Yes, surely TOR will protect us from government surveillance…
I don’t get the sarcasm. Everything that you’ve posted suggests that it will.
Simply pointing out public funding doesn’t make it less secure. It’s implying (or allowing others to imply) some hidden conspiracy that breaks TOR in some way that we don’t know about. If this is a source of vulnerability, it has not been demonstrated.
Based on what we do know:
“We will never be able to de-anonymize all Tor users all the time”, but “with manual analysis we can de-anonymize a very small fraction of Tor users”.
when used in conjunction with other privacy tools such as OTR, Cspace, ZRTP, RedPhone, Tails, and TrueCrypt was ranked as “catastrophic,” leading to a “near-total loss/lack of insight to target communications, presence…”
TOR is open source and the protocol is well understood. The software has been audited multiple times by multiple different sources.
The TOR network itself is secure.
The people who get ‘caught using TOR’ are caught based on other failures of their personal security. Like forgetting to enable TOR once and logging into an IRC channel, connecting to a malicious site with a javascript enabled browser, running TOR on an exploitable phone or running a business who’s payments travel through financial networks viewable by the adversary.
There’s more to cybersecurity than simply installing the TOR browser bundle. If you are not familiar with this field, do not risk your freedom or safety trying to do things on TOR which would cause you to come to the attention of intelligence services or other bad people.
Tor is not as secure as people think, all you have to do is to be able to analyse traffic on both entry and exit nodes, (or just your ISP and the server). Some companies can do this as they provide services to ISPs and have access to realtime traffic analysis from all over the world.
If a private company can do that, so can any government that can coerce or bribe those companies.
There was an article I read some years ago about a guy who was getting ddosed on his tor hidden service and he contacted someone who manages those companies and they found his hidden service’s IP in seconds.
We will never be able to de-anonymize all Tor users
No, but the implication is that they may be able to do a lot of it, and we can never know.
What came just a few pages later in the presentation you referenced is “Goal: expand number of nodes we have access to”.
That has been their goal for practically decades at this point.
Is it really some conspiracy-nut level stretch to think they might be operating thousands of nodes today and have much deeper penetration than we think?
I don’t get the sarcasm. Everything that you’ve posted suggests that it will.
Simply pointing out public funding doesn’t make it less secure. It’s implying (or allowing others to imply) some hidden conspiracy that breaks TOR in some way that we don’t know about. If this is a source of vulnerability, it has not been demonstrated.
Based on what we do know:
TOR is open source and the protocol is well understood. The software has been audited multiple times by multiple different sources.
The TOR network itself is secure.
The people who get ‘caught using TOR’ are caught based on other failures of their personal security. Like forgetting to enable TOR once and logging into an IRC channel, connecting to a malicious site with a javascript enabled browser, running TOR on an exploitable phone or running a business who’s payments travel through financial networks viewable by the adversary.
There’s more to cybersecurity than simply installing the TOR browser bundle. If you are not familiar with this field, do not risk your freedom or safety trying to do things on TOR which would cause you to come to the attention of intelligence services or other bad people.
Tor is not as secure as people think, all you have to do is to be able to analyse traffic on both entry and exit nodes, (or just your ISP and the server). Some companies can do this as they provide services to ISPs and have access to realtime traffic analysis from all over the world.
If a private company can do that, so can any government that can coerce or bribe those companies.
There was an article I read some years ago about a guy who was getting ddosed on his tor hidden service and he contacted someone who manages those companies and they found his hidden service’s IP in seconds.
No, but the implication is that they may be able to do a lot of it, and we can never know.
What came just a few pages later in the presentation you referenced is “Goal: expand number of nodes we have access to”.
That has been their goal for practically decades at this point.
Is it really some conspiracy-nut level stretch to think they might be operating thousands of nodes today and have much deeper penetration than we think?