** Adversary Goals / Assets **
-
Stop it from working
-
Detect, Enumerate users, locate users
-
Block specific users, sites, content
-
Throttling of transport, to make it slow, not blocked
-
Specific timing for blocking
-
Identiy and access to all PT traffic in order to build more effective filters, find users
-
Link people meeting in physical space, through their similar Internet activity
** Attacks / Vulnerabilities ***
-
Your host/CDN censors you to comply with law
-
Your host/CDN takes you offline for ToS violations
-
DPI: detection of byte sequences, fingerprints; repeating transformations
-
Human: Does it look right to a human? Does this look like what it claims to be?
-
Subterfuge: Open-source patch submission that introduces backdoor
-
Legal compliance: App store or other service blocks or removes app, client for specific region or everywhere due to legal compliance
-
Legal action: PT operator required to log, inject data, or otherwise attempt to compromise or enumerate clients connecting to it
-
PT relies on certificate authorities installed on client or server machine; CA is compromised, or new malicious CA is added
-
DDoS/bot attack on PT infrastructure running up huge $$$ bills
-
App that embeds PT doesn't stay updated, causing user to experience service outtage or be exposed to a known bug/vulnerability
-
Server PT doesn't update, exposing a user to an outage or a known bug/vulnerability
-
Too much success, too quickly (getting overwhelmed by actual users)
-
State is DDoSing you, but a good number of actual users from that state are also trying to get on. How to differentiate between them?