I’ve heard a lot of people on the left argue that Tor is likely backdoored because it was created by the U.S. Navy for spies to communicate and is still funded by the government. Yasha Levine has written a lot about this:
- https://surveillancevalley.com/blog/tor-files
- https://thebaffler.com/salvos/the-crypto-keepers-levine
He also appeared in TrueAnon episode 50 to talk about this.
On the other hand, a lot of people in the crypto and tech community disagree with this. They believe that Tor is not backdoored for one or both of the following reasons:
- Tor is open-source and has been audited.
- The U.S. Government would never do such a thing.
They also point to a leaked NSA presentation from 2007 that admits the NSA can’t deanonymize Tor users.
What are your thoughts?
It’s not so much that they have to get into “a server inside the tor network” but they can go after users of tor hidden services if they somehow track down the server hosting that particular hidden service, but the whole system is built around making that very difficult.
Yes! Hidden services was what I was talking about. It’s been a while. :grinning face with sweat:
Those links you posted were what I was talking about. I know they claimed to have gotten the Silk Road dude over him using the same username, but I remember at the time (along with the timeline of the hack) that it all stank of parallel construction so they wouldn’t have to admit to the hack.
The case of freedom hosting, however, is more interesting, as I discussed above.
I mean, the thing about TOR is it relies on its distributed nature to help obfuscate traffic. When you’ve got access to the literal backbone of the internet, as we know is largely kind of the case. See: Room 641A Hunting down the location of a Hidden Service ceases to be an impossible task. Not easy, but no more impossible than spinning up enough of your own exit relays to map synchronous traffic.
jfc, this conversation is becoming a total trip down memory lane. I’m remembering years of arguments during the 90’s with people over whether or not ECHELON was real. brb gotta go build a Faraday cage in the woods.:grinning face with sweat:
javascript exploits
To expand upon this, interested parties should look up “canvas fingerprinting.” JS HTML5 contains within it certain functions that a server can use to query information about your system, setup, and display (such as resolution of the window loading the resources, custom fonts being displayed by the system, etc.), and if your setup is weird/unique enough, it can form a “fingerprint” of your oddities which can be used to track you across the web. This is why TOR’s instructions tell you not to resize the window. If everyone runs the TOR browser at the default resolution, that is one less oddity that can be used to track individuals.
