1. Tor is primarily used to distribute CSAM,
2. a single organization with a budget of $150k could deanonymize every Tor user simultaneously.
Since pretty much every firat world law enforcement organization can cough up this amount in spare budget, either
- at least one of the claims above is false; or
- there's a global conspiracy involving every major law enforcement organization in the planet being taken over by pedos.
In fact, both claims (you?) made without evidence are simply false.
Having published calculations for the second claim is like having published calculations for "the Sun went supernova yesterday". The conclusion is blatantly wrong, so the calculations have a mistake, and an intellectually honest author would double check them, find that mistake, then retract the claim (or would not have made it in the first place).
2. My site shows a mathematical model of security that Tor provides in terms of its design for relays alone. I say on the site I’m not including staff and other costs. In fact bringing someone to court is a further cost. My point in making the site is to quantify solely the costs that the design brings to the table. You can then compare that design to some other anonymous system. Or compare it to a doublespend attack on bitcoin or to brute force decryption. That’s important for users.
Unlike the Tor Project, I’m being transparent by showing assumptions, the math, and the code. Do you have a better model? Great, then publish it. I’m trying to start a formal conversation. The Tor Project should be relying on science, and not strong assertions, to ensure its security.
And while there are costs to, say, bring someone to court for csam, do you believe all adversaries are going to do that? That’s why it’s not part of the costs I model.
Finally, to be more clear, Onion Services in particular are the problem when it comes to CSAM (and ransomeware). Tor Browser is not the issue when it comes to CSAM.
