

 Torservers.net: Professional Global Tor infrastructure - mo
https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008718.html

======
alan_cx
Knowledge gap on my part...

I thought Tor was suspected of being compromised, since is was originally
developed by ex-government or military types? Is this the case, is Tor
actually accepted as secure and free from government interference?

Also, I vaguely remember concerns about things like child porn being handled
by exit points. Were the legal or moral concerns resolved? Or are such
concerns accepted as being a thin end of the censorship wedge?

~~~
haakon
The Tor Project sprung out of a research project at the U.S. Naval Research
Laboratory, and to this day a large part of its funding comes from U.S.
government sources.

This is entirely fine as far as I can tell - the U.S. interest can be
explained as two-fold:

First, it could be a genuine wish to fund projects with potential to support
freedom of expression in parts of the world they think need it (Secretary of
State Clinton has expressed this as a policy at least once).

Second, and I think this is the more important reason, is that the various
intelligence arms in the U.S. need Tor for themselves, in order to provide
anonymous means of communications for secret agents and other foreign
operatives who work in hostile environments. The important thing to realise is
that low-latency mixnets absolutely depend on being widely used by many kinds
of users for many purposes, so that each user can hide in the crowd. Therefore
Tor absolutely needs to be publicly available - if American spies were its
only users, they would stick out like sore thumbs and the entire thing would
be hilariously pointless.

Tor is of course open source and can be inspected for backdoors and such, and
its design continues to be subject to scrutiny and research. If there is a
danger involved, it is an attack where the U.S. government controls
sufficiently many Tor nodes in order to be able to do traffic analysis
efficiently. So far I don't know of any signs of this, and I question if they
would want to sabotage a project that has such a useful potential for
themselves.

~~~
alan_cx
Ok, so the main part is that it is open source, and presumably one can inspect
the code and compile it for one's self.

If so, then any government/military/intelligence concerns become irrelevant.
Right?

~~~
haakon
In practice, yes. In theory, Tor does not protect against a global passive
adversary, so if you believe that there exists an entity capable of observing
all traffic on the net globally, and you have reason to believe you are a
high-enough-value target for them, then you should not use Tor.

------
mindslight
In light of this week's subject of outrage, it's important to point out that
TOR doesn't protect against a global adversary sniffing traffic at a
significant number of nodes and then correlating sessions.

------
startupfounder
This is ripe for a crowdfunding campaign.

~~~
dmix
Agreed, the non-profits are set up, they just need a big marketing campaign.
Crowdfunding pages are good ways to communicate to general audiences.

------
frankblizzard
Afaik a lot of Tor endpoints are actually run by the NSA / secret services.
"If people try to use encrypted services they must seek to hide something"

~~~
majke
It's hard to comment speculations.

But fortunately, even if what you're saying was true you're still safe!
Endpoint alone can't tell much about the origin of the connection :)

~~~
haakon
This is key - Tor's purpose is to help you be _anonymous_. It does not give
you confidentiality; for this you need additional tools (such as SSL).

~~~
majke
Yup. Let me support that with a link:
[https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Can...](https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad)

