
The feds pay for 60 percent of Tor’s development. Can users trust it? - lelf
http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/
======
thex86
The Internet was made by DARPA. Let's stop using it.

I am really sick of these arguments. Do you realize how much research goes
into Tor and how many university researchers are associated with it
(Cambridge, Waterloo)? Furthermore, can you really think someone like the Tor
core developers (Dingledine and Mathweson) can sacrifice their entire
reputation just for putting a backdoor? The code is out there. They have a Git
repository and they have an active, healthy developer community. It's not like
TrueCrypt, where change logs read like, "Minor fixes" and there is no public
repository in 2013.

Someone should bring proof of the alleged backdoors or just shut up. Because
conspiracy theories are not only stupid, they are annoying. This issue has
been addressed on the tor-talk list many times. Please show one iota of proof.

And I say this as a Tor user who has not only donated to the project but also
runs a relay.

~~~
ryguytilidie
Because conspiracy theories are not only stupid, they are annoying. This issue
has been addressed on the tor-talk list many times. Please show one iota of
proof.

Isn't this exactly what someone would have said about the NSA spying on us
even just a few months back? Did we learn from that AT ALL or just anytime we
don't like a theory we will call that person a tin foil hat wearing nutcase?

~~~
thex86
> Isn't this exactly what someone would have said about the NSA spying on us
> even just a few months back? Did we learn from that AT ALL or just anytime
> we don't like a theory we will call that person a tin foil hat wearing
> nutcase?

The NSA is a different case. We do not know anything about it, except from the
leaks. But we do know things about Tor.

a). Actively developed, follows the best principles possible. Open discussions
in IRC, active mailing list, developers who respond to queries.

b). Highly researched by some of the best universities in the world. Cambridge
and Waterloo come to mind instantly.

c). There has not been a single case of mistrust on their part that should
make someone suspicious about them.

The day Tor does something like this, not only they lose their funding, they
lose users and they become a dead project. With so much reputation at stake --
and they are respected people in the community -- Dingledine and Mathewson
doing something like this? I don't think so.

~~~
ryguytilidie
Sure, I understand that, but if that is the argument, just make those three
points. Arguing "Because conspiracy theories are not only stupid, they are
annoying. This issue has been addressed on the tor-talk list many times.
Please show one iota of proof." is just silly, as though because we don't have
factual proof the government is doing something wrong we are "stupid and
annoying". All I'm saying is that this argument lacks a ton of credibility in
a world where we just found out our own government spies on everything we do
and the reaction from the mainstream went from "those tin foil hat wearing
morons!" to "eh, they were right, and I was wrong, why would that possibly
make me change my beliefs?".

------
narsil
From the Q&A at the end (
[http://www.youtube.com/watch?v=9XaYdCdwiWU&feature=youtu.be&...](http://www.youtube.com/watch?v=9XaYdCdwiWU&feature=youtu.be&t=1h1m58s)
), Grug has this to say on TOR:

"Against [Law Enforcement Officials], it's fine. Against a nation-state, the
TOR network has insufficient resources and has sufficient bad actors that it
is not actually secure. So if you're going to hack the shit out of the NSA and
do really really bad planning and do not actually evalute the targets you are
after, you will go to jail."

He also expands on how to unmask a user by controlling both the exit and entry
nodes:

"So if you can purchase 300 VPS accounts at $5 each then you can set up 1% of
the TOR network and statistically, over a month, you will be able to uncover a
large number of users. [...] You are better of selecting your targets so they
will not be state actors."

~~~
lambda
But what happens when the LEOs are getting their data from the NSA?
[http://www.washingtonpost.com/blogs/the-
switch/wp/2013/08/05...](http://www.washingtonpost.com/blogs/the-
switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-
dea-is-covering-it-up/)

TOR is not perfect. The NSA, or any other sufficiently large global passive
adversary, can defeat it, with global timing correlation. However, a
connection over TOR probably requires more resources to track down than a
direct connection. On the downside, a connection over TOR may go through a
foreign country, which removes any domestic safeguards the NSA does have in
place, subjecting it to indiscriminate spying.

TOR is also insufficient on its own. You need to use strong crypto, and be
careful of your privacy in other ways (cookies, caches, etc) on top of it.

~~~
cdash
The NSA does not have domestic safeguards, and the act of actually using TOR
makes you a primary target by being suspicious.

------
tlrobinson
The NSA doesn't need a backdoor in Tor when they can do traffic analysis on a
large portion of Tor nodes, either by eavesdropping on at least one link
between each pair of nodes, or just running the nodes themselves...

<conspiracy>Maybe _that 's why_ they continue to fund it...</conspiracy>

~~~
munin
you know, when the tor project had some scruples and ethical standards, they
actually explicitly addressed this as part of their threat model,
acknowledging that if someone could see enough traffic, they could de-
anonymize the network.

then, shit like this happened: [https://www.eff.org/pages/tor-and-
https](https://www.eff.org/pages/tor-and-https)

~~~
reirob
Thank you for the link. I find it very explanatory for me and a nice resource
to explain to others what TOR and HTTPS can protect from.

I understand that using HTTPS through Tor can provide to NSA your rough
location (entry node) and the site you are browsing to. But your user name and
password will be safe (assuming that NSA cannot hack HTTPS). Using HTTPS only
can provide the same information to NSA as the HTTPS+TOR, so for httpS sites
Tor does not provide extra security against NSA?

If my understanding is correct then Tor would provide only value when using
Tor services, aka onion sites, but not when using public Internet services?!

I would appreciate if somebody could provide their expertise on this.

------
alan_cx
If we believe that chips and hardware have been compromised by the NSA (and I
suppose the Chinese who make a lot of it), that encryption has been cracked by
the same, and that it is spy open season at ISP level, then surely nothing
that runs on or through such devices can be secure enough, Tor included?

------
petermcd
Two assumptions: 1\. An encryption system is only as secure as its weakest
link 2\. The NSA can get the source whether its open or closed.

I imagine the NSA would task a team of researchers to analyze the source code,
find a vulnerability, and develop a tool to exploit it. I imagine they'd then
hand the tool over to a team to deploy and operate it.

No person from the TOR community would need be involved or made aware. And,
assuming the NSA was the only one with the exploit, there would be no reason
to stop funding Tor, since it advances American interests without (now, thanks
to the exploit) threatening them.

------
anologwintermut
Tor does not protect against a global passive adversary. If the NSA can watch
most network traffic, they can do packet timing correlations and readily
identify you. They don't need backdoors or subverted exit nodes

~~~
sliverstorm
Basically an extension of the tor attack where the feds knew roughly where the
guy they wanted lived, and they could engage him in an IRC chat, so they
talked to him in the chat, meanwhile driving a van around sniffing wireless
networks looking for bursts in traffic that corresponded to the IRC
transmissions.

I always thought that was a pretty neat attack.

------
strlen
I trust tor to do what tor does: in fact -- as do US intelligence agencies who
use it for anonymous open source intelligence.

I don't, however, trust it to do anything else: namely, I don't think of it as
a security panacea. Goals of security are confidentiality, integrity, and
availability. Anonymity is only a small part of confidentiality: tor provides
a somewhat reasonable guarantee (i.e., much better than nothing or use of
proxies) that I can anonymous browse censored web sites. However, alone it
doesn't in any way help with secure communications to others, it doesn't
ensure that the sites I am visiting aren't MITM'd, it does not protect against
attacks that reduce availability of end points.

Since online content censorship is not currently a big problem in the United
States -- but now a huge problem pretty much elsewhere, including in the
Western World -- in most cases it isn't really an ailment for the ills
inflicted by the current government overreach.

------
conspiritor
Why is the government funding it? That is a valid question. I think the DoD
has the resources to create its own version of TOR type communications if that
were a big need for government agencies. SO. Why?

~~~
geofft
That's exactly how Tor got created -- it was originally funded by the Navy.
The DoD version of Tor _is_ Tor.

Also, it's entirely possible that the government is using the same software
(or a slight fork) on a different network, but using the public deployment of
Tor as a way to easily get public review of the cryptosystem.

~~~
wfn
Furthermore, if only the DoD/whatever used Tor, "someone with Tor traffic
going from/to them" would be a good-enough metric to locate DoD emplyees /
government spies / etc. The idea is, that's why Tor continued to be developed
not as part of a Naval Research lab project, but rather as a civilian project.

------
tikums
Summary: "NSA can break 1024 RSA/DH keys in a few hours. The problem with Tor
is that it still uses 1024 bit keys for much of its crypto, particularly
because most people are still using older versions of the software. Only 10%
of the servers have upgraded to newer versions."

[http://blog.erratasec.com/2013/09/tor-is-still-
dhe-1024-nsa-...](http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-
crackable.html?m=1)

------
marcosdumay
That's interesting. Just last week we were bombarded* with several news
doubting the security of RSA, then we discover that some kinds of ECC may have
back doors. Now we are getting news attacking TOR...

* I'm not accusing anyone. It's easy to believe so much in propaganda that you start to spread it too. One even honestly creates more unrelated reasons to believe. I know that I'll never trust RSA as much again, and will probably migrate to 3kb keys.

------
abofh
Taxpayers pay for 100% of NSA development. Can users trust it?

~~~
venomsnake
No they don't foot 100% of the bill ... this assumes balanced budget and no
additional money creation from the Federal Reserve. It also assumes NSA does
not have their own revenue sources.

<conspiracy> With that much information on hand I could play the foreign stock
markets like mad. And also forex. It will be sane for NSA to have capabilities
to crash a potential adversaries currency and stock market. </conspiracy>

------
anxiousest
Its source code is available for audit and scrutiny, so yeah. If you're
looking to spread FUD do that to the closed source stuff.

~~~
qq66
Open source isn't a guarantee of safety for two reasons:

1) It's highly possible that there are federal government agencies with
knowledge of encryption and security beyond the current state of the art in
academia. There could be deliberate vulnerabilities that even the most highly
regarded researchers/academics in the field could not detect.

2) Even if you trust the source, the source can be compromised elsewhere in
the toolchain (the compiler could turn safe code into malicious code). Unless
you trust every element of your toolchain, you trust nothing (from a
mathematical sense -- of course it's much more complicated, and thus less
likely, to compromise Tor through its own source code rather than gcc's source
code).

~~~
shawnz
> It's highly possible that there are federal government agencies with
> knowledge of encryption and security beyond the current state of the art in
> academia. There could be deliberate vulnerabilities that even the most
> highly regarded researchers/academics in the field could not detect.

That's true, but Tor uses encryption that is common in many other products.
Even if it were a privately owned product, it probably would have been
implemented in a very similar way.

> Even if you trust the source, the source can be compromised elsewhere in the
> toolchain (the compiler could turn safe code into malicious code). Unless
> you trust every element of your toolchain, you trust nothing (from a
> mathematical sense -- of course it's much more complicated, and thus less
> likely, to compromise Tor through its own source code rather than gcc's
> source code).

OP is not talking about whether or not perfect security is possible. They are
talking about the possibility of Tor specifically being backdoored, since it
originated within and is funded by the U.S. government.

~~~
autoexec
I doubt tor is backdoored, but it has it's own security issues. I wouldn't
doubt for a second that three letter agencies are running a huge amount of
nodes on the tor network and doing everything they can to correlate traffic
and associate connections to individuals. At the end of the day, you can't
rely on tor alone to keep you safe or anonymous on the internet.

------
smutticus
Find the backdoor or STFU.

~~~
jaekwon
Facepalm. The insecurity of Tor against NSA surveillance has nothing to do
with backdoors.

