Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interviews: Ask Executive Director Andrew Lewman About Tor and Privacy

Posted by samzenpus on from the go-ahead-and-ask dept.

samzenpus writes Andrew Lewman wears many hats: biologist, advocate against domestic violence, programmer, Executive Director of the Tor project and a member of the board of directors. He works to preserve the right to speak and read freely online by fighting laws and technology that threaten anonymity. Just how hard that has become is much clearer now that the NSA's interest in Tor has become public. Andrew has agreed to give us some of his time and answer any questions you might have. As usual, ask as many as you'd like, but please, one per post.

26 of 61 comments (clear)

  1. Simple questions by Bodhammer · · Score: 3, Insightful

    Can TOR be trusted and how can I truly know that?

    --
    "I say we take off, nuke the site from orbit. It's the only way to be sure."
  2. The NSA TrueCrypt Ploy Again? by TechForensics · · Score: 1

    How can we ever be sure Tor has not morphed into an eviscerated TrueCrypt and that at some point, after achieving their means of compromise, the NSA won't force a version they can easily backdoor on the public?

    They like to compromise software and then put it back, so it becomes an intelligence asset. In my understanding only a legal technicality allowed TrueCrypt to issue a cryptic public announcement which effectively let the public know TrueCrypt was potentially compromised. I wonder whether the NSA will even allow Tor to recommend a transparently ineffective alternative.

    How can strategies be drawn so if Tor is easily, possibly undetectably breached, the public will have some inkling of it?

    --
    Those are my principles, and if you don't like them... well, I have others.
    1. Re:The NSA TrueCrypt Ploy Again? by NotInHere · · Score: 1

      The problem is also that TOR still has value if it is monitored by the NSA, as it enables people in China and other countries to access censorship-poor (some might call it -free) internet.

  3. Re:Just curious by samzenpus · · Score: 1

    You mean these answers from Aug. 20? http://features.slashdot.org/s...

  4. How many Tor users are aware that Tor by wiredog · · Score: 1

    was originally developed by the US Government, and is still supported financially by the US Government?

    "Few", or "almost none"?

    --

    Best Slashdot Co
  5. FaceBook on Tor by P3r1$c0p3 · · Score: 1

    The announcment of FaceBook being available on Tor seems to be a ploy to confuse single dimesion thinkers into revealing themselves. Is this being sponsored by alphabet soup agencies as a way to kind of model the topology of the Tor network, or is it more social experiment on how people who would login to their online identity while trying to be anonymous at the same time think?

  6. Tor connections by Anonymous Coward · · Score: 2, Interesting

    Why hasn't TOR moved towards a connectionless routing between the client and the exit node? A permanent connection is being established each time with the same pattern: computer -> entry node -> middle node -> exit node -> website. This can lead to a traffic pattern analysis, given an observer with enough "peer exchange nodes" under his monitoring. In some cases all the connections could be monitored with only country/continent level entry points.
    Wouldn't a bunch of state-less P2P like connections between the client and the exit node be better suited against such traffic inspection?

  7. Re:Domestic Violence by TWX · · Score: 1

    However, depending on what you initially do, there are limits on what you can continue to do. You have a lot of lattitude, granted, but whatever you do must be in the moment. If you stop your defense and start again you run the risk of being prosecuted as that woman that fired the warning shot in Florida was going through before saner heads prevailed.

    --
    Do not look into laser with remaining eye.
  8. Tor has been compromised by kheldan · · Score: 3, Insightful

    News stories I've read lately seem to indicate that the Tor exit nodes have been and still are being compromised by organizations and some oppressive governments. What are you doing about this?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:Tor has been compromised by AmiMoJo · · Score: 1

      If you are relying on the exit not being being evil you are doing it wrong. Tor still requires you to assume that your connection is untrustworthy, it just prevents people identifying your real IP address by analysing the packet headers.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. Balance between simple privacy and lawlessness by TWX · · Score: 1

    Tor can be used for good and for evil. How do you go about attempting to design the features of Tor to maximize one and minimize the other?

    --
    Do not look into laser with remaining eye.
    1. Re:Balance between simple privacy and lawlessness by mlts · · Score: 1

      Along the lines to this question, how can Tor's PR be helped? As of now, part of an IT person's job is to block Tor's exit nodes, on the application, kernel, and router level, because those nodes to be a source of many attacks. So, because of the bad reputation, it gets entirely locked out of many websites. This can be fixed by running a VPN over Tor so the exit comes from the VPN's servers, but there goes the anonymity for the most part.

  10. the biggest question on our mind by slashmydots · · Score: 2

    We haven't heard any solid proof of a complete failure of Tor's privacy to catch a criminal through a serious exploit. There's a theory out there that a government agency wouldn't blow their cover just to arrest some copyright infringer or small time law breaker on a hidden service. They instead are passively spying to covertly and constantly catch terrorists who think they're protected or they're preparing for a gigantic sweep and mass arrests. What do you think is the likelihood of a situation like that being true, where the NSA or something similar has completely broken Tor and we just don't know it yet?

  11. Tor by Anonymous Coward · · Score: 1

    Have you received a National Security Letter?

  12. Re:Just curious by samzenpus · · Score: 1

    I just tried to search with the "interviews" tag and it showed up. Searching with the "features" tag should work as well.

  13. Darknet takedowns. by brokenin2 · · Score: 2

    Do you know how the takedown of so many "darknet" sites was accomplished recently, or do you at least have some suspicions? The government seems to by lying about how they took down the original Silk Road site, and I'm wondering if you believe this is to: a) Hide a technical solution that they have at their disposal, or b) Hide the egregiously illegal/inadmissable things they did to accomplish this, or c) some of each.

  14. What kind of cookies do you like? by rockabilly · · Score: 1

    ...

  15. Will there ever be a choice of number of hops? by LinuxWeenie · · Score: 1

    It is my understanding that the number of hops within the Tor network is normally a fixed value, somewhere around 3. Given the potential for compromise of entrance/exit nodes in various countries, perhaps allowing a larger number of hops or even a randomly determined number of hops between two values might give more probability of not being detected. Could you comment on the number of hops chosen and how they relate to the probability of anonymity in the Tor network assuming all other suggested configurations have been realized.

    1. Re:Will there ever be a choice of number of hops? by NotInHere · · Score: 1

      See this one.

  16. Do you know by NotInHere · · Score: 1

    why slashdot doesn't allow visitors from tor?

  17. Re:Domestic Violence by o_ferguson · · Score: 1

    Been there - sorta. The only time I ever hit my wife was when she had me in a choke hold and I was on the verge of blacking out. One quick shot with a closed fist to just below her left eye was enough to make he break the hold so I could run from the room. You actions were not unreasonable, but yes you are a wife beater (as am I - deal with it) and no, you should not have shot or otherwise escalated it. This isn't the type of thing you can't come back from, either - mine was the low point in our relationship, and things have been getting better ever since - we both just needed that one crazy moment to let off some steam...

    --
    - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
  18. Re:Just curious by AmiMoJo · · Score: 1

    What happened to the interview with Limor "Lady Ada" Fried too...

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. What is your biggest fear? by AmiMoJo · · Score: 1

    What is your biggest fear? After the TrueCrypt developers were apparently threatened or otherwise convinced to abandon development, does the NSA worry you? The FBI has been complaining about encryption lately too, as have law enforcement agencies in other countries. Or is there something else that concerns you?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  20. Re:Why with encryption bother when... by jones_supa · · Score: 1

    Huh? How does UEFI violate one's privacy?

  21. Re:Why with encryption bother when... by jones_supa · · Score: 1

    And why would it do any of these things? I'm sure it would not be good business for a hardware manufacturer to include such malicious features.

  22. Managing Good and Evil by speedplane · · Score: 1

    Tor can be used for both obvious good (e.g., subverting oppressive regimes), obvious bad (e.g., murder for hire, child porn), and a semi-bads (purchasing contraband, hate speech). Despite all of the good that Tor does, how does Tor morally justify itself in light of all the bad that occurs on its networks? Is there some way of weighing the good and bad (i.e., if it got bad enough, would you shut it down)? Or does it decide to not justify itself (i.e., it's just a tool, people will use it how they wish)?

    --
    Fast Federal Court and I.T.C. updates