I personally believe that Tor is compromised. I have been saying this for several years. The amount of bandwidth it consumes, and the reliance on honest entrance and exit nodes, means it is assured that three-letter agencies run the whole network. I’m confident the government can demask users on demand as needed.
I would love a counterpoint to my opinion but given that public honest nodes have trivial donations I don’t understand who can afford to support this network other than incentivized agencies.
One possible counterpoint is that the FBI took over and ran a child pornography onion service in 2015 [1] in order to deliver malware to visitors and demask them. This suggests that at least the FBI does not have the capability to demask users on demand.
Well, they also lied they couldn't break into that iPhone to try to get a court ruling that made it unnecessary to use expensive contractors or secret exploits. They lied that cryptography is blocking them a lot in general when the data shows that's rare. The NSA also had attacks on most mobile OS's, backdoors in ISP's, and so on feeding stuff to FBI who supposedly had no such capabilities.
Btw, the big ISP's being backdoored with high-bandwidth, Tor nodes on same networks drawing people to use them is about the worst-case scenario for Tor. Global visibility into traffic patterns on top of huge, attack budget for partial or full defeats of the technology. Plus lots of storage to keep as much encrypted traffic as they can as long as they can. That lets them hit today's systems or encrypted data with future attacks.
I assume NSA sees it all. I assume the FBI gets a part of it which will grow over time, concealing how they got the information. I did anonymous activities using equipment bought in cash over WiFi and HTTPS-looking connections to blend in with the less-interesting crowd. If worried about publicity, use cantennas so folks can't see your face on camera. Preferably suburban areas with more empty space and trees than cameras. Maybe Tor, too, but just don't use it anywhere near devices or a residence that's obviously yours.
The referenced Tor Project blog post, "One cell is enough to break Tor's anonymity", was written in 2009, prior to any Snowden revelations about the scale and scope of state-level actors to see the entirety of the global networks.
AFAIK, Tor still refuses to have nodes add random delays and random padding, etc. to make this style of analysis more difficult, but I am just going off what I researched a few years ago, so I could be wrong.
Tor already "pads" to cell size. There is ongoing work towards better padding. Look at WTF-PAD for more. It is surprisingly difficult to improve padding effectively, and you just can't add delays to TCP streams. Tor is not "refusing to add" either of those things.
So if you've been following Tor closely for years, you've presumably decided you don't trust Roger Dingledine?
I say this partly as an appeal to his authority (which I'll argue is not insignificant), but I don't mean it in an aggressive way. I don't know him personally, and I can't say very precisely how much trust I have in his claims.
With that said, he's claimed that he personally knows a substantial number of relay operators by volume, and there is significant pressure from certain levels of the US executive branch on the Tor Project to either compromise or abandon development of the Tor network in order to stop child porn.
Of course, he could be entirely unaware that the relay operators he knows are compromised or are simply federal agents, or he could be himself.
But I think these, among other pieces of information, must be contended with to develop a theory that tor is entirely compromised.
For instance, there are claims that people within the intelligence community use and rely on tor for their own work.
That’s not nessisarily relevant. In WWII most codes where cracked, but little of this information was used as the assumption was keeping the secret is generally more valuable than using the information. If in practice those agencies leave users alone then the polite fiction provides very useful cover.
Sure, if you’re trying to sell a stolen nuclear weapon then don’t use it. But for stolen credit cards it’s probably very safe in practice.
The entity using the information works backwards to construct a plausible fake chain of events which is acceptable to a court and hides the true source of the information.
It is absolutely relevant, it is your point that is not. Random drug dealers are not the Germans, and there is no war. They arrest shady people using tor all the time, and if tor is compromised, they can use parallel construction to hide their use of tor.
If you are using Tor for unencrypted connections to the internet, then sure, the security is going to depend entirely on the honesty of the nodes.
But what about when no exit nodes are involved, when you connect to hidden services? And if your underlying connection is properly encrypted, then the most that could be divuldged is metadata. You'd have to believe the U.S. government has also broken popular crypto, and I believe that if that were the case we would've never seen things like Dual EC DRGB. Even powerful quantum computers could only weaken cryptographic algorithms, if my understanding of Shor's algorithm is accurate, so you could always use paranoid-sized keys or post-quantum cryptographic algorithms.
The folks that work on and support Tor are by all accounts some fairly intelligent people. It is obviously very possible the whole network is compromised, but it would be very impressive if it was compromised and nobody ever found out.
I think software like Tor-based IM is still useful even in the event that the network is compromised to some degree.
This can be refuted pretty easily, on various grounds.
One, you are assuming that all parties interested in deanonymizing Tor collaborate. As you say: agencies, not agency.
The design makes sure that you do not need to trust any node in particular. The damage individual nodes can do are small and basically amount to temporary denial of service for non-exits (which clients will quickly route around) and messing with your traffic as exit (which becomes less and less of a problem as everything moves to e2e, and https is improved/hardened with key pinning etc). The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.
Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity. This will very rarely be the case in real scenarios, where "the NSA" will just not care about you, but plenty of other actors might. By spreading not necessarily false but very simplified claims, you are drawing users who don't know better to systems where they will be clearly much worse off!
The list of relays is public. There are actually surprisingly few exits that carry most of the traffic, which yes, is a weakness, but that weakness is still stronger than anything else you could compare it to. You can look at the large operators like universities and nonprofits like www.torservers.net, their relays, and you will see that it does not take that big of a budget to run the majority of all exits in terms of total capacity. Is is much easier even to contribute high bandwidth entry nodes -- again, feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.
I say all the following as someone who is generally pretty pro Western Intelligence and skeptical of any tinfoil hattery, BUT:
> As you say: agencies, not agency
This seems to willfully ignore the immense degree of cooperation between Five Eyes, Nine Eyes, SSEUR, etc. It's hard to get real numbers, but I think one would be safe in making the assumption that spending of Five Eyes + friendlies absolutely dwarves any other intelligence expenditure. So call it "the NSA" or whatever, but we are referring to the giant, interconnected "Western Intelligence" supra-national agency whose capabilities were considered to be the stuff of science fiction before the Snowden leaks.
> The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.
You are disingenuously shrinking the problem space here, by pretending that Tor is somehow bug free, or that all known bugs and flaws are already known. This is vanishingly unlikely. The question is not "are there exploitable bugs in Tor", but "how many zero-days do these organizations have?"
Further you hand-wave away a well-known problem by saying it's "not trivial to perform". You're talking here about an organization that literally taps underwater cables with specialized submarines, and arguably scans and extracts metadata from virtually _ALL INTERNET TRAFFIC_.
The parent said:
>> "I’m confident the government can demask users on demand as needed."
which you then attempted to reduce to the absurd by saying:
> Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity
Which is a bizarre reading.
> feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.
Other people's motives are "public information"? Lulz.
My understanding is that Tor is not a permissioned network. This means that anyone can run a node without asking for anyone’s approval. If this is the case, a trivial amount of money in terms of the USA defense budget ($100mil - $1 bil) could be spent to selectively reveal entities that the gov finds worthy of arrest.
Everyone be careful, nothing is as simple as it seems. Notice how I’m responding to an anonymous user. This is expected.
I don't really know whether the government of my country knows I use TOR (i use obfs4) and whether he can "correlate" sites i visit. If i'm of such interest to him, he can knock at my door and get all my computers : i will give him without any resistance.
Because the fact is that i use TOR to be anonymous and escape data mining by dangerous Big Companies : i can elect a government and should give him access to part of my data needed to be a citizen of my country, but i never elect thoses dangerous companies that steal and sell data, violate privacy, accumulate large data set about us behind our backs to cross-annalyse and compute who know why we didn't ask or envisage ... Governments are supposed to be accountable, companies are not unless we publicly discover they did something wrong.
Tor has convinced the average user that it is a black box that protects them and this is gravely untrue. It may be safer than your residential ISP but the level of security it claims to provide is simply false.
Like I said, I would appreciate someone explaining why I’m wrong but I’ve been closely following Tor for years and I haven’t seen anything to refute my opinion.
Definitely could be, but they must have gone through the trouble of setting up a larger number of little nodes if that's the case, as a lot of the largest exit nodes on the network have known operators. For example, as of a few weeks ago, a friend/grad students put up a top 5 (by bandwidth) in the US in the Media Lab at MIT, and a different friend ran a top 10 out of an MIT dorm room a few years ago before eventually getting shut down by admins. Fortunately, this one will likely stay up as it's under Joi Ito's purview now.
There are multiple counterpoints but most can be summed up that there is no strong argument in favor or either so that one has to fall back on a personal default.
Bandwidth consumption in Tor is not that big at 300Gbit/s. While its not perfectly comparable, a 1gbit/s connection residential connection cost about $100 a month. Imagining 300 users, or rather 7000 servers, is really not that big for a community project by volunteers. Naturally this finding is a double edge sword, as it also mean it is not costly for a nation to become the majority owner of all servers if they wanted to. Bandwidth is cheap. It is so cheap that one ISP has started to roll out 10Gbit/s for residential use.
7000 nodes are nothing for high bandwidth nations, and its not without reason that some over represented nations in the Tor network match those that subsidized broadband infrastructure. Sweden is about as big as UK but with 1/6 of the population. Germany is twice the size of US (https://metrics.torproject.org/bubbles.html#country).
I do not think cost is relevant to the question. Any agencies of any nation could afford it. The question really is if they would bother, and if they could continuously do it stealthy enough to not rouse suspicion. Its rather know that the hardest security to do is to run operation security continuously without mistakes. In additional we have leaks from inside (Snowden, Manning), internal politics, and I personally do not think it is likely that they would have managed to run perfectly stealthy for 16 years. I would give them the benefit of the doubt that any given year they could take over it, but once they do it won't take too long until it is detected.
> I personally believe that Tor is compromised. I have been saying this for several years. The amount of bandwidth it consumes, and the reliance on honest entrance and exit nodes
Any network where a single server somewhere runs a domain is not going to be reliable. People can use timing attacks to figure out who is running what.
SAFE Network is much better, as was stuff like Freenet and PerfectDark.
I've wondered the same. bandwidth is still very expensive at scale. How TOR exit nodes could afford it years ago is a mystery to me. There's some ISP's that host their own in europe, but aren't there still expensive charges when all that bandwidth goes out of their network?
It is extraordinarily cheap at scale, you can buy a gigabit port that you can blast at 1000mbit all day, every day, forever for around $300 a month (which comes out to about 300 TB of traffic in a month).
If you stick with providers like AWS or Amazon, sure its absurdly expensive, but its yet another way they have a huge amount of markup.
Basically, if you control the entry and exit nodes of a user, you can correlate their traffic. So, if a group had control of large numbers of servers, eventually (faster or slower depending on what proportion of tor servers they controll) they would be able to view a targeted user's traffic.
Yep, this has me looking at running a relay now that I have the bandwidth to do it (thanks, NBN). I don’t use Tor personally—I’m lucky, I don’t need to—but it’s an invaluable service for those who do.
Readit News
I would love a counterpoint to my opinion but given that public honest nodes have trivial donations I don’t understand who can afford to support this network other than incentivized agencies.
[1]: https://motherboard.vice.com/en_us/article/qkj8vv/the-fbis-u...
Btw, the big ISP's being backdoored with high-bandwidth, Tor nodes on same networks drawing people to use them is about the worst-case scenario for Tor. Global visibility into traffic patterns on top of huge, attack budget for partial or full defeats of the technology. Plus lots of storage to keep as much encrypted traffic as they can as long as they can. That lets them hit today's systems or encrypted data with future attacks.
I assume NSA sees it all. I assume the FBI gets a part of it which will grow over time, concealing how they got the information. I did anonymous activities using equipment bought in cash over WiFi and HTTPS-looking connections to blend in with the less-interesting crowd. If worried about publicity, use cantennas so folks can't see your face on camera. Preferably suburban areas with more empty space and trees than cameras. Maybe Tor, too, but just don't use it anywhere near devices or a residence that's obviously yours.
https://security.stackexchange.com/questions/147402/how-do-t...
The referenced Tor Project blog post, "One cell is enough to break Tor's anonymity", was written in 2009, prior to any Snowden revelations about the scale and scope of state-level actors to see the entirety of the global networks.
AFAIK, Tor still refuses to have nodes add random delays and random padding, etc. to make this style of analysis more difficult, but I am just going off what I researched a few years ago, so I could be wrong.
A more recent and thorough real world analysis of the traffic correlation problem is https://www.freehaven.net/anonbib/#ccs2013-usersrouted . In general, that site has a lot of great papers on these topics.
I say this partly as an appeal to his authority (which I'll argue is not insignificant), but I don't mean it in an aggressive way. I don't know him personally, and I can't say very precisely how much trust I have in his claims.
With that said, he's claimed that he personally knows a substantial number of relay operators by volume, and there is significant pressure from certain levels of the US executive branch on the Tor Project to either compromise or abandon development of the Tor network in order to stop child porn.
Of course, he could be entirely unaware that the relay operators he knows are compromised or are simply federal agents, or he could be himself.
But I think these, among other pieces of information, must be contended with to develop a theory that tor is entirely compromised.
For instance, there are claims that people within the intelligence community use and rely on tor for their own work.
Sure, if you’re trying to sell a stolen nuclear weapon then don’t use it. But for stolen credit cards it’s probably very safe in practice.
https://en.wikipedia.org/wiki/Parallel_construction
The entity using the information works backwards to construct a plausible fake chain of events which is acceptable to a court and hides the true source of the information.
But what about when no exit nodes are involved, when you connect to hidden services? And if your underlying connection is properly encrypted, then the most that could be divuldged is metadata. You'd have to believe the U.S. government has also broken popular crypto, and I believe that if that were the case we would've never seen things like Dual EC DRGB. Even powerful quantum computers could only weaken cryptographic algorithms, if my understanding of Shor's algorithm is accurate, so you could always use paranoid-sized keys or post-quantum cryptographic algorithms.
The folks that work on and support Tor are by all accounts some fairly intelligent people. It is obviously very possible the whole network is compromised, but it would be very impressive if it was compromised and nobody ever found out.
I think software like Tor-based IM is still useful even in the event that the network is compromised to some degree.
Given that, I would at a minimum route your network through an anonymous VPN (or two) before touching the Tor network.
It all depends on your opsec requirements but don’t be a naïve fool - Tor is not a magic anonymity service. It has pros and cons like everything else.
OP is claiming that a combination of traffic/volume analysis and dishonest nodes can find a hidden service source.
One, you are assuming that all parties interested in deanonymizing Tor collaborate. As you say: agencies, not agency.
The design makes sure that you do not need to trust any node in particular. The damage individual nodes can do are small and basically amount to temporary denial of service for non-exits (which clients will quickly route around) and messing with your traffic as exit (which becomes less and less of a problem as everything moves to e2e, and https is improved/hardened with key pinning etc). The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.
Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity. This will very rarely be the case in real scenarios, where "the NSA" will just not care about you, but plenty of other actors might. By spreading not necessarily false but very simplified claims, you are drawing users who don't know better to systems where they will be clearly much worse off!
The list of relays is public. There are actually surprisingly few exits that carry most of the traffic, which yes, is a weakness, but that weakness is still stronger than anything else you could compare it to. You can look at the large operators like universities and nonprofits like www.torservers.net, their relays, and you will see that it does not take that big of a budget to run the majority of all exits in terms of total capacity. Is is much easier even to contribute high bandwidth entry nodes -- again, feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.
> As you say: agencies, not agency
This seems to willfully ignore the immense degree of cooperation between Five Eyes, Nine Eyes, SSEUR, etc. It's hard to get real numbers, but I think one would be safe in making the assumption that spending of Five Eyes + friendlies absolutely dwarves any other intelligence expenditure. So call it "the NSA" or whatever, but we are referring to the giant, interconnected "Western Intelligence" supra-national agency whose capabilities were considered to be the stuff of science fiction before the Snowden leaks.
> The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.
You are disingenuously shrinking the problem space here, by pretending that Tor is somehow bug free, or that all known bugs and flaws are already known. This is vanishingly unlikely. The question is not "are there exploitable bugs in Tor", but "how many zero-days do these organizations have?"
Further you hand-wave away a well-known problem by saying it's "not trivial to perform". You're talking here about an organization that literally taps underwater cables with specialized submarines, and arguably scans and extracts metadata from virtually _ALL INTERNET TRAFFIC_.
The parent said:
>> "I’m confident the government can demask users on demand as needed."
which you then attempted to reduce to the absurd by saying:
> Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity
Which is a bizarre reading.
> feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.
Other people's motives are "public information"? Lulz.
Everyone be careful, nothing is as simple as it seems. Notice how I’m responding to an anonymous user. This is expected.
Because the fact is that i use TOR to be anonymous and escape data mining by dangerous Big Companies : i can elect a government and should give him access to part of my data needed to be a citizen of my country, but i never elect thoses dangerous companies that steal and sell data, violate privacy, accumulate large data set about us behind our backs to cross-annalyse and compute who know why we didn't ask or envisage ... Governments are supposed to be accountable, companies are not unless we publicly discover they did something wrong.
If you use your residential internet connection you're definitely not anonymous.
If you use Tor you're maybe not anonymous. That's still better.
Like I said, I would appreciate someone explaining why I’m wrong but I’ve been closely following Tor for years and I haven’t seen anything to refute my opinion.
Bandwidth consumption in Tor is not that big at 300Gbit/s. While its not perfectly comparable, a 1gbit/s connection residential connection cost about $100 a month. Imagining 300 users, or rather 7000 servers, is really not that big for a community project by volunteers. Naturally this finding is a double edge sword, as it also mean it is not costly for a nation to become the majority owner of all servers if they wanted to. Bandwidth is cheap. It is so cheap that one ISP has started to roll out 10Gbit/s for residential use.
7000 nodes are nothing for high bandwidth nations, and its not without reason that some over represented nations in the Tor network match those that subsidized broadband infrastructure. Sweden is about as big as UK but with 1/6 of the population. Germany is twice the size of US (https://metrics.torproject.org/bubbles.html#country).
I do not think cost is relevant to the question. Any agencies of any nation could afford it. The question really is if they would bother, and if they could continuously do it stealthy enough to not rouse suspicion. Its rather know that the hardest security to do is to run operation security continuously without mistakes. In additional we have leaks from inside (Snowden, Manning), internal politics, and I personally do not think it is likely that they would have managed to run perfectly stealthy for 16 years. I would give them the benefit of the doubt that any given year they could take over it, but once they do it won't take too long until it is detected.
You obviously never bothered to look at who runs relays: https://metrics.torproject.org/rs.html Plus Tor's threat model already assumes that some nodes are compromised: https://www.torproject.org/projects/torbrowser/design/#adver... And as others pointed out, the oft-stated "using Tor is better than not" applies.
SAFE Network is much better, as was stuff like Freenet and PerfectDark.
If you stick with providers like AWS or Amazon, sure its absurdly expensive, but its yet another way they have a huge amount of markup.
Now more than ever the world needs Tor.
Instead, try to lobby at work to make you site directly available on a onion address.
Normalizing is more important IMHO.
If you can't do that at work, just install the client on W10, and show it to friends and family.
Because there is strength in numbers.
thank you!
[0] https://addons.mozilla.org/en-US/firefox/addon/buster-captch...
Dead Comment
Dead Comment