<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jun 10, 2013 at 1:42 PM, Amr Ali <span dir="ltr"><<a href="mailto:amr.ali.cc@gmail.com" target="_blank">amr.ali.cc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is not popular, but TOR is not as secure as "people" like to proclaim.<br>
Browser plugins can completely circumvent the intended security of communicating<br>
over TOR by establishing direct connections, node-poisoning (i.e., introducing<br>
several "Eve" nodes in the network) to mount traffic analysis and find<br>
correlations at the exit and entry nodes to identify the origin of the<br>
connection or the nature of the content.<br>
<br>
And in fact any distributed communication setup is vulnerable to these types of<br>
attacks. The difference between using something like TOR and not using it is<br>
basically raising the bar to face more skilled adversaries.<br>
<br>
The point is, you can surely try to make it harder, but it's futile if you<br>
become a subject of interest to a well funded and well organized adversary.<br>
<br>
That of course and you'll have to suffer a high degradation of QoS due to the<br>
security requirements of these types of distributed setups. There's a good<br>
solution on the rise (i.e., Homomorphic Cryptography) that would store your data<br>
in the cloud in encrypted form and you can run processes against it without<br>
exposing the data to the service provider, but that still has some work to be<br>
done to go mainstream.<br></blockquote><div><br></div><div>Nice... :D<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
On 06/10/2013 01:26 PM, AMahdy AbdElAziz wrote:<br>
> Correct me if I'm wrong but AFAK, Tor is hiding your traces from the Website not<br>
> from the ISP. Your ISP is the final line sending you the "data" and knows<br>
> exactly from where this data is coming.<br>
><br>
> --<br>
> AMahdy AbdElAziz<br>
> <a href="http://www.AMahdy.net" target="_blank">http://www.AMahdy.net</a><br>
><br>
><br>
> On Mon, Jun 10, 2013 at 1:14 PM, Mohammed Gamal <<a href="mailto:m.gamal005@gmail.com">m.gamal005@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:m.gamal005@gmail.com">m.gamal005@gmail.com</a>>> wrote:<br>
><br>
> @Amahdy:<br>
> You can still use something like Tor if you want to hide your traffic<br>
> from your ISP. The problem with cloud sites is that YOUR data resides<br>
> at THEIR servers, so you have absolutely no control over it, and this<br>
> is a valid risk (whether you're willing to take it is a different<br>
> story). Stallman might be overdoing it, but he has some valid<br>
> arguments.<br>
><br>
> That's why initiatives like decentralized social networks like<br>
> Freedombox and Diaspora are important to provide a future alternative<br>
> for centralized social networks and clouds like Google and Facebook.<br>
><br>
> I recommend you watch two talk by Eben Moglen, one titled 'Freedom in<br>
> the cloud' and 'Why Political Liberty Depends on Software Freedom More<br>
> Than Ever' keynote speech at FOSDEM 2011. Search for them in youtube,<br>
> they're very informative.<br>
><br>
> Regards,<br>
> Mohammed<br>
><br>
> On Mon, Jun 10, 2013 at 1:08 PM, AMahdy AbdElAziz <<a href="mailto:amahdy7@gmail.com">amahdy7@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:amahdy7@gmail.com">amahdy7@gmail.com</a>>> wrote:<br>
> > +1 for Amr Ali. I kept repeating this for ever, it's your choice to either<br>
> > stay outdated and ages behind technology just seeking a way for a fake<br>
> > "privacy" and "free software", or to just move on like everybody on planet<br>
> > earth is peacefully with his life. What's the big issue if someone in USA<br>
> > knows your current location right "now"? What if they just hired a physical<br>
> > person to track your current location, would you be able to stop him?<br>
> ><br>
> > Just place a big bold line between your internet life and your real life and<br>
> > that's it.<br>
> ><br>
> > GNU Linux is "free open source software" but you never know what the<br>
> > executable that you download pre-built contains. Will you download the<br>
> > source of everything and compile? then make sure to "read" the source code<br>
> > of everything too AND tell me how you gonna compile a compiler from source.<br>
> ><br>
> > Right now even if you open the internet from a direct connection with no<br>
> > proxies, how can you tell that whoever providing you internet (your ISP) is<br>
> > not tracking you? They easily CAN do it, and if it's not them then whoever<br>
> > provide your ISP internet CAN do it. Big hassle to worry about it and at the<br>
> > end of the day, do you really have something on internet to hide it? Please<br>
> > just hide it now and forever!<br>
> ><br>
> ><br>
> > --<br>
> > AMahdy AbdElAziz<br>
> > <a href="http://www.AMahdy.net" target="_blank">http://www.AMahdy.net</a><br>
> ><br>
> ><br>
> > On Mon, Jun 10, 2013 at 12:52 PM, Amr Ali <<a href="mailto:amr.ali.cc@gmail.com">amr.ali.cc@gmail.com</a><br>
</div><div><div class="h5">> <mailto:<a href="mailto:amr.ali.cc@gmail.com">amr.ali.cc@gmail.com</a>>> wrote:<br>
> >><br>
> >> The problem is not privacy, what is privacy? It's BS, doesn't exist. If<br>
> >> someone<br>
> >> wants privacy they should simply stop using the Internet, find a cave and<br>
> >> protect it against satellite thermal imaging, and stay there for good.<br>
> >> Also it<br>
> >> is not about interfaces, Stallman is simply being stupid and ignorant by<br>
> >> suggesting that having your own mail-server or replicating any of today's<br>
> >> infrastructure technologies will help you in any significant way;<br>
> >> absolutely<br>
> >> not! It's about Big Data and information dissemination.<br>
> >><br>
> >> There are just a few reasons that most "people" really need privacy for<br>
> >> and they<br>
> >> are mostly unjustified and often ludicrous. There's no way you can assert<br>
> >> the<br>
> >> privacy of a piece of information once it goes outside your machine;<br>
> >> granted<br>
> >> there are methods to help you "feel" more secure, but truth of the matter<br>
> >> is,<br>
> >> security in itself is a "feeling", it is an illusion, it's confidence<br>
> >> built upon<br>
> >> the unlikelihood of a persistent adversary, and that's why we invented the<br>
> >> nomenclature of Advanced Persistent Threat (APT) which is used to account<br>
> >> for<br>
> >> worst case scenario profiles of malware, individuals, and organizations.<br>
> >> Nothing<br>
> >> can be secure or private indefinitely, it is theoretically impossible due<br>
> >> to the<br>
> >> lack of an epistemological authoritative root that can assert the security<br>
> >> or<br>
> >> privacy of any piece of information (e.g., Certificate Authorities are<br>
> >> pseudo-roots because who can be authoritative about their security? No<br>
> >> one!)<br>
> >><br>
> >> I've helped build services that you just won't believe how accurately it<br>
> >> can<br>
> >> pin-point your location and identify you out of millions of other users<br>
> >> based on<br>
> >> very small data facets it collects once you visit any site that uses the<br>
> >> service<br>
> >> (and you cannot do much about it btw unless you want to start using Lynx),<br>
> >> it<br>
> >> sits on-top of billions of fingerprints. It is simply preposterous to even<br>
> >> think<br>
> >> that you have significant control over anything that comes out of your<br>
> >> computer.<br>
> >><br>
> >> </rant><br>
> >><br>
> >> National security under today's challenges (i.e., the fact that the<br>
> >> virtual can<br>
> >> and does affect the physical) forces governments to tap into the most<br>
> >> fertile<br>
> >> pool of intelligence.. I've gone on and on about this on my blog<br>
> >><br>
> >><br>
> (<a href="http://d4de.tumblr.com/post/52374664591/thoughts-on-big-data-and-information-dissemination" target="_blank">http://d4de.tumblr.com/post/52374664591/thoughts-on-big-data-and-information-dissemination</a>).<br>
> >><br>
> >> On 06/09/2013 10:13 PM, Eslam Mostafa wrote:<br>
> >> > Hey guys,<br>
> >> > while reading this article:<br>
> >> ><br>
> >> ><br>
> <a href="http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman" target="_blank">http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman</a><br>
> >> ><br>
> >> > i was offended by this "The concept of using web-based programs like<br>
> >> > Google's<br>
> >> > Gmail is "worse than stupidity", according to a leading advocate of free<br>
> >> > software." yeah felt stupid for a moment :D what does the guy use ?<br>
> >> ><br>
> >> > "this mail has been sent using GMAIL"<br>
> >> ><br>
> >> > --<br>
> >> > Eslam Mostafa,<br>
> >> > My Blog <<a href="http://cseslam.wordpress.com" target="_blank">http://cseslam.wordpress.com</a>><br>
> >> > My Website <<a href="http://eslammostafa.com" target="_blank">http://eslammostafa.com</a>><br>
> >> > GNOME Memeber<br>
> >> > Python/js/GTK+ Developer<br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> ><br>
> >><br>
> >> --<br>
> >> Amr Ali<br>
> >><br>
> >> --<br>
> >> Ubuntu-eg mailing list<br>
</div></div>> >> <a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a> <mailto:<a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a>><br>
<div class="im">> >> Modify settings or unsubscribe at:<br>
> >> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg</a><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Ubuntu-eg mailing list<br>
</div>> > <a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a> <mailto:<a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a>><br>
<div class="im">> > Modify settings or unsubscribe at:<br>
> > <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg</a><br>
> ><br>
><br>
> --<br>
> Ubuntu-eg mailing list<br>
</div>> <a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a> <mailto:<a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a>><br>
<div class="HOEnZb"><div class="h5">> Modify settings or unsubscribe at:<br>
> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg</a><br>
><br>
><br>
><br>
><br>
<br>
--<br>
Amr Ali<br>
<br>
--<br>
Ubuntu-eg mailing list<br>
<a href="mailto:Ubuntu-eg@lists.ubuntu.com">Ubuntu-eg@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-eg</a><br>
</div></div></blockquote></div><br></div></div>