On being targeted by the NSA

As quoted in the original article on Das Erste:

We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.

Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.

Thanks so much for offering up a detailed, thoughtful, and heartening response on what I agree is a relevant question.

I hope users can still help the team move toward diluting the role of U.S. DoD and other government funding in the project, whether received directly or indirectly. I say that not because I think it's inherently problematic--quite the opposite, actually--but because I doubt all of Tor's users feel the same way. Greater diversity and independence in funding sources seems like a better balance to address the needs and concerns of everyone who wants anonymity and privacy.

For the same reasons, I hope users will also help the project move toward a place where staff feel more comfortable choosing not to accept grants whose details can't be discussed.

Toward those ends, I hope others will join me in scaling up their personal donations to the project in response to these revelations! They demonstrate why this team's work is more important than ever.

Two unsolicited suggestion for the team in response to this news, perhaps to offer up to users on tor-talk since a good chunk of this information is already scattered across the website and listservs:

The project could make a commitment to publishing and updating a page on the website listing 1) staff/consultant/contractor talks/presentations to intelligence, military, and/or law enforcement agencies and contractors including dates, countries involved, and any details you could share and 2) a range of the number of staff e-mails, conference calls, and other interactions with "the IC" in any given month or quarter. This might help enhance trust among users who feel uneasy about using Tor after hearing about these revelations, and my sense is that a good chunk of this information is readily available on the website but perhaps not easily accessible.

Second, the project could develop a policy published on its website relating to whether staff can accept travel funding, honoraria, etc. from intelligence/military/law enforcement agencies, and/or commit to disclosing any such travel or other (non-grant or one-off) funding on its website. This might still be useful even if no staff members have ever received this kind of funding.

Anonymous

July 05, 2014

Permalink

Thanks for the answers. Who is Sponsor F? Why are sponsors mysteriously named? I think they're all in the annual reports, but it takes some digging to figure out who pays for what and why.

The "it takes some digging" is exactly the goal. Our sponsors page lists our funders, and our 990 filings list them in more detail. But some of our funders like to avoid the attention, because it could cause *their* funders (e.g. Congress) to think about whether they're spending their money well. This little bit of distance has been enough to make that work so far. (And if you ask "what do they have to hide?" then you haven't been paying attention to this whole privacy thing, have you. :)

As for why sponsors are mysteriously named, if a few want anonymity, then the only answer is to give them all anonymity. Ask some anonymity researchers how to provide anonymity to a few elements in a set, and this is what you get. I think it's a pretty good balance.

Anonymity (privacy, security, traffic analysis resistance, whatever you want to call it) sure is hard. I certainly won't argue that Tor is perfect, but I think it's still way better than the other options -- and maybe that tells us something about the options for privacy on the Internet in general. (We, the Internet, need more people helping to make good options, not more haters.)

Having at least one key spokesman with an appearance that looks like it was groomed to shout, "Look at me! I'm an obnoxious, in-your-face narcissistic degenerate twerp!", doesn't exactly help Tor's image.

I've managed to contact the presenter and we've been talking a bit. It looks like a combination of an end-to-end correlation attack (which we already know works fine *if* you're in the right positions to do the attack) and the guard rotation problem. See also
https://blog.torproject.org/blog/one-cell-enough
and
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guar…
More details coming soon I hope -- he is not being very good at the responsible disclosure side yet :( and I am trying to give him time to be.

Anonymous

July 05, 2014

Permalink

Isn't it high time to sacrifice the goal of low latency which seems chimeric in front of a global adversaries such as NSA ?
Concentrate on Tor's real value instead that (imho) is anonymity. Let relays store and delay-forward packets, and oh! please please stuff all Tor packets to one or a few standard lengths.

The trouble is that Tor tries to anonymize flows, not messages. Systems like Mixminion can work pretty well even in the face of global adversaries, providing they have enough users and enough traffic. But if you want to browse the web, it's not just a matter of padding all Tor packets to be a standard length (we already do that) -- you have to pad all *flows* to be a standard length. And since websites vary so much in size, that sure is a lot of wasted space. And mixing flows against an adversary like this likely involves waiting minutes or more for your website to load -- which really reduces the number of users willing to use it, which in turn reduces the security it can provide -- a bad cycle.

So yes, a fine idea in theory, but nobody knows how to do it in practice. Come to PETS (petsymposium.org) and participate in finding answers!

Anonymous

July 05, 2014

Permalink

I have access to Tor's internal servers. SVN is not secure. Git can be changed and the weak SHA hash pre-calculated.

Sponsor F is SRI International, http://www.sri.com/

Well, that's nice. If you actually do have something to tell us in terms of security of our servers, please actually report it, rather than just snarking on a blog comment. :) Thanks!

Anonymous

July 05, 2014

Permalink

So on getting your ip they watch your web habits, I presume to catch terroists right?

Emails and forums they belong too could give a clue if they are extremists.

As in the article you get load of people that use tor just because they are blocked from a site or a video.

It will be dangerous soon to just switch on a damn computer !!!

Why do you keep yelling this? I assume you're the same as the commenter above who said it. How about working to create options that can resist these sorts of attacks, rather than just yelling?

Anonymous

July 06, 2014

Permalink

@arma

Advocating privacy enhancing technologies like Tor is still very hard - even after the summer of Snowden. As a privacy advocate, you always encounter the same "arguments" from pro-surveillance people. "Tor is only facilitating drug dealing, child porn, money laundering, terrorism, organized crime..."

Is there a comprehensive official Tor manual on how to argue in favor of Tor while dealing with people accusing Tor to be a criminal tool?

From my experience, I can tell that it is not easy to resist such rhetorical attacks.
But it is very crucial to win the argumentation battles.

There aren't any official Tor manuals yet -- maybe you want to help put one together? Here are three resources that contain a lot of what I use:

* https://media.torproject.org/video/tor-internet-days-2010.mp4
* https://www.torproject.org/docs/faq-abuse
* http://media.ccc.de/browse/congress/2013/30C3_-_5423_-_en_-_saal_1_-_20…

"Practice practice practice" is the other answer. For bonus points, go try to teach law enforcement about Tor -- that sure helps you refine your arguments:
https://blog.torproject.org/category/tags/law-enforcement

Thanks a lot, even though I already knew some of these resources. That's why I asked for an "official" manual about pro-Tor argumentation.

Where can I contribute to such a manual? Is there a systematic process like the Tor bug tracker?

How can I gain access to the law enforcement world? I mean, I can hardly imagine they accept being taught about Tor by ordinary citizens. Not all of us have a renowned name like you.

You could start a wiki page and gather resources there; but it's likely you'll remain a voice in the wilderness. A better option is to find some of the helpdesk people on irc and work with them to coordinate more.

As for gaining access to the law enforcement world, police are generally desperate to have smart technical people teach them about this Internet thing. I bet you have a local chapter of Infragard or something similar. Or, my favorite way, run a Tor exit relay and then teach whoever sends you email about it. :)

Anonymous

July 06, 2014

Permalink

Im more concerned about this hacker's claims to deanonymize users than the NSA who i would presume has their head so far up their asses with bigger problems than what joe blow does on the internet.

In any case to the idiot who keeps shouting TOR IS DEAD he may have a point, low latency and anonymity may become incompatible, and easy access to the clearnet (of which the great majority of sites are US hosted and therefore watched) may become a thing of the past. Tor should focus more on enhancing the darknet attributes which so far have been shown to remain secure (as per all snowden articles, NSA claims to deanonymize flows via end-to-end correlation, and collect onion addresses, but never has claimed to deanonymize onion servers or connections).

Arma has expressed his priorities in these comments that popularity is more important to him than anonymity, arguing that a great increase in anonymity would push users away. If the TOR team cant find a safe way for people to enter into the tor network, assuming all exits and their destinations are watched, then TOR will be a greater risk to freedom than not using it at all.

I would suggest if you really value you freedom, starbucks wifi is a technically superior anonymity tool than TOR.

Two extremely important points (I say important because you'll use wrong intuition otherwise, leading to poor choices):

* Hidden services are likely weaker than "normal" Tor circuits, because the adversary can induce them to generate traffic. I mention this in the 29c3 talk and also again in
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guar…
The fact that the leaked NSA documents haven't mentioned breaking hidden services is, I think, due to the fact that hidden services are a tiny fraction of overall Tor use. Not because they're somehow (more) immune to these attacks.

* It isn't that popularity is more important to me than anonymity. It's that popularity and anonymity are linked to each other. I don't want popularity "instead of" anonymity. Rather, we *can't get* anonymity if we don't have popularity. While an unpopular service might provide theoretically stronger anonymity properties, if it doesn't have the users it won't provide these properties in practice. See "Anonymity Loves Company: Usability and the Network Effect":
http://freehaven.net/anonbib/#usability:weis2006

As for the Starbucks wifi option, it really depends what sort of anonymity you want. Is it ok if your adversary learns that you were in this Starbucks at that timestamp? If you do things that are linkable to each other over time (most people do), is it ok if your adversary makes a list of all the Starbuckses you're in and timestamps for each? Whether that profile they can build worries you depends on your threat model. But don't make the mistake of thinking that they watch Tor and don't watch other things -- it's hot to talk about Tor in the press, and Snowden used and relied on Tor so he made sure to bring with him a bunch of documents about Tor (thanks!), but if you think you can avoid surveillance by avoiding Tor, see the discussion at the top of this post. And as a final thought... why not both Starbucks and Tor, if that fits your threat model better?

If this were enough to stop people building profiles of web activity, then Google and other ad companies (who generally don't see the MAC address anyway) wouldn't be amassing huge databases about people.

"Run Internet Explorer at Starbucks and so long as you keep changing your MAC address you'll be fine" is missing out on all the things that Tor Browser aims to resolve:
https://www.torproject.org/projects/torbrowser/design/

(And while you could use the Tor Browser without Tor, you'd be approximately the only one doing so.)

There are many big reasons to distrust Starbucks. They have attended Bilderberg meetings repeatedly. Bilderberg was founded by an SS-officer, prince Bernhard of the Netherlands.

http://www.bilderberg.org/bernhard.htm

there is more

4 Solid Reasons to Avoid Starbucks
http://humansarefree.com/2014/06/4-solid-reasons-to-avoid-starbucks.html

Therefore Starbucks is at least devious and likely much worse. So i cannot use anything they offer and their allegiance to Bilderberg says everything. Bilderberg stems from 3rd Reich and they were big in surveillance and dictatorships first start to observe citizens. For this reasons Starbucks wifi cannot offer any anonymity.

Starbucks is the enemy, not Tor.

Anonymous

July 06, 2014

Permalink

I feel tor is getting old in some ways.
the tor dev's need to find the next step in making tor better.

like no more public node lists, exit or relay.
that shit needs to stop!
as well as blocking of nodes that are well know to be owned by gov's & law enforcement.

make some kind of update that sets a high default speed for nodes
like 80 or 100 that can't be set lower.
tor nodes are mad slow!
with how the net is now & days with big ass Pics & html5 videos/flash Tor needs the speed up big time.

A) Become a Tor dev, help us make it better!

B) Relays run by govs and law enforcement? I don't know any. Do you?

C) 80 or 100 what? (Many Tor relays are quite fast these days -- I'm really happy with Tor's performance now compared to a few years ago.)

Running proprietary software such as Adobe flash can deanonymize you and send your real IP address through the clearnet. There are solutions but they aren't within the scope of the average user.
Also, I tend to get more dropped connections than poor speed these days. Sure, it's not Gigabit but it's fast enough to watch a html5 video on with no problems usually.

Anonymous

July 06, 2014

Permalink

How would making the Tor network rely on only one exit node improve anonymity? wouldn't end-to-end correlation attacks be useless?

Since all the flows coming in would have different timing and volume characteristics, they'd very likely remain easy to match up. So moving everything to have one exit point would make it much more like a centralized VPN -- not a good move.

Changing timing and volume so more flows "overlap" or "collide" with each other is a fine open research problem. But I think that has little to do with whether the flows exit from one point or many.

Anonymous

July 07, 2014

Permalink

> Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.

As if Google didn't cooperate with NSA in the first place. Please.

Anonymous

July 07, 2014

Permalink

The NSA is just a decoy, you have other agencies like the CIA and the FBI and the Cyber Departments for each military, and much more who have also clear access to the NSA databases and other tools. The entire nation is targeting you! Either make a full proof software or else its completely useless! Full throttle privacy!

There's no such thing as fool proof software; programmers are human and make mistakes, especially when several are working on one piece of software as programmers tend to program similarly to how they think and everyone thinks differently. Good Crypto is even harder than normal programming, which simply increases the chance for bugs.

And that's not even mentioning that you can't guarantee someone from doing something extremely foolish to eliminate his anonymity. There are fundamental limits that technology exerts that can't be broken that make it impossible to make something cryptographically foolproof, because fools can always surprise you.

Anonymous

July 08, 2014

Permalink

In fact I found "tor" today. And from no on I will use "tor" if NSA want to check everyone.. thats their problem. More users more fun:)

Anonymous

July 08, 2014

Permalink

What do you think of a plugin that adds random data sizes to packets being sent from the client? wouldn't that help against correlation attack?

Seems like a hard research topic. So, "maybe".

But in the mean time, you're in luck! See the Google Summer of Code project that Marc Juarez is working on. It is a framework for experimenting with website fingerprinting defenses.

Also, you wouldn't want to add random data -- it is much safer to round up to a given block length. The goal is to make as many flows as possible look similar. And against correlation attacks, you'll also want to somehow deal with the timing information.

Anonymous

July 08, 2014

Permalink

I think arma@ is showing a remarkable amount of patience to some of the baiting and anonymous comments.

I don't think anyone considers Tor the perfect bridge to anonymity. But consider the constant developments that have gone on the past decade, you have to be impressed at the progress and the flexibility of the project in the face of changing and yet-unknown adversaries and threat models.

Einstein once said that our natural sciences are primitive, but are still the most precious thing we have. I think it's a useful description for Tor. The alternatives are untested, and in the case of some blog comments, purely marketing FUD.

Tor is constantly evolving in the software's development and in the user base. It is increasingly a tool for users in the Middle East. Crappy one-hop proxies are no longer the default choice.

If you have genuine input, put your energies into adding to the depth and breadth of Tor. So far with the Snowden disclosures, we've learned that it's a target, and that it is a real challenge to compromise for even potent passive adversaries.

A huge thanks to everyone who contributes to Tor in large and small ways. There's lots of room for improvement, but it's a dynamic project that is vital for millions.