15

In light of recent events, I've been learning more about Tor, and I have a lot of questions. Here's one.

Wikipedia's article states;

As of 2012, 80% of the Tor Project's $2M annual budget comes from the United States government, with the Swedish government and other organizations providing the rest, including NGOs and thousands of individual sponsors.

I realize that Tor software is open source, so surely if there were some obvious issues with it, we'd know about them already. Still, I can't help but wonder if, by using it, I'm simply bringing myself into a henhouse of the foxes' own making, or at the very least inviting more scrutiny. Is my paranoia justified?

Garrett Albright
  • 475
  • 4
  • 11

3 Answers3

10

Since the source code is open, it can be vetted. The bigger problem is that a large number of compromised nodes makes it easier to try to track, but this has nothing directly to do with the development itself. As for why the government would fund something like this. While it does make it easier for bad people to do bad things, it also makes it easier for good people to do good things in bad countries and that's still something the US government generally likes to see happen. The technology enables a much higher level of freedom in countries that otherwise would restrict freedom. While it can make it harder to stop bad people, it still has enough benefit for good that it is worth the risk of bad people abusing it.

That all said, can we be sure that they don't have some way to get around it. No, but based on the amount of research the government has been known to do on how to try to break Tor, it does seem unlikely they have some magic switch.

forest
  • 64,616
  • 20
  • 206
  • 257
AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • 2
    There have been some discussions about ways to make TOR traffic analysis more difficult even if an attacker runs a number of exit nodes, such as padding requests, mixing dummy requests with real requests, and randomly delaying responses within the TOR network to make it harder to identify which response belongs to a particular request. – Johnny Jun 13 '13 at 21:00
  • So the government does research on how to build Tor, and then the government does research on how to break Tor? Well, I guess if there's one thing the government is good at, it's finding work for itself. – Garrett Albright Jun 16 '13 at 01:19
  • @GarrettAlbright - yeah, well, in fairness, both serve useful purposes. You want to be able to protect innocent people from bad people but you don't want bad people to be able to abuse it. The two goals are in conflict but both are valuable in and of themselves. – AJ Henderson Jun 16 '13 at 18:58
  • @GarrettAlbright, even private companies will pay people to try to break the security of their products. I'd think it would be desirable to have someone other than the developers of a product perform an independent assessment of systems or software when you know there will be lots of hostile entities trying to find flaws. Better to learn of them as early as possible so you can fix them than to have hostile entities discover them and use them against those who will be relying on your product, especially when a failure of that product to perform as expected in some countries could lead to death. – MoonPoint Jan 17 '15 at 17:00
7

This is a great question.

In the end, the Tor network is a love/hate property when it comes to the US government.

On one hand, the government directly or indirectly provides a large portion of Tor's budget, as you pointed out. The most plausible and believable explanation for this baffling 'principal sponsor' status here, is that they want their intelligence agencies (and military and law enforcement) to be able to use this invaluable resource for their own, and mission-critical, anonymous browsing (and in as large an anonymity set as possible, so that they don't stick out like a sore thumb broadcasting themselves as covert government agents to every webserver out there).

The very fact that Tor started out as a government project for the Military in the nascent days of the World Wide Web (very early on - even before HTTPS became widespread), proves that it has been a high priority for their own intelligence agencies from very early on, and I see no reason for that to change any time soon.

They want it to continue, and to be robust - at least against any attacker that doesn't have the resources and hacking power that they do.

And that is the problem.

On the other hand, the government has every reason to want to break this anonymity, when others use it to thwart its own surveillance reach which clearly has become more important to them but developing slightly later in time than their already-existing priority to release Tor to the public, and increase its efficacy for their own use itself.

So long as the NSA has better intelligence powers than anyone else - one could theorize that, although 'Tor Stinks', it is still in their global long-term strategic interest to actually PROVIDE Tor, as a smart way to maintain top dog status and keep their overarching reign of intelligence in the world - their line of thought would be, 'So long as WE stay ahead of the curve, let's just nurture and encourage Tor along so all the criminals and dissidents are at least put in one place and make our XKeyscore filtering that bit easier too'.

Don't think of it as 'control' - but 'management'. Like the fenced-off 'savage reservations' in Aldous Huxley's Brave New World. They know they can't control everyone, and everything, so Tor is a compromising (for the NSA) way, to at least maintain some order to the chaos that is the Internet's fierce, rebellious and fierce liberties/dissident community. Tor has to WORK, for that strategy to even work.

This being said, one could believe that the Tor Project does not make it a burning priority to truly make it systemically secure from the NSA's own powers - and I wouldn't blame you for believing it either.

But there still is no more anonymous a way to browse the DNS Internet than by (at least partly) using Tor, and not only are there increasingly capable competitors threatening NSA's abilities to let it not be as good as it could be, but as the leaked report said, they do indeed need to go to a lot of effort to de-anonymize people on Tor - and as always - they can't and will not go after everyone anyway.

All a user can do is be as vigilant as possible to take measures in addition to use of the Tor protocol itself (like further careful browser tweaks, not browsing HTTP sites (and balking at DNS HTTPS itself), VPN-before-Tor configurations, protocol obfuscation where possible, astute anti-fingerprinting and -profiling browser and browsing choices, and just realizing the risks associated with any given Internet activity in light of this), and realize in the end, that any Tor is STILL better than no Tor, just like any HTTPS is still better than no HTTPS.

Closing thoughts:

A great analogy to help illustrate this theory - that Tor is a love/hate brainchild of the government that leads a strange dance and symbiosis with those who would seem the last for it to want to give power to - is that indeed the Internet itself, although originally funded by the government (like Tor), and then released to the Public (like Tor), is now perhaps the most powerful tool by which independent-minded and dissenting individuals and groups can form, discover, thrive, and mobilize (against the state if they want to), and indeed circumvent laws and restrictions that the government tries to place on 'the people' - all using a tool the government created or helped develop themselves.

The world is complex, and there is more of a symbiotic relationship between the 'feds' and the 'hackers' than one first may realize.

A second analogy is that 'anti-capitalist' activists - by necessity - directly and indirectly use tools, resources and materials, that were only possible via the cogs and wheels of modern capitalism - but it doesn't mean such anti-capitalist activism is worthless or ineffective.

You just have to know how the whole picture works (of power play), and know when you have a dance, a necessary symbiosis (no matter how begrudging), with a very entity you are passionately fighting against.

I imagine this is how Jacob Appelbaum feels.

4

Well, it's open source, and the network is open too. Of course, some of the volunteer nodes could be under government control, especially the big nodes. I doubt that there's anything malicious in the source code. There are many with the same level of cautiousness; so I'm pretty sure that the source code has been well vetted.

So the only issue is dishonest/government nodes. In such a case, you could make your own private network of Tor by forking it, making small tweaks, and distributing it in trusted circles. Note that it becomes more trackable if less people are using it.

Manishearth
  • 8,237
  • 5
  • 34
  • 56