On 3/16/16 2:32 AM, Eliot Lear wrote:
To my knowledge nobody else has raised the concern that that
the Tor people are raising, and so we are being asked to specifically
support Tor. Fine. That means we then need to consider the
benefit/harm of our actions regarding who precisely we are helping. I
asked that question honestly without an answer, but with concerns.
It's a little off topic, but I'll bite. I'm only replying in the hope
that we can get past the sidelong aspersions that imply that these users
are somehow undeserving of access.
This FAQ gives information in a far more thoughtful and comprehensive
way than I could have hoped to regarding the users who make use of the
TOR network: https://www.torproject.org/about/torusers.html.en
One of the less obvious things, though, is that switching back and forth
between Tor and normal browsing on the same machine opens you up to
certain fingerprinting attacks (cf.
https://www.w3.org/2001/tag/doc/unsanctioned-tracking/#limitations-of-technical-solutions).
These attacks can allow determined adversaries to correlate your
"regular" traffic with your Tor-routed traffic. These are mostly
state-level actors, although some non-state institutions have
demonstrated the ability to unmask Tor traffic using this class of
technique.
So, in particular, the people you're blocking when you make Tor access
impossible or difficult, are frequently going to be the ones who risk
persecution, imprisonment, or death if they're discovered. Think human
rights activists, citizen journalists, and anonymous whistleblowers in
oppressive regimes. They're the ones who literally *cannot* afford to
turn Tor off.
/a