Yes, surely TOR will protect us from government surveillance…
The project was originally developed on behalf of the U.S. intelligence community and continues to receive U.S. government funding, and has been criticized as “more resembl[ing] a spook project than a tool designed by a culture that values accountability or transparency”.[177] As of 2012, 80% of The Tor Project’s $2M annual budget came from the United States government, with the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation as major contributors,[178] aiming “to aid democracy advocates in authoritarian states”.[179] Other public sources of funding include DARPA, the U.S. Naval Research Laboratory, and the Government of Sweden.
[…]
Critics say that Tor is not as secure as it claims,[185] pointing to U.S. law enforcement’s investigations and shutdowns of Tor-using sites such as web-hosting company Freedom Hosting and online marketplace Silk Road.
But also…
In October 2013, after analyzing documents leaked by Edward Snowden, The Guardian reported that the NSA had repeatedly tried to crack Tor and had failed to break its core security, although it had had some success attacking the computers of individual Tor users.[27] The Guardian also published a 2012 NSA classified slide deck, entitled “Tor Stinks”, which said: “We will never be able to de-anonymize all Tor users all the time”, but “with manual analysis we can de-anonymize a very small fraction of Tor users”.[186] When Tor users are arrested, it is typically due to human error, not to the core technology being hacked or cracked.
[…]
A late 2014 report by Der Spiegel using a new cache of Snowden leaks revealed, however, that as of 2012 the NSA deemed Tor on its own as a “major threat” to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, ZRTP, RedPhone, Tails, and TrueCrypt was ranked as “catastrophic,” leading to a “near-total loss/lack of insight to target communications, presence…”
Yes, surely TOR will protect us from government surveillance…
I don’t get the sarcasm. Everything that you’ve posted suggests that it will.
Simply pointing out public funding doesn’t make it less secure. It’s implying (or allowing others to imply) some hidden conspiracy that breaks TOR in some way that we don’t know about. If this is a source of vulnerability, it has not been demonstrated.
Based on what we do know:
“We will never be able to de-anonymize all Tor users all the time”, but “with manual analysis we can de-anonymize a very small fraction of Tor users”.
when used in conjunction with other privacy tools such as OTR, Cspace, ZRTP, RedPhone, Tails, and TrueCrypt was ranked as “catastrophic,” leading to a “near-total loss/lack of insight to target communications, presence…”
TOR is open source and the protocol is well understood. The software has been audited multiple times by multiple different sources.
The TOR network itself is secure.
The people who get ‘caught using TOR’ are caught based on other failures of their personal security. Like forgetting to enable TOR once and logging into an IRC channel, connecting to a malicious site with a javascript enabled browser, running TOR on an exploitable phone or running a business who’s payments travel through financial networks viewable by the adversary.
There’s more to cybersecurity than simply installing the TOR browser bundle. If you are not familiar with this field, do not risk your freedom or safety trying to do things on TOR which would cause you to come to the attention of intelligence services or other bad people.
Yes, surely TOR will protect us from government surveillance…
But also…
https://en.wikipedia.org/wiki/Tor_(network)
YMMV, and your implementation and usage matter.
I don’t get the sarcasm. Everything that you’ve posted suggests that it will.
Simply pointing out public funding doesn’t make it less secure. It’s implying (or allowing others to imply) some hidden conspiracy that breaks TOR in some way that we don’t know about. If this is a source of vulnerability, it has not been demonstrated.
Based on what we do know:
TOR is open source and the protocol is well understood. The software has been audited multiple times by multiple different sources.
The TOR network itself is secure.
The people who get ‘caught using TOR’ are caught based on other failures of their personal security. Like forgetting to enable TOR once and logging into an IRC channel, connecting to a malicious site with a javascript enabled browser, running TOR on an exploitable phone or running a business who’s payments travel through financial networks viewable by the adversary.
There’s more to cybersecurity than simply installing the TOR browser bundle. If you are not familiar with this field, do not risk your freedom or safety trying to do things on TOR which would cause you to come to the attention of intelligence services or other bad people.
They say that your friends are your greatest enemies…
If the US gov is good at anything, it’s shooting itself in the foot