Yes, we know about the Guardian article

And also the Washington Post article.

We're planning to write up a more detailed analysis later, but for now here's a place to centralize all the "hey did you know about this article" blog comments.

And for the journalists out there who want a statement, here's my quote from the article:

"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.

Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications."


October 04, 2013


These new disclosures confirm (as some of us strongly suspected) that it was NSA tech that was used in the "torsploit" attack on Freedom Hosting in early August this year. Details, for those curious:

This matters because we're dealing with military-grade cyberweapons here - designed, built, and directed by military personnel. It requires a change of cognitive space, to respond effectively: this isn't LEO.

The Tor project is doing an excellent job of standing up under withering fire from a branch of the most powerful and well-funded military establishment ever in existence throughout history (by far). Think on that, perhaps, before slagging Tor for this or that limitation.

As to the political, social, and cultural implications of this confirmation that torsploit was NSA military offensive tech (not merely FBI, as so many erroneously claimed)... a different question and not directly relevant to issues on the table here.

military-grade cyberweapons?
Give me a break, TorSploit was a bread and butter exploit.


October 11, 2013

In reply to by Anonymous (not verified)


trickle down survey ( the little guys want what the big-fish has) : haven't heard anyone realize this online yet. realize it. the local coppers want what the Big Bro has... and in that means little stuff you don't think is a big deal.

They decide what exploit to use based on the target. Says so right in their documents. Why burn good 0day when a patched bug one will work just the same?

What a load of bs. There was nothing in the exploit or the payload that a single good hacker couldn't make. Even the vulnerability itself was in public domain for at least a month.

tor can't be able to do that much hence the fact they only have like 3 or 4 active programmers to keep up with this. to really be effective there would need to be like freakin 900 programmers.


October 04, 2013


Thanks arma! You and everyone who contributes to Tor (and there are a lot) are doing an excellent work, please keep it up!


October 04, 2013


Pretty good roundup of all the articles and documents, for anyone who cares:

This 2006 document (on MJOLNIR) is perhaps the most interesting:…

It describes multiple potential attacks against the Tor network; one can only imagine how many of those are in production after seven years. To assume they cannot do traffic analysis on the network -- e.g. to locate hidden services -- sounds extremely naive to me. (The section on hidden services in the MJOLNIR document is actually pretty interesting.)

If nothing else, this document shows that every threat you ever dreamed about is actually out there. And then some.

- Nemo

First, you should realize that the document you're reading was written by some interns -- students who popped in for the summer, wrote a paper, and then probably went back to their university. This is not NSA's "master plan".

I mean, you're welcome to assume that they allocated a new brilliant research team to each sentence in the paper, and these teams all went on to turn it into amazing attacks. But I think it's pretty clear from the "Tor stinks" slides that at least some of the research teams weren't able to do much with it.

If you want a much better newer version of the Mjolnir paper, check out the Usenix Security 2009 paper from Christian Grothoff's research group:

If you want some good documentation to show that every threat you ever dreamed of is actually out there, check all all the papers on -- now, these are just research papers, but they have a lot more convincing details than the documents we read yesterday.

OK, I have now read the 2009 paper, and I still think you are being naive. (And yes, I know who I am talking to. Do you? Hint: You are not the only MIT grad here...)

Your _2009_ paper describes a "novel" congestion attack that is also described in detail in the _2006_ MJOLNIR paper; they called it the "flower" attack. Do you really think the people who found this attack three years before you were "some interns" who "popped in for the summer"? Where did you get that idea? (You think "summer program" implies students?)

MJOLNIR appears to be a sophisticated Tor client API designed for use by exploitation teams across the Five Eyes. The paper describes much more than the "flower" attack. Did you actually read the whole thing?

For example... Section 7.2.2 (and Appendix D.4.2) describes how to attack hidden services to determine their location. By controlling the rendezvous point, they can arrange so that they only have to follow traffic through two hops, rather than the usual three, to locate the hidden service. Is that attack out of date?

Combine this with some unknown number of Tor nodes being run by NSA and friends, and this seems worth worrying about. How many Tor nodes could _you_ run with a $10 million annual budget? How about $100 million? $1 billion?

One last thing. Could you please provide specific references instead of a generic link to hundreds of papers going back to 1970? Because that just looks like deflection / blowing smoke. Compared to NSA, all of academic cryptography is elementary school stuff. Tor's own use of 1024-bit public keys, authenticate-before-encrypt, etc. just reinforce this impression. But go ahead and spend time on "reproducible builds" because that is obviously the biggest threat.

In short, you are not worried enough in my humble opinion. But hey, what could I possibly know.

- Nemo

As for the summer program thing, yes. Check out Andy Isaacson's analysis here:…

I should have pointed you to the other papers in the series. I thought reading the 'related work' section of the 2009 paper would be enough. But here they are:

"By controlling the rendezvous point, they can arrange so that they only have to follow traffic through two hops, rather than the usual three, to locate the hidden service. Is that attack out of date?"

That attack never worked in the first place. They never bothered learning how hidden services work, so they speculated some attacks and misunderstood the design.

Anyway, I encourage others to read this paper and form their own opinion. I'm going to keep ignoring it in favor of papers that really do have great attacks that we need to deal with (e.g. the upcoming CCS paper).

Arma, I think you "tor" and mozilla should get together to file a lawsuit against the federal government "for damaging your products name and compromising it", just like yahoo, google and microsoft have sought to do

also lavabit's founder is going to file a lawsuit against them

this administration needs to be sent a message, "that we will not tolerate this kind of tyranny" and that fight starts with you guys


October 04, 2013


It would be good if you could give a good advisory how to protect yourself from exploits of this kind.
I would say it is quite safe if you run Tor-Browser on a guest-system in e.g. Virtualbox (on Linux) and run Vidalia on the host-system using it as proxy for Virtualbox. A hardened Linux alone should be also good.

A hardened Linux alone should be also good.

Please recommend a proven hardened Linux OS for us who are not IT-savvy.

The PROBLEM with TAILS is that using it always directs itself at the TAILS startpage, so the exit node will obviously node it is dealing with a TAILS user. From all TOR-users, the amount of TAILs users are few, making tracking Tails users easier , especially in combination with browser fingerprinting (panopticlicks) and server-side cookies.

But unfortunately TAILS seems to choose for advertising themselves over anonimity. Let people please direct to a random or private search engine instead of the TAILS startpage every browser startup ....

TAILS. No, it's not as good as the VM-based ones, but it does give you layered security (a Firefox bug is not enough to unmask you).


October 04, 2013


I really respect you arma, and everyone who works on Tor, and other Tor applications - you gals/guys are the Internet (and real world - see Arab Spring) heroes of the 21st century.


October 05, 2013


Congratulations on being the first good news story of the Snowden revelations. Keep on stinking.


October 05, 2013


Jargon question: can anyone explain the term "CNE access" used in the "Tor Stinks" slides?

Botnet is not NSA, if they wanted to ddos SR they would have done it BEFORE they took over their servers. Botnet didnt show up until a month after SR servers were located.

Having circuits break quicker would likely *harm* your anonymity, depending I guess on how the rest of the design proposal goes. And having them get longer would likely also harm your anonymity by e.g. making congestion attacks better.

Careful -- anonymity is tricky. I suggest reading more of the papers at

And unless you can describe any anonymity attack that requires a botnet to sign up millions of clients, I think it is not reasonable to conclude that the botnet thing is related.

I tried to respond to some of the other implications in this comment:…

read this first:

Good in most cases:
you -> VPN/SSH -> Tor

Bad if they can track who paid for the VPN:
you -> Tor -> VPN/SSH

you -> Tor -> x
"This is generally a really poor plan."

Personally I consider this the best:
you -> ssh on VPS you paid for anonymously -> tor ->

You can also do this (regex):
you -> (ssh on VPS you paid for anonymously -> tor ->)+


December 15, 2013

In reply to by Anonymous (not verified)


LOLOLOLOL, if you paid for a service they can track you. this is a trap in itself. get real. unless you used some sort of identity theft, they can track you. don't pay for anything if you want to remain anonymous...this is just plain COMMON SENSE.


October 05, 2013


To: Tor developers

In the light of what the USA's NSA and the UK's GCHQ have done and/or will be doing in the future, it would be in the interest of the Tor community for Tor developers to create a web page containing every information that Tor is able or unable to counter the American and British surveillance programmes.

That would be good I agree. But that's a huge undertaking. First I think we should focus on fixing some of the known anonymity problems with Tor.

To quote some paragraphs I sent a journalist last night:

"""Looking over the rest of the slides, they seem to be asking some of the right questions but they don't seem to have any more answers than we do in the academic research community -- and in many cases the papers at provide significantly better answers than these slides do.

Or said more clearly, we still have a lot of work to do to make Tor both safe and usable, but we don't have any new work based on these slides."""

Do you think these slides provide any real help in working out where there is work to be done or are you saying that everything in them was basically already known with a better understanding already?

Thanks in advance.

I really liked this OS BUT I found it was creating ethernet interfaces on its own after I deleted them to try to figure out what it was up to. I could not control this OS's connection to the internet and data transfer I had to delete it after testing on a clean machine. I just did not trust it.

If anyone has an explanation or more detailed information I'd love to hear it.


October 05, 2013


Given that we know that the NSA are actively trying to influence encryption standards and implementations, is anyone doing any investigating into who associated with the Tor Project was pushing to keep TBB based on thne insecure version of Firefox?

Don't get me wrong, TorProject is doing a wonderful job. and there's no need to be paranoid. But being realistic helps us all...

Nobody was, and it wasn't based on the insecure version?

You should learn about Firefox's ESR releases.

That said, we're still on Firefox 17-ESR right now because of the many major privacy problems in Firefox 24-ESR. Mike is busy working on fixing them (among the many other Tor jobs he has) before Firefox 17-ESR goes unsupported.

If you want a conspiracy theory, you can say that Mozilla is conspiring to keep Tor distracted by new application-level privacy bugs, by putting out new versions so often.

But really, that's not entirely Mozilla's fault. Google is conspiring, using its fast Chrome release cycle, to force Mozilla to conspire to ... :)