[tor-talk] Should I warn against Tor?

Roger Dingledine arma at mit.edu
Sat Jul 6 11:23:24 UTC 2013

On Sat, Jul 06, 2013 at 12:46:17PM +0200, Jens Lechtenboerger wrote:
> 1. If you are using Tor, you should assume that all your network
> traffic gets stored, analyzed, and de-anonymized by intelligence
> agencies.

I don't want to tell you to stop worrying, but depending on how much
you think these intelligence agencies collaborate, I think the "and
de-anonymized" phrase might be overstated. For example, I would not be
surprised if French intelligence doesn't has enough of a reach on the
Internet to be able to break Tor easily -- simply because they haven't
made enough deals with enough backbone providers relative to the locations
of big Tor relays. Maybe they trade data with England and the US, but
then again maybe they don't (or don't trade all of it).

One of the unfortunate properties of the Internet is how it's much less
decentralized than we'd like (and than we used to think). But there are
still quite a few different places that you need to tap in order to have
a good chance of beating a Tor circuit. For background, you might like:
and there's a third paper in this chain of research which I'm hoping
the authors will make public soon -- stay tuned.

> 2. If you do not use Tor, you should be aware that your ISP could
> spy on all of your network traffic, while part of it (that part
> passing tapped IXes) gets stored and analyzed by intelligence
> agencies.

I think you're underestimating the problem here. You say "Part of my
traffic does not need to flow through big pipes and IXes but stays in
local, untapped regions of the Internet." I think for the typical web
user, basically _every single page they visit_ pulls in a component that
goes through these 'big pipes' you refer to.

In short, I think web users are in bad shape using Tor if their adversary
is "every intelligence agency combined", but they're in way way worse
shape when not using Tor.

While I'm at it -- you don't think Deutsche Telekom has a deal with
BND where they hand over all the internal German Internet traffic they
see? I hope the era where people say "My government is doing everything
that has been reported in the news so far, but surely they're not doing
anything else" is finally over, but I guess it will be a while yet.


More information about the tor-talk mailing list