>>Astoria [is] both most effective and most usable when at its highest security level, the researchers say, so "Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
I'm still working through the research paper[1] linked at the end of the article, but if Astoria is as good as described, wouldn't Tor either adopt the same node selection policies, or people shift over to Astoria wholesale?
EDIT: From the paper, quotes below provide much clearer context for the quote in the article:
"From our evaluation of Astoria, it is clear that the performance-security trade-off is favorable only in its higher security configurations. [...] However, at lower security configurations, the performance offered by Tor is clearly better, and its security, only slightly worse. Therefore, Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
Tails apparently doesn't even have time to patch grsec/pax so unlikely. It took them almost a year to add macchanger on boot even, they spend all their available time patching the flood of bugs due to cramming their distro full of userland tools like video editing software.
I'm not done reading the paper, but I suspect that astoria clients could be distinguished from regular tor clients at least by the fact that they do not pre-build circuits.
This means that the anonymity set has been partitioned, especially given that the authors say "From our evaluation of Astoria, it is clear that the performance-security trade-off is favorable only in its higher security configurations."
So there is a danger that people who perceive themselves to need higher security and use this client will lose anonymity guarantees as they are mixing with a much smaller group of people who all consider themselves "interesting targets".
The big reason tor is so effective is because they've performed a lot of outreach and gotten different groups to use it, resulting in a large and heterogenous set of users.
Of course, this is still very interesting research, and maybe it will be integrated into the official tor client. I know there have been many discussions of AS-path-based selection in the past.
"designed to beat" means better, not perfect. Imperfect means eventually it gets beat. The NSA might say what the IRA told Margaret Thatcher, "Today we were unlucky, but remember we only have to be lucky once. You will have to be lucky always."
Note that almost every exercise in security is an exercise in buying time. Today's encryption will likely be broken tomorrow and by the time you've achieved your goal it no longer matters whether or not your communications are broken.
Of course if you plan to stay in business for a very long time you're gambling against really good odds of discovery and potentially not achieving your goal.
If you want to be a terrorist or miscreant you could extrapolate from that that fewer numbers is better and the first 'hit' should be your hardest and should not take too long to set up or require a lot of communication.
Fortunately for the rest of the world any plot that does real damage usually does not have those properties.
But beware of the lone wolf with access to technology.
Do you have a specific weakness in the implementation you've found and would like to share? Vaguely pointing out that something is imperfect isn't very useful, indeed, it would be amazing if you told us something was perfect!
Isn't the classical solution to this encryption problem to always send packages in the same size at regular intervals. If each host adds a layer of encryption you can't match the packages at the end points. Is this just too expensive? (I'm not an expert so genuine question from my naive POV.)
I don't know about "classical," but this is the approach Dissent [0] takes to thwarting traffic analysis. Communication is broken into "rounds" and intervals within those, so that every packet is indistinguishable from the outside based on size alone.
Certainly a possible strategy, but for web traffic it isn't ideal: web traffic is bursty and latency-sensitive. You can also probably still do a little bit of correlation for very large, long uploads to servers with not much other usage, but admittedly that's a much smaller target.
I really wish more people and companies would host things on Tor's hidden services, avoiding the entire notion of exit nodes and the cleartext network.
>> Astoria also opens multiple avenues for future work such as integrating realtime hijack and interception detection systems (to fully counter RAPTOR [18] attacks)
This is really interesting. I'm curious how that would work.
But the summary is easier and faster to read by the general public, and the article puts the reference very clearly in the end, it's good in this case.
Maybe this isn't a new idea. But it seems that more Tor exit points would be a big help. Has anyone made a tool that's both and entry and exit point. You could control the amount of bandwidth exiting. This way the exit points would be more transient - like Bittorrent peers.
I think the lack of exit nodes has more to do with legal considerations than actual computational resources/willing volunteers. See the tor blog's Tips for Running an Exit Node with Minimal Harassment - https://blog.torproject.org/blog/tips-running-exit-node-mini...
"Suggest creation of LLC for large exit nodes" I'm guessing that this might be a larger barrier to entry for most willing volunteers compared to hardware and bandwidth costs
The problem is getting Tor itself as per Snowden docs they capture your identifiers for later surveillance so need to Jason Bourne around the city to anonymously fetch Tor.
I'm still working through the research paper[1] linked at the end of the article, but if Astoria is as good as described, wouldn't Tor either adopt the same node selection policies, or people shift over to Astoria wholesale?
[1] http://arxiv.org/pdf/1505.05173.pdf
EDIT: From the paper, quotes below provide much clearer context for the quote in the article:
"From our evaluation of Astoria, it is clear that the performance-security trade-off is favorable only in its higher security configurations. [...] However, at lower security configurations, the performance offered by Tor is clearly better, and its security, only slightly worse. Therefore, Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."