Tor and the Silk Road takedown
We've had several requests by the press and others to talk about the Silk Road situation today. We only know what's going on by reading the same news sources everyone else is reading.
In this case we've been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network). The FBI says that their suspect made mistakes in operational security, and was found through actual detective work. Remember: Tor does not anonymize individuals when they use their legal name on a public forum, use a VPN with logs that are subject to a subpoena, or provide personal information to other services. See also the list of warnings linked from the Tor download page.
Also, while we've seen no evidence that this case involved breaking into the webserver behind the hidden service, we should take this opportunity to emphasize that Tor's hidden service feature (a way to publish and access content anonymously) won't keep someone anonymous when paired with unsafe software or unsafe behavior. It is up to the publisher to choose and configure server software that is resistant to attacks. Mistakes in configuring or maintaining a hidden service website can compromise the publisher's anonymity independent of Tor.
And finally, Tor's design goals include preventing even The Tor Project from tracking users; hidden services are no different. We don't have any special access to or information about this hidden service or any other. Because Tor is open-source and it comes with detailed design documents and research papers, independent researchers can verify its security.
Here are some helpful links to more information on these subjects:
Technical details of hidden services:
Our abuse FAQ:
For those curious about our interactions with law enforcement:
Using Tor hidden services for good:
Regarding the Freedom Hosting incident in August 2013, which is unrelated
as far as we can tell:
Some general hints on staying anonymous:
The Tor Project is a nonprofit 501(c)(3) organization dedicated to providing tools to help people manage their privacy on the Internet. Our focus continues to be in helping ordinary citizens, victims of abuse, individuals in dangerous parts of the world, and others stay aware and educated about how to keep themselves secure online.
The global Tor team remains committed to building technology solutions to help keep the doors to freedom of expression open. We will continue to watch as the details of this situation unfold and respond when it is appropriate and useful.
For further press related questions please contact us at firstname.lastname@example.org.
You guys are so full of shit... 60% of your funding money comes from Government subsidiaries. Yes it's true servers have to be configured properly to provide the proper security but as far as I'm concerned Tor is the a comprised network that probably the NSA runs half the relays and god knows about the exit nodes. ANYONE ELSE FEEL SAFE USING TOR AFTER FREEDOM HOSTING AND NOW SILK ROAD?
ANYONE ELSE NOTICE IT'S THE ILLEGAL SITES GETTING NABBED? IF THAT'S NOT A CLEAR INDICATION THAT TOR IS INVOLVED WITH THE GOVERNMENT THEN i GOT A BRIDGE TO SELL YOU IN SAN FRAN.
Sorry for the caps but I'm tired of the lies and deceits from this camp of developers that promote their values and are nothing but two face government lackeys.
As for the funding discussion: a) you wouldn't even be saying 60% if we weren't so transparent with all our finances, and b) we publish everything we do and you can look at it and decide for yourself. I have a longer answer over at the "quick ant" blog post:
As for the NSA running half the relays, see my comment below:
As for the "do you feel safe" part, there are some serious adversaries attacking the Internet these days. It may be that Tor can't protect you against the NSA's large-scale Internet surveillance, and it may be that no existing anonymous communication tool can. "Stop using the Internet" is a perfectly reasonable answer. See the discussion in the "quick ant" blog post for more:
Hi, if you made Tor a subscription service the community could support the developers and increase the number of relays 10fold. Torproject llc could lease out their services to various 3rd parties who would handle payment and take a set % to setup additional nodes. I would be more than happy to pay over $100 a year to pay for a more resilient Tor.
That is a terrible idea, no one has the right to charge Tor users a subscription fee. What about the people in Egypt, or Syria, or China that require the use of the Tor network? They can't afford a fee to get important news in and send important messages out.
yeah sure, make everyone pay then your anonymity goes to the FBI together with your bank details. As long as America believe that they are the world police, everyone is in danger