This implies the browser is pretty sold, but what about the network itself? How do we know all of the traffic isn't deanonymized due to a big company or government having control of a large number of nodes?
Apologies for not bothering to research this question in advance.
> How do we know all of the traffic isn't deanonymized due to a big company or government having control of a large number of nodes?
It absolutely is. This is known and explicitely called out in Tor's design:
> A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic […]
Thanks,I have read this concern before but was not aware it was part of the design specification.
What gives people, especially in the west, the confidence to use it at all, given all of the fusion centers and likelihood of parallel construction? Perhaps this is a rhetorical question...
If I were the CIA, I would want to run a bunch of Tor nodes just to snoop on people.
Of course, if I were the KGB, or MI-6, or the Chinese State Security Ministry, or the DGSI, etc., then I would be doing the same thing.
Assuming that's true (and it may not be), I'm curious how much security would be compromised with many different adversaries instead of just one adversary.
Tor was created by u.s. gov. It is used by gov across the world to secretly communicate. How else are you going to get intelligence off the ground? A wifi connection anywhere works for tor.
It's also why it's still available and hasn't been challenged in law. Every tor node and exit is in a list, it has to be. If govs wanted to, they can make it illegal and start raiding. They love raids. They don't because that harms their intelligence ops.
I am speaking as a user of the product and offering feedback - the whole point behind Tor is to protect your anonymity and that's hard to do when the browser itself is leaking your IP (and other data) to some service you don't even care about. At best, such kind of integrated services should be opt-in only by default. (Note that Firefox services are now opt-in too in Tor).
> What percentage of exit nodes are run by spy agencies and other snoops? Does anyone really know?
Most of them. The cost to operate top-bandwidth nodes are estimated at least five figures per month. Thankfully the Tor design spec explicitely calls out government panopticons as being squarely outside the threat model. So, adjust your infosec policy accordingly.
I run one of the bigger Tor relay families [0] with around 3.5% of the exit bandwidth [1]. Hosting high bw stuff is actually pretty cheap if you stay away from the cloud. I don't pay five figures per month for all these relays it's less than 1k$.
For the actual question there was a big attacker uncovered in 2021 [2] and removed from the network. I'm pretty sure there are still malicious relays on the network the hard part is to know which.
Ups forgot that that there is this one relay that I don't run that is also called bauruine. I've updated the link to MyFamily. nusenu shows the authenticated domain which is tuxli.org for my relays.
Apologies for not bothering to research this question in advance.