Tor is compromised?


#1

"The news has led some to claim that Tor no longer offers a "safe option"."

Is this true? Can I still trust Tor? And please at least try and ignore the standard BBC FUD about Tor being 'A Dark Net''. They are getting as bad as the Daily Mail...

FWIW, I use Tor to visit sites that talk about rights of friends of mine in jurisdictions that look less than kindly upon those who criticise their behaviour.


#2

Certain versions of the 'Tor Browser' package were 100% 0wn3d. Never should have trusted a browser with javascript and all the bells and whistles, paid the price.

What is unknown, at this point, is who owns the exit nodes. My understanding is that (to the best of unclassified security research) Tor is fine so long as (1) it is used properly (which the Browser exploit was explicitly designed to defeat) and (2) a single, coordinated, malicious actor doesn't control more than a certain percentage of the exit nodes.

(1) is a fact; but one that can be circumvented by using a more secure set of client software. (2), though, is worrisome. Running a gigantic mass of Tor exits, on various boring VPS and colo services, is expensive by individual/nonprofit standards; but relatively cheap by Scary Feds standards. If it turns out that 80% of the Tor exit nodes with decent bandwidth are owned by three letter agencies....


#3

Covered in some detail in the other topic, particularly this post


#4