#1 By: Xeni Jardin, October 4th, 2013 11:07
#2 By: Kris , October 4th, 2013 11:21
Fantastic news for the TOR community, really. Myth confirmed.
#3 By: lost boy, October 4th, 2013 11:57
The fact that Tor was created by the US government doesn't throw up any red flags? Does no one believe in disinformation anymore? How about this: the NSA absolutely has 100% full access to Tor. The Firefox exploit is an easy way to blame a 3rd party for 'vulnerabilities'. I wonder if GCHQ even know this. Also, Tor is a fantastic honeypot to catch scumbags. I'm sure terrorists are the primary target but snagging DPR and EEM is a bonus.
I'm pretty sure that journalists are still safe using Tor though. Believe it or not, America actually does love freedom!
#4 By: rider, October 4th, 2013 12:32
Meanwhile in other obvious news....
#5 By: fuzzyfuzzyfungus, October 4th, 2013 12:44
Wrong place for paranoia, with TOR: some US Navy affiliated research outfit, possibly along with DARPA, did kick in for its development, because the state department wanted something with those capabilities; but the protocols and clients have been OSS, and in friendly hands, for years now.
The bigger issue is likely that TOR depends on volunteer relay and exit nodes(and, by necessity, exit nodes can see some interesting things, though not tie them back to the user without some additional information), which are always in short supply.
So, if somebody with decent amounts of cash is interested in owning TOR, the easy, inconspicuous, no-hacking-needed attack is to operate lots and lots of TOR nodes. Not out of the NSA's IP block or anything, that'd be idiotic, just steadily add a VPS here, a cut-rate colo there, some AWS instances over here, through a bunch of contractors, front companies, and so on. Once you own enough nodes, the probability that a user's trip ends up taking enough hops through your servers that you can identify them.
That's the danger: by the standards of anonymity-enthused cypherpunks, enough bandwidth for TOR to work properly is pretty expensive; but by the standards of a sinister three letter agency it would probably be a fairly inexpensive project.
(By way of example, this Swedish researcher set up 5 rogue exit nodes, with essentially zero resources, and scored enough cool stuff to get some heat from the feds. Various other research groups set up nodes from time to time, just to have a look. A wimpy little VM with a 100mb link is enough to make you a valued member of the network, so the costs of entry are low.)
#6 By: Engineer, October 4th, 2013 12:58
The US excels at spending money to create new weapons that it has to turn around and spend an order of magnitude more money to defend against.
#7 By: Kris , October 4th, 2013 13:10
TOR is open source — if there were some backdoor for the US Government built-in it'd be near impossible to hide.
SR has been around for years, if they had a reliable method of identifying people using the service you don't think DPR would have been caught much sooner? He's a savvy kid that made a handful of mistakes, it's not rocket science.
You'd also have to assume that the NSA intentionally leaked documents to Snowden to convince users otherwise... I'm not buying it.
#8 By: lost boy, October 4th, 2013 13:15
Would it be better to shut down SR as soon as it launched or let it build and harvest the data? It would have given a fascinating and educating look into online drug transactions.
Also, a backdoor would be too obvious, too hard to hide. FuzzyFungus mentioned a better way of controlling Tor in his comment above.
#9 By: lost boy, October 4th, 2013 13:19
It's either that or healthcare for all
#10 By: Kris , October 4th, 2013 13:20
Not sure the government is into allowing international drug trafficking and murder for hire because they think it's "fascinating and educating". That's far from the simplest outcome here.
#11 By: bzishi, October 4th, 2013 14:47
Does this document mean what I think it means? Does it mean that if you've ever used Tor (traffic traced to an exit node) then the NSA will hack your computer and track everything you do from now on?
#12 By: Jason Andresen, October 4th, 2013 15:34
People have analyzed the TOR software a fair bit now. It is unlikely that there are any backdoors in it that aren't also backdoors in a ton of other crypto using software. If libSSL is inherently flawed somehow, then TOR is nowhere near the top of our concerns.
TOR itself seems pretty safe. What you do on your TOR link may or may not be safe. Browsers will happily divulge way more information than you would like when tweaked in certain ways, and if you want to foolishly type your name into a TOR protected server, TOR won't stop you.
#13 By: Kango Ru Foo, October 4th, 2013 16:08
Tor provides anonymity not security. If your traffic is unencrypted a tor node can read it. I could think of a few ways a bad tor node could make it tor less effective but I would have to read the code.
Defending against ultra hostile attackers is going take the collective intelligence of planet earth.
#14 By: Boundegar, October 4th, 2013 20:08
The Iran–Contra affair (Persian: ایران-کنترا, Spanish: caso Irán-Contra), also referred to as Irangate, Contragate or the Iran–Contra scandal, was a political scandal in the United States that came to light in November 1986. During the Reagan administration, senior administration officials secretly facilitated the sale of arms to Iran, the subject of an arms embargo. Some U.S. officials also hoped that the arms sales would secure the release of several hostages and allow U.S. intelligence age Th...
#15 By: Salgak, October 4th, 2013 21:43
So. . . .when will we start seeing TOR II ?? Here's hoping for a bastard child of Richard Stallman and Phil Zimmerman. . .
#16 By: Xeni Jardin, October 9th, 2013 11:07
This topic was automatically closed after 5 days. New replies are no longer allowed.