Stop aiding and abetting TLA's - BOYCOT TOR !

Discussion in 'privacy technology' started by Enigm, Jul 18, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm not going to fact check the article or look to see how much, if any has been taken out of context. I will say this. Those questions are legitimate, and if those responses are true, then I have to question the integrity of the developers as well.
    I've been asking very similar questions for some time but have yet to see acceptable answers. Where your money comes from does matter here. By all appearances, this is a complete conflict of interest. It is not for you to choose what is and isn't suitable subject matter for discussion. If the Tor developers can't discuss this openly and in a civilized manner, then I need to reevaluate my support of Tor, including the exit node. I'm finding more and more of their decisions very questionable.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    Those are some good points. What I am always hearing is "TALK" about how TOR is compromised. I would like to read a paper or two with actual technical stuff demonstrating the supposed reality of compromise. I am not talking about some lab experiment but a real world it happened scenario with the technical step by step. I know of operator error stuff like Silk Road but that isn't TOR's issue. An evil node isn't really what we are talking about either. Something systemic to study a paper on.
     
  4. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    It never hurts to question anything. Again though, many things computer related have some relationships to big corporations and governments, even Linux and OpenBSD. If someone was a very black and white minded person, then they'd be pretty hard pressed to find something that isn't- almost to the point of going back to using stone age tools.

    I agree though, more people should be more aware these things aren't the old underdog, ragtag bunch of freedom seeking rebels up against a huge intimidating empire. To even fund most open source, transparent technologies you need a ton of resources to do so, and it all requires money. Now, ask who in this world would have enough money to fund projects at the scale we're discussing? Governments and corporations. Why would they accept funding from such entities? Because they'd probably sink if they didn't. Why would government and corporations fund this things to begin with? Because they benefit in the same way we all do.

    As far as the drama and "smearing", it honestly just looks to be another, Twitter grade, argument back and forth that's typical online.

    Exactly.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Tor grew out of a US military project on onion routing, aiming for unattributable and untraceable communication. The revolutionary insight (which I associate primarily with Paul Syverson) was the necessity of going open-source, and sharing the technology with adversaries. Even more, the design depends on collaborating with ones adversaries. One can't blend into a crowd, unless there's a crowd to blend into. And the crowd must include adversaries, and not just allies, in order to be worth much.

    Just sayin' :)
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    @mirimir
    I understand that. By the same token, the Tor developers need to understand the apparent conflict of interest and address it in an open and civilized manner. The rhetoric that's quoted is what I'd expect from NSA puppets, not from them. If those quoted responses are accurate, they're destroying the trust that they need to build. Partnering with Mozilla isn't doing much for my trust either, not with the course they've been taking, making their browser more like adware/spyware with each release.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Most of Levine's article is about hurt feelings, and the rest is about the Tor Project's well-known connections -- from origin to current funding -- with the US and other governments. However, all Tor software is open-source, and we can bet that there are many eyes on it, from TLA folk who depend on it to academics looking for tenure and hackers looking for cred. Levine may be correct in opining that most Tor users are ignorant about all that. But going from the Tor Project's well-known government connections to an argument that Tor is a honeypot is pure, unsupported speculation.
     
    Last edited: Nov 21, 2014
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    If you take the time to research these people & companies, & who's behind them & involved etc with them, & what their REAL modus operandi is/are, listed in http://pando.com/2014/11/14/tor-smear you might wonder why they support Tor ! I was already aware of all of them.

    Disturbing, to say the least !
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    But the point is that all sorts of mutual enemies support Tor. That's a key aspect of its design.
     
  10. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    Is Tor project compromised as reported earlier in Pando.com? Will this kilk off the Tor project?

    Former TOR head now working for intelligence contractor that protects companies against TOR
    Jacob Appelbaum expelled from WikiLeaks organization after OPM hack reveals Tor is funded by US Navy
    IBM Tells Companies To Block Tor Anonymisation Network
    "Companies have "little choice" but to block Tor-based communications, IBM said [in its "Threat Intelligence" report for the third quarter of this year]. "The networks contain significant amounts of illegal and malicious activity. Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions." The company offered technical pointers on blocking Tor access, including altering computer boot configurations and limiting the use of proxy services."
     
    Last edited by a moderator: Sep 10, 2015
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Wow, a little of the revolving door thing there with Lewman :eek: But he's just a suit, no?

    "Tor funded by US Navy!" is not news! Seriously :)

    And I don't begrudge Appelbaum good pay for good work.

    Also, the IBM thing is more nuanced than that. Some firms use Tor. But letting staff randomly tunnel out through perimeter firewalls using VPNs and/or Tor is a major security risk! Just as BYOD is. It's not a value judgment.
     
  12. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
  13. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    Most core technological advancements have benefited from government research and support. We now know that the government is willing to exploit vulnerabilities that it has discovered in the underlying system (hardware and software) as opposed to attempting to break through encryption. The goal has been to work smarter, not harder for the NSA. This does not mean that we should abandon these tools, but it does stress an important vulnerability, in that we can not trust the underlying hardware and software systems on which these tools operate. Besides, are you honestly more more secure installing some other solution onto your system, if a state-sponsored group is targeting you? I think not, because the hardware and operating system still represent a large attack surface that as individuals we have little power to change. We should still continue to develop these resources to improve their security and privacy for usage in protecting the majority that are not specifically being targeted to stay safe online. As for me, true privacy only exists in the mind. Trust systems are fundamentally broken and decentralized networks are not immune to attack. They may be more resilient in the sense that we are putting all our eggs in once basket. But you still have no way of guaranteeing that the recipient is in fact who you think they are and everyone cracks under pressure eventually. Hell, you can't even commit a crime like hit-and-run anymore without dozens of citizens with smartphones reporting and documenting the crime. Like I said, the goal is to work smarter, not harder. We need to do the same when developing and implementing solutions.
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
    http://motherboard.vice.com/read/internet-regulators-just-legitimized-the-dark-web
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    If the Snowden report that "Tor stinks" is right, and not a plant, you would expect the TLAs to spread FUD about Tor, and do whatever they can to inhibit its adoption by a large number of people (because that intrinsically makes it harder for compromises to work). And that is what's happened, so it's possible these reports are part of that programme (also possible that the project has been compromised, you'd expect that to be attempted as well).
    I see the funding issue as being fundamental to a whole range of open source security software, to maintain its independence, integrity and viability. Apart from Tor, we've recently had the grsececurity debacle, and also openssl funding problems. The only long-term solution I can see is to offer companies partial immunity or restriction of liability IF they have a security audit performed and have a maintenance contract on all software and information security policies. But governments have been doing the opposite, because they want to continue reading the mail.
     
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    That was a nice read. The fact the TOR sites can now get and use "certificates" is awesome and will help security. Proper implementation will leave many "evil exit" nodes in the dark now once its in place. Will come down to onion sites willing to employ cert's and can they be anonymous for those running hidden? Not fully discussed but I like where this is headed.

    Biggest plus is legitimacy to the dark web, dispelling that it is only criminals that are on it. [thumbsup from here]
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, Wilders uses a self-generated certificate. There's no reason that onion sites can't do that. And there's nothing that precludes pseudonymity, at least. Anonymity arguably isn't possible for those running websites.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Tor is about security not privacy. Amazing how people want to confuse those two. Also since the Tor network was developed by the U.S. Navy, of course they are going to use it along with the rest of the U.S. military, NSA, CIA, you name it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.