I've heard a lot of people on the left argue that Tor is likely backdoored because it was created by the U.S. Navy for spies to communicate and is still funded by the government. Yasha Levine has written a lot about this:
- https://surveillancevalley.com/blog/tor-files
- https://thebaffler.com/salvos/the-crypto-keepers-levine
He also appeared in TrueAnon episode 50 to talk about this.
On the other hand, a lot of people in the crypto and tech community disagree with this. They believe that Tor is not backdoored for one or both of the following reasons:
- Tor is open-source and has been audited.
- The U.S. Government would never do such a thing.
They also point to a leaked NSA presentation from 2007 that admits the NSA can't deanonymize Tor users.
What are your thoughts?
I mean, the thing about TOR is it relies on its distributed nature to help obfuscate traffic. When you've got access to the literal backbone of the internet, as we know is largely kind of the case. See: Room 641A Hunting down the location of a Hidden Service ceases to be an impossible task. Not easy, but no more impossible than spinning up enough of your own exit relays to map synchronous traffic.
jfc, this conversation is becoming a total trip down memory lane. I'm remembering years of arguments during the 90's with people over whether or not ECHELON was real. brb gotta go build a Faraday cage in the woods.:grinning face with sweat:
deleted by creator
True. We're talking some pretty high end stuff when it'd probably be more akin to that xkcd comic about breaking encryption with a wrench.
deleted by creator
lol yep there ya go.
Exit nodes and hidden services are entirely separate topics. A connection to a Tor hidden service requires both server and client to each form a three-node Tor connection to what's called a Guard node, which acts as an intermediary in the connection between them. At no point are any exit nodes involved in this process. Exit nodes are only involved in connecting to the regular internet through Tor.
Yeah, I wasn't trying to say they were the same, merely remarking on the scale of what they have access to. Hiding a needle in a haystack is a great technique, but it's important to remember our opponents do still pretty much have access to all the hay.
Fair enough, but I think the main way the authorities find hidden services is by hacking the server (over a Tor connection) and then having it ping them in Langley on the clearnet, something that's pretty trivial for any state-level actor. And I thought it was worth clarifying the point about hidden services because this is a point of confusion for most people regarding how Tor actually works.
Oh yeah, you're probably right. If I remember correctly from the Snowden dumps, the Alphabets keep a whole bunch of sweet 0 Days.