HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bnl_umass

no profile record

comments

bnl_umass
·10 maanden geleden·discuss
I understand well how it works. I agree this is not possible today’s code base but that limitation is due to a design choice. It’s due to a policy decision that the privacy of children who have been sexually exploited is not as important as the privacy of others (including the privacy of people who sexually exploit children). It’s not a technical limitation. It’s a flaw.

Specifically, it would be easy to add code to hsdir functionality to deny requests for onion sites that are known to be related to csam. Those sites could be announced by the DAs as part of the consensus file, for example. The Tor Project currently lets exit nodes filter by IP address as long as they announce that in their config; this new functionality is of the same kind in the abstract. This change would not be a backdoor. It’s not going to weaken the privacy of anyone using Tor.

The current setup is an extremist position that children who have been abused are not deserving of privacy. It’s a position that all information deserves to be free even if that information is very clearly harmful to others and has no positive benefit to society. One can have that opinion but you won’t find many (outside of this thread) that agree.
bnl_umass
·10 maanden geleden·discuss
The “conclusions” section of the site makes this same point.
bnl_umass
·10 maanden geleden·discuss
The website actually states “not very secure at all”. This hacker news submission changed the title.
bnl_umass
·10 maanden geleden·discuss
1. I said “extensively” used for csam. What’s my source/evidence for that claim? This list of peer reviewed papers, cases, and government reports: https://csam-bib.github.io.

2. My site shows a mathematical model of security that Tor provides in terms of its design for relays alone. I say on the site I’m not including staff and other costs. In fact bringing someone to court is a further cost. My point in making the site is to quantify solely the costs that the design brings to the table. You can then compare that design to some other anonymous system. Or compare it to a doublespend attack on bitcoin or to brute force decryption. That’s important for users.

Unlike the Tor Project, I’m being transparent by showing assumptions, the math, and the code. Do you have a better model? Great, then publish it. I’m trying to start a formal conversation. The Tor Project should be relying on science, and not strong assertions, to ensure its security.

And while there are costs to, say, bring someone to court for csam, do you believe all adversaries are going to do that? That’s why it’s not part of the costs I model.

Finally, to be more clear, Onion Services in particular are the problem when it comes to CSAM (and ransomeware). Tor Browser is not the issue when it comes to CSAM.
bnl_umass
·10 maanden geleden·discuss
I am the author. I am telling you are wrong about that.
bnl_umass
·10 maanden geleden·discuss
There is no question about that. The site makes use of current statistics from the Tor Project.
bnl_umass
·10 maanden geleden·discuss
There is a known solution.

Did you know that the Tor Project allows exit nodes to filter based on the clear internet IP. So filtering is ok.

However, if a relay refuses to service an onion site directory look up, it will be banned by the Directory Authority. They could allow this today. But they don’t. That’s the simple solution. No surveillance. Not back door. No less privacy for everyone else.

edit: This is easy to confirm. I’m not asking anyone to trust me.
bnl_umass
·10 maanden geleden·discuss
Really? Tell me why.
bnl_umass
·10 maanden geleden·discuss
The math and the code is all there. I’d love to have a discussion about what the real value is. Further, why hasn’t the Tor Project provided this calculation? Why hasn’t anyone? I think it’s necessary.
bnl_umass
·10 maanden geleden·discuss
My apologies. I don’t believe that was their intent to create a network for csam. But after decades of it being used extensively for csam, why would they take no corrective action?