NSA Trying Hard To Compromise Tor, But It's Still Mostly Safe
from the good-news dept
The latest from the Guardian out of the Ed Snowden leaks shows that the NSA and GCHQ have been trying desperately to target Tor, even though Tor is largely funded by the US government. The good news is that they basically haven't been able to attack the underlying Tor network, but rather rely on exploits elsewhere, such as within Firefox to try to target certain individuals.In response to all of this the NSA put out one of its typically bland and empty statements about how what it does is "authorized by law" and it should be no surprise that it's seeking information on bad people.Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.
But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymity, attacks, gchq, nsa, nsa surveillance, tor, vulnerabilities
Reader Comments
Subscribe: RSS
View by: Time | Thread
And given the sparked interest in privacy and better security they'll be having more reasons to cry in the future. Much for the benefit of the rest of us.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
More jails are being built. These are sunk costs and are very costly unless you are utilizing them fully.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Deterministic builds
With most projects, even free/open-source software, you have to trust that the build machines have not been compromised. With deterministic builds, even this risk is reduced.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
privacy is a natural human right in my opinion and for anyone to take that away from anyone is very wrong.
the whole system is designed to collapse... and soon. its not just the internet that is in trouble.
"End the fed, Arrest the Banksters!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
lol
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Reminds me to install Tor
What would happen if all of a sudden an additional billion people started using Tor? Make them drop their "national security" mask so the opposition can really take hold.
[ link to this | view in chronology ]
Re: Reminds me to install Tor
[ link to this | view in chronology ]
/s
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Tor is no obstacle to NSA surveillance
[ link to this | view in chronology ]
Re: Tor is no obstacle to NSA surveillance
[ link to this | view in chronology ]
Re: Tor is no obstacle to NSA surveillance
[ link to this | view in chronology ]
Re: Re: Tor is no obstacle to NSA surveillance
[ link to this | view in chronology ]
Re: Re: Re: Tor is no obstacle to NSA surveillance
[ link to this | view in chronology ]
Re: Re: Tor is no obstacle to NSA surveillance
www.syverson.org/tor-vulnerabilities-iccs.pdf
http://cryptome.org/2013/08/tor-users-r outed.pdf
[ link to this | view in chronology ]
I'm REALLY curious about this, does anyone know if this is a vulnerability in this software bundle or a problem with all Firefox browsers or Windows PCs?
[ link to this | view in chronology ]
Re:
Meant to quote this, sorry.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Speaking generally, pretty much every nontrivial program that uses the internet has vulnerabilities (that's a corollary to the fact that every nontrivial program has bugs). Many of these vulnerabilities are kept secret, so you probably won't know of them if you aren't the producer of the software, a spy, and/or a cracker.
[ link to this | view in chronology ]
Wait, that sounds familiar...
With apologies to Abraham Lincoln(?).
[ link to this | view in chronology ]
If I were a criminal defense attorney
[ link to this | view in chronology ]
If the NSA want's to waste valuable resources trying to figure out what I do online. That's their choice.
Anything I can do to make their unconstitutional spying harder, is worthwhile.
[ link to this | view in chronology ]
Thanks NSA for protecting the world, one rewritten dictionary at a time.
[ link to this | view in chronology ]
The development of a "Tor Browser Bundle" is plain stupid. Tor should be developed, a few browsers should be hardened and configured for Tor usage, as well as other clients for other protocols.
But they'll never do that, as they've made clear again and again.
[ link to this | view in chronology ]
Lack of knowledge
I'm from the old school. I was in Crypto before PGP.
I was Navy. What department will go forever undisclosed.
What I'm reading here is so sgnorant it's hard to stomach.
There are actually a few intellegent comments though.
AnonymousCoward you are pretty much knowledgeable and are leading the pack here with common sense.
Most of the rest of you should stop posting do a little more reading. Not here, go read about PGP, read about routing, read the history of PGP written by Phil Zimmerman who wrote and published it in the early 90's.
Who was hounded by the US Communist run government.
I helped to pay for his defense in those days.
Go learn. You will never learn by just blabing about what you don't know.
I still use Tor and what I use it for could be potentially life threatening.
No I am not violating any laws of my country. I'm trying to help those who have not the freedom you have.
Keep writing I want to learn just how ignorant my fellow citizens are.
[ link to this | view in chronology ]
Re: Lack of knowledge
[ link to this | view in chronology ]
Re: Lack of knowledge
[ link to this | view in chronology ]