From the document header: "The Tor Project, a private non-profit that underpins the dark web and enjoys cult status among privacy activists, is almost 100% funded by the US government. In the process of writing my book Surveillance Valley, I was able to obtain via FOIA roughly 2,500 pages of correspondence — including strategy and contracts and budgets and status updates — between the Tor Project and its main funder, a CIA spinoff now known as the Broadcasting Board of Governors (BBG). These files show incredible cooperation between Tor and the regime change wing of the US government. The files are released to the public here. —Yasha Levine"
The BBG isn't a CIA spin-off either, it was created after the broadcasting functions (Voice of America, Radio Free Europe, etc) were split off from the US Information Agency, which was a public and non-secret agency overtly created to advance US interests. At no point were either the BBG or the USIA secret or their intentions unknown.
If the author of this piece has to rely on imaginary bogeymen like this, I don't have much faith in the rest of their work.
Yes, a sizeable portion comes from the US government, and from the NSF, from the Open Technology Fund (OTF) ..et cetera and over the years the number of donations that they receive has been increasing, especially with the campaign last year where Mozilla matched donations: https://blog.torproject.org/powering-digital-resistance-help... (they reached 400k$ with Mozilla grants IRC)
The way it works is that there's a set of deliverables or goals that must be fulfilled and that get a funding from Sponsor X. And there's a wiki page with all the Sponsors and the set of deliverables
> Joint project with Georgetown and NRL focusing on research about resilience to attacks that reduce anonymity or that deny service.
> The grant also includes a "transition to practice" component, which means we should not only help with the research side, but also build and deploy the more promising solutions.
> Deliverables
> + Produce research papers
> + Release software (e.g. Tor) that includes fixes based on the research papers
> + Work with Micah Sherr and Rob Jansen
THIS IS ALL PUBLICLY AVAILABLE.
WHAT THE HELL IS SPOOKY ABOUT THIS? DO YOU KNOW OF AN OPEN SOURCE ORGANIZATION THAT IS AS TRANSPARENT AS THE TOR PROJECT?
To Mr. Yasha Levine: Please point to a single alternative that offers the same low-latency anonymity as Tor if you're serious.
Simple, there aren't any. Never, EVER, assume anonymity on the internet. Also I'll add the fact that if you even so much as download Tor, you have made it on a watch list; also exit nodes are a massive vulnerability. With those two things plus government involvement, it is unwise to assume Tor is anything but a honeypot. You want anonymity? Keep a low profile and try to hide in plain sight, maybe check out some add-ons recommended on privacytools.io
> Simple, there aren't any. Never, EVER, assume anonymity on the internet.
Please read my question again: "Please point to a single alternative that offers the same low-latency anonymity as Tor if you're serious."
> You want anonymity? Keep a low profile and try to hide in plain sight,
Your IP will be linked to all of your traffic, nice solution!
> maybe check out some add-ons recommended on privacytools.io
No amount of addons there will protect you against traffic analysis.
Heh... FWIW privacytools.io recommends the Tor Browser, OnionShare, Tails, Qubes+Whonix ... from the Tor ecosystem, maybe you may want to check out those since you're so interested in their recommendations :)
Nobody else has millions of dollars in US military/intelligence cash to build and advertise their alternatives ... so the lack of non MI funded alternatives proves nothing.
If everyone thought like that we wouldn't even have HTTPS because "why would you want to hide your internet traffic?!"
"Hiding in plain sight" doesn't work. At all. The NSA has automatic systems that classify everything you do online and then it issues alerts if enough "signals" are gathered. That also means that the more stuff you do in "plain sight" the better it will know what you're doing, as the data will have very high accuracy rates.
That Tor is funded by the US gov is well known, yes, but a close look at that is warranted. I have neither the time nor knowledge to judge the details for now, but claims like "passing on security reports to government contacts" (https://surveillancevalley.com/blog/claim-tor-does-not-provi...) at least look bad if the the claim is that Tor merely profits from the relationship to build the best tool possible, even if the author presents it a bit over-sensational. Let's wait what they'll extract from the documents and judge that instead of immediately claiming it as FUD.
> Let's wait what they'll extract from the documents and judge that instead of immediately claiming it as FUD.
It's FUD, let me explain: before the coming of pluggable transports it was easy to distinguish Tor traffic from TLS, which made blocking by censors (like China and Iran) easy since they didn't need to find all bridges addresses but could instead fingerprint Tor traffic to block it.
As you can see from the documents Dr. Steven Murdoch outlined a roadmap for working on that, since that item ("TLS Normalization") was one of the deliverables for the sponsor
> One of the Oct 1 deliverables is a roadmap for TLS normalization. I have a draft of this for your preusal
Where's the problem in this? Mr. Yasha interprets this as meaning "They reported to the spooky agents security vulnerability!" when the fact that Tor traffic doesn't look like TLS was a known problem to everyone that had the slightest knowledge on how Tor works. Now can anyone explain how this isn't deliberate FUD spreading and an insult to the very people who were working on making Tor more censorship resistant, i.e. Dr. Steven Murdoch and Dr. Roger Dingledine? (FWIW I talked to Roger on irc once and he was very offended by the smears that were spread by Pando like this one)
After looking at the timeline in more detail you are right, they frame this completely misleading. Some of the comments then seem odd, but the meat of the argument just doesn't make any sense.
If you're referring to the "Currently this document is private, but eventually some or all of it should be public." comment, then there's really nothing suspicious about it, he doesn't want to publicly release the roadmap until later on.
It's also publicly available information that tor doesn't even attempt to protect against deanonymization (e.g. timing) attacks from nation-state adversaries that control entry and exit nodes. It's not exactly well advertised though.
It's not like it would be impossible to put in protections either - it could be done at the expense of latency and bandwidth.
The idea that it is being run as a honeypot is not exactly far fetched given the security model and funding sources.
The problem seems well-advertised to me. From the Tor FAQ (https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRo...): "it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model."
The effectiveness of further padding protections aren't clear unless you go to full padding, which is very expensive (probably impossible for mobile clients, for example). Tor is successful, in my opinion, because it understands that reducing performance reduces users and thus actually harms anonymity.
Yeah I don't really see how this is surprising to anyone. Tor was created at the NRL [0] and they're pretty proud of it (you see things like this hanging on walls/doors [1]). Successful projects will always continue to receive funding.
"Computer scientist Roger Dingledine developed Tor under a contract with the U.S. Naval Research Lab; today, the software is distributed by the Tor Project, under the fiscal sponsorship of the Electronic Frontier Foundation."
I can't find a source right now, but that refers to his work with Nick and Paul in that famous paper, and as far as I can remember he did code it himself in its first version (whether that was included in the NRL contract is something else).
From your post: "These sort of things happen a lot, and they will continue to happen a lot. Like plane crashes, we can study and learn from them each time to make them less likely to happen in the future. Tor continues to improve, and to make these attacks harder, more expensive, or impossible to pull off."
> The Harvard kid who was the only Tor user on Harvard’s network at the time that he sent his bomb threat.
> The Freedom Hosting and Silk Road hacks (problems with the web apps that were hosted as Tor hidden services, not with Tor itself).
> Exit node sniffing (an issue with people using plaintext protocols on the internet; people are just as vulnerable when using airport wifi, though perhaps they’re less likely to have an attacker on their network than to be using a malicious exit node).
As you can see those are problems that Tor can't solve. Micah wasn't talking about some inherent flaws in Tor's design.
> If your threat model includes state actors, then Tor's current shortcomings are non-trivial and should be treated as such.
Doesn't change the fact that Tor is the best low-latency anonymity system currently and using it is better than not.
Here is what Tor claims to solve on its download page [0]:
"The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked."
That statement is not exactly true in the case of that Harvard kid. A sysadmin and their logs is still "watching", and in this case eventually found out which site through news channels ;).
That's not to say that I think Tor isn't great nor that it shouldn't be used. My complaint is that it gets represented to general non-technical crowds as solving more problems than it actually does.
> That statement is not exactly true in the case of that Harvard kid. A sysadmin and their logs is still "watching", and in this case eventually found out which site through news channels ;).
> That's not to say that I think Tor isn't great nor that it shouldn't be used. My complaint is that it gets represented to general non-technical crowds as solving more problems than it actually does.
Well they do provide warnings https://www.torproject.org/download/download.html.en#warning among them is the one which is related to the Harvard teen "Use bridges and/or find company: Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too! "
> It almost looks like governments have two conflicting interests. Keep things secure and break the security.
That's because governments aren't a monolith, the projects and interests of the NSF or the OTF do not necessarily overlap with those of the NSA or CIA.
Even zzz himself (the current lead developer of I2P) says that Tor is the way to go for browsing the clearnet
> zzz: First of all I want to say that I have a tremendous amount of respect for Tor, Roger Dingledine and the other Tor developers, and what they have accomplished. I2P and Tor started at about the same time and have a lot of similarities.
> Tor has benefitted greatly from funding, academic analysis, and a large user base. We are exchanging ideas with Tor and I expect that both projects will benefit from that as well.
> The fundamental difference is that Tor is designed for "exit traffic" to the regular internet. I2P is designed for in-network traffic - what Tor calls "hidden services". Tor has 1000 "exit nodes". I2P has only one. Exiting from an anonymous network to the regular internet has serious potential vulnerabilities.
> As Roger Dingledine said in his talk at 25C3 (Dec. 29 2008), "Tor does not magically encrypt the internet". Neither does I2P. Accessing standard services through exit nodes can be done safely, but it takes great care. Snooping or worse by exit nodes, and blocking of exit nodes is problematic. That said, if your primary goal is anonymous access to the regular internet, Tor is the better solution.
I2P is great for torrenting and other such uses, there's no doubt about that.
Oooooh the government of the most benevolent and freedom-loving country in the world is funding a tool to speak anonymously on the Internet! Such a plot twist! And they're not even keeping it secret! How scandalous...
I think the surprising angle is more like "agency that among other things specializes in monitoring people online sponsors program to make it easier for people to avoid being monitored online". It's the regime change wing of the CIA doing the sponsoring, so in the end it does make sense, but I can see why this would be surprising to many.
Does the CIA do any monitoring of people online? I guess given that it's a huge agency they probably do some because of mission creep, but I thought the idea was that the NSA is supposed to be in charge of it.
Oh absolutely they do. NSA specializes in mass surveillance and cryptography (both design thereof for national security and breaking thereof to spy on others - they probably have way more cryptographers and mathematicians than any other agency). But even then all the other intelligence agencies will do a lot of online spying, hacking, and following of people of their own, in alignment with their respective missions - that's just the world we live in now, where there's no way to run an intelligence agency and not have a massive online surveillance apparatus. FBI will do it nationally for federal investigations, CIA will do it 'on foreign soil' (although this is extended to nationally as well whenever there's a counterintelligence justification) and they'll do it both to screen for and keep tabs on potential threats (e.g. terrorists) and for knowing their plans, and maybe know where they will be at a given time for e.g. drone strikes, rendition or special forces ops. The regime change wing of the CIA will undoubtedly also be monitoring any regime they want to overthrow and supplying insurgents with intel to help them, warn them if they are hunted. On top of this there's the different army ones under the Defense umbrella that will do similar things as the CIA but under a 'cyberwarfare' moniker and in coordination with their respective troops. And finally there's agencies with State, Justice and Energy that will indubitably also have their fair share of hackers - the full list of agencies is pretty long: https://en.wikipedia.org/wiki/United_States_Intelligence_Com... I'm sure books could be written about the effort required to coordinate them all and prevent too much redundancy, but you can be damn sure they all monitor people online and don't just leave that to the NSA.
Given TOR's U.S. Navy roots and the theme of TOR's origin story, I can't say I'm particularly shocked at this. That TOR was a technology developed as part of naval research that "no one wanted anymore" was kind of a flimsy veil, since there weren't any names associated with the narrative.
Similar to bitcoin's story: no one knows who built it, but gee, it's so useful... ~shrug!~
Tor has no value as an espionage tool if only spies use it, so the "no one wanted it" narrative doesn't make sense. They need people to use it in massive numbers for it to be an effective tool.
Yasha Levine likes to spin these grand conspiracies but comes off as completely clueless, technically (not sure if deliberate but it doesn't really matter). Completely absent from his work are any sort of technical advisors or rigorous technical writing.
Result being that less than _1_ minute of looking into his latest "scoop" from someone with a technical background is enough to see through Yasha's bullshit. The code of TOR is not only there for everyone to examine, the incentives are so big that serious protocol issues would have come to the surface many times over, esp taking the number of security experts who are constantly looking there (meaning this goes way beyond "many eyes => bugs are shallow").
I used to read him when he was at Exile (together with Taibbi and Mark Ames), he was good for a few laughs (and Exile was full of black humor and sarcastic writing).
At some point, he started seeing himself as a serious journalist and hilarity ensued. Stick to being a clown Yasha!
There's no parallel here since, (1) Tor doesn't rely on the promises of "no log" and that's why it uses a 3-hop design (and a 6-hop in the case of non-single onion services), (2) the Tor Project isn't the one that operates the entire Tor network.
This seems hyperbolic. Did anyone truly think TOR was some grassroots tech? I'm only casually interested and even I was aware of its links to US government.
Digging past all the hyperbole the more interesting "revelation" is that the TOR project is friendly with Broadcasting Board of Governor (BBG), an independent agency of the US Government.
whether what the author said is true or not is irrelevant. not that i am on any side. am i the only one that is noticing that TOR and Signal can be tools which could be used to extend clandestine intelligence gathering abroad. they are sort of like trojan horses, except they can be deployed remotely... why chase when you can just create an ecosystem that attracts and then you can sit back, watch and analyze then act.
Tor wouldn't work without an abundance of users, it would have no value as an espionage tool if the CIA was the sole party using it. This isn't news, the CIA has a vested interest in keeping Tor anonymous, to protect their overseas assets.
62 comments
[ 3.1 ms ] story [ 103 ms ] threadIf the author of this piece has to rely on imaginary bogeymen like this, I don't have much faith in the rest of their work.
If Tor is a CIA invention, it is one of their best inventions ever.
The Tor Project finances and IRS Form 990 are openly and publicly available: https://www.torproject.org/about/financials.html.en
Yes, a sizeable portion comes from the US government, and from the NSF, from the Open Technology Fund (OTF) ..et cetera and over the years the number of donations that they receive has been increasing, especially with the campaign last year where Mozilla matched donations: https://blog.torproject.org/powering-digital-resistance-help... (they reached 400k$ with Mozilla grants IRC)
The way it works is that there's a set of deliverables or goals that must be fulfilled and that get a funding from Sponsor X. And there's a wiki page with all the Sponsors and the set of deliverables
https://trac.torproject.org/projects/tor/wiki/org/sponsors
For example for SponsorV https://trac.torproject.org/projects/tor/wiki/org/sponsors/S...
> Timeline
> October 2015 - September 2018 (...)
> Overview
> Joint project with Georgetown and NRL focusing on research about resilience to attacks that reduce anonymity or that deny service.
> The grant also includes a "transition to practice" component, which means we should not only help with the research side, but also build and deploy the more promising solutions.
> Deliverables
> + Produce research papers
> + Release software (e.g. Tor) that includes fixes based on the research papers
> + Work with Micah Sherr and Rob Jansen
THIS IS ALL PUBLICLY AVAILABLE.
WHAT THE HELL IS SPOOKY ABOUT THIS? DO YOU KNOW OF AN OPEN SOURCE ORGANIZATION THAT IS AS TRANSPARENT AS THE TOR PROJECT?
To Mr. Yasha Levine: Please point to a single alternative that offers the same low-latency anonymity as Tor if you're serious.
And yes, Mr. Yasha Levine has a big history of pushing smears like this on the Tor Project, see this for example: https://micahflee.com/2014/12/fact-checking-pandos-smears-ag...
Please read my question again: "Please point to a single alternative that offers the same low-latency anonymity as Tor if you're serious."
> You want anonymity? Keep a low profile and try to hide in plain sight,
Your IP will be linked to all of your traffic, nice solution!
> maybe check out some add-ons recommended on privacytools.io
No amount of addons there will protect you against traffic analysis.
Heh... FWIW privacytools.io recommends the Tor Browser, OnionShare, Tails, Qubes+Whonix ... from the Tor ecosystem, maybe you may want to check out those since you're so interested in their recommendations :)
You don't need millions of dollars to build an anonymity system, just look at how much funding projects like I2PD receive.
If everyone thought like that we wouldn't even have HTTPS because "why would you want to hide your internet traffic?!"
"Hiding in plain sight" doesn't work. At all. The NSA has automatic systems that classify everything you do online and then it issues alerts if enough "signals" are gathered. That also means that the more stuff you do in "plain sight" the better it will know what you're doing, as the data will have very high accuracy rates.
It's FUD, let me explain: before the coming of pluggable transports it was easy to distinguish Tor traffic from TLS, which made blocking by censors (like China and Iran) easy since they didn't need to find all bridges addresses but could instead fingerprint Tor traffic to block it.
As you can see from the documents Dr. Steven Murdoch outlined a roadmap for working on that, since that item ("TLS Normalization") was one of the deliverables for the sponsor
> One of the Oct 1 deliverables is a roadmap for TLS normalization. I have a draft of this for your preusal
Where's the problem in this? Mr. Yasha interprets this as meaning "They reported to the spooky agents security vulnerability!" when the fact that Tor traffic doesn't look like TLS was a known problem to everyone that had the slightest knowledge on how Tor works. Now can anyone explain how this isn't deliberate FUD spreading and an insult to the very people who were working on making Tor more censorship resistant, i.e. Dr. Steven Murdoch and Dr. Roger Dingledine? (FWIW I talked to Roger on irc once and he was very offended by the smears that were spread by Pando like this one)
It's just a "he".
> Some of the comments then seem odd
If you're referring to the "Currently this document is private, but eventually some or all of it should be public." comment, then there's really nothing suspicious about it, he doesn't want to publicly release the roadmap until later on.
It's not like it would be impossible to put in protections either - it could be done at the expense of latency and bandwidth.
The idea that it is being run as a honeypot is not exactly far fetched given the security model and funding sources.
I think that Tor does already implement some padding protections, specifically against correlation via NetFlow records. See the spec at <https://gitweb.torproject.org/torspec.git/tree/padding-spec.... and an implentation history at <https://trac.torproject.org/projects/tor/ticket/16861>.
The effectiveness of further padding protections aren't clear unless you go to full padding, which is very expensive (probably impossible for mobile clients, for example). Tor is successful, in my opinion, because it understands that reducing performance reduces users and thus actually harms anonymity.
[0] https://www.nrl.navy.mil/itd/chacs/dingledine-tor-second-gen...
[1] https://media.torproject.org/image/official-images/Tor_Poste...
The implementation was created by Roger independently of the NRL.
"Computer scientist Roger Dingledine developed Tor under a contract with the U.S. Naval Research Lab; today, the software is distributed by the Tor Project, under the fiscal sponsorship of the Electronic Frontier Foundation."
This really doesn't give me any confidence.
By the way for some context on the work of mentioned there see this paper by Paul Syverson https://www.nrl.navy.mil/itd/chacs/sites/edit-www.nrl.navy.m...
/shrug. If your threat model includes state actors, then Tor's current shortcomings are non-trivial and should be treated as such.
> The Harvard kid who was the only Tor user on Harvard’s network at the time that he sent his bomb threat.
> The Freedom Hosting and Silk Road hacks (problems with the web apps that were hosted as Tor hidden services, not with Tor itself).
> Exit node sniffing (an issue with people using plaintext protocols on the internet; people are just as vulnerable when using airport wifi, though perhaps they’re less likely to have an attacker on their network than to be using a malicious exit node).
As you can see those are problems that Tor can't solve. Micah wasn't talking about some inherent flaws in Tor's design.
> If your threat model includes state actors, then Tor's current shortcomings are non-trivial and should be treated as such.
Doesn't change the fact that Tor is the best low-latency anonymity system currently and using it is better than not.
"The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked."
That statement is not exactly true in the case of that Harvard kid. A sysadmin and their logs is still "watching", and in this case eventually found out which site through news channels ;).
That's not to say that I think Tor isn't great nor that it shouldn't be used. My complaint is that it gets represented to general non-technical crowds as solving more problems than it actually does.
[0] https://www.torproject.org/projects/torbrowser.html.en
That's why bridges and pluggable transports exist and let you obfuscate your Tor traffic to look like something else, see: https://tb-manual.torproject.org/en-US/circumvention.html
> That's not to say that I think Tor isn't great nor that it shouldn't be used. My complaint is that it gets represented to general non-technical crowds as solving more problems than it actually does.
Well they do provide warnings https://www.torproject.org/download/download.html.en#warning among them is the one which is related to the Harvard teen "Use bridges and/or find company: Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too! "
https://arstechnica.com/tech-policy/2016/04/whatsapp-is-now-...
https://signal.org/blog/signal-foundation/
That's because governments aren't a monolith, the projects and interests of the NSF or the OTF do not necessarily overlap with those of the NSA or CIA.
Seems they've made their decision on that long ago.
Even zzz himself (the current lead developer of I2P) says that Tor is the way to go for browsing the clearnet
> zzz: First of all I want to say that I have a tremendous amount of respect for Tor, Roger Dingledine and the other Tor developers, and what they have accomplished. I2P and Tor started at about the same time and have a lot of similarities.
> Tor has benefitted greatly from funding, academic analysis, and a large user base. We are exchanging ideas with Tor and I expect that both projects will benefit from that as well.
> The fundamental difference is that Tor is designed for "exit traffic" to the regular internet. I2P is designed for in-network traffic - what Tor calls "hidden services". Tor has 1000 "exit nodes". I2P has only one. Exiting from an anonymous network to the regular internet has serious potential vulnerabilities.
> As Roger Dingledine said in his talk at 25C3 (Dec. 29 2008), "Tor does not magically encrypt the internet". Neither does I2P. Accessing standard services through exit nodes can be done safely, but it takes great care. Snooping or worse by exit nodes, and blocking of exit nodes is problematic. That said, if your primary goal is anonymous access to the regular internet, Tor is the better solution.
I2P is great for torrenting and other such uses, there's no doubt about that.
[1] : https://www.gulli.com/news/2913-i2p-an-anonymous-network-int...
Similar to bitcoin's story: no one knows who built it, but gee, it's so useful... ~shrug!~
Result being that less than _1_ minute of looking into his latest "scoop" from someone with a technical background is enough to see through Yasha's bullshit. The code of TOR is not only there for everyone to examine, the incentives are so big that serious protocol issues would have come to the surface many times over, esp taking the number of security experts who are constantly looking there (meaning this goes way beyond "many eyes => bugs are shallow").
I used to read him when he was at Exile (together with Taibbi and Mark Ames), he was good for a few laughs (and Exile was full of black humor and sarcastic writing).
At some point, he started seeing himself as a serious journalist and hilarity ensued. Stick to being a clown Yasha!
Digging past all the hyperbole the more interesting "revelation" is that the TOR project is friendly with Broadcasting Board of Governor (BBG), an independent agency of the US Government.