lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44862ED6.2010107@lava.net>
Date: Wed Jun  7 02:41:56 2006
From: prb at lava.net (Peter Besenbruch)
Subject: Re: blocking tor is not the right way forward.
	It may just be the right way backward.

John Sprocket wrote:
> hehe. look at it metaphorically (like guest inside establishment)
> 
> you're head of security at a casino you monitor a specific area full
> of people/users. you have your normal people you can see and possibly
> identify if you so care. there's a group of people that walk in and
> are wearing clothing that is obviously meant to obscure their
> intentions. would you let them stay in your casino, or would you ask
> them politely to take off their masks?

Bad analogy. A better one is: Do you ask all people for some form of 
identification before they can enter your establishment? In effect, the 
act of visiting a Web site discloses information about the visitor. Even 
if the person blocks cookies, Javascript, Java, Flash, and all the rest, 
there is still the IP address. If the IP address is fixed, it is 
possible to build a profile on that user, or small group of users. 
Perhaps the person isn't interested in being "profiled." Do you (it's a 
generic "you") value profiling over having visitors to your site?

One also needs to keep in mind that it's not just the visited Web site 
collecting information. There are certain governments collecting 
information that is, as Valdis put it, "none of [their] damned business" 
to collect. The visitor may be using TOR to inhibit such data collection.

Wired has a good essay by Bruce Schneier called "The Eternal Value of 
Privacy." I commend it to all:

http://www.wired.com/news/columns/0,70886-0.html

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ