- If, for some reason that I can't really conceive of, you wanted to connect to a far-away access point, you'd need a highly directional antenna (due to RF physics). Doing this actually makes direction finding extremely challenging, for the same reason you can't see a laser from the side (unless it's super high power and has something to reflect off of, which is unlikely to be the case in the wifi scenario).
- End-to-end encryption plus an anonymization mechanism like Tor seems to me to be pretty impervious to attackers, assuming the implementation of your encryption and anonymization are both correct (which, admittedly, is a big if, but is not a /fundamental/ issue; you could envision a system engineered to be correct). If you have a secure, trust-worthy, out-of-band mechanism for exchanging keys with whoever you want to talk to, even if someone owns the infrastructure you're using they won't be able to decrypt your communication, or know who the source and destination are if you're using an anonymization mechanism. This also assumes you trust the person you're communicating with, etc.
I'd love for someone to correct my understanding of this if I'm wrong.
If you first track down the location of the access point, then you know the directional antenna is pointed at you. From there, the direction finding is easy.
I think a major part of the rant is that Tor isn't provably secure against yet-to-be-discovered attacks, and several attacks against Tor have been discovered (and fixed) over its history.
Right, but the idea behind direction finding is that you can triangulate the position of the transmitter. If you just have a bearing you have to search over a large area -- these links could be many kilometers long.
Not saying it's impossible, but using highly directional antennas makes direction finding much more difficult.
I'm no security expert, but I don't think you even need an out-of-band key exchange mechanism. Just use public key cryptography [1], as used in SSH/TLS/PGP/GPG.
I was about to write this response, but I see that it is more clearly written in the wikipedia article already:
Another potential security vulnerability in using asymmetric keys is the possibility of a man-in-the-middle attack, in which communication of public keys is intercepted by a third party and modified to provide different public keys instead. Encrypted messages and responses must also be intercepted, decrypted and re-encrypted by the attacker using the correct public keys for different communication segments in all instances to avoid suspicion. This attack may seem to be difficult to implement in practice, but it's not impossible when using insecure media (e.g. public networks such as the Internet or wireless communications). A malicious staff member at Alice or Bob's ISP might find it quite easy to carry out. In the earlier postal analogy, Alice would have to have a way to make sure that the lock on the returned packet really belongs to Bob before she removes her lock and sends the packet back. Otherwise the lock could have been put on the packet by a corrupt postal worker pretending to be Bob to Alice.
The workaround is to either exchange the public keys out of band, or distribute a certificate which can be used to verify public keys out of band.
Most of the things he mentions are very cheap to pull off, though. Proxy honeypots, sniffing ISP internet connections, querying IPs, email surveillance -- the infrastructure is already in place they just have to type some commands. Cost: $0.
On the other hand, actions that require actually sending men in suits and vans filled surveillance equipment can be costly. If they're doing that, you know you're in big trouble.
Most of the things he mentions are very cheap to pull off, though. Proxy honeypots, sniffing ISP internet connections, querying IPs, email surveillance -- the infrastructure is already in place they just have to type some commands. Cost: $0.
I'm sorry but I have to jump in here - you're writing off an awful lost of resources under the banner of "they just have to type some commands."
I'm sorry you had to take that literal, I was just figuratively speaking.
My point is that it is the human part of surveillance that is costly. For everything that can be collected automatically with systems already in place (even though placing those systems could have been very expensive), the threshold to use it is very low. When the information is collected and processed, what rests is only database queries. "automatic surveillance" is (comparatively) cheap.
In contrast, "expensive surveillance" is placing monitoring equipment in a house, parking some fan sneakily around the block to listen in, and such. It's labour and resource intensive.
If you can't point to budget appropriation, then at least point to some kind of reference to "they just sit and enter few commands and spy on you". There are definitely sophisticated surveillance programs out there, but notion that they track everything is just too tinfoil for me, sorry.
If it was really only about getting Osama Bin Laden, then we would probably have him by now. It was really about attacking a group (Al Qaeda, Taliban) and looking strong in the face of 9/11 by striking back at someone (anyone).
Adversaries are limited by their budget. When it comes to security, the you should assume that any security protocol can be beaten by a sophisticated and well-funded adversary. There are too many points of failure, and human ingenuity is too powerful, for any security scheme to be impenetrable. Next you should wonder, how expensive would it be to break in? If you can make it too expensive for an adversary to break your security protocol, they will not break it.
One other important thing to consider here is that ideologically motivated adversaries (like governments) will have a different idea of what is "too expensive" than adversaries motivated purely by profit (like carders). If you're trying to avoid an ideologically motivated adversary with billions of dollars at their disposal, you have to be capable of thinking outside of the box.
I can see that demotivating your casual attacker, however if somebody like the CIA or NSA has decided they want to spy on you specifically, the cost of doing so is probably not going to stop them.
I'll try to be careful with my words here (to avoid ambiguity more than anything else), but there are different programmes in different countries that provide different degrees of interception.
In the UK we have the Regulation of Investigatory Powers Act 2000, which amongst other things forces service providers to keep logs of Internet activity for the police. These logs are typically of the order of IP address and connection type, not the actual data itself. This applies to pretty much all Internet access coming out of the UK somewhere along the line.
Beyond the police there are means of intercepting specific Internet traffic. It's easier for me to talk about US interception capabilities at that level though (as it's more publicised). The FBI, NSA, CIA and (if IIRC but they might be colluding with another agency) the DHS all have their own independent capabilities for broad sweeps and targeted surveillance. These capabilities are exercised according to remit. The agencies have information sharing agreements with each other, and the relevant agencies have international sharing agreements with their counterparts e.g. UKUSA intelligence sharing agreements etc.
If you want anonymity, you have to understand what you're trying to protect yourself from and (if possible) your adversary's capabilities. Having worked in countries with significant local interception capabilities that I do want to protect against, usually a properly configured VPN or SSH tunnel to a safe country is about as good as you're going to get without getting into government crypto (and if you're using government crypto in a hostile environment like that you're probably breaching some rule somewhere anyway).
As to the question of whether or not Tor is safe, I assumed it was public knowledge that various countries' intelligence services ran monitored exit nodes for quite a while. I've seen malicious Tor exit nodes in investigations and have known people who've set them up for the express purpose of monitoring them.
Between the terrible grammar, grade school sentence structure, needless paranoia, senseless rambling and overall [citation needed]-ness of the article, I'm afraid I didn't really get the point. I thought it was going to explain why Tor is unsafe, yet it just made some broad speculative points and finished with a final jab in Tor's direction with no strength or conviction behind it.
Not that the post actually brought up the Tor concept, but... I hate it when people diss the Tor concept by making the assumption that all uses of Tor requires an exit point. It doesn't. See torchat as an example. https://code.google.com/p/torchat/
I think one of the points of the rant is that you have no way to know whether Tor is safe or not; if Tor is compromised then you might as well assume that it's completely compromised, including hidden services.
- If, for some reason that I can't really conceive of, you wanted to connect to a far-away access point, you'd need a highly directional antenna (due to RF physics). Doing this actually makes direction finding extremely challenging, for the same reason you can't see a laser from the side (unless it's super high power and has something to reflect off of, which is unlikely to be the case in the wifi scenario).
- End-to-end encryption plus an anonymization mechanism like Tor seems to me to be pretty impervious to attackers, assuming the implementation of your encryption and anonymization are both correct (which, admittedly, is a big if, but is not a /fundamental/ issue; you could envision a system engineered to be correct). If you have a secure, trust-worthy, out-of-band mechanism for exchanging keys with whoever you want to talk to, even if someone owns the infrastructure you're using they won't be able to decrypt your communication, or know who the source and destination are if you're using an anonymization mechanism. This also assumes you trust the person you're communicating with, etc.
I'd love for someone to correct my understanding of this if I'm wrong.