On Bruce Schneier blog there was a post about arresting of a student who has sent email bomb threat to Harvard for skipping a final exam. Although he has used Tor network for anonymization, FBI has identified and arrested him by going through a list of Harvard users who has accessed Tor.
In cryptography, we believe that usually the weakest parts of the whole security system are users. Additionally, I believe that the problem mostly arises when users have some false assumptions about what sort of security the system provides. In this case, the user, the cheating student, supposed that Tor can anonymize him among the whole users of the internet or at list whole users of Harvard, contrary to his expectations Tor network just anonymize the user among users of its own network and in this case the users of its own network that are behind the University's gateway. The rest is just some police mechanisms.
In my opinion, there should be enough clarifications for users about what type and level of security the system provides. This clarification is a hard process as the users are not experts. Besides, this clarification is mostly a duty of system designers.
In cryptography, we believe that usually the weakest parts of the whole security system are users. Additionally, I believe that the problem mostly arises when users have some false assumptions about what sort of security the system provides. In this case, the user, the cheating student, supposed that Tor can anonymize him among the whole users of the internet or at list whole users of Harvard, contrary to his expectations Tor network just anonymize the user among users of its own network and in this case the users of its own network that are behind the University's gateway. The rest is just some police mechanisms.
In my opinion, there should be enough clarifications for users about what type and level of security the system provides. This clarification is a hard process as the users are not experts. Besides, this clarification is mostly a duty of system designers.
No comments:
Post a Comment