11 comments

[ 3.6 ms ] story [ 29.2 ms ] thread

  The Tor Project web site makes a bold claim to its users:

  "Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor."

  Don't misinterpret this claim. It's not true that Tor protects you against "anyone monitoring your browsing".

  On this web page, I provide you with the critical information missing from the Tor Project's website: if you estimate your adversary's resources in dollars, I'll estimated the probability that Tor will fail to protect you.
(web site by Brian Levine, Professor at UMass Amherst <https://www.cics.umass.edu/about/directory/brian-levine> and director of Rescue Lab <https://www.rescue-lab.org/>)
> Why has the Tor Project created a network used extensively for child sexual abuse

Hottest take of the week right there.

Why do they seem to imply that Tor was somehow created explicitly with this purpose in mind? That's like saying only criminals use the Internet, just because it can be used to commit crimes.

I think they are taking Tor's words and applying it to a much broader scope than they originally intended.

> Tor Browser prevents someone watching your connection from knowing what websites you visit.

If someone is watching only your connection as it exits your local ISP and nothing else, then yes, this is in fact true. It's just not articulated that plainly.

But if the author actually went as far as they are trying to, they might as well tell people to just give up because there's a chance your attacker already controls the destination server you're talking to in the first place.

If you're going to the trouble of trying to calculate the chances that nodes in the middle are compromised, why not include the destination itself too?

> The small set of people that centrally control Tor software and centrally manage the Tor network have the power to act to stop this abuse without lessening their (weak) protections.

Source: trust me bro

> The world's standards for encrypting data are so secure that no one has enough money or time to brute force their way into properly encrypted data, not even governments. They are better off waiting for a scientific breakthrough that may never come.

This completely disregards the possibility that any one of a number of root CAs aren't already compromised or cannot be coerced by your attacker.

If you're going to claim tor is insecure, you might as well go all the way and say it's pointless to use anything at all, ever.

I'm not here to defend Tor

But the calculator states that if the investigating party has $150,000 a month budget for all targets they have a 100% certainty of getting your IP address... obviously this is false, so what else has the author claimed that is also not true?

"As C3P will tell you: CSAM distribution on Tor onion services is not inevitable."

Lol, are we using the regular internet as an example of preventing all CSAM?

We've known for years that owning enough nodes results in the compromise of privacy and that it's likely the NSA has achieved this. Although there is some question around how that plays out if adversaries like China are also competing for similar node share percentage.

If an adversary is spending tens or hundreds of thousands of dollars to find you, that's a lift that most threat actors won't be able to do. Especially if they have to host a significant number of exit nodes for a lengthy period, which often means serving unlawful content which is very awkward for law enforcement.

It's definitely better than regular browsing for security, but it's not perfect.

"The small set of people that centrally control Tor software and centrally manage the Tor network have the power to act to stop this abuse without lessening their (weak) protections."

That the author has received funding from the DOJ makes me wonder what their proposed solution is.

Clickbait title is usually a good indicator of clickbait content.

I see in the comments that the author is an academic, my cursory look of the site makes me disappointed to see such weak rigor applied here. This looks like a hit piece dressed up to sound scary. Not going to waste my time further on its claims when on the surface its given me this impression. Strikes me as yelling and not listening type of personality.

I wouldn't use Tor or any other anonymous services like SecureDrop without a VPN (preferably multi-hop). Otherwise you're advertising to the world that your IP address uses Tor, and that alone can be a huge reduction in the solution space for your adversary to deanoymize you.
I agree, but we are both first-world privileged.

How exactly does someone in China or North Korea go about getting a multi-hop VPN to access Tor?

Correct me if I'm wrong, but this feels like a long-winded way of saying: if an adversary could control a significant portion of relays without being found out and for a not-insignificant period of time, it could defeat Tor.

Is it correct? Probably. Does it justify the "Not secure at all" indictment? No.

The website actually states “not very secure at all”. This hacker news submission changed the title.