I've heard a lot of people on the left argue that Tor is likely backdoored because it was created by the U.S. Navy for spies to communicate and is still funded by the government. Yasha Levine has written a lot about this:
- https://surveillancevalley.com/blog/tor-files
- https://thebaffler.com/salvos/the-crypto-keepers-levine
He also appeared in TrueAnon episode 50 to talk about this.
On the other hand, a lot of people in the crypto and tech community disagree with this. They believe that Tor is not backdoored for one or both of the following reasons:
- Tor is open-source and has been audited.
- The U.S. Government would never do such a thing.
They also point to a leaked NSA presentation from 2007 that admits the NSA can't deanonymize Tor users.
What are your thoughts?
I think the question of "is TOR backdoored" is indicative of the wrong approach to operational security. With the rise of the Snowden disclosures of PRISM and other dragnet surveillance programs being conducted by the state, public interest in cryptography and cryptographical protocols skyrocketed. It was a popular conception that with the right cryptographic protocols we could outsmart and elude the state. That operational security was a problem which could be solved with an app. This was a naïve and incorrect mode of thinking.
Cryptography is a powerful tool, and in the right hands it can make the work of the state much more difficult. But cryptographic protocols are only as strong as the weakest link in your organization. Neither are cryptographic protocols immune to social engineering attacks such is infiltration.
TOR must be viewed in this lens. It makes you much more difficult to identify under most threat models, but if your threat model includes the national security apparatus, your challenges will be much more of an organizational nature than a cryptographic nature.
The things that will provide you with the most security are more or less the classic staples of tradecraft: compartmentalization, dead drops, one time pads, holding one on one meetings in person, outdoors, in places that won't be bugged. Separating your organization into an above ground political arm and an underground militant arm with little to no formal communication or contract.
Encryption and authenticity (digital signing) are good general prophylactic practices which should be employed, but staying under the radar and providing as little encrypted cyphertext and metadata as possible should also be a goal when dealing with sensitive projects. While encryption will protect the contents of the discussion, it will still leave a trail of breadcrumbs and help investigators piece together a network of associations.