> provided there’s a back door or vulnerability that only (1) knows about.
Do you have any examples from existing tools, e.g. Tor, for which that's true? Tor's been around a long time-- surely something would have surfaced at this point, but I haven't really paid attention to it.
(this link is specifically great for this subject as it lists more than 10 different attack / compromise programs that are being run - with quite a few of them being protocol attacks - in the comments section )
Tor is an interesting example. A number of attacks are made possible by monitoring Tor exit node traffic, especially at the scale nation states can bring to the table.
Sure-- but that structural shortcoming has been a thing for a long time-- I wouldn't consider it a secret vulnerability that Tor was facilitating for US intelligence, as was initially implicated. I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
If I remember correctly, Tor has been broken due to 'threat actors' owning enough exit nodes to successfully de-anonymize traffic given enough time and information.
pretty sure this is hearsay from a message board, but I can't for the life of me recall where or when I heard this.
> There is no real evidence that DARPA is morally compromised by the NSA in any way. This is unlike for NIST where there is evidence of such compromise.
Wait. Can you clarify this? I know that NIST's standards were compromised by the NSA or at least there is evidence of it. However, this is not necessarily the same as being morally compromised. The story I've read is that the NIST was taken for a ride by the NSA but weren't in bed with them. Is the narrative I have incorrect?
If you haven't seen it already, there was a post a couple of years ago here that got some traction on this subject, in context of a FOIA-related lawsuit filing by a (I'm to understand) well-regarded cryptologist:
It that respect, (2) is just a mouthpiece for (1), provided there’s a back door or vulnerability that only (1) knows about.