Hell, I'm a righty and I use the right hand function keys, but only when my right hand isn't mousing. I'm probably some kind of mutant.

Yes, yes it is.

In security, you're trying to change the behavior of corporate drones, idiots, and people who are invested in the status quo. People use these papers as ammunition for that.

The drones will call your attack "theoretical" and "impractical" unless you spell out exactly how to do it, step by step. If they hadn't detailed exactly how to do it, the attitude would basically have been that nobody could possibly figure out the impossible complexity of weakening a REAL RNG. I mean, look at the self tests! Nobody could get around that! In fact, even people who weren't complete idiots might have guessed, at first glance, that the self tests would be hard to defeat, or that you couldn't do this hack without screwing up the chip.

Even with a detailed paper, they will probably be ignored until somebody actually does it in the field. If you wrote a one-pager that said "Warning! Somebody could alter the behavior of gates by tweaking the dopants", they would 1000 percent ignore it.

As for the verbose background information, it's standard in the field (although they went a bit heavy on it). It has zero cost, and readers in the field who don't need it simply skip it. So I don't know why you're getting so upset about it.

Please don't trash people's work in fields you don't even slightly understand.

There was two or three people in this world who know approximately what happened in those few moments. One of them is dead, and the other is acquitted. None of them are the two of us, so any conversation about anything other than the material facts is pure speculation and mental masturbation. Did Zim take it in the shorts or did he just get ambushed? Who knows.

Not everyone can be goddamned $Hollywood_Martial_Artist, no fight is ever $Hollywood_Fight_movie, and even your formally trained fighters are capable of being unlucky. A firearm merely is a tool that allows more options for more people, in many circumstances. Like it or not. I for one, do not give a shit.

That's all true, and reasonable, of course. However, the only consensus that we really need is the idea that our two parties are walking hand in hand, and they're taking us all on on a one way trip to hell.

Divisiveness is the best weapon our enemy has, the more the people can be divided up into little chunks of intellectual minutia, the better for them. We all have more in common than we think we do.

Zimmerman had a permit to carry a gun because he's a shitty fighter. If he wasn't such a useless lump of shit, maybe he could have fought back and controlled the situation.

I carry a gun, because 1) even though I'm a fit 6'+ man with boxing experience, I recognize that I truly am about as good as a 'useless lump of shit' when facing down multiple aggressors or those wielding deadly weapons like guns and others, and 2) bullets tend to fly further and do more damage than my fists. Fortunately, I was able to survive and learn from the above experiences which prompted me to get a carry license and buy the training to defend myself and my family in the first place.

He's lucky Trayvon didn't just take his gun and shoot him to death with it.

That's very likely the exactly reason Tray-Tray got shot. If you carry a gun and you're rolling on the ground in a struggle with someone, it becomes a life or death situation, or at least exponentially more quickly than otherwise; getting your head bludgeoned against the concrete notwithstanding.

I've been following this stuff since the 1990s, thanks. Let's just say that I have strong enough credentials on Tor and related systems that detailing them would out me.

If you want to see exactly how irrelevant encryption is to deanonymization by a global adversary, start around the year 2001 or 2002 in this bibliography:

http://freehaven.net/anonbib/#2001

Once again, layering TLS over Tor will not do a damned thing to protect you from widespread traffic analysis. It protect the content of your communication, but it will do no more than bare Tor to protect the fact of the communication itself. Even the content protection is very limited; the attacker can make a lot of very firm inferences, especially if she can learn the content of the same Web site you're hitting.

And, as far as we can tell, yes, there are approximately global adversaries out there.

This is dangerously wrong. I am going to correct it for the archives, in case somebody acts on it.

It doesn't matter what the content is, only that something was communicated. Crypto isn't magic.

The point of anonymity systems is to avoid being an interesting enough target that you get other kinds of attention. Tor fails in that if the enemy has a wide enough view of the network and some kind of interest in detecting some particular activity.

If you routinely connect to Jim-Bob's Bait and Terror shop, you are going to become a person of interest. And if you also connect to Aunt Sue's Needlepoint and Terror Shop, and Chef Ernesto's Cooking and Terror shop, what's the common element? Once you're a person of enough interest, they will find a way to find out whatever they want about you, up to and including physically breaking into your house, assuming they can't hack your computer. So your goal is to prevent them from getting that much specific interest in you.

For that matter, if during your many connections your traffic pattern looks like you downloaded a file exactly the size of "Bombing with Night Crawlers", they may in fact know exactly what you did. Especially when that night crawler bomb goes off in your town.

And you don't need ALL the traffic, by the way. You just need enough that the signal starts to rise out of the noise.

the police make up some alternative explanation of how they got the evidence

So, they did two things: in phase one, they identified the guy running Freedom Hosting. In phase two, they identified the people connecting to it.

We don't really know how they did phase one. Speculation is that they hacked in over the Tor channel, using a software exploit against the Web server. If you have a giant database of exploits and a nice framework for using them, that's not really much harder than traffic analysis, even if you do have the data to do traffic analysis too. And, if you're going to do the hack ANYWAY to cover up your ability to do traffic analysis, you might as well just start with the hack.

Also, if it was the NSA who did it, maybe they did it that way so they wouldn't have to explain traffic analysis to certain investigators in the FBI. Or maybe they just did the hack because it was easier. None of those means the NSA couldn't have done it with traffic analysis if the hack hadn't been available.

Or maybe they really did identify Freedom Hosting using traffic analysis, and then use a hack as a cover story.

Or maybe the NSA wasn't in on this one and the FBI just did its own hacking.

For phase two, if you want to get ALL the users, quickly, the hack is really probably better than the traffic analysis. But again they could be using it as a cover story, or they could have done it for the same sorts of reasons they might have done it in phase one.

Also, the hack was somewhat sophisticated. If not the NSA then who?

Anybody with enough money to hire a sophisticated hacker? We're talking about basic exploitation, not Stuxnet.

In phase one, if Freedom Hosting was taken using, say, an SQL injection vulnerability in some Web forum software or something, that's not very hard. You don't have to be the NSA to do that. Freelancers do that.

And didn't they start phase two after they'd physically grabbed the Freedom Hosting servers? That means their phase one exploit didn't even have to give total control; it just had to be enough to give them an IP address for Freedom Hosting so they could go grab it by force.

Once you have control of Freedom Hosting, then it's not very hard to plant a browser exploit on it to collect the users for phase two. As I recall, it wasn't even some kind of uber-magical zero-day multi-browser exploit; I seem to remember it being relatively mundane.

I'm pretty sure I could personally have done all the necessary hacking, for both phases, and I'm not an exploitation specialist. Surely the FBI can hire one or two people that good.

... or because they don't think those targets have enough value to make it worth bringing what they can do with traffic analysis out in open court. They give some things to LE. That doesn't mean they give LE everything they have.

But it's true that Tor is the best available for a lot of applications. And I do personally doubt that the NSA can reliably deanonymize Tor for low volumes of non-repeating traffic. I wouldn't bet on it, though. And I wouldn't bet on it lasting if it's true today.

I don't remember which program PRISM is, specifically, but Tor is very weak against an attacker that can watch all network traffic over time. Or even very much of the traffic. This is what the specialists call a "global passive attack", and it's very hard to beat.

Think of the whole Tor network as a single entity, ignoring what goes on inside. Imagine you can watch its inputs and outputs. If every time Jane Smith connects to Tor, an outgoing connection is made to Joe Jones, then it becomes pretty obvious who Jane talks to. The network could make it a little harder by mixing up the order of Jane's traffic with other people's traffic, but to get any real gain out of that the relays to wait so long and mix so much traffic that the network is unusable for Jane. Even then, the gain is basically only linear in the amount of delay the network adds.

It only gets worse if you can watch the traffic between individual Tor relays (which you can in reality). And it gets even worse if you can mess with the traffic in any way. Just by using the network yourself, for example, you can load up the path you think Jane is using and look at the results, or you can even play games to cause Jane to use a path you can observe.

You don't need to be completely global to do any of this stuff, especially because Jane chooses new paths from time to time. If she uses the network very much, she's eventually going to choose a path you can observe. And generally you only have to see the input and output points to do timing correlation; the middle isn't so important.

The only countermeasure to a lot of this is to send dummy traffic all the time. But for real resistance over the long term, the traffic has to never vary, which means that the amount of dummy data you need to send goes as the square of the number of possible real sources/destinations (times the maximum bandwidth of any connection). If you send less dummy data than that, you'll end up having to adjust what you send in response to the real traffic. If the enemy can watch you for long enough, they can use statistics to figure out which traffic is real. You might get away with doing something once, but not with doing it very many times.

AND if the attacker actually puts up her own Tor node, she can mostly detect dummy data.

Well, there is a lot of pussy on the net.

Well, some people, and by some people I mean the people who have been pushing the panic button for the last decade, say the spooks are routinely looking out for up to three degrees of separation. Three sounds like an entirely plausible optimal number.

There was a relevant facebook study about the small world theory a couple years ago, and IIRC, the average distance between any two people (globally) on the network was 4.6 or some such. Of course, you have the people who have to friend anyone and everything even if they don't know them; probably skews the idea somewhat.

The idea that you and I could be as few as 1.6 additional degrees of separation from some suspected individual is...unsettling. How much longer until the lidless eye wanders further?

Thing is, they aren't too interested in the contents of the envelope at all, at least until you're a person of interest. What they really want is use all that juicy metadata (outside of the envelope, i.e. headers) to establish ties between everyone.

If you want secure email, don't put it in the cloud. People who try to set up new cloud services to get attacked aren't helping, and can't deliver on what they want to make people believe they can.

1. Webmail can never be secure even if the decryption is done in the browser, because the decrypting JavaScript comes from the provider, who can change it at any time.
2. If your email comes to your cloud provider in the clear, it doesn't matter if they then encrypt it, because they can be forced to start keeping the plaintext.
3. Even if the crypto works, if everybody uses the same few providers, it's easier to do traffic analysis. Which was already uncomfortably easy. "Metadata", anyone?
4. If your cloud provider is honest and doesn't want to get subverted, they may have to shut down at any instant, leaving you unable to communicate. As we've seen twice just this freaking week.

It's not hard to set up a mail server. It's not hard to use PGP. Be at least a little harder target.

Just say no to the goddamn cloud, already.

Maybe everyone starts out roughly the same, maybe they develop at a similar rate, and enjoy similar learning capacities. However, civilization has changed more in the last 100 years than it has in the last 3,000. I'm not even sure how you could quantify that statement.

If you told me that a London taxi cab driver, a jet fighter pilot, a race car driver, a farmer, a hunter, a world class table tennis player and a secretary all have the same overall brain 'data throughput', I'd say you're silly. Some of these professions have a strong tendency to weed out individuals who just cannot cope with the particular demands of the job.

Right now, we can measure reaction times, structural changes and activity in the brain. Until we have a much, much better idea of how the brain processes and stores information, I think this question is approximately unanswerable.