Search Mailing List Archives
[liberationtech] Anonymity Smackdown: NSA vs. Tor
arma at mit.edu
Wed Aug 7 00:05:35 PDT 2013
On Tue, Aug 06, 2013 at 10:43:39PM -0500, Kyle Maxwell wrote:
> The key, obviously, is the primary assertion that the NSA runs "lots"
> of Tor nodes. I've seen this assertion before, and while it's
> certainly a reasonable assumption, I don't know if anybody outside the
> NSA actually has hard evidence for that.
I remember having this discussion with Bruce Schneier long ago, when
he was about to add the phrase "of *course* NSA runs Tor relays" to a
Consider two scenarios. In scenario one, NSA doesn't run any Tor
relays, but they have done deals with AT&T and other networks to be
able to passively monitor those networks -- including the (honest,
well-intentioned) Tor relays that run on those networks. They're able to
monitor some fraction of the Tor network capacity -- whether that's 1%
or 10% or 30% is a fine question, and depends on both Internet topology
and also what deals they've done.
In scenario two, they do that plus also run some relays. They have to
deal with all the red tape of deploying and operating real-world things
on the Internet, and the risk that they'll do it wrong, somebody will
notice, etc. And the benefit is maybe a few percent increase in what
they can watch.
Why would they choose scenario two? Scenario one seems like it would be
working out pretty well for them. And if it's not, their resources would
be better spent fixing that, since it leads to better surveillance of
everything else they care about too.
for a related discussion.
Oh, and this argument should also lead you to ask "ok, but what
about <smaller country that hasn't yet been reported to have a huge
Internet surveillance program>? Shouldn't they run relays?" Maybe they
should. Maybe we should hope they all do, which could make the network
more diverse assuming they don't share well with each other.
> Assuming that assertion holds, the architectural criticisms start to
> matter more: 3 hops, 1024 bit RSA keys, etc.
Somebody should tell Robert about the recent (Tor 0.2.4.x) shift to much
stronger circuit handshakes and link encryption:
And for the "Multiple apps share the same underlying Tor egress" concern,
he should learn about the stream isolation features added in Tor 0.2.3.x:
All of this said, I don't want anybody to conclude that Tor is
perfect. Many of the attacks from my 25c3 "security and anonymity
vulnerabilities in Tor" talk remain hard research questions:
More information about the liberationtech