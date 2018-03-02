The Tor Project - a private nonprofit known as the "NSA-proof" gateway to the "dark web," turns out to be almost "100% funded by the US government" according to documents obtained by investigative journalist and author Yasha Levine.
The Tor browser, launched in 2001, utilizes so-called "onion routing" technology developed by the US Navy in 1998 to provide anonymity over computer networks.
In a recent blog post, Levine details how he was able to obtain roughly 2,500 pages of correspondence via FOIA requests while performing research for a book. The documents include strategy, contract, budgets and status updates between the Tor project and its primary source of funding; a CIA spinoff known as the Broadcasting Board of Governors (BBG), which "oversees America's foreign broadcasting operations like Radio Free Asia and Radio Free Europe."
By following the money, I discovered that Tor was not a grassroots. I was able to show that despite its indie radical cred and claims to help its users protect themselves from government surveillance online, Tor was almost 100% funded by three U.S. National Security agencies: the Navy, the State Department and the BBG. Following the money revealed that Tor was not a grassroots outfit, but a military contractor with its own government contractor number. In other words: it was a privatized extension of the very same government that it claimed to be fighting.
The documents conclusively showed that Tor is not independent at all. The organization did not have free reign to do whatever it wanted, but was kept on a very short leash and bound by contracts with strict contractual obligations. It was also required to file detailed monthly status reports that gave the U.S. government a clear picture of what Tor employees were developing, where they went and who they saw. -Yasha Levine
The FOIA documents also suggest that Tor's ability to shield users from government spying may be nothing more than hot air. While no evidence of a "backdoor" exists, the documents obtained by Levine reveal that Tor has “no qualms with privately tipping off the federal government to security vulnerabilities before alerting the public, a move that would give the feds an opportunity to exploit the security weakness long before informing Tor users.”
Exit nodes
Cybersecurity experts have noted for years that while Tor may be technically anonymous in theory - the 'exit nodes' where traffic leaves the secure "onion" protocol and is decrypted can be established by anyone - including government agencies.
Anyone running an exit node can read the traffic passing through it.
In 2007 Egerstad set up just five Tor exit nodes and used them to intercept thousands of private emails, instant messages and email account credentials.
Amongst his unwitting victims were the Australia, Japanese, Iranian, India and Russia embassies, the Iranian Foreign Ministry, the Indian Ministry of Defence and the Dalai Lama’s liaison office.
He concluded that people were using Tor in the mistaken belief that it was an end-to-end encryption tool.
It is many things, but it isn’t that.
Dan Egerstad proved then that exit nodes were a fine place to spy on people and his research convinced him in 2007, long before Snowden, that governments were funding expensive, high bandwidth exit nodes for exactly that purpose. -Naked Security
Interestingly, Edward Snowden is a big fan of Tor - even throwing a "cryptoparty" while he was still an NSA contractor where he set up a Tor exit node to show off how cool they are.
In a 2015 interview with The Intercept's (Wikileaks hating) Micah Lee, Snowden said:
LEE: What do you think about Tor? Do you think that everyone should be familiar with it, or do you think that it’s only a use-it-if-you-need-it thing?
SNOWDEN: I think Tor is the most important privacy-enhancing technology project being used today.
"Tor Browser is a great way to selectively use Tor to look something up and not leave a trace that you did it. It can also help bypass censorship when you’re on a network where certain sites are blocked. If you want to get more involved, you can volunteer to run your own Tor node, as I do, and support the diversity of the Tor network."
Interesting...
In reply to Slaugther. by Which is worse…
He's just now figureing this out...
17 years later?
Sure hate to see his reaction speed to save his portfolio when it bombs...
In reply to It's like an S-box, but for… by Helena Bonham-Carter
On the one hand, Snowden didn't have access to everything. On the other hand...........?
In reply to He's just now figureing this… by Shillinlikeavillan
Welcome to the official sanctuary for tax evaders. Don't mind the barbwire.
In reply to Slaugther. by Which is worse…
This should not be a surprise at all. Tor's own release notes state it was developed by the US with the aim of allowing citizens in repressive countries to communicate over the Internet without their governments being able to read the traffic. People who don't read the instruction manual deserve what happens to them.
Any government can block Tor by putting the nodes on a blocked list. Within minutes, or even seconds of a new one popping up, it is blocked.
In reply to This should not be a… by Pernicious Gol…
Not accurate. Tor has a feature called "bridges" to solve this problem.
In reply to Any government can block Tor… by roddy6667
So is TOR via Tails still safe? Is it time for me to start microwaving my usb sticks?
In reply to Not accurate. Tor has a… by Helena Bonham-Carter
In reply to So is TOR via Tails still… by FakeNewsBandit
Anybody who uses somebody else's code for security gets what they deserve.
In reply to Conspiracy fact confirmed. by HippieHaulers
Nice indictment of every spy and every military service member in history. Not everyone can code. And most people who think they can write secure software, can't.
Is Tor via Tails safe? "Safe" is not an either-or thing. Make a threat model and conduct an assessment or go home.
In reply to Anybody who uses somebody… by Automatic Choke
Threat model - one-time pads.
In reply to Nice indictment of every spy… by Helena Bonham-Carter
Cryptographic algorithms are not threat models.
In reply to Threat model - one-time pads. by UmbilicalMosqu…
In reply to Anybody who uses somebody… by Automatic Choke
You mean, there is gambling going on in here?
Well this changes everything!
P.S. There is no such thing as private electronic communications, only the illusion of it.
In reply to No shit! by Umh
Almost as shocked as I was when I found out facebook didn't keep my info secure but in fact sold it to the highest bidder.
In reply to No shit! by Umh
I am surprised. And concerned.
EVERYTHING in cryptography is compromised.
The only thing, which works, is OTP encryption.
The algorithms themselves are not all compromised. However most computers are compromised. OTP won't save you when your CPU and OS are backdoored.
In reply to I am surprised. And… by oncemore1
Any of the American sheeple still believing in "checks and balances" step fore ward,please ! We want to enjoy your embarrassment.
Snowden is a spook and this has been known for years. Not knocking the article ofc everyone should know this.
Snowden is a triple, or maybe even a sextuple hexatruple agent.
In reply to Snowden is a spook and this… by coaltar
You know the dude's a setup when Hollywood MAKES A FVCKIN MOVIE ABOUT HIM.
In reply to Snowden is a triple, or… by ChimiBonga
He is probably a matryoshka.
In reply to Snowden is a triple, or… by ChimiBonga
Why did it take them forever to catch the Silk Road dude, then?
Because they had to perform "parallel construction"
In reply to Why did it take them forever… by devo
there is,and never as been, any privacy online, the internet was set up originally as an intelligence gathering exercise and it still does the same job.
No, the internet was set up as a communications system for government and academic research centers. It was transformed into an intelligence-gathering system decades later, when it began to be used by the public.
In reply to there is,and never as been,… by grissle
Its simply a cost thing.
Peer to peer networks are very costly. The cheapest to set up and operate are hub & spoke. This means you end up with big hubs which are easy to monitor.
If you want to avoid this you need to look into mobile and wifi peer to peer networking.
In reply to No, the internet was set up… by Helena Bonham-Carter
Peer-to-peer wifi is trivial to set up. If you're talking about mesh or other decentralized wifi, it's nontrivial but it's not "very costly". Look at Freifunk BATMAN.
In cities like New York with SIGINT packages integrated into every public wifi kiosk, it gives no privacy advantage. Outside of cities it may provide a privacy advantage, but only if you are not being actively targeted by widely-available police SIGINT equipment.
In reply to Its simply a cost thing… by css1971
Sounds like BS to me. The last I heard Snowden was recommending TAILS, instead of TOR.
In reply to Sounds like BS to me. The… by TheEndIsNear
Snowden endorses TAILS, TOR, SIGNAL, and QUBES. They each solve unrelated problems. TAILS ships with TOR installed.
In reply to Sounds like BS to me. The… by TheEndIsNear
The main problem with all 4 programs is: How do you get a copy? How do you know you're not downloading a backdoored version?
"I got it from the app store"
"I checked the SHA1 sum"
"I bought a copy on a USB stick through the mail"
Fail, fail, fail.
In reply to Snowden endorses TAILS, TOR,… by Helena Bonham-Carter
*stops my app store download of signal*
Just gonna use carrier pigeons.
In reply to The main problem with all 4… by Helena Bonham-Carter
Rookie! Easy download a copy. Use it to say you are going to expose Clintons. If you're alive a week later your version is fine to use.
In reply to The main problem with all 4… by Helena Bonham-Carter
Then there was the "TOR Stinks" Snowden leak, very early in the cycle. Was the release an attempt to convince everyone to keep using it? https://cryptome.org/2013/10/nsa-tor-stinks.pdf
There have been quite a few other documenting the .gov funding issues over the years, NSA, I mean google is your friend...
This is hardly breaking news, on many of the sites you can download TOR from there is a little preface about its history, so anyone that has used TOR and read anything about it will find that it was developed by the CIA/FBI for their operatives.
been in the history bit in Wikipedia for years!! https://en.wikipedia.org/wiki/Tor_(anonymity_network)
but it is still very useful if you live somewhere that has any form of censorship. but you are better of using a VPN for downloading anything you do not want screened.
but if a government actively wants to track you, they will.
Fortknoxster just started up. Anybody know about that? It's block-chain based.
Another bunch of amateurs selling snake oil using big words.
In reply to Fortknoxster just started up… by otschelnik
So, mass arrests of sadistic pedophiles when??
This has been known for a long time, so where is the news?
I've used a very simple code.
You know those wavy lines that some people put above and below their automatic signature, e-mail address and phone number?
When I wanted to send a private chat using office e-mail I'd make that wavy automatic signature line using the decorative "widgets" font.
The receiver would take the wavy widgets fonts line and change the font from widget symbols to "Cyrillic" font and copy paste the cyrillic line into Google Translate and translate it from Russian into English. And that was my private message.
And to write back he'd just write a message in English, translate it into Russian, change the Cyrillic font into widgets, make the widgets small like a decorative wavy line and stick it above and below his automatic signature.
I don't think anyone would think, Hey this decorative wavy signature line might actually be a coded message in Amharic, Russian or Hebrew, I'll change the font and into all of the world's alphabets one by one and see.
Your message will be detected as suspicious in 2 seconds because it's a statistical outlier compared to other comms. If it's ranked as suspicious enough (when combined with other detection criteria) to land on an analyst's desk, they'll figure it out in 5 minutes. Use peer-reviewed cryptographic implementations or go home.
In reply to I've used a very simple code… by Hillarys Server
Even the best encryption is useless when your RNG is compromised.
Guess where the most advanced and widely used RNGs are designed and located?
In reply to Your message will be… by Helena Bonham-Carter
The most advanced, and the most widely used, are not the same product.
The most widely used are the RNG's integrated into consumer CPU's and OS's. Many are backdoored.
The most advanced are manufactured by small firms in a number of countries.
In reply to Even the best encryption is… by Doom and Dust
RNGs in CPUs and other devices are useless for true encryption since they are pseudo-random by definition.
True RNGs are manufactured and maintained from nuclear sources by a small number of companies mostly from one single very small country. Surely you can guess it.
In reply to The most advanced, and the… by Helena Bonham-Carter
Expand your horizons.
In reply to RNGs in CPUs and other… by Doom and Dust