I've heard a lot of people on the left argue that Tor is likely backdoored because it was created by the U.S. Navy for spies to communicate and is still funded by the government. Yasha Levine has written a lot about this:

He also appeared in TrueAnon episode 50 to talk about this.

On the other hand, a lot of people in the crypto and tech community disagree with this. They believe that Tor is not backdoored for one or both of the following reasons:

  • Tor is open-source and has been audited.
  • The U.S. Government would never do such a thing.

They also point to a leaked NSA presentation from 2007 that admits the NSA can't deanonymize Tor users.

What are your thoughts?

    • BreadPrices [he/him,comrade/them]
      2·
      4 years ago

      This isn’t really true. All they can tell is that there is tor traffic, and tor works to make it as indistinguishable from normal ssl traffic as possible, iirc.

      They can tell that a specific household is using tor, which makes it not anonymous, I said that it doesn't mean decryption. TOR traffic does not behave like SSL traffic.

      If you are referring to this, it relies on being able to fingerprint the hidden service traffic by size and frequency of packets, which is easy for the hidden service to thwart, on top of needing to operate a large quantity of not only nodes, but specifically entry guard nodes, and the algorithm for choosing has been changed over the years to limit the impact of attacks like this.

      I'm not referring to that, the whole point of security at the transportation (edit meant network layer) layer is pretty much pointless when the ends are compromised, and it is very cheap to do so.

      If you're doing VPN to Proxy to TOR or whatever then TOR isn't what's providing you security, you're just using it to access TOR content.

        • BreadPrices [he/him,comrade/them]
          2·
          4 years ago

          It literally does, though. It, like HTTPS web traffic, follows the TLS protocol specification (colloquially still called SSL). It blends in nearly perfectly, and has dramatically improved over the years in this regard. You can try and track it by blocking entry node IP addresses, but obfsproxy has made this method obsolete.

          Yes a lot of things use TLS, HTTPS uses TLS and it's not TOR, TOR is unique in that it operates differently on the network layer than pretty much everything else on the Internet.

          Even if we buy that it is trivial to identify tor traffic, what good does this do the surveillor, though? lots of households will be using tor for lots of reasons.

          Nobody is using a packet capture as evidence. I can google "how to build a (insert whatever here)" or "how to commit an act of (insert whatever here)" and there would be no consequences/surveillance. Surveillance acts on suspicious activity, not on content, and the TOR network is a lot more suspicious. Nobody I know uses tor for lots of different reasons, just drugs.

          If that attack is not what you are referring to, how, pray tell, can they tell who is connecting to what? And if they can’t, then I return to my previous question, what good does it do anyone to know that you are connecting to the tor network?

          General trends in traffic. They can determine the location of webservers by general direction of traffic, even if individually the traffic is moving around a network like a ping pong ball.

          I still don’t understand why you think that being able to surveil a persons home internet connection changes anything with regards to tor.

          If you want encryption, use a vpn, if you want to obfuscate location, use a proxy, if you want the government/your ISP to think you're performing illegal activity, use TOR.

            • BreadPrices [he/him,comrade/them]
              1·
              4 years ago

              https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/

              Here you go. TLS is transport layer security. Onion routing is on the network layer. If you don't understand something it isn't techno mumbo jumbo.

                • BreadPrices [he/him,comrade/them]
                  ·
                  4 years ago

                  Onion routing is on the network layer.

                  Creating an alternative network protocol is still operating on the network layer. It's still network traffic. It behaves differently on the network layer than virtually all other network protocols.

                    • BreadPrices [he/him,comrade/them]
                      1·
                      4 years ago

                      You have a fundamental misunderstanding of how the Internet works if you think TOR traffic is either completely separate or indistinguishable from other network traffic. Have a good day, hackerman.