On 20/12/2013 2:05 PM, David wrote:
The way that we know that Tor is relatively safe is that it is open
source and transparent. The government isn't monolithic. There are
different branches of government that have different interests. It is in
the interest of certain branches of US government to have a diverse,
secure, and anonymous system so that their own people can use it without
being known government operatives. Also, if there were any backdoors
we'd probably know by now. The code is not secret, nor are the finances.
The Tor Project is incredibly open and transparent about almost
everything that happens.
Furthermore, the NSA doesn't need to own half the relays to
de-anonymize someone. If you're targeted, then Tor just buys you some
time. Tor is extremely secure against drag-net surveillance, but
targeted attacks from a government entity are a little more difficult to
defend against.
If you are worried that there aren't enough Tor relays then I'd
encourage you to start one.
Cheers,
David
I'd agree with you except evidence points the other way. There is now plenty of evidence to suggest that back doors are placed in products even if it renders the end product less secure. In other words for these government agencies, being able to spy is more important than being protected from spying.
Being open source does not guarantee safety. The nodes can operate well within design and still give away a wealth of information, which is exactly what a timing attack relies on. Even then we know that there are weaknesses in open source random number generators put there very deliberately. The open source community did not wake up to it for a long time, and more recent surprises courtesy of Edward Snowden.
How many open source projects are exploited on a daily basis? the only advantage open source has is, if it is popular enough (if you are lucky) and the exploit is found out soon enough (if you are diligent) the a patch will possibly be made quickly. But not always. I dont live under the illusion that because its open source its somehow inherently safer. Quite often the opposite is true.
I joined the TOR mailing list to discover more about TOR for the purpose of creating hopefully many more TOR exit relays. On learning more and from the experience of a friend when he tried to run an exit relay I realised this was not a wise thing to do. Not at least unless you are experienced and prepared for the probable consequences. As my plans involved many innocent helpers I decided the risk was far too high.
I was advised on this mailing list perhaps to create bridges instead, but that made my whole project of dubious worth so I canned it.
Chris -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk