I'm not going to fact check the article or look to see how much, if any has been taken out of context. I will say this. Those questions are legitimate, and if those responses are true, then I have to question the integrity of the developers as well. I've been asking very similar questions for some time but have yet to see acceptable answers. Where your money comes from does matter here. By all appearances, this is a complete conflict of interest. It is not for you to choose what is and isn't suitable subject matter for discussion. If the Tor developers can't discuss this openly and in a civilized manner, then I need to reevaluate my support of Tor, including the exit node. I'm finding more and more of their decisions very questionable.
Those are some good points. What I am always hearing is "TALK" about how TOR is compromised. I would like to read a paper or two with actual technical stuff demonstrating the supposed reality of compromise. I am not talking about some lab experiment but a real world it happened scenario with the technical step by step. I know of operator error stuff like Silk Road but that isn't TOR's issue. An evil node isn't really what we are talking about either. Something systemic to study a paper on.
It never hurts to question anything. Again though, many things computer related have some relationships to big corporations and governments, even Linux and OpenBSD. If someone was a very black and white minded person, then they'd be pretty hard pressed to find something that isn't- almost to the point of going back to using stone age tools. I agree though, more people should be more aware these things aren't the old underdog, ragtag bunch of freedom seeking rebels up against a huge intimidating empire. To even fund most open source, transparent technologies you need a ton of resources to do so, and it all requires money. Now, ask who in this world would have enough money to fund projects at the scale we're discussing? Governments and corporations. Why would they accept funding from such entities? Because they'd probably sink if they didn't. Why would government and corporations fund this things to begin with? Because they benefit in the same way we all do. As far as the drama and "smearing", it honestly just looks to be another, Twitter grade, argument back and forth that's typical online. Exactly.
Tor grew out of a US military project on onion routing, aiming for unattributable and untraceable communication. The revolutionary insight (which I associate primarily with Paul Syverson) was the necessity of going open-source, and sharing the technology with adversaries. Even more, the design depends on collaborating with ones adversaries. One can't blend into a crowd, unless there's a crowd to blend into. And the crowd must include adversaries, and not just allies, in order to be worth much. Just sayin'
@mirimir I understand that. By the same token, the Tor developers need to understand the apparent conflict of interest and address it in an open and civilized manner. The rhetoric that's quoted is what I'd expect from NSA puppets, not from them. If those quoted responses are accurate, they're destroying the trust that they need to build. Partnering with Mozilla isn't doing much for my trust either, not with the course they've been taking, making their browser more like adware/spyware with each release.
Most of Levine's article is about hurt feelings, and the rest is about the Tor Project's well-known connections -- from origin to current funding -- with the US and other governments. However, all Tor software is open-source, and we can bet that there are many eyes on it, from TLA folk who depend on it to academics looking for tenure and hackers looking for cred. Levine may be correct in opining that most Tor users are ignorant about all that. But going from the Tor Project's well-known government connections to an argument that Tor is a honeypot is pure, unsupported speculation.
If you take the time to research these people & companies, & who's behind them & involved etc with them, & what their REAL modus operandi is/are, listed in http://pando.com/2014/11/14/tor-smear you might wonder why they support Tor ! I was already aware of all of them. Disturbing, to say the least !
Is Tor project compromised as reported earlier in Pando.com? Will this kilk off the Tor project? Former TOR head now working for intelligence contractor that protects companies against TOR Jacob Appelbaum expelled from WikiLeaks organization after OPM hack reveals Tor is funded by US Navy IBM Tells Companies To Block Tor Anonymisation Network "Companies have "little choice" but to block Tor-based communications, IBM said [in its "Threat Intelligence" report for the third quarter of this year]. "The networks contain significant amounts of illegal and malicious activity. Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions." The company offered technical pointers on blocking Tor access, including altering computer boot configurations and limiting the use of proxy services."
Wow, a little of the revolving door thing there with Lewman But he's just a suit, no? "Tor funded by US Navy!" is not news! Seriously And I don't begrudge Appelbaum good pay for good work. Also, the IBM thing is more nuanced than that. Some firms use Tor. But letting staff randomly tunnel out through perimeter firewalls using VPNs and/or Tor is a major security risk! Just as BYOD is. It's not a value judgment.
There were multiple methods of spying on typewriters developed during Cold War era. So this is not a holy grail solution.
Most core technological advancements have benefited from government research and support. We now know that the government is willing to exploit vulnerabilities that it has discovered in the underlying system (hardware and software) as opposed to attempting to break through encryption. The goal has been to work smarter, not harder for the NSA. This does not mean that we should abandon these tools, but it does stress an important vulnerability, in that we can not trust the underlying hardware and software systems on which these tools operate. Besides, are you honestly more more secure installing some other solution onto your system, if a state-sponsored group is targeting you? I think not, because the hardware and operating system still represent a large attack surface that as individuals we have little power to change. We should still continue to develop these resources to improve their security and privacy for usage in protecting the majority that are not specifically being targeted to stay safe online. As for me, true privacy only exists in the mind. Trust systems are fundamentally broken and decentralized networks are not immune to attack. They may be more resilient in the sense that we are putting all our eggs in once basket. But you still have no way of guaranteeing that the recipient is in fact who you think they are and everyone cracks under pressure eventually. Hell, you can't even commit a crime like hit-and-run anymore without dozens of citizens with smartphones reporting and documenting the crime. Like I said, the goal is to work smarter, not harder. We need to do the same when developing and implementing solutions.
If the Snowden report that "Tor stinks" is right, and not a plant, you would expect the TLAs to spread FUD about Tor, and do whatever they can to inhibit its adoption by a large number of people (because that intrinsically makes it harder for compromises to work). And that is what's happened, so it's possible these reports are part of that programme (also possible that the project has been compromised, you'd expect that to be attempted as well). I see the funding issue as being fundamental to a whole range of open source security software, to maintain its independence, integrity and viability. Apart from Tor, we've recently had the grsececurity debacle, and also openssl funding problems. The only long-term solution I can see is to offer companies partial immunity or restriction of liability IF they have a security audit performed and have a maintenance contract on all software and information security policies. But governments have been doing the opposite, because they want to continue reading the mail.
That was a nice read. The fact the TOR sites can now get and use "certificates" is awesome and will help security. Proper implementation will leave many "evil exit" nodes in the dark now once its in place. Will come down to onion sites willing to employ cert's and can they be anonymous for those running hidden? Not fully discussed but I like where this is headed. Biggest plus is legitimacy to the dark web, dispelling that it is only criminals that are on it. [thumbsup from here]
Well, Wilders uses a self-generated certificate. There's no reason that onion sites can't do that. And there's nothing that precludes pseudonymity, at least. Anonymity arguably isn't possible for those running websites.
Tor is about security not privacy. Amazing how people want to confuse those two. Also since the Tor network was developed by the U.S. Navy, of course they are going to use it along with the rest of the U.S. military, NSA, CIA, you name it.