I've heard a lot of people on the left argue that Tor is likely backdoored because it was created by the U.S. Navy for spies to communicate and is still funded by the government. Yasha Levine has written a lot about this:

He also appeared in TrueAnon episode 50 to talk about this.

On the other hand, a lot of people in the crypto and tech community disagree with this. They believe that Tor is not backdoored for one or both of the following reasons:

  • Tor is open-source and has been audited.
  • The U.S. Government would never do such a thing.

They also point to a leaked NSA presentation from 2007 that admits the NSA can't deanonymize Tor users.

What are your thoughts?

  • BreadPrices [he/him,comrade/them]
    arrow-down
    1
    ·
    edit-2
    4 years ago

    The encryption is probably not broken but the government can, and probably has:

    The ability to detect tor traffic at the customer facing interface of an ISP, which would deanonymize tor traffic

    The ability to buy thousands of tor nodes at under $100 a piece, including entry/exit nodes, and use aggregate data to determine the location and identity of webservers

    The control of a lot of VPNs, which will log your usage of tor traffic

    • femboi [they/them, she/her]
      ·
      4 years ago

      And don’t forget the cooperation of every american ISP and probably a bunch of other NATO ISPs too. Long story short, if the US gov ever has a reason to target you specifically, maybe just don’t use the internet anymore

      • eduardog3000 [he/him]
        ·
        edit-2
        4 years ago

        Long story short, if the US gov ever has a reason to target you specifically, maybe just don’t use the internet anymore you're probably screwed unless you are ready and able to physically defend yourself or just leave the country.

        But if you want to avoid giving them a reason to target you, tor is very useful.

      • BreadPrices [he/him,comrade/them]
        arrow-down
        2
        ·
        edit-2
        4 years ago

        This isn’t really true. All they can tell is that there is tor traffic, and tor works to make it as indistinguishable from normal ssl traffic as possible, iirc.

        They can tell that a specific household is using tor, which makes it not anonymous, I said that it doesn't mean decryption. TOR traffic does not behave like SSL traffic.

        If you are referring to this, it relies on being able to fingerprint the hidden service traffic by size and frequency of packets, which is easy for the hidden service to thwart, on top of needing to operate a large quantity of not only nodes, but specifically entry guard nodes, and the algorithm for choosing has been changed over the years to limit the impact of attacks like this.

        I'm not referring to that, the whole point of security at the transportation (edit meant network layer) layer is pretty much pointless when the ends are compromised, and it is very cheap to do so.

        If you're doing VPN to Proxy to TOR or whatever then TOR isn't what's providing you security, you're just using it to access TOR content.

          • BreadPrices [he/him,comrade/them]
            arrow-down
            2
            ·
            edit-2
            4 years ago

            It literally does, though. It, like HTTPS web traffic, follows the TLS protocol specification (colloquially still called SSL). It blends in nearly perfectly, and has dramatically improved over the years in this regard. You can try and track it by blocking entry node IP addresses, but obfsproxy has made this method obsolete.

            Yes a lot of things use TLS, HTTPS uses TLS and it's not TOR, TOR is unique in that it operates differently on the network layer than pretty much everything else on the Internet.

            Even if we buy that it is trivial to identify tor traffic, what good does this do the surveillor, though? lots of households will be using tor for lots of reasons.

            Nobody is using a packet capture as evidence. I can google "how to build a (insert whatever here)" or "how to commit an act of (insert whatever here)" and there would be no consequences/surveillance. Surveillance acts on suspicious activity, not on content, and the TOR network is a lot more suspicious. Nobody I know uses tor for lots of different reasons, just drugs.

            If that attack is not what you are referring to, how, pray tell, can they tell who is connecting to what? And if they can’t, then I return to my previous question, what good does it do anyone to know that you are connecting to the tor network?

            General trends in traffic. They can determine the location of webservers by general direction of traffic, even if individually the traffic is moving around a network like a ping pong ball.

            I still don’t understand why you think that being able to surveil a persons home internet connection changes anything with regards to tor.

            If you want encryption, use a vpn, if you want to obfuscate location, use a proxy, if you want the government/your ISP to think you're performing illegal activity, use TOR.

              • BreadPrices [he/him,comrade/them]
                arrow-down
                1
                ·
                4 years ago

                https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/

                Here you go. TLS is transport layer security. Onion routing is on the network layer. If you don't understand something it isn't techno mumbo jumbo.

                  • BreadPrices [he/him,comrade/them]
                    ·
                    edit-2
                    4 years ago

                    Onion routing is on the network layer.

                    Creating an alternative network protocol is still operating on the network layer. It's still network traffic. It behaves differently on the network layer than virtually all other network protocols.

                      • BreadPrices [he/him,comrade/them]
                        arrow-down
                        1
                        ·
                        4 years ago

                        You have a fundamental misunderstanding of how the Internet works if you think TOR traffic is either completely separate or indistinguishable from other network traffic. Have a good day, hackerman.

    • LiterallyLenin [none/use name]
      ·
      4 years ago

      Any recommendations for VPNs? I've seen recommendations to make your own but that reduces to the problem of an anonymous host for it.