If this malware really was set by the NSA, it’s the best proof ever that the US government does NOT control the Tor network, as many people claim. If Tor were controlled by the US government, they would neither need nor want to put anything on it that would make it seem less secure to the thousands of people who were giving their every move over to them.
So, in a weird way, this is a comforting situation. The answer is to turn off Javascript while you are in Tor, or to use a plugin that allows you to optionally turn scripts on for a specific page or domain name as needed. Problem (mostly) solved.
There are some tinfoil underwear wearing people that believe the government has full control of tor, and I’m fully sure they are wrong. I think it’s incredibly naive though to believe that they don’t have control of exit nodes and probably quite a few of them. There are various security issues involved there, and governments aren’t the only ones playing at this. I’m sure corporations and independent hacking groups are all over tor.
Most of these issue come down to user browsing habits. I feel the tor network may even make people put down their guard a little. After all… Hey! It’s encrypted, and like nobody knows my ip!
Correct me if I’m wrong, but very little if anything has been done about this. So big tor rules… never click through ssl certificate warnings, turn off javascript, and don’t use tor for normal browsing.
