Astoria Tor client - Designed to Avoid NSA Attacks

http://thehackernews.com/2015/05/Astoria-tor-client.html


Comments


[3 Points] sapiophile:

I'm still not sold on Astoria. Anything that distinguishes you from a normal Tor Browser user is a serious threat to anonymity. If these devs are smart (and they probably are), then that shouldn't be an issue - except perhaps until Tor Browser gets an update that diverges its fingerprint. And what kind of reputation do these developers have?

That said, though, it is true that the Tor devs have opted to weigh circuit creation heavily through high-speed nodes, which can make timing attacks and the like easier for a well-funded adversary. This is definitely a valid area for research and development, but I'm very hesitant to jump on any bandwagons without some decent vetting.

I do sincerely wish that the Tor devs prioritized security more - mainly on this issue and to make "High" the default Security Slider setting in Tor Browser. But they're very concerned about user experience, and there's good reasoning behind that, too (more users = more anonymity for everyone).


[2 Points] 993999999:

Title is bullshit, the astoria paper specifically says that they offer no protection against timing attacks. Astoria is not a anonymity upgrade its a network speed upgrade.


[1 Points] TheDudeiestAbx:

I feel like you cant make something completely invulnerable if it's just an app on a regular OS as ram can be manipulated through other apps to see exactly whats going on in the first app.

Why not just use Tails OS? It does this already right?