PRISM vs Tor
By now, just about everybody has heard about the PRISM surveillance program, and many are beginning to speculate on its impact on Tor.
Unfortunately, there still are a lot of gaps to fill in terms of understanding what is really going on, especially in the face of conflicting information between the primary source material and Google, Facebook, and Apple's claims of non-involvement.
This apparent conflict means that it is still hard to pin down exactly how the program impacts Tor, and is leading many to assume worst-case scenarios.
For example, some of the worst-case scenarios include the NSA using weaponized exploits to compromise datacenter equipment at these firms. Less severe, but still extremely worrying possibilities include issuing gag orders to mid or low-level datacenter staff to install backdoors or monitoring equipment without any interaction what-so-ever with the legal and executive staff of the firms themselves.
We're going to save analysis of those speculative and invasive scenarios for when more information becomes available (though we may independently write a future blog post on the dangers of the government use of weaponized exploits).
For now, let's review what Tor can do, what tools go well with Tor to give you defense-in-depth for your communications, and what work needs to be done so we can make it easier to protect communications from instances where the existing centralized communications infrastructure is compromised by the NSA, China, Iran, or by anyone else who manages to get ahold of the keys to the kingdom.
The core Tor software's job is to conceal your identity from your recipient, and to conceal your recipient and your content from observers on your end. By itself, Tor does not protect the actual communications content once it leaves the Tor network. This can make it useful against some forms of metadata analysis, but this also means Tor is best used in combination with other tools.
Through the use of HTTPS-Everywhere in Tor Browser, in many cases we can protect your communications content where parts of the Tor network and/or your recipients' infrastructure are compromised or under surveillance. The EFF has created an excellent interactive graphic to help illustrate and clarify these combined properties.
Through the use of combinations of additional software like TorBirdy and Enigmail, OTR, and Diaspora, Tor can also protect your communications content in cases where the communications infrastructure (Google/Facebook) is compromised.
However, the real interesting use cases for Tor in the face of dragnet surveillance like this is not that Tor can protect your gmail/facebook accounts from analysis (in fact, Tor could never really protect account usage metadata), but that Tor and hidden services are actually a key building block to build systems where it is no longer possible to go to a single party and obtain the full metadata, communications frequency, *or* contents.
Tor hidden services are arbitrary communications endpoints that are resistant to both metadata analysis and surveillance.
A simple (to deploy) example of a hidden service based mechanism to significantly hinder exactly this type of surveillance is an XMPP client that also ships with an XMPP server and a Tor hidden service. Such a P2P communication system (where the clients are themselves the servers) is both end-to-end secure, and does *not* have a single central server where metadata is available. This communication is private, pseudonymous, and does not have involve any single central party or intermediary.
Despite these compelling use cases and powerful tool combination possibilities, the Tor Project is under no illusion that these more sophisticated configurations are easy, usable, or accessible by the general public.
We recognize that a lot of work needs to be done even for the basic tools like Tor Browser, TorBirdy, EnigMail, and OTR to work seamlessly and securely for most users, let alone complex combinations like XMPP or Diaspora with Hidden Services.
Additionally, hidden services themselves are in need of quite a bit of development assistance just to maintain their originally designed level of security, let alone scaling to support large numbers of endpoints.
Being an Open Source project with limited resources, we welcome contributions from the community to make any of this software work better with Tor, or to help improve the Tor software itself.
If you're not a developer, but you would still like to help us succeed in our mission of securing the world's communications, please donate! It is a rather big job, after all.
We will keep you updated as we learn more about the exact capabilities of this program.
Sorry for censoring your comment, but...
to be honest, in a post where I mention the use of weaponized exploits by governments, and where you yourself appear to be alluding to weaponized exploits, I could not in good conscience post your sketch URLs.
Nor as a software developer who writes software that people depend on could I click on those URLs myself without spending a few hours/days to get a fresh computer, fire up a VM, and examine what the hell they did to it.
Do you have any non-shortened versions?
To answer your general point: I truly believe that the use of weaponized exploits risks crashing the world economy. Software engineering is simply not prepared to deal with this threat.
With the number of dependencies present in large software projects, there is no way any amount of global surveillance, isolation, or firewalling could sufficiently isolate and protect the software development process of widely deployed software projects in order to prevent scenarios where malware sneaks in through a dependency into software that is critical to the function of the world economy.
Such malware could be quite simple: One day, a timer goes off, and any computer running the infected software turns into a brick.
This shit is a doomsday scenario on the order of nuclear conflagration, and anything short of global disarmament risks humanity (or at least large sectors of the world economy) losing access to computing for months or even years.
There is no M.A.D. scenario as a deterrent here either. Stockpiling more exploits does not make us safer. In fact, the more exploits exist, the higher the risk of the wrong one leaking -- and it really only takes a chain of just a few of the right exploits for this to happen. There will also be no clear vector for retaliation. Moreover, how do you retaliate if you have no functioning computer systems or networks left?
If there's *anything* we should be spending the NSA's $10B+/yr budget on, it's making sure key software development processes are secure against tampering, exploitation, and backdoors, not reading people's fucking email.
End the madness before it's too late.
Hi, it doesn't bother me that you have excluded the shortened URLs etc. Let me try again... Also, I agree with the stuff you have said above. Yes. Yes. Yes. Also, end the madness, ditto!
That said, here is (hopefully better) non-shortened link... Anything you can do to provide remedy or clarification, would be great help.
Tor needs a toaster. What I mean is that most people r4eally do not wish to figure out how to load and configure secure stuff and keep prying unconstitutional searches and seizures of our digital effects. Most people do nor really need to understand it either AS Long AS it works and is effortless. They need something that they point and click and they have the best we can manage LIKE a TOASTER plug it in and everything comes out light brown with no special skills. REMEMBER, the more grandmothers and children who use Government or better grade encryption the better everyone else will blend in. I personally have no real need except that it ticks me off to live in a police state with the likes of The NSA looking over everyones shoulders and denying freedoms that were well understood at the foundation of our nation.
Is there some way to have a torified way to have my computer generate BTC for donation to TOR perhaps on a distributed basis. OR perhaps could TOR SET UP ITS OWN CYBERCURRENCY!
It might be nice to also keep out 10 % of what I make for future uses which i might figure out later.