[tor-talk] FBI cracked Tor security

Joe Btfsplk joebtfsplk at gmx.com
Thu Jul 14 23:23:13 UTC 2016 

On 7/14/2016 2:34 PM, Jon Tullett wrote:
>> 2.  Aren't statements (from anyone) like, "... generally crack the servers
>> hosting the illicit material, not Tor itself," sort of a matter of
>> semantics?
> Depends on the context, I guess. To the user, maybe, but in the
> context of this (Tor) community, the distinction matters. Browser
> vulns and server exploits are common. Tor's crypto is not, AFAIK,
> known to be compromised.
Thanks Jon.  I agree w/ most that you said.  Again, semantics. Whether 
they cracked Tor or Tor Browser won't change if the brutal dictator has 
you shot in the front or back of the head. :)

Unless one is using Tor w/ their own internet browsing application, an 
exploited weakness in Tor Browser - modified Firefox - has the same 
effect on users.  They're a package deal.
If claiming, there are no known cases of authorities "cracking Tor" or 
using its weaknesses to deanonymize users, that may be correct, AFAWK.  
But, it's been shown time & again, "we" don't know very far regarding 
what  gov'ts & their agencies can / can't do, or have / haven't done.  
An unfortunate fact for citizens everywhere. "Absence of evidence is not 
evidence of absence," as to their capabilities.  If any government 
cracks Tor, it'll be of the highest security classification.  Most 
advanced governments aren't as bungling & clueless as many think they are.

True - if someone cracked Tor, this show is over - for a while.  To 
Prisoner Number Six, it makes no difference if the chink was in Tor 
proper, or in the browser.  It matters to Tor Project for ego & bragging 
rights & it matters regarding whether only a few unlucky freedom 
fighters got caught, or if Tor needs a complete overhaul.

>
> The issue of who should be responsible for alerting a user to possible
> risks is debatable. Tor's job, after all, is not to keep users secure;
> it's to keep them anonymous. I don't speak for the Tor project, but I
> expect the assumption is that users should take responsibility for
> their own security, just as they should take responsibility for
> antivirus, patching, and brushing their teeth :)
>
> -J
You're not really suggesting that users under hostile dictatorships or 
ones trying to expose democratic government unconstitutional actions,  
take full responsibility for the ongoing modifying, patching & constant 
reading about weaknesses of Tor Browser "for their own security?"
That Tor Project is saying Tor is relatively anonymous; as for Tor 
Browser, everyone's on their own.

If one is in the right (or wrong) situation, anonymity = security. Lack 
of anonymity may = jail or death.  Not for me & presumably not Tor 
developers, but for some users that Tor was designed for.

Six out.

More information about the tor-talk mailing list