[tor-talk] Harvard student used Tor to send bomb threats, gets caught by old-fashioned policework
DeveloperChris
developerchris at rebel.com.au
Fri Dec 20 06:54:00 UTC 2013
On 20/12/2013 2:05 PM, David wrote:
> The way that we know that Tor is relatively safe is that it is open
> source and transparent. The government isn't monolithic. There are
> different branches of government that have different interests. It is in
> the interest of certain branches of US government to have a diverse,
> secure, and anonymous system so that their own people can use it without
> being known government operatives. Also, if there were any backdoors
> we'd probably know by now. The code is not secret, nor are the finances.
> The Tor Project is incredibly open and transparent about almost
> everything that happens.
>
> Furthermore, the NSA doesn't need to own half the relays to
> de-anonymize someone. If you're targeted, then Tor just buys you some
> time. Tor is extremely secure against drag-net surveillance, but
> targeted attacks from a government entity are a little more difficult to
> defend against.
>
> If you are worried that there aren't enough Tor relays then I'd
> encourage you to start one.
>
>
> Cheers,
>
> David
>
>
I'd agree with you except evidence points the other way. There is now plenty
of evidence to suggest that back doors are placed in products even if it
renders the end product less secure. In other words for these government
agencies, being able to spy is more important than being protected from spying.
Being open source does not guarantee safety. The nodes can operate well
within design and still give away a wealth of information, which is exactly
what a timing attack relies on. Even then we know that there are weaknesses
in open source random number generators put there very deliberately. The
open source community did not wake up to it for a long time, and more recent
surprises courtesy of Edward Snowden.
How many open source projects are exploited on a daily basis? the only
advantage open source has is, if it is popular enough (if you are lucky) and
the exploit is found out soon enough (if you are diligent) the a patch will
possibly be made quickly. But not always. I dont live under the illusion
that because its open source its somehow inherently safer. Quite often the
opposite is true.
I joined the TOR mailing list to discover more about TOR for the purpose of
creating hopefully many more TOR exit relays. On learning more and from the
experience of a friend when he tried to run an exit relay I realised this
was not a wise thing to do. Not at least unless you are experienced and
prepared for the probable consequences. As my plans involved many innocent
helpers I decided the risk was far too high.
I was advised on this mailing list perhaps to create bridges instead, but
that made my whole project of dubious worth so I canned it.
Chris
More information about the tor-talk
mailing list