TOR Made for USG Open Source Spying Says Maker

Discussion in 'privacy technology' started by lotuseclat79, Mar 26, 2011.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I don't see anything sinister in his comments. Everyone knows Tor was first conceived for government use -- that's no secret. Even the EFF finds no issue with his comments.
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Not inaccurate.

    TOR is actively used for intelligence gathering by hackers, businesses, government, military, and intelligence organizations. Not to mention, what better way to find out what the "terrorists" are up to than spying on the internet activities that TOR users voluntarily provide! An intelligence agnecy's wet dream.

    If in doubt, just ask anyone who has greyhat experience internet marketing.
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I know you have a profit motive for bashing Tor, so it's really not even worth engaging you on this topic, but I'll bite.

    The Tor developers admit it's plausible a government could potentially deanonymize Tor users due to their ability to monitor large portions of the Internet (correlation attacks.) The truth is that NSA are going to be able to monitor you if they so desire regardless of Tor. (And this goes for ALL such networks, including Xerobank.) Thus it follows that if Tor's purpose was to be a honeypot, then the USG was foolish to spend money on it when it's really not going to give them any advantage in intelligence gathering that they didn't already have. A much more plausible explanation is that the government wanted a way to anonymize their own Internet communications against less powerful governments. And what is the most effective way to do that? Make Tor available to everyone on the Internet (the more traffic, the more anonymous one becomes.) And this is exactly what Michael Reed was saying in his e-mail that OP posted.

    One might ask: why didn't the USG simply create their own private VPN for such communications? The answer to that is such a VPN might not be plausible for all scenarios (think agents under deep cover in foreign lands). And such a VPN would not allow access to the Internet at large without being detectable; a private Intranet is no good when one needs access to the WWW or other public protocols.

    A better way is to simply hide your traffic within other anonymous traffic of thousands or millions of other people, and this is precisely what Tor does. We know USG entities use Tor because researchers have set up malicious exit nodes and sniffed government e-mail, etc. If Tor was meant to be merely a honeypot, why are such sensitive government communications being sent over it?
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Chrono, there's no need to bring money into this, I would be happy to just discuss the facts. (infact we're going to give xb access away for free; and release Safehouse, a free universal vpn client and privacy software suite, for free under GPL)

    I said it was "not inaccurate" simply because it was rather vague, which is why you think we're talking about global adversaries like the NSA, and we're not. We're talking about tor exit node monitoring, which can be done by anyone.

    Open source (OSINT) refers to an intelligence source, specifically the datastreams user create while surfing. This is because anyone can run a Tor exit node to read Tor user activity datastreams, as opposed to closed sources of intelligence where there is no publicly available access to the intelligence source. ;)

    Running tor nodes and monitoring the exit traffic is standard for even the most basic of OSINT operations. It astounds me that it took the Dan Egerstadt case to demonstrate monitoring. However, tor is a very rich intelligence playground for not only monitoring, but also interacting. Forget the NSA monitoring, the datastreams of a Tor user's activities are malware injected by spammers, clickstream analyzed by blackhat seo, and generally monitored by voyeuristic and business interests. Dan proved and others witnessed the untrustworthy behaviors of extemely open source intelligence.
     
    Last edited: Mar 26, 2011
  6. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    In my opinion, chronomatic is correct but SteveTX isn't wrong either. You're just talking about two different things. It's the difference between anonymity and privacy.

    Tor is an excellent anonymity tool, as long as you don't give out personally identifying information and don't mind having your traffic sniffed at the exit node. Whistle-blowers, porn downloaders, dissidents, etc. will all do well with Tor as long as they take care not to identify themselves.

    As to why embassies would send out confidential communications over Tor, I have no idea. I'm not sure you can force education down someone's throat. People do stupid things.

    I would never access my REAL e-mail account or my banking information through Tor. But Tor is perfect for telling someone off anonymously, without fear of retribution.
     
  7. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    The only sure way would be to use JanusVM, right?

    What if using https the whole session, there should be no problem?
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  9. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Ok, I got a little confused here.

    Scenario: I'm using Firefox and connecting to a malicious exit node to access my email over https. This exit node has set up its own DNS server and also a fake webmail site secured by an stolen but valid certificate.

    1) If I login, my account is compromised.

    2) If, however, I'm already logged in prior to use tor(and I make sure not to enter my user & pass in case it showed the login page), my account is not compromised.

    3) If I set network.proxy.socks_remote_dns to false and use a public dns then my account won't be compromised.


    Did I get it right?
     
  10. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    I just found this. So It's better NOT to access email or bank account etc through Tor, even if using https the whole time.
     
  11. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    TOR is good for anonymity (like posting political comments in a tyrant country) but not privacy. Never use TOR to login anything related to you personally. And most important, never get over-reacted by any comments on forums and blogs.

    Google's recording of home wireless data + free anonymous services like TOR and VPN in recent years .. I can extrapolate it's mega psyops surveillance operation. They want to know how "extreme" users can get when being so-called anonymous. They want to know what users feel and think so that they can influence them via internet and mobile communications.

    Revealed: US spy operation that manipulates social media
    Lots of people you interact with online are sockpuppets
    U.S. Military Program Creates Online Sock Puppets To Counter Enemy Propaganda

    They already done and still doing it - the recent revolts in Arab countries. Such terrible deception. Many people out there still have not realized it.
     
    Last edited: Mar 28, 2011
  12. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    And the solution is to use xb , but unfortunately xb never works properly for me and the webpages never load OR they load at snails pace. So then I would need to pay you money right to get faster internet access. Duh! Maybe you are making xb slow on purpose so people will pay for upgrading? :)
     
Loading...
Thread Status:
Not open for further replies.