As such I wonder whether there are exit nodes (or even just plain nodes) left that are not being run by governments as honeypots?
How can you be sure that the data you are submitting is not intercepted? How can I be sure that all my traffic is not running through one government network (because all tor nodes still left are compromised)? How can I be sure that I'm actually submitting my information to the New Yorker in this case as opposed to a government server posing as them?
The announcement page linked is not being served over SSL and the onion URL given isn't using ssl either (as if any ca would sign a cert for that domain, but if the linked page was served over SSL they could publish a fingerprint there)
If I had important information to leak, I would probably still have an otherwise uninvolved colleague drop by in person to dump the data for that one (and only one) time. If I had a friend willing to take the risk.
Or if there was an EV signed page of the New Yorker listing an SSL fingerprint of a certificate that's used by that tor server, then maybe I could live with the fact that tor is likely compromised.
Then again, maybe I'm just a paranoid coward. I'm so glad I don't have access to information anybody would be interested in.
That is SSL is not a problem for you, because the URL is self authenticating.
This is especially useful if you have a newspaper, because you can print the address on the paper and not have to worry about CA and this kind of stuff.
Worth looking at is probably also GlobaLeaks (https://globaleaks.org/) that is a system that also uses Tor HS. This system is more actively developed and is designed to be extendable.
We are also happy to say that just last week we released the 0.2 release of GlobaLeaks. You can see a live demo on our site: https://globaleaks.org/.
Contrast The Silk Road, where the .onion is being used primarily to protect the identity of the service itself (as most of the users give their physical addresses to the service).
Both are hidden services. One is privacy for the client, one is privacy for the server.
Either make sure you are using end-to-end encryption or only use Tor for information you don't mind being public.
And it's certainly easy for trained government agents to to trick me into releasing too much information about myself when they pose as New Yorker reporters based on the information I just sent them.
If I'm submitting my data to the government posing as the New Yorker I'm exposing myself to much more risk than if I'm submitting my data to the New Yorker, provided I trust them. That's why I'm insisting on that onion link being displayed on a page that's EV signed. Because right now I have no guarantee that their http://tnysbtbxsf356hiy.onion link is actually the address of their drop box and not the honeypot the government has set up and put on a fake New Yorker page which they MITMd me.
 And even then...
 Yes, Colemak
On that page (http://www.newyorker.com/strongbox/, no SSL, no hashing, etc.) is an onion link. I see it as http://tnysbtbxsf356hiy.onion.
An adversary with sufficient access (whether to the server, or to the network between the New Yorker site and your browser) can rewrite that link without your ever knowing. Then you are legitimately directing your browser, once on Tor, to a spoofed site.
To compare, ssh uses no PKI, but is relatively resistant to MITM as it stores public key fingerprints for a given service on first access.
If the Feds (or whoever) were swapping out this address at a large scale, then the NYTs would notice and communicate to the public that this was happening. If the NYT was muzzled and every computer that you or anyone you know has it's connection being tampered with, then you are basically fucked anyway and this is the least of your concerns. At this level of paranoia you shouldn't be trusting the NYT anyway...
If they are not MiTM'ing this at a large scale, then quick verifications on other networks with other peoples' computers will work just fine.
After Manning and some other fun, the military is not really a fan of this happening, but realizes that it would provide an excellent way to identify seditious elements who don't have other channels to work out their moral dilemmas (or just their annoyance at being an expendable cog in the bureaucracy).
MilInTheMiddle proxy rewrites the page, replaces just that link with one that is under their control, then waits. People outside the military see the normal link, but a kid in Iraqistan sees the honeypot. When s/he sends secrets to the New Yorker (it's not even the NYT), the operator has a lead not only on what information may be flowing to the media, but is able to stop it and investigate the sender.
The same case could be made for financial institutions, government agencies, people in foreign countries with national firewalls, etc.
The only reason I'm not particularly concerned about this is that I strongly suspect that a) the organizations don't really have their sh*t together enough to do this in a fashion that wouldn't create immense blowback when (not if) discovered, and b) there are easier methods to get similar information already in place.
Let's reduce this even further. The New Yorker has put up a webpage saying,"Send your secrets here!" Pretend they put up a phone number instead. 1-800-231-2142. The military phone switching system can either automatically redirect calls to that number to a switchboard of impersonators, or they could change the number to one they already have, so that they can also capture military assets using personal phones, mobiles, etc.
The New Yorker page does not give any information about "offline" validation. They give a pointer to a supposedly secure dropbox. That dropbox may actually be secure, but there are a number of ways to subvert it.
Offline verification would work, but if we are assuming extensive MiTMing and meatspace impersonation then offline verification is just something the whistleblower needs to figure out themselves.
- The plainly accessible page needs to be served through HTTPS, preferably secured with an EV-SSL cert. The adversary would then be unable to read or change any of the site's content; i.e. the whistleblower receives the correct onion link.
- The onion site, too, needs to be served through HTTPS. All traffic passing through Tor is encrypted and thus out of reach of the adversary; traffic leaving Tor for the destination site is encrypted yet again and out of reach as well.
Since few CAs would accept to sign certificates for a .onion domain, that site might have to use a self-signed certificate. This solution remains secure for as long as that certificate's fingerprint is posted on the first page and the whistleblower cross-checks the expected and actual fingerprint values.
This should provide reasonable security for the exchanged message contents. In all likelihood, though, the adversary would be able to prove the whistleblower did communicate with the New Yorker.
One high-risk aspect of this whole deal is a possible breach at any of the whistleblower's trusted CAs. Convergence would be of some help there -- assuming the notaries involved are behaving correctly.
*edit: Sorry, I had a bit of a brain fart right there. Traffic to and from the hidden service (the .onion domain) never leave the Tor network and thus remain secure. Skip the second bullet point.
"offline verification is just something the whistleblower needs to figure out themselves."
You are seeing the point, albeit as if through a glass, darkly. The New Yorker has not advised anyone of this need, nor have they communicated the additional safeguards one much take, proportional to the risk of interception and identification.
 http://en.wikipedia.org/wiki/ECHELON, https://www.eff.org/cases/nsa-multi-district-litigation, black ops, http://en.wikipedia.org/wiki/File:Aldrich_Ames_mailbox.jpg, http://web.archive.org/web/20060210092316/http://www.liberty..., http://books.google.com/books?id=mAR0GI5ggf8C&pg=PA62#v=..., http://www.archives.gov/research/holocaust/finding-aid/civil..., http://www.britannica.com/EBchecked/topic/635080/Sir-Francis..., &c.
You seem to be misunderstanding me. I think that there is value to offline communication with trusted but unanticipated 3rd parties, but I do not think that there is value to the New Yorker pointing this out.
Unless the Tor site is a honeypot. Hmm a bit odd they don't have any offline validation instructions on there ;)
I guess the downloaded source code could always be diffed with a known legit copy, if it was compiled on a trusted machine.
By the way, how does one determine the right amount of paranoia?
The first response to this thread helped me understand the issues better: http://www.wilderssecurity.com/showthread.php?t=228869
If you don't trust the recipient then it doesn't matter if Tor is run by the government or not.
I think the goal of Strongbox is to protect sources in the event that the New Yorker is forced to turn over material to the government. What they never knew, they can't turn over, but that doesn't apply to the information you leak. The government will be able to get at that information because writers will have to keep it for reference while they're writing and fact-checking their articles.
I agree with everything else you're saying, but I should just point out one thing:
It doesn't matter whether or not anybody is interested in your information - especially in this era of en-masse passive data collection, you have the right to your own data, which includes the right not to be snooped on by third parties (governmental or otherwise).
It doesn't matter whether or not you "have anything to hide", only whether you have anything you want [voluntarily] to show.
Intuition makes for bad law, not least because everyone has different intuitions; it's basically asking, "Why don't programmers just program in English?"
(Kidding: ... if only I could. My son doesn't seem interested in it.)
I am down with "not getting tortured" as a right. But privacy is ... a privative. I think a more useful and fruitful direction will be requiring publication of holding of private data, and then we can enforce any number of outcomes.
I agree with the general statement, though.
even if this were the case, how could you be personally identified? worst case is the government gets the document you meant for the new yorker, but you still wouldn't be identifiable (unless your name was on the document etc.). Unless you're saying the government runs the majority of tor nodes so they could track back to your ip?
The data I'm sending can be a huge give-away of my identity - especially if they play along, pretending to be the new yorker and then tricking me into releasing more information than I wanted.
If that page that's linking to the hidden service was served over SSL with an EV certificate, then I could be sure that the link isn't faked. Of course the New Yorker could still be compromised by the government, but as long as I'm willing to trust them, I can at least be sure that I just submitted my data to them and not somebody pretending to be them.
The New Yorker or any CA capable of issuing EV certificates present in your browser. Do you trust all of them?
If neither of these avenues satisfy, a simple idea for defense-in-depth I've thought of is using .onion vanity name generators (see https://github.com/katmagic/Shallot) as a very simple proof of work scheme. For example, silk road's .onion starts with silkroad. Finding such an .onion address for a given private key requires brute force computation - according to the Shallot github, about 25 days. Therefore, generating an .onion with a recognizable string at the beginning makes generating a suitable address for spoofing that much harder. Of course, this is hardly a solution - big scary Tor-style adversaries certainly have more computing power than you - but it is something to consider.
Tor is not meant to guarantee that your messages are not being intercepted. It is simply not meant to protect against this. Use end-to-end encryption. (Does strongbox use encryption on top of tor? I am not sure).
> How can I be sure that all my traffic is not running through one government network (because all tor nodes still left are compromised)?
That is the more pertinent question, indeed. That's the correct question about Tor security, and would be what woudl cause Tor to fail at what it does intend to do. There are some written analyses of this risk.
> How can I be sure that I'm actually submitting my information to the New Yorker in this case as opposed to a government server posing as them?
Tor isn't necceasrily meant to guarantee that either, an SSL cert with a known/trusted fingerprint would be. But you're right the new yorker is not doing the right things here either.
I am less worried about the integrity of Tor, but I think you are right that the new yorker is not doing all the right things to maximize security/anonymity here. Security is hard. But among other things, they ought to be serving all strongbox related things (including the endpoint you access over Tor) over https, and publishing their SSL cert fingerprint in multiple places all over the net.
They'd get to see the information, but they wouldn't be able to action it without showing their hand.
doesn't need that hacky ssl stuff, it's end-to-end encrypted within the tor network. http://security.stackexchange.com/questions/11727/does-tor-h...
they could print the onion url in their newspaper even, if you don't trust your connection to the announcement. But yeah at sone point there is always some trust involved.
I've all but given up on quality journalism from most "newspapers," but long-form investigative articles from The New Yorker and Vanity Fair (yes, of all places!) always keep my faith in humanity. Less-lengthy but usually well-researched articles from Mother Jones and Harper's are also up there.
Other sources that sometimes do an awesome job but other days leave you scratching your head would be NPR, The Atlantic (less investigative journalism, but awesome write-ups), The New York Times (covering everything from tabloid trash to 20-page quality journalism spreads), and The Seattle Times (likewise, but less crappy and less awesome at both extremes).
However, the breadth seems to often come at the expense of depth -- on the occasional chances I get to discuss an article in the Economist with an actual expert in that field, it seems their analysis is often dismissed as superficial and they not-infrequently get basic facts wrong (their letters section often contains quite substantial corrections).
If you just news on the parts of the world that American media ignores, a combination of BBC News and AlJazeera English is a good option.
Vanity Fair had Christopher Hitchens as a contributing editor for a long time.
I'd say that alone gives them some journalistic credibility.
No, that's not what he claimed. He claimed they didn't use car bombs "on American or any other foreign soil," which doesn't negate the use of such bombs on Vietnamese soil.
I don't have strong feelings for or against Hitchens, by the way.
The repo contains this thorough Threat Model/theory guide:
In fact, there's a shoot-out and link to DeadDrop in the page's introduction. Not sure why you thought an FYI was necessary...
In the OP, "DeadDrop" is listed prominently but not as text...so when I came to the page, my first instinct was to do a Find for "deaddrop" to see if the repo was there, which comes up empty of course.
Without reading the Aaron Swartz post, I would've assumed "DeadDrop" was an existing service because of the brandlogo, and not a link to the open source repo.
Note: I'm not saying there's anything wrong with how it's done, I'm just pointing out my thought process: Anyone who comes to the OP without having read the Aaron Swartz post would not know of the open-source project underneath it (though it isn't a fork, so my mistake) and may not click through the "DeadDrop" logo. People who have read the Swartz post may be like me, wondering where the Github code is, as it is not linked to in the Swartz post.
Just trying to make the project more visible for those of us less skilled at sussing out HTML. No fault of the New Yorker's...both posts are aimed at different audiences (though the Swartz post should probably just include a link straight to DeadDrop for convenience's sake)
 because the original poster deleted their post, it said something like: that's pointless, because tor ensures that communication is secure [/edit]
| Tor is only meant for
The cozy relationship between the press and government rots away at the foundations of freedom and democracy. It is a moral duty of the press to expose corruption at all levels.
Notably, the NY Times (one of the few papers with the reach and scale to do meaningful investigation of US Government corruption) has written a variety of slander pieces about Julian Assange, strangely deciding to pick sides. The paper had the ability to act as a responsible intermediary between the leaked data and the public, but instead chose to flagrantly side with government power.
...This is a more subtle form of the same arrogant jingoism (and American flag pin wearing foolishness) of Fox News reporters.
* The New York Times
* The Blade (Toledo, OH)
* Willamette Week (Portland, OR)
* The Washington Post
* The Birmingham (AL) News
* The Chicago Tribune
* Philadelphia Daily News
* Sarasota Herald Tribune
* The Seattle Times
* The Associated Press
If that's not a diverse group of news organizations, I don't know what it.
That also doesn't include things like the Walter Reed Army Medical center scandal (http://en.wikipedia.org/wiki/Walter_Reed_Army_Medical_Center...), because it falls under the Public Service category: http://www.pulitzer.org/bycat/Public-Service.
Corporate, local, and state-level corruption are all small potatoes fare that is used (along with sensational stories with little actually news content) as a tool to help the orgs pretend to be doing real journalism.
Notably, the NY Times was complicit in the propaganda effort to overthrow Saddam Hussein.
Any investigative journalism that does not directly address what you believe to the most important topic (the legitimacy of the US government) is automatically not actual investigative journalism. Not only that, anything that does not address your favorite championed cause is automatically "small potatoes" that is in fact part of the conspiracy for journalists all over the country to fool everyone into believing real journalism is occurring.
Are you seriously leveling this claim?
In other news, all sci-fi TV shows are in fact not actual sci-fi TV shows because they aren't Firefly.
This has had a chilling effect on de-facto press freedom in DC. In the meantime we've seen utterly shocking things go largely unreported b/c topics are generally verboten and the press instead focuses on less consequential issues.
In comparison to the stuff that is not getting significant press, the smaller stuff is largely irrelevant to the lives of most Americans.
There are great reporters who write about everything from local sports to local corporate corruption, but the high quality of their work should not shield the major players from accountability for utterly failing in their major moral and professional duty.
That's kind of scary when we think about the reasons someone might be sending stuff to a newspaper, and the need that have to be anonymous. Secret would probably be good too. At least until the newspaper prints.
Newspapers are supposed to explain stuff to their audience. This article doesn't explain much. Like the saying goes, when I see how badly they do with stuff I know about I have to wonder about everything else too.
The media is controlled by two factions now:
Government through access (you don't get to come to white house if you piss us off or you wont get the interview)
Large corporations and the major characters behind them. (i.e. Fox news, Viacom, etc.
This is not the path to maintain an open society. We don't need thugs like less sophisticated media controlled countries , we control media in a much more elegant way. But the results are the same!
It's high time for journalism to upgrade their toolbox for gathering information and protecting their sources in the 21st century. However technically sound this effort by the New Yorker is, it is a step in the right direction.
Edit: looked it up myself: http://online.wsj.com/article/SB1000142412788732467720457818...
The most logical conclusion, given the information that you're providing, is that "Tor might not protect me because the authors accept US Government funding".
If so, it's important to call that out as the BS that it is. Either you are highly ignorant as to how Tor works, or you are being malicious for some other reason.
If I've missed something, please clarify.
They have been working on this for 2-3 years in the open and would appreciate bug reports & people to run the code. They also currently maintain Tor2Web, the first version of which was written by aaronsw
If the address was just "newyorker.onion", you'd still need to find some way of safely verifying the public key to make sure you're really talking to the New Yorker.
As long as you don't let the .bit address expire, you'll have a secure, easy to remember address people can use to access your hidden server.
If I'm not mistaken, it makes the site safe from Man In The Middle attacks.
> Location-hidden services use a virtual top level domain called .onion: thus hostnames take the form x.y.onion where x is the authorization cookie and y encodes the hash of the public key.
"In the United States, the federal government legally contends that no such protection exists for journalists."
There are well documented cases (and even a movie based on true events) of journalists having to go to prison because they wouldn't reveal sources.
e.g. Found this on Google searching "reporter source prison": http://www.theblaze.com/stories/2013/04/08/as-fox-news-repor...
For information that is best delivered anonymously, this sounds like one of many tools to get your message out there.
Why do you think Wikileaks was invented?
What does that even mean in a time when the US government can pressure reporters into giving them the information anyway, or simply spy on them (see AP spying case).
The New Yorker should make the traffic a little more secure by encrypting traffic (using https).
There have been past instances where similar weaknesses were exploited by sniffers:
But that's now what the New Yorker has set up. They're hosting a Tor hidden service, and in that case Tor is necessarily encrypting the traffic end-to-end.
Someone between you and that unsecured web page could've changed the .onion address and when you went there you would be visiting a Strongbox hosted by the NSA rather than one for The New Yorker.
As this website is being served as a hidden service, the traffic never exits the Tor network. There's no SSL in use for a MITM attack to remove, nor does there need to be.
It's the de facto standard, but, barring bugs, is it provably NSA-resistant?
Less pedantic response: Tor does use good strong crypto and has been examined by many experts, both practical and theoretical; I'd be surprised if the crypto, protocol design, or even the implementation is the weakest spot.
One weak spot it does have is traffic analysis. Any low-latency anonymity network has this problem: if someone can observe the traffic in and out of enough nodes on the network (even if they can't decrypt any of it) they can statistically correlate arrival times and figure out who is talking to whom pretty reliably. Even if you can't read the data, reading the envelopes is enough to plug leaks, find dissidents, etc.. (Consider the Associated Press phone records affair.) If the attacker can experiment by causing brief interruptions or delays on the circuits between nodes they can extract even more information. Google will find you many cites on this subject.
The Tor project tries to mitigate this but considers a full solution out-of-scope (for fairly good reasons, I think). There aren't many projects that really do try to address it --- the old cypherpunk Mixmaster network is the only one I know of offhand. And even there, the best you can do really is up the constant factors of the attack, or push the attack one level up into the greater network of human communication ("who knew X, at a time they could have communicated it to Y? Who knew Z, at such a time?").
I concur that, if anyone has been able to break Tor, they haven't made use of it in any public way. You can only really do that once.
Put another way: Suppose I want to know who is sending messages to the New Yorker's strongbox, but I don't have physical access to their isolated system. Can I figure it out? How many Tor nodes would I need to compromise to have a ~5% shot at discovering interesting information about the sender?
And yes, I know this supposes it is an obvious attack vector, and this is not really disastrous; they got blocked. I encourage you to read the Tor Project blog. They did, for example, an excellent writeup of how BEAST was not impacting them, and did a very detailed layman's article on how, even if their implementation did not pad TLS the way it did, would still not be exploitable with the BEAST exploit.
There are a lot of eyeballs, and all the usual cathedral and bazaar quotes will tell you I trust their implementations, despite its dubious origin with a Naval Postgraduate School thesis, than other systems that are not open source.