HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bnl_umass

no profile record

comments

bnl_umass
·il y a 10 mois·discuss
I understand well how it works. I agree this is not possible today’s code base but that limitation is due to a design choice. It’s due to a policy decision that the privacy of children who have been sexually exploited is not as important as the privacy of others (including the privacy of people who sexually exploit children). It’s not a technical limitation. It’s a flaw.

Specifically, it would be easy to add code to hsdir functionality to deny requests for onion sites that are known to be related to csam. Those sites could be announced by the DAs as part of the consensus file, for example. The Tor Project currently lets exit nodes filter by IP address as long as they announce that in their config; this new functionality is of the same kind in the abstract. This change would not be a backdoor. It’s not going to weaken the privacy of anyone using Tor.

The current setup is an extremist position that children who have been abused are not deserving of privacy. It’s a position that all information deserves to be free even if that information is very clearly harmful to others and has no positive benefit to society. One can have that opinion but you won’t find many (outside of this thread) that agree.
bnl_umass
·il y a 10 mois·discuss
The “conclusions” section of the site makes this same point.
bnl_umass
·il y a 10 mois·discuss
The website actually states “not very secure at all”. This hacker news submission changed the title.
bnl_umass
·il y a 10 mois·discuss
1. I said “extensively” used for csam. What’s my source/evidence for that claim? This list of peer reviewed papers, cases, and government reports: https://csam-bib.github.io.

2. My site shows a mathematical model of security that Tor provides in terms of its design for relays alone. I say on the site I’m not including staff and other costs. In fact bringing someone to court is a further cost. My point in making the site is to quantify solely the costs that the design brings to the table. You can then compare that design to some other anonymous system. Or compare it to a doublespend attack on bitcoin or to brute force decryption. That’s important for users.

Unlike the Tor Project, I’m being transparent by showing assumptions, the math, and the code. Do you have a better model? Great, then publish it. I’m trying to start a formal conversation. The Tor Project should be relying on science, and not strong assertions, to ensure its security.

And while there are costs to, say, bring someone to court for csam, do you believe all adversaries are going to do that? That’s why it’s not part of the costs I model.

Finally, to be more clear, Onion Services in particular are the problem when it comes to CSAM (and ransomeware). Tor Browser is not the issue when it comes to CSAM.
bnl_umass
·il y a 10 mois·discuss
I am the author. I am telling you are wrong about that.
bnl_umass
·il y a 10 mois·discuss
There is no question about that. The site makes use of current statistics from the Tor Project.
bnl_umass
·il y a 10 mois·discuss
There is a known solution.

Did you know that the Tor Project allows exit nodes to filter based on the clear internet IP. So filtering is ok.

However, if a relay refuses to service an onion site directory look up, it will be banned by the Directory Authority. They could allow this today. But they don’t. That’s the simple solution. No surveillance. Not back door. No less privacy for everyone else.

edit: This is easy to confirm. I’m not asking anyone to trust me.
bnl_umass
·il y a 10 mois·discuss
Really? Tell me why.
bnl_umass
·il y a 10 mois·discuss
The math and the code is all there. I’d love to have a discussion about what the real value is. Further, why hasn’t the Tor Project provided this calculation? Why hasn’t anyone? I think it’s necessary.
bnl_umass
·il y a 10 mois·discuss
My apologies. I don’t believe that was their intent to create a network for csam. But after decades of it being used extensively for csam, why would they take no corrective action?