[Solar-general] Why I Don't Use Tor
Nicolás Reynolds
fauno en kiwwwi.com.ar
Mie Ene 12 15:07:51 CET 2011
El 12/01/11 10:56, Marcos Germán Guglielmetti dijo:
> On Wednesday 12 January 2011 10:00:57 Nicolás Reynolds wrote:
> > Me parece que derrapó un poco al final, pero no deja de ser interesante.
> >
> > ------
> > http://sheddingbikes.com/posts/1293530004.html
> >
> > Shedding Bikes: Programming Culture And Philosophy
> >
> > Shedding Bikes
> >
> > What do you think? [1]post en sheddingbikes.com
> >
> > By Zed A. Shaw
> >
> > Why I Don't Use Tor
> >
> > I have this hypothetical question I've been using periodically to talk
> > about the relevance of ad hominem in evaluating software:
> >
> > What if Hitler gave you a cheese sandwich?
> >
> > It's a pretty simple question. Imagine you're sitting there and, yeah,
> > Hitler is eating across the table from you. He's got a cheese sandwich and
> > he hands it to you. "Hey, want my grilled cheese?"
> >
> > Most normal folks would turn him down, politely most likely but they'd
> > definitely not eat a sandwich from a guy who used to slowly increase his
> > doses of arsenic. But also, you're probably thinking, "No way, this guy's
> > an insane mass murderer, I'm not eating that damn sandwich."
> >
> > Ok, change this up some more, what if you were walking by and there was a
> > box labeled "Cheese Sandwich" and right under that is a Nazi Swastika. You
> > gonna eat it? No Hitler involved, just a box with a cheese sandwich on it
> > sitting there looking like you can eat it if you want?
> >
> > Sure, you might open it, look at it, maybe sniff it, but most normal people
> > won't eat it. Why? Because that Swastika has suddenly got you thinking
> > about the /history/ of this sandwich. Why is that on there? Where did this
> > thing come from? Is it poisoned?
> >
> > Let's go one step further, and say you just find a random sandwich in a
> > clear plastic bag on a table. Nobody's around, and you're kind of hungry.
> > You going to eat it? Again, most normal people who can buy a sandwich won't
> > eat it. It's just laying there. Who knows how long it's been there or what
> > the hell's been done to it.
> >
> > Instinctively, humans have this sense of avoiding things that will poison
> > them,
>
> sólo un detalle, para el psicoanálisis no hay instinto, sino pulsión:
>
> http://es.wikipedia.org/wiki/Pulsion
>
> (aunque está en discusión... habÃa un autor que explicaba por qué los humanos
> no tenemos instintos, y lo hacÃa con una araña... no recuerdo quién era...)
>
> > and that involves using their memories, sense of history, and ability
> > to think ahead to predict what could happen. This is how we're able to
> > figure out how to eat a huge range of stuff no other species has figured
> > out. We use this finely honed sense of "that food will poison you" to avoid
> > getting sick and to find food that will keep us fed.
> >
>
>
> parece más una actitud basada en la experiencia que en algo innato (instinto),
> pero...
si, un poco contradictorio, pero esto no era lo interesante, sino lo de ad
hominem y tor :D
> > Programmers and other "logical" types seem to lose this ability when it
> > comes to information. They'll frequently get /information poisoned/ with
> > stupid ideas because they think the motivations and history of the person
> > telling them something doesn't matter. They remove the context of the words
> > and evaluate only what's said and nothing else, and then believe the most
> > absurd stuff ever.
> >
> > This belief that any look at a speaker's motivations is "ad hominem" leads
> > many smart people to believe the incredibly stupid things.
> >
> > Everything Has Already Been Said
> >
> > The reason evaluating a person's motivations matters these days is because
> > there's been a massive increase in the amount of information created and
> > stored over the last 500 or so years. Basically, a whole hell of a lot has
> > already been said by someone else at some point. In fact, most ideas are so
> > horribly unoriginal that the only thing you really have to go on when
> > evaluating them is why someone could be telling you this.
> >
> > Let's say I tell you that my software is "language agnostic". Well, that's
> > been done before in other ways, so you have to look at why I might be
> > telling you that. The idea itself isn't original or that useful, but if I
> > then tell you, "because I want people to be able to use the best tool and
> > not get caught up in language wars," then you can evaluate the statement
> > better.
> >
> > However, if I tell you don't look at my motivations, or where I'm coming
> > from, or what I used to do, and claiming "ad hominem!" then I'm most likely
> > trying to trick. An honest person has no problem with you looking past the
> > words to the motivation. Dishonest people will try to bluff so you don't
> > look too closely.
> >
> > If more technologists did this kind of critical thinking, then it'd be
> > harder to get them to use potentially dangerous or crap technology. If they
> > accepted that most everything has been said or tried already, then they can
> > use motivations and historical context to figure out why things might be
> > different. They can also use it to call bullshit or question why things are
> > the way they are.
> >
> > The Sordid Past And Present Of Tor
> >
> > Tor by itself, without knowing its history, seems like a great idea. You
> > point your browser at it and suddenly you can view web pages without people
> > knowing that it's actually you. Great right?
> >
> > The p roblem is that Tor's pedigree is less than stellar. First, it was
> > originally a [2]US Navy project then released to various "hackers" (a word
> > which in a lot of ways is just synonymous with "NSA collaborator" or at
> > least a wannabe). Whether the source code started there or just the idea,
> > you /have/ to ask why the hell the Navy would work on this and then release
> > it.
> >
>
> no lo sabÃa :S
si, pero ahora lo mantiene la EFF, si no me equivoco.
>
> > The Navy of course gave some hand-wavy answer of wanting to use it, but the
> > Navy just doesn't do something like this without another reason. Who knows
> > what it is, but I this makes my spidey sense go off.
> >
> > That's the first strike against Tor, but let's look at more reasons to not
> > use Tor. How about the research that showed [3]how easy it is to break in
> > various ways. Those might be fixable, so how about that there can be
> > [4]super nodes that with just a small sample of traffic can figure out a
> > lot of content?
> >
> > Alright, maybe that can be fixed, but then you read about [5]a semi-secret
> > volunteer group collecting data from 12 ISPs and handing it to the
> > government. This Project Vigilant apparently has 600-1500 volunteers who
> > are all hackers collecting and analyzing data and handing it straight to
> > the government without user consent. Project Vigilant also claims it:
> >
> > tracks more than 250 million IP addresses a day and can âEURoedevelop
> > portfolios on any name, screen name or IP address.âEUR
> >
>
> desastre
>
> > Holy crap, that's a lot of traffic analysis. Given how small the "hacker"
> > community is, that's also a gigantic percentage of hackers and security
> > experts on the volunteer payroll of a group who's job is to illegally
> > wiretap people and circumvent the law on behalf of the government.
> >
> > I don't have to remind you abou the panic over [6]the OpenBSD and NETSEC
> > accusations. What about the various entries to the [7]Underhanded C. The
> > truth is, if a large group of determined and patriotic hackers want to
> > infiltrate and inject seemingly innocent maliciousness into code they
> > definitely can. With 600+ potential recruits, they definitely are.
> >
> > Conflict Of Interest
> >
> > But all of this is just unsubstantiated and could be hypothetical, what
> > actually worries me is [8]Jacob Appelbaum works on Tor and works for
> > Wikileaks. This to me is the /Hitler Grilled Cheese/ of the argument, the
> > historical context that drives me away from Tor. Wikileak's job is to take
> > people's secrets and show them and who's hiding them to the world. Tor's
> > job is to do the inverse. The two project's goals don't align, and having
> > one dude do both gives me the willies.
acá digo que derrapa... no son "los secretos de la gente" (parece ClarÃn). los
estados no tienen privacidad.
> > You see, if it is fairly probable that there are multiple attacks against
> > Tor, that there is a group actively trying to collect enough data to make
> > Tor pointless, a group with enough people to infiltrate the Tor project,
> > and then Jacob is working for Wikileaks and Tor, then there's too much
> > going on for me to trust jack and/or squat. Jacob's affiliation with
> > Wikileaks has made Tor a target big time, in addition to the obvious
> > conflict of interest.
> >
> > For me--and this is /not/ an accusation against Jacob--the chance that
> > someone on the Tor project is in cahoots with someone else is too high.
> > It's either the government, this Project Vigilant, or Wikileaks, and who
> > knows what. When claims surfaced that Wikileaks got its initial set of
> > magically appearing documents from Tor, I wasn't surprised. Having Jacob
> > claim otherwise doesn't help at all, and I still won't believe this didn't
> > happen until possibly decades later when whatever really happens is
> > declassified.
> >
> > Finally, I will go on record right now saying Wikileaks rocks. I think
> > there needs to be more of this, and actually I think the world will benefit
> > more from more international coverage and more corporate leaks. But, if
> > anyone from Wikileaks tries to work with me or on any project I'm on you
> > bet your ass I'm not trusting them one bit.
> >
> > Never trust a traitor, no matter how noble their intentions.
> >
> > P.S. I have a long bet that SELinux is an NSA backdoor. Any takers?
> >
> >
> > References:
> > 1. mailto:post en sheddingbikes.com
> > 2. http://www.onion-router.net/
> > 3.
> > http://docs.google.com/viewer?url=http://www.csnc.ch/misc/files/publication
> >s/the_onion_router_v1.1.pdf&pli=1 4.
> > http://archives.seul.org/or/talk/Apr-2007/msg00039.html
> > 5.
> > http://blogs.forbes.com/firewall/2010/08/01/stealthy-government-contractor-
> >monitors-u-s-internet-providers-says-it-employed-wikileaks-informant/ 6.
> > http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-bac
> >kdoor-in-openbsd-ipsec-stack.ars 7. http://underhanded.xcott.com/
> > 8. http://en.wikipedia.org/wiki/Jacob_Appelbaum
--
Salud!
Nicolás Reynolds,
xmpp:fauno en kiwwwi.com.ar
omb:http://identi.ca/fauno
blog:http://selfdandi.com.ar/
gnu/linux user #455044
http://parabolagnulinux.org
http://endefensadelsl.org
------------ próxima parte ------------
Se ha borrado un mensaje que no está en formato texto plano...
Nombre : no disponible
Tipo : application/pgp-signature
Tamaño : 490 bytes
Descripción: no disponible
Url : https://lists.ourproject.org/pipermail/solar-general/attachments/20110112/b8d6c0dc/attachment.pgp
Más información sobre la lista de distribución Solar-general