[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

williamwinkle at openmailbox.org williamwinkle at openmailbox.org
Tue Jul 1 21:47:38 UTC 2014

On 2014-06-29 06:22, Roger Dingledine wrote:
> On Sat, Jun 28, 2014 at 09:38:05PM +0000, williamwinkle at openmailbox.org 
> wrote:
>> I don't understand what Schneier means by this:
>> "After identifying an individual Tor user on the internet, the NSA
>> uses its network of secret internet servers to redirect those users
>> to another set of secret internet servers, with the codename
>> FoxAcid, to infect the user's computer."
> Right. This is why Bruce's choice of phrase "identifying an individual
> Tor user" is a poor one. Probably the better phrase would be "seeing a
> flow on the Internet that they decide they'd like to attack".
> Jake and I talk about the issue more in our 30c3 talk:
> http://media.ccc.de/browse/congress/2013/30C3_-_5423_-_en_-_saal_1_-_201312272030_-_the_tor_network_-_jacob_-_arma.html
Thanks for the video link - most illuminating. I suggest that everyone 
watches it.

The Freedom Hosting issue was mentioned at 24 minutes in. AIUI, in the 
Freedom Hosting case, the host owner was arrested in Ireland which 
allowed the FBI to control the sites that he hosted as they had access 
to his computer. The FBI used an exploit that fed the IP of vistors to 
some or all of the FH sites back to the FBI. The exploit was based on a 
patched Firefox vulnerability and required the client to be using 
JavaScript. In other words - users that had updated the TBB or those 
that did not but did not use JS were uncompromised when they visited any 
of the FH sites.

In other words, the weak link (if there ever is one) is not Tor per se 
but the Firefox component of the TBB.

Is that correct?

More information about the tor-talk mailing list