[tor-talk] Harvard student used Tor to send bomb threats, gets caught by old-fashioned policework

DeveloperChris developerchris at rebel.com.au
Fri Dec 20 06:54:00 UTC 2013


On 20/12/2013 2:05 PM, David wrote:
>       The way that we know that Tor is relatively safe is that it is open
> source and transparent. The government isn't monolithic. There are
> different branches of government that have different interests. It is in
> the interest of certain branches of US government to have a diverse,
> secure, and anonymous system so that their own people can use it without
> being known government operatives. Also, if there were any backdoors
> we'd probably know by now. The code is not secret, nor are the finances.
> The Tor Project is incredibly open and transparent about almost
> everything that happens.
>
>       Furthermore, the NSA doesn't need to own half the relays to
> de-anonymize someone. If you're targeted, then Tor just buys you some
> time. Tor is extremely secure against drag-net surveillance, but
> targeted attacks from a government entity are a little more difficult to
> defend against.
>
>       If you are worried that there aren't enough Tor relays then I'd
> encourage you to start one.
>
>
> Cheers,
>
> David
>
>

I'd agree with you except evidence points the other way. There is now plenty 
of evidence to suggest that back doors are placed in products even if it 
renders the end product less secure. In other words for these government 
agencies, being able to spy is more important than being protected from spying.

Being open source does not guarantee safety. The nodes can operate well 
within design and still give away a wealth of information, which is exactly 
what a timing attack relies on. Even then we know that there are weaknesses 
in open source random number generators put there very deliberately. The 
open source community did not wake up to it for a long time, and more recent 
surprises courtesy of Edward Snowden.

How many open source projects are exploited on a daily basis? the only 
advantage open source has is, if it is popular enough (if you are lucky) and 
the exploit is found out soon enough (if you are diligent) the a patch will 
possibly be made quickly. But not always. I dont live under the illusion 
that because its open source its somehow inherently safer. Quite often the 
opposite is true.

I joined the TOR mailing list to discover more about TOR for the purpose of 
creating hopefully many more TOR exit relays. On learning more and from the 
experience of a friend when he tried to run an exit relay I realised this 
was not a wise thing to do. Not at least unless you are experienced and 
prepared for the probable consequences. As my plans involved many innocent 
helpers I decided the risk was far too high.

I was advised on this mailing list perhaps to create bridges instead, but 
that made my whole project of dubious worth so I canned it.

Chris


More information about the tor-talk mailing list