Slashdot Mirror

← Back to Stories (view on slashdot.org)

Academics Build a New Tor Client Designed To Beat the NSA

Posted by timothy on from the non-spy-vs-spy dept.

An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.

3 of 63 comments (clear)

  1. written by the NSA by MooseTick · · Score: 4, Interesting

    If the NSA were going to create a TOR substitute, wouldn't this be how they would want to describe it?

    --
    Ninjas don't carry tic tacs
  2. Re:Bad headline by Anonymous Coward · · Score: 2, Interesting

    Nah, should be: Academics Build a Hypothetical Framework for the NSA to Beat Before It's Ever Implemented. ... then again I would title it: Academics Continue to Ignore that NSA can NSA can inject exploits into any Tor Exit Node's traffic. You're fucked once the Ferret Cannon has you in its sights. All you need to do is be interesting and access HTTPS:// since the NSA assumes any encrypted traffic is non-USA-ian because they can't prove origin without hacking it.

    Aside: This combined with the fact that the TLS/PKI Certificate Authority system is a complete security theater, I find Mozilla's opting for HTTPS only to be the only reason I need never to use their browser again. Think about it: If only HTTPS traffic is allowed then all the govs need to do to silence a site is revoke the cert. Talk about a single point of failure. Personally, I'm thinking that "the web" is dead, Internet enabled applications are better at basically everything. Long Live The Internet, but fuck the web.

  3. Link padding by Anonymous Coward · · Score: 2, Interesting

    the article seems to miss on the details. How can you choose "safe" circuits when it is assumed that all points are compromised?

    The best defense is chatty end points. Just spew requests continuously and that defeats traffic analysis. They used to call it link padding.