Open source isn't a guarantee of safety for two reasons:
1) It's highly possible that there are federal government agencies with knowledge of encryption and security beyond the current state of the art in academia. There could be deliberate vulnerabilities that even the most highly regarded researchers/academics in the field could not detect.
2) Even if you trust the source, the source can be compromised elsewhere in the toolchain (the compiler could turn safe code into malicious code). Unless you trust every element of your toolchain, you trust nothing (from a mathematical sense -- of course it's much more complicated, and thus less likely, to compromise Tor through its own source code rather than gcc's source code).
> It's highly possible that there are federal government agencies with knowledge of encryption and security beyond the current state of the art in academia. There could be deliberate vulnerabilities that even the most highly regarded researchers/academics in the field could not detect.
That's true, but Tor uses encryption that is common in many other products. Even if it were a privately owned product, it probably would have been implemented in a very similar way.
> Even if you trust the source, the source can be compromised elsewhere in the toolchain (the compiler could turn safe code into malicious code). Unless you trust every element of your toolchain, you trust nothing (from a mathematical sense -- of course it's much more complicated, and thus less likely, to compromise Tor through its own source code rather than gcc's source code).
OP is not talking about whether or not perfect security is possible. They are talking about the possibility of Tor specifically being backdoored, since it originated within and is funded by the U.S. government.
I doubt tor is backdoored, but it has it's own security issues. I wouldn't doubt for a second that three letter agencies are running a huge amount of nodes on the tor network and doing everything they can to correlate traffic and associate connections to individuals. At the end of the day, you can't rely on tor alone to keep you safe or anonymous on the internet.
I'm not suggesting it's impossible, I'm just saying that it's much more difficult to hide stuff in OSS thus less likely. It's the closed source stuff you ought to be more suspicious of.
> the compiler could turn safe code into malicious code
While I agree toolchain compromises are a concern, this particularly famous one of backdooring a compiler has a counter: http://www.dwheeler.com/trusting-trust/
I originally had a snarky comment about not trusting nodes, then reread what you said as well as the article, and realized that's a different issue... the article is questioning trusting the Tor Project due to DoD funding; your response is you can trust the code they generate as it's open for review. So now I have completely different snarky response :-)
How many users are downloading and compiling source? If you're running a binary you didn't compile, it's really no different than being closed source. (Unless you get the MD5 sig from an independent, trusted third party, and verify yourself)
Different people build the Tor Browser Bundles on Gitian (look it up), and they will have the same hashes. So unless ALL of these people are lying, if their hashes match, you can be convinced that it is the same binary as you would get by compiling it.
This argument only works if you believe that there are enough people who understand the complexity and nuance within the system at a level sufficient to understand it.
It goes back to the design of DES - the NSA influenced small design changes in the SBoxes that had implications that only they understood. This gave an advantage, even though the algorithms were completely "open source".
In that case, they made the encryption STRONGER. But they certainly showed how that type of influence could happen.
I don't happen to be enough of a conspiracy theorist to believe that they're messing with Tor - there are better ways, especially when a vast majority of the traffic isn't through Tor.
The NSA doesn't need a backdoor in Tor when they can do traffic analysis on a large portion of Tor nodes, either by eavesdropping on at least one link between each pair of nodes, or just running the nodes themselves...
<conspiracy>Maybe that's why they continue to fund it...</conspiracy>
you know, when the tor project had some scruples and ethical standards, they actually explicitly addressed this as part of their threat model, acknowledging that if someone could see enough traffic, they could de-anonymize the network.
What on earth are you talking about? I was reading the Tor wiki just a couple days ago, and they have a huge section regarding global passive adversaries (the topic you're receding to). They're very explicit that Tor doesn't protect against that.
Thank you for the link. I find it very explanatory for me and a nice resource to explain to others what TOR and HTTPS can protect from.
I understand that using HTTPS through Tor can provide to NSA your rough location (entry node) and the site you are browsing to. But your user name and password will be safe (assuming that NSA cannot hack HTTPS). Using HTTPS only can provide the same information to NSA as the HTTPS+TOR, so for httpS sites Tor does not provide extra security against NSA?
If my understanding is correct then Tor would provide only value when using Tor services, aka onion sites, but not when using public Internet services?!
I would appreciate if somebody could provide their expertise on this.
"Against [Law Enforcement Officials], it's fine. Against a nation-state, the TOR network has insufficient resources and has sufficient bad actors that it is not actually secure. So if you're going to hack the shit out of the NSA and do really really bad planning and do not actually evalute the targets you are after, you will go to jail."
He also expands on how to unmask a user by controlling both the exit and entry nodes:
"So if you can purchase 300 VPS accounts at $5 each then you can set up 1% of the TOR network and statistically, over a month, you will be able to uncover a large number of users. [...] You are better of selecting your targets so they will not be state actors."
TOR is not perfect. The NSA, or any other sufficiently large global passive adversary, can defeat it, with global timing correlation. However, a connection over TOR probably requires more resources to track down than a direct connection. On the downside, a connection over TOR may go through a foreign country, which removes any domestic safeguards the NSA does have in place, subjecting it to indiscriminate spying.
TOR is also insufficient on its own. You need to use strong crypto, and be careful of your privacy in other ways (cookies, caches, etc) on top of it.
> So if you can purchase 300 VPS accounts at $5 each then you can set up 1% of the TOR network and statistically, over a month
I'd love to see this kind of evidence end up in court. It would be hilarious to see them try and prove anything beyond reasonable doubt with millions of random logs.
> "So if you can purchase 300 VPS accounts at $5 each then you can set up 1% of the TOR network and statistically, over a month, you will be able to uncover a large number of users. [...] You are better of selecting your targets so they will not be state actors."
Bear in mind that Tor avoids making circuits in the same country, specifically to avoid things like this. You'd need at least two large farms.
The Internet was made by DARPA. Let's stop using it.
I am really sick of these arguments. Do you realize how much research goes into Tor and how many university researchers are associated with it (Cambridge, Waterloo)? Furthermore, can you really think someone like the Tor core developers (Dingledine and Mathweson) can sacrifice their entire reputation just for putting a backdoor? The code is out there. They have a Git repository and they have an active, healthy developer community. It's not like TrueCrypt, where change logs read like, "Minor fixes" and there is no public repository in 2013.
Someone should bring proof of the alleged backdoors or just shut up. Because conspiracy theories are not only stupid, they are annoying. This issue has been addressed on the tor-talk list many times. Please show one iota of proof.
And I say this as a Tor user who has not only donated to the project but also runs a relay.
It's not enough. However you can't have trustworthy software unless it can be audited. That's the key point.
The source is there. The standards are there. We know that timing attacks may be possible. The rest is just a matter of audits. Questions are good, but they are just questions until someone looks at the code, the implementation, the design, and the rest and says "here's a problem."
Sure, but those are questions oriented around implementation. If you go the other way: the standards are vulnerable, then the standards organizations are vulnerable, and the agencies influencing the standards organizations are a vulnerability. That is the flaw that we appear to be experiencing right now (and back in 2007 with Dual_EC_DRBG).
When you speak of it only being a "matter of audits," that standard breaks down when there are none possible (or at least available) with these organizations and agencies, and that is the fundamental ingredient that produces suspicion.
At the end of the day, though, the distinction I'm drawing is one between technical problems and people problems. However, recent events have taught us that the people problems in crypto are real, where before they had only really been suspected or at least minimized.
I wholeheartedly agree with you that it's incredibly irksome to hear this argument over and over again.
I also think, though, that the question isn't completely over-the-top given recent revelations. For example, you state:
> Do you realize how much research goes into Tor and how many university researchers are associated with it (Cambridge, Waterloo)? Furthermore, can you really think someone like the Tor core developers (Dingledine and Mathweson) can sacrifice their entire reputation just for putting a backdoor?
You're right.
But how many university researchers and mathematicians vet the security standards at NIST? NIST doesn't just take the math at face-value from NSA.
I don't think that Tor is compromised, but I don't think it's beyond questioning, either.
> I don't think that Tor is compromised, but I don't think it's beyond questioning, either.
No, definitely not. Science should never be above questioning, or be subject to fanboyism.
My point was -- people keep bringing this argument up time and again but do not bring any proof to the table. The code is out there. Don't you perhaps think that the professors at some of the most reputed universities in the world who research on Tor would perhaps eventually find some alleged backdoor, given the code goes through so much scrutiny? I maybe wrong of course but some proof of this would be good. Honestly. And I am not being sarcastic, I have donated money and if I ever found out that something remotely like this is happening, do you think that people like me or the organizations who fund Tor will give it any more money?
It's a question of whether the idea is fundamentally sound.
You're routing your data through several strangers, who are all volunteers and may be individuals who support anonymity or governments who are trying to break it, relying on them discarding logs in order to preserve your anonymity. Since the data is encrypted, and routed between several nodes, you do have some redundancy in place in case one of the middle nodes is an attacker.
However, there are several problems. The data coming out of the exit nodes is unencrypted. Now, everyone advises you to always encrypt anything that will pass through an exit node, but that's not always possible. Some protocols just don't have widely available encrypted versions (like DNS), or even with encryption, where you are connecting to is leaked, as well as some information in things like the TLS handshake that may be de-anonymizing.
There are also lots of ways that data can leak at your endpoint. For instance, many programs may make DNS queries that don't go through Tor, so what you are looking up may be leaked.
Furthermore, Tor doesn't sent data at a constant bitrate. Someone who can monitor traffic on a large portion of the network can correlate it across points.
Finally, due to the nature of routing traffic between several points, a fairly limited number of exit nodes, and the encryption, Tor is fairly slow. So most people won't really be able to use it on a day to day basis, making mere use of it somewhat suspicious, and likely to subject you to more scrutiny.
None of these are fatal flaws, but they are some fundamental weaknesses, and many of them can't really be fully fixed.
I think that focusing on widespread, end-to-end encryption, rather than anonymity service like Tor, would be more valuable. Yes, you will still be vulnerable to metadata monitoring, which is a problem, but it would help a lot more with the content of your communications.
> It's a question of whether the idea is fundamentally sound.
The problems it has are clearly discussed in multiple places -- websites, research papers, etc. I don't think it can be more sound than that.
> You're routing your data through several strangers, who are all volunteers and may be individuals who support anonymity or governments who are trying to break it, relying on them discarding logs in order to preserve your anonymity.
It doesn't matter. That is the entire idea behind Tor.
> However, there are several problems. The data coming out of the exit nodes is unencrypted. There are also lots of ways that data can leak at your endpoint. For instance, many programs may make DNS queries that don't go through Tor, so what you are looking up may be leaked.
The TBB already takes care of this. So unless you use some crappy third-party browser, you are safe from these problems because they know about it and they have been fixed.
Of course the exit node is not something you can trust. But your argument does not always hold true because TBB ships with HTTPS Everywhere by default. So almost all major websites will automatically use HTTPS and therefore the exit node sniffing your connection is rendered useless. Now if you are sending out your information over plain-HTTP, then yes, you will have it compromised.
> Furthermore, Tor doesn't sent data at a constant bitrate. Someone who can monitor traffic on a large portion of the network can correlate it across points.
Because Tor is a low-latency network, timing analysis is easy to perform if the entry and the exit node are controlled by the same entity. Now this depends on whether the NSA runs Tor exits or not and I cannot answer this question.
> Finally, due to the nature of routing traffic between several points, a fairly limited number of exit nodes, and the encryption, Tor is fairly slow. So most people won't really be able to use it on a day to day basis, making mere use of it somewhat suspicious, and likely to subject you to more scrutiny.
Anonymity loves diversity. Tor has a diverse userbase and it is getting better. I do not think it is that slow -- surely we can't expect it to be as fast as your normal internet connection -- but it is not bad either. I think FWIW, given what it does and what we need, there is no better solution so I think we might as well stick to it than trusting some proprietary software.
> Now this depends on whether the NSA runs Tor exits or not and I cannot answer this question.
If running Tor exit nodes is what is necessary for the NSA to snoop on traffic, why wouldn't they do so?
If your security depends on "well, the NSA isn't going to run a service they need to snoop on your traffic", you're doing it wrong.
> I think FWIW, given what it does and what we need, there is no better solution so I think we might as well stick to it than trusting some proprietary software.
That's not really the choice. It's a question of where your priorities lie.
I don't think our biggest threats to privacy are in the NSA monitoring merely who we connect to. For some users, it's a substantial threat; for instance, for protesters in Iran, it may be a big problem, and for them Tor is invaluable (especially since it's unlikely that the Iranian government has the same resources to attack Tor that the NSA does).
Instead, our biggest (technical, as opposed to political or social) threats to privacy lie in a few places:
1) Email. Email has all kinds of problems (it's not verifiable, no good identity management, spam, and it's unencrypted in transit in many of its hops).
2) Google, Facebook, Yahoo, Twitter, etc. Big, closed services, that lock you in, and provide centralized places for monitoring. For many people in my social circles, Facebook is their primary means of online communication.
3) Web tracking: cookies and other web de-anonymization techniques
4) Unencrypted HTTP
5) Identity on the web. Almost every account you create requires an email address, which can trivially be used by the NSA to correlate data between accounts. Anonymous email services can be used to fight this, but managing databases of email addresses, usernames, and passwords to preserve anonymity is beyond most people's capabilities. The solutions to this are mostly to use one of the big services for login, which of course down't solve the anonymity problem at all.
6) The phone system. Telecoms have demonstrated repeatedly that they're more than willing to hand your data over without a court order. Tech companies at least act embarrassed about it in public; phone companies just lobby for retroactive immunity to keep themselves safe from their customers.
There may be more that I'm not thinking of, but those are some of the biggest.
Tor does very little to protect you from these kinds of threats. All it protects you from is someone monitoring who you are connecting to; but if most of the traffic they are interested in is to Google or Facebook, they don't need to attack it by monitoring your connection, they can just get the data straight from the endpoint.
I think that the biggest things we need, to preserve privacy, are replacements for many of the above problems, that even our grandmothers can use. Sure, a few privacy conscious geeks, a few Iranian protesters, some online griefers, some drug dealers, and some pedophiles can take advantage of Tor. It provides a useful service for some, but a fairly small portion, of people.
Getting ubiquitous encryption, better key management and identity management, a return to federated or peer-to-peer services rather than a few large centralized players, and getting all of that widely deployed and usable by your grandparents, are what we want to really improve privacy and security.
NSA doesn't need to run exit nodes, they just need correlate packet flows from exit nodes with packet flows to entry nodes. It's easy if you have both flows (say by taping most fiber lines). Tor doesn't protect you against a global passive adversary. That is the price you pay for low latency.
But if you run entrance nodes on your intranet, then they have to compromise your endpoint right? But if they compromise that then they don't need to correlate with timing attacks, do they?
Sorry, most fiber lines is absurd, I should have said they could intercept most of the world's traffic by taping key fiber lines. Say, most of the major underseas ones and any of the major ones traversing the five eyes (US,UK,CA,AU,NZ) + at least Sweden and probably a number of other countries.
>I think FWIW, given what it does and what we need, there is no better solution so I think we might as well stick to it than trusting some proprietary software.
The trouble with that is that often the illusion of security/anonymity is worse than not having it at all. See also: Enigma
What if there is no backdoor, but there is one intelligence agency in the world which has the capability, through their own effort, of de-anonymizing targeted users?
Yes, sybil attacks are a concern. With a powerful global adversary like the NSA, I don't know what chance we stand but unless there has been some evidence of exits being run by the NSA, I think we are good?
There's no reason for them not to; I'm not sure why you would expect them to avoid doing so, if it would help them spy on communications. It's not like it's terribly risky for them; they can stick some exit nodes on some racks in a couple of data centers, with splitters that records all of the traffic coming out, and no one would be the wiser.
Or they can just find existing exit nodes, and ask the data centers to install splitters for them.
Exit nodes and relay nodes are not secret, so specifically targetting them for analysis would be pretty easy.
If the NSA is sufficiently far enough ahead in cryptography research, there don't have to be explicit backdoors, just plausible-looking designs that have some weakness that we're 20 years from discovering (but the NSA is those 20 years ahead of us). I'm no expert but this hardly seems outside the realm of possibility.
In 20 years Tor will have served its purpose and the government will have a new strategy. Maybe they'll just try outlawing encryption again. Certainly we'll forget all about the Clinton era by then.
Because conspiracy theories are not only stupid, they are annoying. This issue has been addressed on the tor-talk list many times. Please show one iota of proof.
Isn't this exactly what someone would have said about the NSA spying on us even just a few months back? Did we learn from that AT ALL or just anytime we don't like a theory we will call that person a tin foil hat wearing nutcase?
The NSA spying was just theory until proof was presented. Proof is the only thing that differentiates tin-foil wearing conjecture and fact. And until we have just such evidence for a backdoor in Tor (maybe another leak?) all we have is just idle speculation of what if this and that etc...
This story is neither helpful nor enlightening in that regard as it has no evidence. Just mere speculation and insinuation.
This is the wrong conclusion to take from the NSA spying revelations. The proper conclusion is that anything that cannot be independently verified is suspect and to not put an inordinate amount of trust into any single system. With motivated and well funded adversaries like the NSA, there is no such thing as too paranoid.
There is value in discussing these conspiracy theories, if only to disseminate information and allow others to determine their own risk assessment. The conflict of interest inherent in a law enforcement agency funding a tool for circumventing detection is enough to raise alarm bells for some classes of users.
I don't think his comment is as extreme as calling people nutcases. Have recent events encouraged us to distrust other entities? Yes. But, as the parent alludes, it's important to temper distrust with investigation and facts and not just blindly run away from everything. Otherwise even more damage will be done.
> Isn't this exactly what someone would have said about the NSA spying on us even just a few months back? Did we learn from that AT ALL or just anytime we don't like a theory we will call that person a tin foil hat wearing nutcase?
The NSA is a different case. We do not know anything about it, except from the leaks. But we do know things about Tor.
a). Actively developed, follows the best principles possible. Open discussions in IRC, active mailing list, developers who respond to queries.
b). Highly researched by some of the best universities in the world. Cambridge and Waterloo come to mind instantly.
c). There has not been a single case of mistrust on their part that should make someone suspicious about them.
The day Tor does something like this, not only they lose their funding, they lose users and they become a dead project. With so much reputation at stake -- and they are respected people in the community -- Dingledine and Mathewson doing something like this? I don't think so.
Sure, I understand that, but if that is the argument, just make those three points. Arguing "Because conspiracy theories are not only stupid, they are annoying. This issue has been addressed on the tor-talk list many times. Please show one iota of proof." is just silly, as though because we don't have factual proof the government is doing something wrong we are "stupid and annoying". All I'm saying is that this argument lacks a ton of credibility in a world where we just found out our own government spies on everything we do and the reaction from the mainstream went from "those tin foil hat wearing morons!" to "eh, they were right, and I was wrong, why would that possibly make me change my beliefs?".
with what we've been hearing from NSA and Snowden, nothing can be dismissed as a "conspiracy theory." Proof might very well be in Snoden's unreleased docs or in some dossier at NSA. You don't have to show proof to show mistrust
I'd be more wary of NSA contributing code directly or through anon HUMINT accounts, hoping some of it slips through.
Yep, this is all I'm saying really. The exact same people who were calling the NSA spying stories a conspiracy theory are now saying the same about this is just shocking honestly. I don't understand how one lacks self awareness that badly. "hey I mocked your totally correct point for years, and you were right, now back to giving you zero credibility the minute you make the next argument".
For which databases? If there's an air gap, barring WiFi or other radio or laser transmissions, how would they respond to user requests? Isn't the majority of FB's data like, actually used by Internet users?
Like, the site owner is your personal genie? Can he clear up my FUD at the loss of my liberties too? '0& make it stop so I can go back to making money!
Not his problem, and not a particularly significant downside if he doesn't follow through. A better response for you would be to upvote articles you think are better HN material.
It is 'pgs problem if he wants HN to stay good. This requires more people NOT upvoting shitty articles and upvoting good ones. The problem of HN is that equally-ranked votes dilutes signal.
You don't need backdoors in the program to make Tor less anonymous. You work with traffic patterns & other information gleaned from the network. You can also congest the network & find out more information that way.
Tor is useful but you're kidding yourself if you think it protects you from the NSA. And please, shut up about conspiracy theories. Many of these theories have become verified fact, and the rest are up to bayesian judgement. You should brush up on your history starting circa WWII & learn to what extent the intelligence communities go to have an upper hand. Tor is low hanging fruit compared to breaking certain cryptographic primitives.
I agree 100% with your post but I want to point out one thing for completeness.
I believe nobody sensible involved in Tor would claim it provides strong anonymity. Anonymous networks are a trade-off between efficiency and anonymity. Because it is efficient enough to allow web browsing, Tor provides relatively weak anonymity.
What's stopping an individual Tor user from selecting 5 hops instead of 3? Or a random number of hops between 4 and 8? (Besides the sacrifice in performance, of course.) In the current environment, wouldn't even going to 4 hops prevent analysis, as current analysis tools are going to be set for the default implementation?
We know that dingelidine has been working on mixmaster, a next generation email anonymity tool. If successfully we might had something immune to the nsa, at least theoretically.
But he is working on Tor, which can be attacked by global passive attackers, something that in past consider very unlikely to exist. We know today nsa is a global passive attacker.
And today, mixmaster still hasn't been working, and the size of email anonymity networks is so small, to be useless.
It all worked out very nicely for the nsa. And what, they just got lucky? No conspiracy?
It's not like TrueCrypt, where change logs read like, "Minor fixes" and there is no public repository in 2013.
I was thinking of just this the other day. In light of all the recent news, what's people's feeling about TrueCrypt. Elaborate ruse by the NSA or really good software that is very secure?
> And I say this as a Tor user who has not only donated to the project but also runs a relay.
Just curious, where do you run your relay? Is it under your home internet connection? Does it ever give you any trouble (authorities come knocking the door, etc)?
The cheapest way for any government to attack tor would simply be to co-opt a few of the engineers. Low risk since individual people routinely have personal, criminal, or financial situations that make them vulnerable to bribes and/or threats.
No they don't foot 100% of the bill ... this assumes balanced budget and no additional money creation from the Federal Reserve. It also assumes NSA does not have their own revenue sources.
<conspiracy>
With that much information on hand I could play the foreign stock markets like mad. And also forex. It will be sane for NSA to have capabilities to crash a potential adversaries currency and stock market.
</conspiracy>
That's interesting. Just last week we were bombarded* with several news doubting the security of RSA, then we discover that some kinds of ECC may have back doors. Now we are getting news attacking TOR...
* I'm not accusing anyone. It's easy to believe so much in propaganda that you start to spread it too. One even honestly creates more unrelated reasons to believe. I know that I'll never trust RSA as much again, and will probably migrate to 3kb keys.
Tor does not protect against a global passive adversary. If the NSA can watch most network traffic, they can do packet timing correlations and readily identify you. They don't need backdoors or subverted exit nodes
Basically an extension of the tor attack where the feds knew roughly where the guy they wanted lived, and they could engage him in an IRC chat, so they talked to him in the chat, meanwhile driving a van around sniffing wireless networks looking for bursts in traffic that corresponded to the IRC transmissions.
Yeah. A way of defeating that is adding a constant-bitrate model, which is unlikely to be deployable at scale (network's slow enough as-is).
Is it conceivable that nodes could hold packets for a period of time long enough that traffic is "really" mixed with other traffic? Or does this just add the equivalent of a random delay which is easily defeated?
Two assumptions:
1. An encryption system is only as secure as its weakest link
2. The NSA can get the source whether its open or closed.
I imagine the NSA would task a team of researchers to analyze the source code, find a vulnerability, and develop a tool to exploit it. I imagine they'd then hand the tool over to a team to deploy and operate it.
No person from the TOR community would need be involved or made aware. And, assuming the NSA was the only one with the exploit, there would be no reason to stop funding Tor, since it advances American interests without (now, thanks to the exploit) threatening them.
I trust tor to do what tor does: in fact -- as do US intelligence agencies who use it for anonymous open source intelligence.
I don't, however, trust it to do anything else: namely, I don't think of it as a security panacea. Goals of security are confidentiality, integrity, and availability. Anonymity is only a small part of confidentiality: tor provides a somewhat reasonable guarantee (i.e., much better than nothing or use of proxies) that I can anonymous browse censored web sites. However, alone it doesn't in any way help with secure communications to others, it doesn't ensure that the sites I am visiting aren't MITM'd, it does not protect against attacks that reduce availability of end points.
Since online content censorship is not currently a big problem in the United States -- but now a huge problem pretty much elsewhere, including in the Western World -- in most cases it isn't really an ailment for the ills inflicted by the current government overreach.
Why is the government funding it? That is a valid question. I think the DoD has the resources to create its own version of TOR type communications if that were a big need for government agencies.
SO. Why?
That's exactly how Tor got created -- it was originally funded by the Navy. The DoD version of Tor _is_ Tor.
Also, it's entirely possible that the government is using the same software (or a slight fork) on a different network, but using the public deployment of Tor as a way to easily get public review of the cryptosystem.
Furthermore, if only the DoD/whatever used Tor, "someone with Tor traffic going from/to them" would be a good-enough metric to locate DoD emplyees / government spies / etc. The idea is, that's why Tor continued to be developed not as part of a Naval Research lab project, but rather as a civilian project.
If we believe that chips and hardware have been compromised by the NSA (and I suppose the Chinese who make a lot of it), that encryption has been cracked by the same, and that it is spy open season at ISP level, then surely nothing that runs on or through such devices can be secure enough, Tor included?
Summary: "NSA can break 1024 RSA/DH keys in a few hours. The problem with Tor is that it still uses 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. Only 10% of the servers have upgraded to newer versions."
99 comments
[ 4.1 ms ] story [ 192 ms ] thread1) It's highly possible that there are federal government agencies with knowledge of encryption and security beyond the current state of the art in academia. There could be deliberate vulnerabilities that even the most highly regarded researchers/academics in the field could not detect.
2) Even if you trust the source, the source can be compromised elsewhere in the toolchain (the compiler could turn safe code into malicious code). Unless you trust every element of your toolchain, you trust nothing (from a mathematical sense -- of course it's much more complicated, and thus less likely, to compromise Tor through its own source code rather than gcc's source code).
That's true, but Tor uses encryption that is common in many other products. Even if it were a privately owned product, it probably would have been implemented in a very similar way.
> Even if you trust the source, the source can be compromised elsewhere in the toolchain (the compiler could turn safe code into malicious code). Unless you trust every element of your toolchain, you trust nothing (from a mathematical sense -- of course it's much more complicated, and thus less likely, to compromise Tor through its own source code rather than gcc's source code).
OP is not talking about whether or not perfect security is possible. They are talking about the possibility of Tor specifically being backdoored, since it originated within and is funded by the U.S. government.
While I agree toolchain compromises are a concern, this particularly famous one of backdooring a compiler has a counter: http://www.dwheeler.com/trusting-trust/
How many users are downloading and compiling source? If you're running a binary you didn't compile, it's really no different than being closed source. (Unless you get the MD5 sig from an independent, trusted third party, and verify yourself)
a). For all the bundles, they are signed by the Tor developer who packages them. The signatures are clearly visible with the downloads.
b). Most importantly:
Tor is moving towards deterministic builds: https://blog.torproject.org/blog/deterministic-builds-part-o...
Different people build the Tor Browser Bundles on Gitian (look it up), and they will have the same hashes. So unless ALL of these people are lying, if their hashes match, you can be convinced that it is the same binary as you would get by compiling it.
That writeup is really fucking cool. You should submit it as its own story!
It goes back to the design of DES - the NSA influenced small design changes in the SBoxes that had implications that only they understood. This gave an advantage, even though the algorithms were completely "open source".
http://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27...
In that case, they made the encryption STRONGER. But they certainly showed how that type of influence could happen.
I don't happen to be enough of a conspiracy theorist to believe that they're messing with Tor - there are better ways, especially when a vast majority of the traffic isn't through Tor.
<conspiracy>Maybe that's why they continue to fund it...</conspiracy>
then, shit like this happened: https://www.eff.org/pages/tor-and-https
I understand that using HTTPS through Tor can provide to NSA your rough location (entry node) and the site you are browsing to. But your user name and password will be safe (assuming that NSA cannot hack HTTPS). Using HTTPS only can provide the same information to NSA as the HTTPS+TOR, so for httpS sites Tor does not provide extra security against NSA?
If my understanding is correct then Tor would provide only value when using Tor services, aka onion sites, but not when using public Internet services?!
I would appreciate if somebody could provide their expertise on this.
"Against [Law Enforcement Officials], it's fine. Against a nation-state, the TOR network has insufficient resources and has sufficient bad actors that it is not actually secure. So if you're going to hack the shit out of the NSA and do really really bad planning and do not actually evalute the targets you are after, you will go to jail."
He also expands on how to unmask a user by controlling both the exit and entry nodes:
"So if you can purchase 300 VPS accounts at $5 each then you can set up 1% of the TOR network and statistically, over a month, you will be able to uncover a large number of users. [...] You are better of selecting your targets so they will not be state actors."
TOR is not perfect. The NSA, or any other sufficiently large global passive adversary, can defeat it, with global timing correlation. However, a connection over TOR probably requires more resources to track down than a direct connection. On the downside, a connection over TOR may go through a foreign country, which removes any domestic safeguards the NSA does have in place, subjecting it to indiscriminate spying.
TOR is also insufficient on its own. You need to use strong crypto, and be careful of your privacy in other ways (cookies, caches, etc) on top of it.
I'd love to see this kind of evidence end up in court. It would be hilarious to see them try and prove anything beyond reasonable doubt with millions of random logs.
Bear in mind that Tor avoids making circuits in the same country, specifically to avoid things like this. You'd need at least two large farms.
I am really sick of these arguments. Do you realize how much research goes into Tor and how many university researchers are associated with it (Cambridge, Waterloo)? Furthermore, can you really think someone like the Tor core developers (Dingledine and Mathweson) can sacrifice their entire reputation just for putting a backdoor? The code is out there. They have a Git repository and they have an active, healthy developer community. It's not like TrueCrypt, where change logs read like, "Minor fixes" and there is no public repository in 2013.
Someone should bring proof of the alleged backdoors or just shut up. Because conspiracy theories are not only stupid, they are annoying. This issue has been addressed on the tor-talk list many times. Please show one iota of proof.
And I say this as a Tor user who has not only donated to the project but also runs a relay.
Trust is a funny thing, isn't it? It doesn't respond to demands or browbeating.
This is why open source crypto is so important these days.
https://www.schneier.com/blog/archives/2007/11/the_strange_s...
The source is there. The standards are there. We know that timing attacks may be possible. The rest is just a matter of audits. Questions are good, but they are just questions until someone looks at the code, the implementation, the design, and the rest and says "here's a problem."
When you speak of it only being a "matter of audits," that standard breaks down when there are none possible (or at least available) with these organizations and agencies, and that is the fundamental ingredient that produces suspicion.
At the end of the day, though, the distinction I'm drawing is one between technical problems and people problems. However, recent events have taught us that the people problems in crypto are real, where before they had only really been suspected or at least minimized.
I also think, though, that the question isn't completely over-the-top given recent revelations. For example, you state:
> Do you realize how much research goes into Tor and how many university researchers are associated with it (Cambridge, Waterloo)? Furthermore, can you really think someone like the Tor core developers (Dingledine and Mathweson) can sacrifice their entire reputation just for putting a backdoor?
You're right.
But how many university researchers and mathematicians vet the security standards at NIST? NIST doesn't just take the math at face-value from NSA.
I don't think that Tor is compromised, but I don't think it's beyond questioning, either.
No, definitely not. Science should never be above questioning, or be subject to fanboyism.
My point was -- people keep bringing this argument up time and again but do not bring any proof to the table. The code is out there. Don't you perhaps think that the professors at some of the most reputed universities in the world who research on Tor would perhaps eventually find some alleged backdoor, given the code goes through so much scrutiny? I maybe wrong of course but some proof of this would be good. Honestly. And I am not being sarcastic, I have donated money and if I ever found out that something remotely like this is happening, do you think that people like me or the organizations who fund Tor will give it any more money?
It's a question of whether the idea is fundamentally sound.
You're routing your data through several strangers, who are all volunteers and may be individuals who support anonymity or governments who are trying to break it, relying on them discarding logs in order to preserve your anonymity. Since the data is encrypted, and routed between several nodes, you do have some redundancy in place in case one of the middle nodes is an attacker.
However, there are several problems. The data coming out of the exit nodes is unencrypted. Now, everyone advises you to always encrypt anything that will pass through an exit node, but that's not always possible. Some protocols just don't have widely available encrypted versions (like DNS), or even with encryption, where you are connecting to is leaked, as well as some information in things like the TLS handshake that may be de-anonymizing.
There are also lots of ways that data can leak at your endpoint. For instance, many programs may make DNS queries that don't go through Tor, so what you are looking up may be leaked.
Furthermore, Tor doesn't sent data at a constant bitrate. Someone who can monitor traffic on a large portion of the network can correlate it across points.
Finally, due to the nature of routing traffic between several points, a fairly limited number of exit nodes, and the encryption, Tor is fairly slow. So most people won't really be able to use it on a day to day basis, making mere use of it somewhat suspicious, and likely to subject you to more scrutiny.
None of these are fatal flaws, but they are some fundamental weaknesses, and many of them can't really be fully fixed.
I think that focusing on widespread, end-to-end encryption, rather than anonymity service like Tor, would be more valuable. Yes, you will still be vulnerable to metadata monitoring, which is a problem, but it would help a lot more with the content of your communications.
The problems it has are clearly discussed in multiple places -- websites, research papers, etc. I don't think it can be more sound than that.
> You're routing your data through several strangers, who are all volunteers and may be individuals who support anonymity or governments who are trying to break it, relying on them discarding logs in order to preserve your anonymity.
It doesn't matter. That is the entire idea behind Tor.
> However, there are several problems. The data coming out of the exit nodes is unencrypted. There are also lots of ways that data can leak at your endpoint. For instance, many programs may make DNS queries that don't go through Tor, so what you are looking up may be leaked.
The TBB already takes care of this. So unless you use some crappy third-party browser, you are safe from these problems because they know about it and they have been fixed.
Of course the exit node is not something you can trust. But your argument does not always hold true because TBB ships with HTTPS Everywhere by default. So almost all major websites will automatically use HTTPS and therefore the exit node sniffing your connection is rendered useless. Now if you are sending out your information over plain-HTTP, then yes, you will have it compromised.
> Furthermore, Tor doesn't sent data at a constant bitrate. Someone who can monitor traffic on a large portion of the network can correlate it across points.
Because Tor is a low-latency network, timing analysis is easy to perform if the entry and the exit node are controlled by the same entity. Now this depends on whether the NSA runs Tor exits or not and I cannot answer this question.
> Finally, due to the nature of routing traffic between several points, a fairly limited number of exit nodes, and the encryption, Tor is fairly slow. So most people won't really be able to use it on a day to day basis, making mere use of it somewhat suspicious, and likely to subject you to more scrutiny.
Anonymity loves diversity. Tor has a diverse userbase and it is getting better. I do not think it is that slow -- surely we can't expect it to be as fast as your normal internet connection -- but it is not bad either. I think FWIW, given what it does and what we need, there is no better solution so I think we might as well stick to it than trusting some proprietary software.
If running Tor exit nodes is what is necessary for the NSA to snoop on traffic, why wouldn't they do so?
If your security depends on "well, the NSA isn't going to run a service they need to snoop on your traffic", you're doing it wrong.
> I think FWIW, given what it does and what we need, there is no better solution so I think we might as well stick to it than trusting some proprietary software.
That's not really the choice. It's a question of where your priorities lie.
I don't think our biggest threats to privacy are in the NSA monitoring merely who we connect to. For some users, it's a substantial threat; for instance, for protesters in Iran, it may be a big problem, and for them Tor is invaluable (especially since it's unlikely that the Iranian government has the same resources to attack Tor that the NSA does).
Instead, our biggest (technical, as opposed to political or social) threats to privacy lie in a few places:
1) Email. Email has all kinds of problems (it's not verifiable, no good identity management, spam, and it's unencrypted in transit in many of its hops). 2) Google, Facebook, Yahoo, Twitter, etc. Big, closed services, that lock you in, and provide centralized places for monitoring. For many people in my social circles, Facebook is their primary means of online communication. 3) Web tracking: cookies and other web de-anonymization techniques 4) Unencrypted HTTP 5) Identity on the web. Almost every account you create requires an email address, which can trivially be used by the NSA to correlate data between accounts. Anonymous email services can be used to fight this, but managing databases of email addresses, usernames, and passwords to preserve anonymity is beyond most people's capabilities. The solutions to this are mostly to use one of the big services for login, which of course down't solve the anonymity problem at all. 6) The phone system. Telecoms have demonstrated repeatedly that they're more than willing to hand your data over without a court order. Tech companies at least act embarrassed about it in public; phone companies just lobby for retroactive immunity to keep themselves safe from their customers.
There may be more that I'm not thinking of, but those are some of the biggest.
Tor does very little to protect you from these kinds of threats. All it protects you from is someone monitoring who you are connecting to; but if most of the traffic they are interested in is to Google or Facebook, they don't need to attack it by monitoring your connection, they can just get the data straight from the endpoint.
I think that the biggest things we need, to preserve privacy, are replacements for many of the above problems, that even our grandmothers can use. Sure, a few privacy conscious geeks, a few Iranian protesters, some online griefers, some drug dealers, and some pedophiles can take advantage of Tor. It provides a useful service for some, but a fairly small portion, of people.
Getting ubiquitous encryption, better key management and identity management, a return to federated or peer-to-peer services rather than a few large centralized players, and getting all of that widely deployed and usable by your grandparents, are what we want to really improve privacy and security.
You realize there are tens of thousands fiber lines in a city, right? Tapping fibers going from ISP cusomers to PoPs isn't scalable.
Hiding the equipment from the people working every day on splicing smaller fiber cables to the trunks would also be a major issue.
The trouble with that is that often the illusion of security/anonymity is worse than not having it at all. See also: Enigma
Definitely don't trust proprietary software though.
DNSCrypt encrypts communication between the user and the OpenDNS servers.
http://www.opendns.com/technology/dnscrypt/
Or they can just find existing exit nodes, and ask the data centers to install splitters for them.
Exit nodes and relay nodes are not secret, so specifically targetting them for analysis would be pretty easy.
In 20 years Tor will have served its purpose and the government will have a new strategy. Maybe they'll just try outlawing encryption again. Certainly we'll forget all about the Clinton era by then.
Well. Maybe not as much anymore. But exactly that has in fact happened in the past: https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.2...
Isn't this exactly what someone would have said about the NSA spying on us even just a few months back? Did we learn from that AT ALL or just anytime we don't like a theory we will call that person a tin foil hat wearing nutcase?
This story is neither helpful nor enlightening in that regard as it has no evidence. Just mere speculation and insinuation.
There is value in discussing these conspiracy theories, if only to disseminate information and allow others to determine their own risk assessment. The conflict of interest inherent in a law enforcement agency funding a tool for circumventing detection is enough to raise alarm bells for some classes of users.
Completely agree, but its a little silly for the person who was just proven wrong to continue to heap the burden of proof on everyone but themselves.
The NSA is a different case. We do not know anything about it, except from the leaks. But we do know things about Tor.
a). Actively developed, follows the best principles possible. Open discussions in IRC, active mailing list, developers who respond to queries.
b). Highly researched by some of the best universities in the world. Cambridge and Waterloo come to mind instantly.
c). There has not been a single case of mistrust on their part that should make someone suspicious about them.
The day Tor does something like this, not only they lose their funding, they lose users and they become a dead project. With so much reputation at stake -- and they are respected people in the community -- Dingledine and Mathewson doing something like this? I don't think so.
I'd be more wary of NSA contributing code directly or through anon HUMINT accounts, hoping some of it slips through.
A lot of companies probably should, or at least severely limit its use.
By realizing my comment was tongue-in-cheek ;)
'pg: Find a way to make it stop or I will use HN less and less.
This might work on your mother, but is less effective on people who don't care about you.
Here's just one such paper.
http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf
You don't need backdoors in the program to make Tor less anonymous. You work with traffic patterns & other information gleaned from the network. You can also congest the network & find out more information that way.
Tor is useful but you're kidding yourself if you think it protects you from the NSA. And please, shut up about conspiracy theories. Many of these theories have become verified fact, and the rest are up to bayesian judgement. You should brush up on your history starting circa WWII & learn to what extent the intelligence communities go to have an upper hand. Tor is low hanging fruit compared to breaking certain cryptographic primitives.
I believe nobody sensible involved in Tor would claim it provides strong anonymity. Anonymous networks are a trade-off between efficiency and anonymity. Because it is efficient enough to allow web browsing, Tor provides relatively weak anonymity.
But he is working on Tor, which can be attacked by global passive attackers, something that in past consider very unlikely to exist. We know today nsa is a global passive attacker.
And today, mixmaster still hasn't been working, and the size of email anonymity networks is so small, to be useless.
It all worked out very nicely for the nsa. And what, they just got lucky? No conspiracy?
I was thinking of just this the other day. In light of all the recent news, what's people's feeling about TrueCrypt. Elaborate ruse by the NSA or really good software that is very secure?
Just curious, where do you run your relay? Is it under your home internet connection? Does it ever give you any trouble (authorities come knocking the door, etc)?
<conspiracy> With that much information on hand I could play the foreign stock markets like mad. And also forex. It will be sane for NSA to have capabilities to crash a potential adversaries currency and stock market. </conspiracy>
* I'm not accusing anyone. It's easy to believe so much in propaganda that you start to spread it too. One even honestly creates more unrelated reasons to believe. I know that I'll never trust RSA as much again, and will probably migrate to 3kb keys.
I always thought that was a pretty neat attack.
Is it conceivable that nodes could hold packets for a period of time long enough that traffic is "really" mixed with other traffic? Or does this just add the equivalent of a random delay which is easily defeated?
I imagine the NSA would task a team of researchers to analyze the source code, find a vulnerability, and develop a tool to exploit it. I imagine they'd then hand the tool over to a team to deploy and operate it.
No person from the TOR community would need be involved or made aware. And, assuming the NSA was the only one with the exploit, there would be no reason to stop funding Tor, since it advances American interests without (now, thanks to the exploit) threatening them.
I don't, however, trust it to do anything else: namely, I don't think of it as a security panacea. Goals of security are confidentiality, integrity, and availability. Anonymity is only a small part of confidentiality: tor provides a somewhat reasonable guarantee (i.e., much better than nothing or use of proxies) that I can anonymous browse censored web sites. However, alone it doesn't in any way help with secure communications to others, it doesn't ensure that the sites I am visiting aren't MITM'd, it does not protect against attacks that reduce availability of end points.
Since online content censorship is not currently a big problem in the United States -- but now a huge problem pretty much elsewhere, including in the Western World -- in most cases it isn't really an ailment for the ills inflicted by the current government overreach.
Also, it's entirely possible that the government is using the same software (or a slight fork) on a different network, but using the public deployment of Tor as a way to easily get public review of the cryptosystem.
http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-...