
FOIA request shows Tor is almost 100% funded by the US government - sschueller
https://www.documentcloud.org/public/search/projectid:37206-The-Tor-Files-Transparency-for-the-Dark-Web
======
sctb
Comments moved to
[https://news.ycombinator.com/item?id=16501630](https://news.ycombinator.com/item?id=16501630).

------
itdaniher
Posted on a duplicate:

Good old Yasha! If you've been paying attention to his works, you'll be
underwhelmed by this particular post. He repeats his claims, many of which are
easily verifiable and simultaneously without significance. Yes, Tor updates
fiscal sponsors with regards to project status.

Yes, Tor is USG funded. No, it's not a Honeypot. It's also not a panacea.

As a technical project based in Cambridge, MA, Tor doesn't exist in a
political vacuum.

If Tor was more of a pain to the USG than a benefit, it likely would not have
been able to grow to the extent it has, but this by no means is indicative of
a comprehensive system failure or any significant subterfuge on the part of
Tor developers. I do not believe Yasha or anyone else has evidence to the
contrary.

To be clear, I dislike Yasha as a self-aggrandizing spinlord shipping a
conspiracy theory laden set of tenuous hypothesis, but I've gone out of my way
to read the documents he's released to date

~~~
colordrops
> No, it's not a Honeypot

How do you know?

~~~
jerheinze
> How do you know?

[https://github.com/isislovecruft/library--/tree/master/espio...](https://github.com/isislovecruft/library--/tree/master/espionage)

~~~
itdaniher
Thanks for the link, which presumably contains the OC I'm about to reference.

We've seen several classified documents claiming (pick a three letter USG
agency) have minimal operational ability to deanonymize a particular Tor user,
and even less-so in real-time.

Fortunately, the FBI has proven it doesn't need to break Tor to interfere with
the most egregious of the malactors who call it home. They've hijacked servers
hosting objectionable content and used them to deliver Firefox exploits to
leak real IP addresses.[1] They've done "good old fashioned police work" and
exploited human trust [2] to bring down well coordinated teams of
international players.

[1] [https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-
unp...](https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-
unprecedented-and-illegal-hacking-operation) [2]
[https://www.wired.com/story/alphabay-takedown-dark-web-
chaos...](https://www.wired.com/story/alphabay-takedown-dark-web-chaos/)

~~~
jerheinze
In any case, using Tor is better than not. "We have plenty of academic
research and mathematical proofs that tell us quite clearly that the more
people use Tor, the better the privacy, anonymity, and traffic analysis
resistance properties will become."

And in the examples you gave, a Qubes OS+Whonix setup would've prevented those
exploits from leaking the IP, unless the adversary has a Xen exploit.

------
rdiddly
This isn't news, but it has always been the thing that made me doubtful about
Tor.

~~~
jerheinze
> but it has always been the thing that made me doubtful about Tor.

If they weren't open about what they did with that funding, and the funding
came directly from the NSA? Sure! That would've left everyone pretty doubtful.
But since their funding comes from things like the NSF, OTF, ... and they're
pretty open about the deliverables that each sponsor seeks[1] (for e.g. [2]),
then there's really no reason to be doubtful.

[1] :
[https://trac.torproject.org/projects/tor/wiki/org/sponsors](https://trac.torproject.org/projects/tor/wiki/org/sponsors)

[2] :
[https://trac.torproject.org/projects/tor/wiki/org/sponsors/S...](https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorV)

