Haystack redux

[Florian Weimer]

* Adam Fields:

> I find it hard to believe that even the most uninformed dissidents
> would be using an untested, unaudited, _beta_, __foreign__ new service
> for anything. Is there any reason to believe otherwise?

I wouldn't be surprised if there are plenty such tools in circulation
which are used by various dissident groups.  It's a cost-effective way
to infiltrate them.

The problem with such tools is that you can't really know how is
listening in on the proxies.  Even if the software itself contains no
backdoors, the service as a whole might still be compromised.  Even if
the proxies are trustworthy, your usage of the tool can very likely be
discovered by traffic analysis (and usage patterns as well, if you're
unlucky, and increasingly so if the service has low latency).

There is no technical solution to oppressive governments (or
non-trustworthy ISPs, for that matter).  After all, if you're
anonymous and oppressed, you're still oppressed.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com