominem!" then I'm most likely
> trying to trick. An honest person has no problem with you looking past the
> words to the motivation. Dishonest people will try to bluff so you don't
> look too closely.
>
> If more technologists did this kind of critical thinking, then it'd be
> harder to get them to use potentially dangerous or crap technology. If they
> accepted that most everything has been said or tried already, then they can
> use motivations and historical context to figure out why things might be
> different. They can also use it to call bullshit or question why things are
> the way they are.
>
> The Sordid Past And Present Of Tor
>
> Tor by itself, without knowing its history, seems like a great idea. You
> point your browser at it and suddenly you can view web pages without people
> knowing that it's actually you. Great right?
>
> The p roblem is that Tor's pedigree is less than stellar. First, it was
> originally a [2]US Navy project then released to various "hackers" (a word
> which in a lot of ways is just synonymous with "NSA collaborator" or at
> least a wannabe). Whether the source code started there or just the idea,
> you /have/ to ask why the hell the Navy would work on this and then release
> it.
>

no lo sabía :S

> The Navy of course gave some hand-wavy answer of wanting to use it, but the
> Navy just doesn't do something like this without another reason. Who knows
> what it is, but I this makes my spidey sense go off.
>
> That's the first strike against Tor, but let's look at more reasons to not
> use Tor. How about the research that showed [3]how easy it is to break in
> various ways. Those might be fixable, so how about that there can be
> [4]super nodes that with just a small sample of traffic can figure out a
> lot of content?
>
> Alright, maybe that can be fixed, but then you read about [5]a semi-secret
> volunteer group collecting data from 12 ISPs and handing it to the
> government. This Project Vigilant apparently has 600-1500 volunteers who
> are all hackers collecting and analyzing data and handing it straight to
> the government without user consent. Project Vigilant also claims it:
>
> tracks more than 250 million IP addresses a day and can âEURoedevelop
> portfolios on any name, screen name or IP address.âEUR
>

desastre

> Holy crap, that's a lot of traffic analysis. Given how small the "hacker"
> community is, that's also a gigantic percentage of hackers and security
> experts on the volunteer payroll of a group who's job is to illegally
> wiretap people and circumvent the law on behalf of the government.
>
> I don't have to remind you abou the panic over [6]the OpenBSD and NETSEC
> accusations. What about the various entries to the [7]Underhanded C. The
> truth is, if a large group of determined and patriotic hackers want to
> infiltrate and inject seemingly innocent maliciousness into code they
> definitely can. With 600+ potential recruits, they definitely are.
>
> Conflict Of Interest
>
> But all of this is just unsubstantiated and could be hypothetical, what
> actually worries me is [8]Jacob Appelbaum works on Tor and works for
> Wikileaks. This to me is the /Hitler Grilled Cheese/ of the argument, the
> historical context that drives me away from Tor. Wikileak's job is to take
> people's secrets and show them and who's hiding them to the world. Tor's
> job is to do the inverse. The two project's goals don't align, and having
> one dude do both gives me the willies.
>
> You see, if it is fairly probable that there are multiple attacks against
> Tor, that there is a group actively trying to collect enough data to make
> Tor pointless, a group with enough people to infiltrate the Tor project,
> and then Jacob is working for Wikileaks and Tor, then there's too much
> going on for me to trust jack and/or squat. Jacob's affiliation with
> Wikileaks has made Tor a target big time, in addition to the obvious
> conflict of interest.
>
> For me--and this is /not/ an accusation against Jacob--the chance that
> someone on the Tor project is in cahoots with someone else is too high.
> It's either the government, this Project Vigilant, or Wikileaks, and who
> knows what. When claims surfaced that Wikileaks got its initial set of
> magically appearing documents from Tor, I wasn't surprised. Having Jacob
> claim otherwise doesn't help at all, and I still won't believe this didn't
> happen until possibly decades later when whatever really happens is
> declassified.
>
> Finally, I will go on record right now saying Wikileaks rocks. I think
> there needs to be more of this, and actually I think the world will benefit
> more from more international coverage and more corporate leaks. But, if
> anyone from Wikileaks tries to work with me or on any project I'm on you
> bet your ass I'm not trusting them one bit.
>
> Never trust a traitor, no matter how noble their intentions.
>
> P.S. I have a long bet that SELinux is an NSA backdoor. Any takers?
>
>
>  References:
>    1. mailto:post en sheddingbikes.com
>    2. http://www.onion-router.net/
>    3.
> http://docs.google.com/viewer?url=http://www.csnc.ch/misc/files/publication
>s/the_onion_router_v1.1.pdf&amp;pli=1 4.
> http://archives.seul.org/or/talk/Apr-2007/msg00039.html
>    5.
> http://blogs.forbes.com/firewall/2010/08/01/stealthy-government-contractor-
>monitors-u-s-internet-providers-says-it-employed-wikileaks-informant/ 6.
> http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-bac
>kdoor-in-openbsd-ipsec-stack.ars 7. http://underhanded.xcott.com/
>    8. http://en.wikipedia.org/wiki/Jacob_Appelbaum