[tor-talk] Should I warn against Tor?

Jens Lechtenboerger tortalk at informationelle-selbstbestimmung-im-internet.de
Sat Jul 6 10:46:17 UTC 2013


Dear reader,

I’m a Tor user.

My interest in anonymity awoke in response to the European
parliament passing the data retention directive in 2005.  I did (and
still do) not want my ISP to be able to spy on everything I do.
I maintain a German web site explaining how Internet communication
works, warning against data retention, and advertising anonymity via
Tor [1].  I thought that there is not much to lose when using Tor
(except for speed).

Now, I’m about to include a big warning concerning Tor.  Maybe I’m
driven by fear, uncertainty, and doubt.  But I doubt that.  I’d like
to see this e-mail as a consensus check ;)

I’m only talking about Tor users like me, living in a stable
democracy.  In my idealistic (or naive?) view, it’s nobody’s
business to collect data about me as long as I’m not a suspect of
crime.  If they do anyways, they violate my (perceived) rights,
privacy, and dignity.  I’m using Tor as tool to fight that
violation.  (My reasoning does not apply to people under oppressive
regimes who use Tor as protection from their own government when
they coordinate and communicate and whose physical freedom and
well-being are at risk.)

Of course, since Tor’s beginning the threat model has been excluding
global passive adversaries (which are able to observe both ends of
the torified communication) but I didn’t consider that a real issue.
However, now I do.

Today, the GCHQ (GB) is running Tempora to spy on all transatlantic
data, including three days of full storage for deeper analysis.  The
NSA (US) is doing all kinds of spying with PRISM, including rumors
of tapping directly into the German Internet eXchange DE-CIX [2].
The DGSE (French foreign intelligence agency) is spying massively on
the French (so much for *foreign* intelligence).  The BND (German
foreign intelligence) is allowed to monitor up to 20% of
border-crossing Internet traffic; supposedly, they are looking at 5%
right now and investing heavily to increase that number [3].

In 2007 Murdoch and Zieliński [4] developed traffic analysis
techniques based on sampled data for parties monitoring Internet
eXchanges (IXes).  Apparently, the parties mentioned above have
capabilities that go far beyond the paper’s sampling technique.
Thus, I’m assuming that global adversaries are spying on me.

As I said, initially I worried about my ISP under data retention and
considered Tor to be an excellent protection.  Of course, that’s
only part of the story as I’d like to restrict who is able to spy on
me as much as possible, whether my ISP, the ordinary criminal, or
our governments’s spies.  Frankly, I only started to think about the
last point after seeing the video “Enemies of the State” of last
year’s Chaos Communication Congress [5].  There, former NSA
officials complained that the NSA is beating US citizens’
constitutional rights into the dust.  However, the existence of
rights for Non-Americans was not acknowledged, and I wondered how my
expectations should look like given that I’m not protected by the US
constitution.

Now, Tor re-routes traffic on a world-wide basis.  I believe that
without special precautions (I’m going to write a separate e-mail on
that), my communication with the entry node as well as the exit’s
with the real communication partner will flow through big pipes and
IXes, which are worth the investment of spying facilities; of
course, terrorism needs to be fought …
Thus, Tor does not anonymize; instead, it turns all my network
traffic over to adversaries.  Hopefully, Tor makes the adversaries’
lives harder, and they need more compute power to spy on me.  Maybe
they find torified traffic more interesting and handle it with
higher priority.  In any case, I assume that torified traffic gets
analyzed.

In contrast, without Tor I’m *not* certain that all my traffic gets
analyzed.  Part of my traffic does not need to flow through big
pipes and IXes but stays in local, untapped regions of the Internet.

Thus, my warning could read as follows:
1. If you are using Tor, you should assume that all your network
traffic gets stored, analyzed, and de-anonymized by intelligence
agencies.
2. If you do not use Tor, you should be aware that your ISP could
spy on all of your network traffic, while part of it (that part
passing tapped IXes) gets stored and analyzed by intelligence
agencies.

Of course, there still is more fun in using Tor.

What’s your take on the current situation?  Should the Tor FAQ
include a similar warning?

Best wishes
Jens


CBP Crash Islamist Nazi Salmonella Mudslide Illegal immigrants
Blowpipe Narco banners Afghanistan ASPIC FARC illuminati InfoSec
Terror

Footnotes:
[1]  http://www.informationelle-selbstbestimmung-im-internet.de/
[2]  http://www.h-online.com/news/item/PRISM-scandal-internet-exchange-points-as-targets-for-surveillance-1909989.html
[3]  http://www.spiegel.de/politik/deutschland/internet-ueberwachung-bnd-will-100-millionen-investieren-a-905938.html
[4]  http://www.freehaven.net/anonbib/#murdoch-pet2007
[5]  https://media.ccc.de/browse/congress/2012/29c3-5338-en-enemies_of_the_state_h264.html


More information about the tor-talk mailing list