[Solar-general] Why I Don't Use Tor

Pablo Manuel Rizzo info en pablorizzo.com
Mie Ene 12 15:10:07 CET 2011


jaja! Muy bueno :-)

Nico, ya hablamos en privado varias veces de por qué no le doy
demasiada bolilla a las medidas de seguridad y la encriptación en
internet, prefiero confiar mi 'seguridad' en estar preparado para que
todo lo que envío a internet eventualmente sea publicado, aun contra
mi voluntad.
No recuerdo si ya envié esto a esta lista:

http://imgs.xkcd.com/comics/wikileaks.png

Decir siempre la verdad (la propia percepción al menos) con sinceridad
es necesario, aunque no suficiente.



2011/1/12 Nicolás Reynolds <fauno en kiwwwi.com.ar>:
>
> Me parece que derrapó un poco al final, pero no deja de ser interesante.
>
> ------
> http://sheddingbikes.com/posts/1293530004.html
>
> Shedding Bikes: Programming Culture And Philosophy
>
> Shedding Bikes
>
> What do you think? [1]post en sheddingbikes.com
>
> By Zed A. Shaw
>
> Why I Don't Use Tor
>
> I have this hypothetical question I've been using periodically to talk about
> the relevance of ad hominem in evaluating software:
>
> What if Hitler gave you a cheese sandwich?
>
> It's a pretty simple question. Imagine you're sitting there and, yeah,
> Hitler is eating across the table from you. He's got a cheese sandwich and
> he hands it to you. "Hey, want my grilled cheese?"
>
> Most normal folks would turn him down, politely most likely but they'd
> definitely not eat a sandwich from a guy who used to slowly increase his
> doses of arsenic. But also, you're probably thinking, "No way, this guy's an
> insane mass murderer, I'm not eating that damn sandwich."
>
> Ok, change this up some more, what if you were walking by and there was a
> box labeled "Cheese Sandwich" and right under that is a Nazi Swastika. You
> gonna eat it? No Hitler involved, just a box with a cheese sandwich on it
> sitting there looking like you can eat it if you want?
>
> Sure, you might open it, look at it, maybe sniff it, but most normal people
> won't eat it. Why? Because that Swastika has suddenly got you thinking about
> the /history/ of this sandwich. Why is that on there? Where did this thing
> come from? Is it poisoned?
>
> Let's go one step further, and say you just find a random sandwich in a
> clear plastic bag on a table. Nobody's around, and you're kind of hungry.
> You going to eat it? Again, most normal people who can buy a sandwich won't
> eat it. It's just laying there. Who knows how long it's been there or what
> the hell's been done to it.
>
> Instinctively, humans have this sense of avoiding things that will poison
> them, and that involves using their memories, sense of history, and ability
> to think ahead to predict what could happen. This is how we're able to
> figure out how to eat a huge range of stuff no other species has figured
> out. We use this finely honed sense of "that food will poison you" to avoid
> getting sick and to find food that will keep us fed.
>
> Programmers and other "logical" types seem to lose this ability when it
> comes to information. They'll frequently get /information poisoned/ with
> stupid ideas because they think the motivations and history of the person
> telling them something doesn't matter. They remove the context of the words
> and evaluate only what's said and nothing else, and then believe the most
> absurd stuff ever.
>
> This belief that any look at a speaker's motivations is "ad hominem" leads
> many smart people to believe the incredibly stupid things.
>
> Everything Has Already Been Said
>
> The reason evaluating a person's motivations matters these days is because
> there's been a massive increase in the amount of information created and
> stored over the last 500 or so years. Basically, a whole hell of a lot has
> already been said by someone else at some point. In fact, most ideas are so
> horribly unoriginal that the only thing you really have to go on when
> evaluating them is why someone could be telling you this.
>
> Let's say I tell you that my software is "language agnostic". Well, that's
> been done before in other ways, so you have to look at why I might be
> telling you that. The idea itself isn't original or that useful, but if I
> then tell you, "because I want people to be able to use the best tool and
> not get caught up in language wars," then you can evaluate the statement
> better.
>
> However, if I tell you don't look at my motivations, or where I'm coming
> from, or what I used to do, and claiming "ad hominem!" then I'm most likely
> trying to trick. An honest person has no problem with you looking past the
> words to the motivation. Dishonest people will try to bluff so you don't
> look too closely.
>
> If more technologists did this kind of critical thinking, then it'd be
> harder to get them to use potentially dangerous or crap technology. If they
> accepted that most everything has been said or tried already, then they can
> use motivations and historical context to figure out why things might be
> different. They can also use it to call bullshit or question why things are
> the way they are.
>
> The Sordid Past And Present Of Tor
>
> Tor by itself, without knowing its history, seems like a great idea. You
> point your browser at it and suddenly you can view web pages without people
> knowing that it's actually you. Great right?
>
> The problem is that Tor's pedigree is less than stellar. First, it was
> originally a [2]US Navy project then released to various "hackers" (a word
> which in a lot of ways is just synonymous with "NSA collaborator" or at
> least a wannabe). Whether the source code started there or just the idea,
> you /have/ to ask why the hell the Navy would work on this and then release
> it.
>
> The Navy of course gave some hand-wavy answer of wanting to use it, but the
> Navy just doesn't do something like this without another reason. Who knows
> what it is, but I this makes my spidey sense go off.
>
> That's the first strike against Tor, but let's look at more reasons to not
> use Tor. How about the research that showed [3]how easy it is to break in
> various ways. Those might be fixable, so how about that there can be
> [4]super nodes that with just a small sample of traffic can figure out a lot
> of content?
>
> Alright, maybe that can be fixed, but then you read about [5]a semi-secret
> volunteer group collecting data from 12 ISPs and handing it to the
> government. This Project Vigilant apparently has 600-1500 volunteers who are
> all hackers collecting and analyzing data and handing it straight to the
> government without user consent. Project Vigilant also claims it:
>
> tracks more than 250 million IP addresses a day and can âEURoedevelop
> portfolios on any name, screen name or IP address.âEUR
>
> Holy crap, that's a lot of traffic analysis. Given how small the "hacker"
> community is, that's also a gigantic percentage of hackers and security
> experts on the volunteer payroll of a group who's job is to illegally
> wiretap people and circumvent the law on behalf of the government.
>
> I don't have to remind you abou the panic over [6]the OpenBSD and NETSEC
> accusations. What about the various entries to the [7]Underhanded C. The
> truth is, if a large group of determined and patriotic hackers want to
> infiltrate and inject seemingly innocent maliciousness into code they
> definitely can. With 600+ potential recruits, they definitely are.
>
> Conflict Of Interest
>
> But all of this is just unsubstantiated and could be hypothetical, what
> actually worries me is [8]Jacob Appelbaum works on Tor and works for
> Wikileaks. This to me is the /Hitler Grilled Cheese/ of the argument, the
> historical context that drives me away from Tor. Wikileak's job is to take
> people's secrets and show them and who's hiding them to the world. Tor's job
> is to do the inverse. The two project's goals don't align, and having one
> dude do both gives me the willies.
>
> You see, if it is fairly probable that there are multiple attacks against
> Tor, that there is a group actively trying to collect enough data to make
> Tor pointless, a group with enough people to infiltrate the Tor project, and
> then Jacob is working for Wikileaks and Tor, then there's too much going on
> for me to trust jack and/or squat. Jacob's affiliation with Wikileaks has
> made Tor a target big time, in addition to the obvious conflict of interest.
>
> For me--and this is /not/ an accusation against Jacob--the chance that
> someone on the Tor project is in cahoots with someone else is too high. It's
> either the government, this Project Vigilant, or Wikileaks, and who knows
> what. When claims surfaced that Wikileaks got its initial set of magically
> appearing documents from Tor, I wasn't surprised. Having Jacob claim
> otherwise doesn't help at all, and I still won't believe this didn't happen
> until possibly decades later when whatever really happens is declassified.
>
> Finally, I will go on record right now saying Wikileaks rocks. I think there
> needs to be more of this, and actually I think the world will benefit more
> from more international coverage and more corporate leaks. But, if anyone
> from Wikileaks tries to work with me or on any project I'm on you bet your
> ass I'm not trusting them one bit.
>
> Never trust a traitor, no matter how noble their intentions.
>
> P.S. I have a long bet that SELinux is an NSA backdoor. Any takers?
>
>
>  References:
>   1. mailto:post en sheddingbikes.com
>   2. http://www.onion-router.net/
>   3. http://docs.google.com/viewer?url=http://www.csnc.ch/misc/files/publications/the_onion_router_v1.1.pdf&amp;pli=1
>   4. http://archives.seul.org/or/talk/Apr-2007/msg00039.html
>   5. http://blogs.forbes.com/firewall/2010/08/01/stealthy-government-contractor-monitors-u-s-internet-providers-says-it-employed-wikileaks-informant/
>   6. http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-backdoor-in-openbsd-ipsec-stack.ars
>   7. http://underhanded.xcott.com/
>   8. http://en.wikipedia.org/wiki/Jacob_Appelbaum
>
>
> ________________________________________________
>
>
> Solar-General es una lista abierta a toda la comunidad, sin ninguna moderación, por lo que se apela a la tolerancia y al respeto mutuo.
> Las opiniones expresadas son responsabilidad exclusiva de sus respectivos/as autores/as. La Asociación Solar no se hace responsable por los mensajes vertidos, ni representan necesariamente el punto de vista de la Asociación Solar.
>
> Solar-general en lists.ourproject.org
> https://lists.ourproject.org/cgi-bin/mailman/listinfo/solar-general
>



-- 
Pablo Manuel Rizzo
-------------------------------
http://pablorizzo.com
-------------------------------



Más información sobre la lista de distribución Solar-general