[tor-project] Help brainstorm Tor myths

Roger Dingledine arma at mit.edu
Fri Jul 7 00:42:59 UTC 2017 

As part of my upcoming Defcon talk on onion services:
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Dingledine
I'm thinking of including a section on Tor mythbusting. That is, there
are all sorts of Tor misunderstandings and misconceptions floating around,
and it seems smart to try to get them organized into one place as a start
to resolving them. (Later steps for resolving them should include better
and more consistent communication, and actually changing things so Tor
is safer/stronger/better. One step at a time.)

Below is an initial list to get us started, along with overly brief
summaries of the reality underlying the myth. Please contribute more
entries!

To contribute best, please frame your entry from the perspective of a
helpful and concerned Tor user or advocate, rather than as a crackpot
conspiracy theorist. (Fun as it might be, I have little interest
in socket-puppet trolling myself on stage, so phrasing myths in a
constructive manner is the best way to move forward.)

And also, don't get too hung up on the quick rebuttal text I've written:
the goal here is to brainstorm the myths, not to write the perfect answer
to each of them. That can come later.

- "I heard the Navy wrote Tor originally (so how can we trust it)."

  (They didn't. I wrote it.)

- "I heard the NSA runs half the exit relays."

  (Hard to disprove, but it doesn't make any sense for them to run
   exits. But that shouldn't make you relax, since they already surveil
   a lot of the internet, including some of the existing exit relays,
   so they don't *need* to run their own. Also, the Snowden documents
   give us some good hints that say no. Btw, use SSL.)

- "I heard Tor is slow."

  (You're right, it's not blazing fast. But it's a lot faster than it
   was in earlier years. Tor's speed has most to do with how much load
   there is on the network, not on latency between the relays as many
   people believe. We need more relays.)

- "I heard Tor gets most of its money from the US government."

  (Alas, this one is true. We have three categories of funding: basic
   research like from NSF, R&D like from the Open Technology Fund, and
   deployment and training like from the State Dept. See the financial
   documents that we publish for details. Alternatives would sure
   be swell.)

- "I heard 80% of Tor is bad people."

  (There have been a bunch of confusing studies about Tor users and
   usage, and the numbers vary wildly based on what you're measuring and
   how you classify bad. But for the above stat, you probably heard it
   from a US DoJ attorney who misunderstood a journalist's article about
   one of these studies. Or who knows, maybe she maliciously twisted
   the results. See also the ongoing research work on measuring the
   "dark web".)

- "I heard Tor is broken."

  (Man, this phrase represents a fundamental misunderstanding of
   computer security. All the academics go after Tor -- and it's great
   that they do -- because we're the best thing out there, plus we provide
   good documentation and help them in analyzing the attacks. You don't
   hear about breaks in centralized proxy companies because there's
   nothing interesting about showing flaws in them. Also, security
   designs adapt and improve, and that's how the field works. I'll try
   to keep my rant on this one short so it doesn't take over.)

Thanks!
--Roger

More information about the tor-project mailing list