Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Promises Not To Build Backdoors Into Its Services (engadget.com)

Posted by BeauHD on from the pinky-swear dept.

An anonymous reader quotes a report from Engadget: Tor has published what it calls a "Social Contract" comprised of promises to users and the principles the team believes in. Whatever the reason is, its social contract contains one interesting pledge: "We will never implement front doors or back doors into our projects," the team wrote. Tor's ability to keep users anonymous made it the go-to browser of people looking for drugs, illegal firearms, hitmen, child porn and other things you won't find on eBay or YouTube. If there's a browser law enforcement agencies would want a backdoor to, it's Tor, especially since its main source of funding is the U.S. government. That's right -- the famous anonymizing network gets most of its money from a government known for conducting mass surveillance on a global scale. Loudly proclaiming that it will never build a backdoor into its services might not even matter, though. The government already proved once that it's capable of infiltrating the dark web. If you'll recall, the FBI identified 1,500 users of a child porn website called "Playpen" by deploying a Tor hacking tool. It led to numerous court battles that opened up the discussion on the validity of evidence obtained without warrant through malware. "We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights," Tor writes in the contract.

69 comments

  1. I believe you Tor by Anonymous Coward · · Score: 0

    I promise! Anyway, I2P looks better, so perhaps it doesn't matter.

  2. Bazinga! by Anonymous Coward · · Score: 0

    I'm a nerd because I said 'bazinga' first!

    1. Re:Bazinga! by Anonymous Coward · · Score: 1

      I'm a nerd because I said 'bazinga' first!

      No, You're Sheldon because you have no idea what is really going on around you.

  3. Back doors by Dunbal · · Score: 4, Insightful

    Tor doesn't need back doors when the FBI runs all the exit nodes.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Back doors by Anonymous Coward · · Score: 0

      > Tor doesn't need back doors when the FBI runs all the exit nodes.

      So if you need real privacy, why don't you run your own as final exit node?!

    2. Re:Back doors by Anonymous Coward · · Score: 0

      They sure do not.

  4. The one bright spot about Hillary by Anonymous Coward · · Score: 0

    Extra-judicial killings.

    Sometimes technology is just too much for the justice system. There needs another way.

    1. Re:The one bright spot about Hillary by Anonymous Coward · · Score: 0

      Wait . . . Hillary = Duterte?

  5. TOR was developed by... by Anonymous Coward · · Score: 1

    The United States Naval Research Laboratory. If it didn't have a backdoor when it was developed in the mid 1990s, it surely does by now.

    1. Re:TOR was developed by... by Anonymous Coward · · Score: 0

      You noticed Ed Snowden didn't have his traffic intercepted, right? He used Tails. You can't use any Tails 1.5 or newer and the rest have all been hidden from the Internet. The last you can use is 1.4.1.

      It is not "a backdoor". It is snoopable traffic and timestamps.

      You can use other methods but US government's days are numbered now. The public have been robbed and it is not a secret who did it.

      You have a sham election right now as well.

    2. Re:TOR was developed by... by zedaroca · · Score: 1

      If it didn't have a backdoor when it was developed in the mid 1990s, it surely does by now.

      The fact that the FBI had to use it''s own malware to get to those Playpen people, and that they had to subpoena the Carnegie Mellon researchers to get their attack method that led to the closing of the Silk Road 2 should be indication enough that up to a very short time ago there where no backdoors (just vulnerabilities).

    3. Re:TOR was developed by... by Anonymous Coward · · Score: 0

      The fact that the FBI had to use it''s own malware to get to those Playpen people, and that they had to subpoena the Carnegie Mellon researchers to get their attack method that led to the closing of the Silk Road 2 should be indication enough that up to a very short time ago there where no backdoors (just vulnerabilities).

      "The fact that"? Ever heard of evidence laundering or its euphemism "parallel construction"? Whenever law enforcement does not want you to know of technical capabilities (more often than not illegally employed or downright illegal), they create a go-to story giving a somewhat plausible way how they could have stumbled upon the required information (so many anonymous informants). The accumulated likeliness of all those chance happening is "no fscking way" but each story viewed in itself could have happened in that manner.

      Evidence laundering has the advantage that you don't need to actually need to invest the resources to follow through with the whole story: it's enough that there is a theoretical possibility that you have the required talent to make use of something like the "Carnegie Mellon research".

    4. Re:TOR was developed by... by cryptizard · · Score: 1

      Did you know that a large part of the linux kernel was developed by the NSA? Sometimes government organizations actually do things to help their citizens, as is their mandate. The source code for both is available for you, and everyone else, to peruse if you don't trust it.

  6. ^^This. And.. Slashdot is FBI, promoting FBI now. by Anonymous Coward · · Score: 0

    http://thenextweb.com/insider/2016/01/28/how-the-fbi-became-the-worlds-largest-distributor-of-child-sex-abuse-imagery/

    Keep it real.

    Also, don't use any Tails later than 1.4.1 ...

    This was posted earlier today... and now you see this front page story about promises by CIA/FBI infiltrated TOR.
    https://yro.slashdot.org/comments.pl?sid=9515909&cid=52687215

    Notice how Ed Snowden never had his traffic intercepted?

    Use Tails 1.4.1. Tails 1.5 and later is ALL SNOOPABLE. Traffic AND timestamps.

    Only legit torrent is here.
    http://www.sendspace.com/file/w35ddl

    It is a Live ISO of Tails Linux 1.4.1 and includes the correct sig from when it was originally distributed from boum.org
    They infiltrated boum.org and every version from 1.5 and later is compromised. They even lure you into newer versions on .onion url's. Debian is also easy to stumble upon, that is because the FBI infiltrated Debian as well. They killed Ian Murdock. They also are running Slashdot now. Notice the CA server is not GeoTrust Inc today? Now it is Let's Encrypt. Why? FBI.

    the whole domain kat.cr was taken down simply because that torrent was live and seeded fast. It still is. Get it and seed it.

  7. Wha???? by Anonymous Coward · · Score: 0

    Isn't that exactly what a fully compromised entity would say?

    1. Re:Wha???? by Anonymous Coward · · Score: 0

      http://i.imgur.com/QLGyQYf.jpg

      FBI is a dying agency.

      CIA infiltrated boum.org.

  8. Tor promises not to *spit* into your mouth by fustakrakich · · Score: 1

    The Contract

    --
    “He’s not deformed, he’s just drunk!”
  9. As far as they know, anyway by JustAnotherOldGuy · · Score: 4, Insightful

    "Tor Promises Not To Build Backdoors Into Its Services"

    What they mean is they won't knowingly allow anyone to build a backdoor in. But one or two people with any kind of access to the code could conceivably add something that the team as a whole wouldn't know anything about.

    With that said, good on them for taking this position. I still don't know if I can trust them or Tor itself, but taking this position was a good thing to do.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:As far as they know, anyway by Anonymous Coward · · Score: 0

      https://lists.torproject.org/pipermail/tor-talk/2016-July/041860.html
      https://trac.torproject.org/projects/tor/ticket/19794

      As you can see, tor refuses to even tell you what it's really doing, you will
      never see geniune bylaws and minutes and private ledgers from them, audited or not.
      And everyone knows they only research and deploy what govt pays them for.
      The good tech that govt does NOT pay them for and never gets implemented
      is the passive backdoor, and the complete GAPING hole in thieir so called contract.

    2. Re:As far as they know, anyway by Anonymous Coward · · Score: 0

      What they mean is "We were forced to implement a backdoor but we're not allowed to tell you".

    3. Re:As far as they know, anyway by AmiMoJo · · Score: 1

      I still don't know if I can trust them or Tor itself

      What's the alternative? Do everything offline? Seems like the real world has a lot of surveillance built in too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:As far as they know, anyway by Anonymous Coward · · Score: 0

      "But one or two people with any kind of access to the code could conceivably add something that the team as a whole wouldn't know anything about."
      This scenario can be happen in just about every open source project available in public repositories. Just looking at the source code is not an effective way to uncover potential security vulnerabilities. The low hanging fruit is gone. An abundance of trust has been given to the people who maintain some of the larger open source projects. Often times this trust is handed out just because they support open source software. If anything an open source project gives someone looking to introduce vulnerabilities all the information they need. Compromising closed source systems requires a lot of additional steps usually around interpreting low level binaries looking for weaknesses..

    5. Re:As far as they know, anyway by prograsm · · Score: 1

      They already know they're specifically targeted for this. They were among the first to report an NSA man-in-the-middle attack on a new laptop delivery as it was delivered to a three letter agency for several days before being sent to the Tor project coder who ordered it. They were going to look for how that machine was bugged, but I never saw a follow up on that story. Considering how the Guardian's office computers and laptops had specific chips on the motherboards destroyed in a police raid after that Snowden leak, it's probably in a mobo firmware somewhere rather than in the OS.

    6. Re:As far as they know, anyway by PMuse · · Score: 1

      Publishing this statement now permits Tor to stop publishing this statement as soon as they are forced to backdoor their service. For instance, in the event of a gag order forbidding them from speaking about the new back door.

      Every security service should make a public statement like this that they can withdraw when circumstances force them to.

      --
      "We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
    7. Re:As far as they know, anyway by JustAnotherOldGuy · · Score: 1

      Publishing this statement now permits Tor to stop publishing this statement as soon as they are forced to backdoor their service.

      Good point. I have some "canary" pages on some of a few of my sites that state stuff to the effect that I have never received any National Security Letters, Foreign Intelligence Surveillance Court orders, subpoenas, etc etc.

      If I did/do, they'd go away.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  10. I wouldn't trust tor with a secret recipe! by Anonymous Coward · · Score: 0

    What a bunch of creepers.

  11. Actually... by Anonymous Coward · · Score: 2, Interesting

    5 eyes and 'friendly' nations.

    UK and France both definitely doing so (run TBB and see how long it takes you to end up on a UK, US, or French entrance node that seems to build a substantial amount of its connections through the same country's nodes, or a collection of likely affiliated nations nodes (ex: UK, US, UK) Happens far too often to be considered statistically unlikely, and Tor has already stated that the node exclusion lists have been relegated to soft filters in the event that a connection cannot be created due to your exclusions a circuit may then bypass the exclusions in order to get online. Seems to be happening quite often in my experience. I don't have much more than forum posts to worry about, but for anybody who might be drawing government (esp Western) scrutiny I wouldn't recommend them to trust tor to actually provide partial, nevermind full, anonymity even if all precautions they list on their site are followed.

    The era of Tor as a platform is dead. Unfortunately there is nothing ready to replace it. The next best anonymity system is I2P (which BTW has both java and c++ implementations available, so it's not a monoculture, unlike Tor!) But it isn't built to support outproxy/exit node shuffling like Tor does, and there is only a single outproxy being run at this time, causing extreme congestion for anyone needing clearnet access.

    1. Re:Actually... by Anonymous Coward · · Score: 0

      run TBB and see how long it takes you to end up on a UK, US, or French entrance node that seems to build a substantial amount of its connections through the same country's nodes, or a collection of likely affiliated nations nodes (ex: UK, US, UK)

      You seem to be suggesting that the guard node has something to do with path selection. It does not. The guard, middle, and exit nodes are all chosen by your tor client. The algorithm it uses is not secret, either. It picks nodes in certain countries more frequently because there are more nodes, and more available bandwidth, in those countries.

      It's quite possible that the algorithms can be improved, but it's not a conspiracy.

  12. a lot of good thats going to do when by FudRucker · · Score: 1

    the operating system itself has backdoors in to it, plus keyloggers and trojans and who knows what else...

    but i give tor an E for effort for trying to be good while surrounded by and buried neck deep in vulnerable software

    --
    Politics is Treachery, Religion is Brainwashing
    1. Re:a lot of good thats going to do when by AHuxley · · Score: 1

      The cost of getting any ip out of onion routing is now well within the budget of getting an average US federal case to court.
      Collect it all is now a tool for any state task force with federal funding.

      --
      Domestic spying is now "Benign Information Gathering"
  13. Facebook promised that your info would be private by Anonymous Coward · · Score: 0

    No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.

    Facebook's Privacy Policy circa 2005

    Facebook's Eroding Privacy Policy: A Timeline

  14. Canary by burning_plastic · · Score: 2

    It's also a potentially useful canary phrase. If it disappears then...

    However, by now I'm sure any warrant/order would contain language that prevents them from removing it.

    1. Re:Canary by gweihir · · Score: 1

      And since everybody of them sits in the US, they would have zero chance to do it anyways....NOT.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  15. Meaningless statement by Anonymous Coward · · Score: 0

    They can promise all they want, but with NSL gag orders it is a promise they simply can't keep.

    1. Re:Meaningless statement by gweihir · · Score: 1

      An NSL does mean absolutely nothing to an international community of developers.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: Meaningless statement by Anonymous Coward · · Score: 0

      There is no "international community". There are countries who obey the US will and countries who wish they had while they had the chance or will soon.

    3. Re: Meaningless statement by gweihir · · Score: 1

      Hahahaha, spoken like a citizen of a country in decline that was once great.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  16. The way is shut. by Anonymous Coward · · Score: 0

    "Tor Promises Not To Build Backdoors Into Its Services"

    Quick! Fork it!

  17. More than the nodes me thinks. by Anonymous Coward · · Score: 1

    It's more than just the exit nodes I think.

    Javascript turned 'on' in the browser bundle, disabled sometimes by a 3rd party app not in their control. Directory server problems never addressed: too easy to become a authoritative directory server, why no DHT type approach? 100 attack nodes ignored, it was an outside university that spotted those, yet anytime TOR setup a test server it would have been attacked by those nodes, and somehow they didn't notice all the attack traffic before anyone would know the node???? That seems unlikely. A layer of crappy obsfucation added, since the entry and exit nodes are mappable from the choices made by the team, they added obsfucation Bridges nodes.... send via email no less! So you could get a PRISM friendly smaller list of servers to use.... how sweet is that?

    "by sending mail to bridges@bridges.torproject.org with the line "get bridges" by itself in the body of the mail. You'll need to send this request from a Gmail, Riseup!, or Yahoo! account, "...

    i.e. You send an easy to datamine email to a server known to be controlled by a PRISM interface, and request which specific man-in-the-middle server to use for your TOR connection! This is the state of those nodes *today*, even knowing Snowden leaks, they know they can't trust those emails, and yet continue to offer that as a way to get Bridges.

    The upshot is simple. China has essentially rigged the Hong Kong election by barring politicians from standing if it doesn't control them. Do you see the verbal protests from HK citizens online? No?... They have no outlet due to the Chinese surveillance, and don't trust TOR to keep their privacy.

    i.e. TOR has failed in its primary mission of permitting free speech.

    I think Bruce Schneier was brought in as a credible face, but I'm counting the months till he gets accused of sexual harassment. Then I'll officially stick a fork in it and call it done.

    1. Re:More than the nodes me thinks. by cavreader · · Score: 1

      "TOR has failed in its primary mission of permitting free speech." TOR's primary mission was creating a secure messaging framework for classified military communications. The government didn't implement TOR so they gave everything over to a civilian foundation and continued to funding the project.

  18. Could it be more thick on the propaganda? by gweihir · · Score: 5, Informative

    Seriously, is TOR so unbreakable that you shills need to bad-mouth it at any opportunity?

    First, the promise to not backdoor is ages-old. Second, who finances it has been known since shortly after the beginning of the project. I asked Roger Dingledine more than a decade ago about it and his answer makes a lot more sense than the often repeated "The gobbermet founds it, it has backdoor!" that never comes with any additional details. And as to backdoors, it is very hard to keep backdoors in FOSS projects with active communities hidden for a long time. Add to that that anybody that finds a working backdoor in TOR has instant fame, backdoors in TOR are rather unlikely. And as to "TOR was broken in the past by the FBI", that is just a shameless lie. What was broken was the JavaScript engine of Firefox that served as basis of an outdated TOR browser bundle that the users did not upgrade despite very clear warnings each time they started it. That is right, the FBI simply implemented that attack against Firefox after the vulnerability was fixed (and likely they did it form the documentation of that vulnerability) and caught these 1500 idiots that way, no vulnerability in TOR and only a FF vulnerability that had already been patched in the current TOR browser bundle.

    Now, despite these facts, the same idiotic anti-TOR propaganda keeps going. I can only speculate that this is intended to drive people away from TOR and to less-secure alternatives that are a lot easier to break.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Could it be more thick on the propaganda? by Anonymous Coward · · Score: 0

      "TOR so unbreakable that you shills"

      FBI has got cracking TOR down to a fine art.

      "What was broken was the JavaScript engine of Firefox that served as basis of an outdated TOR browser bundle..."
      FBI cracks the *servers*, not just outdated *clients* first, that is how it sends the client attack. Who enabled Javascript in the client bundle?.... TOR Project did.

      "Now, despite these facts"

      If TOR was unbreakable, then there would be darknet canaries still tweeting. It's very very clearly backdoored. You are the shill here, making a claim that flies in the face of observable reality.

    2. Re:Could it be more thick on the propaganda? by AmiMoJo · · Score: 1

      If there is a backdoor, they seem very reluctant to use it. Snowden used Tor successfully. Many people in China and the UK use it successfully, including Wikileaks. Who exactly are they going to use it against people like that, who are they using it against and why should I be worried?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Could it be more thick on the propaganda? by Anonymous Coward · · Score: 0

      its not necessarily backdoored, you see, when the market dudes make a site, eventually the site will have bugs and 0days, they just need to poke at the site and eventually they will break it and get in, then they will find where it is, then they will upload malware on it to get the users too, the users are going to be using different OS every one of them, so they will get some but not all. And then another market will pop up, but the thing is they dont even need to break tor itself with fancy correlation attacks to get into de drug markets, they just break the sites and then rape the users, i call it "break and rape"

      also since the cia themselves do drug trafficking to finance themselves and as part of their off the books budget, they dont want competition so even if the fbi had problems with some site they could always ask away and the cia could provide some cool hax and eliminate competition

      its best to only use tor when you are browsing regular sites, just to not get tracked and simple stuff like that. The other part of it, the super secret sites about area 51, underground fema camps with alien technology, and shit like that, the markets, all that stuff, it does not work at all and also its pretty worthless anyway, i remember browsing the original silk road a long time ago, and seeing a huge, YUGE amount of apple stuff and thinking, wow, thats a "im a faggot website flag" right there, then they even had rules about not selling weapons of mass disstraction or some stuff like that, what kind of scott evil situation is this? thats not evil enough, thats semi evil, thats quasi evil, thats the margarine of evil, the diet coke of evil, just one calorie, not evil enough

      if i had a market, the fucking picture on the front page on it would be nicolas cage getting the vx nerve gas out of that missile while sean connery looked scared, not thats a fucking front page, i would call it "NOT THE BEES MARKETPLACE", and trying to sell apple products would get you autobanned, in fact posting any kind of product that would look way too slick and not manly enough would get you banned, In fact we would sell stickers to make your slick product more menacing and thus acceptable in my NOT THE BEES MARKETPLACE, thinking about selling that nice trident missile? you better put some nascar stickers on it or you are going to get BANNED!!!!!!!!!!!!

    4. Re:Could it be more thick on the propaganda? by prograsm · · Score: 1

      Seriously, is TOR so unbreakable that you shills need to bad-mouth it at any opportunity?

      Apparently. I remember one of the Snowden leaks had an NSA quote along the lines of "Tor makes for a sad analyst" so it is an inconvenience to domestic spy programs.

    5. Re:Could it be more thick on the propaganda? by gweihir · · Score: 1

      Indeed. That already tells us that either there is no backdoor, or they are unable to use it effectively. And all that can be seen without even a single technological argument. Just needs a few working brain-cells.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Could it be more thick on the propaganda? by Anonymous Coward · · Score: 0

      Tor is VULNERABLE to GLOBAL PASSIVE ADVERSARIES and other various TIMING and CORRELATION attacks.
      There are whitepapers and proof of concept on this for years now.
      Tor is doing NOTHING to close these vulnerabilities, and they will do NOTHING.
      Because the USGOV does NOT fund research into deploying network fill traffic as a defense, because it works against them.
      And Tor has CONSISTANTLY REFUSED to research or implement it on their own because they claim it's traffic costly.
      Which is a bunch of BULLSHIT because it can be optional for clients, is transparent for users, and is expected for relays.
      So Tor is LYING to you about this.

      Forget Tor.
      Take onion routing, use UDP over clearnet, transport packets/messages not just TCP, add network fill, and probably move DA's to DHT.
      That is the next generation of anonymous overlays.

    7. Re:Could it be more thick on the propaganda? by Anonymous Coward · · Score: 0

      You're some sort of twat. TOR is a network, you don't "backdoor" a network. It is like saying "I backdoored the whole Internet".

      Ed Snowden didn't get snooped did he? Maybe you are just some sort of dickhead with some homosexual brainstorms?

  19. Already done by Anonymous Coward · · Score: 2, Interesting

    Knowingly?

    To sum up, your browser connects to an owned server, from which it knows a list of owned directory servers and owned onion servers. It picks an owned route and encrypts with the owned keys of the servers along that route. U R Owned!

    Then there are Bridges. These are extra servers tacked onto the list of servers to obfuscate the entry nodes, because the entry nodes are known and too easy to intercept.

    To obtain a Bridge server detail, you send an email request to Gmail or Yahoo, or RiseUp email. Two (and likely alll 3) of which are revealed to have PRISM interfaces in the Snowden documents. i.e. you will be given a specific bridge server just for you, which makes the backdoor a certainty and makes it easy to pick you out from the traffic.

    TOR has front back and side doors and it should be clear to you that TOR project knows this, just by looking at how Bridges are sent via those Gmail/Yahoo email servers. Snowden revealed the PRISM interface, did you see TOR project replace those US based backdoored email servers when Snowden's leak came out? No. So TOR Project knows the doors are there, and did nothing.

  20. Re:^^This. And.. Slashdot is FBI, promoting FBI no by gweihir · · Score: 1

    You are seriously advising people to use an old, known-vulnerable version of Tails? Well, some utter morons may fall for that...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  21. Privacy is not illegal by Anonymous Coward · · Score: 0

    I love how most articles about Tor equate it with use of illegal activity when most people just want to use it for privacy. Most people are tired of getting spied on. "If you are not doing anything wrong then you do not have anything to hide". That's what guards say to prisoners... I want to be left alone, I like privacy and freedom of speech. Mass surveillance is an illegal search and infringes upon many of my rights. Go watch "Swing Kids" or "Lives of Others". It starts out small then becomes pervasive and oppressive.

    Not saying that some using Tor aren't doing illegal activity, of course they are, but the same goes for anything else in life. Some people use cars to rob banks... doesn't mean the rest of us can't drive them. Some people use guns to kill people, doesn't mean we can't use them for self protection. Tor is a means to defend our privacy against the onslaught of personal habit stalkers in the name of "advertising". If you had someone follow you around all day logging exactly where you went, what you did, who you talked to.. they would be a stalker. If it's online then it's ok right? Stalking is stalking and it's creepy as hell especially if it's a corporation with resources doing it to you.

  22. Choice of words by 6Yankee · · Score: 2

    "will never" != "have never".

    Now that it's got all the backdoors the NSA needs, they can promise not to add any more.

  23. Empty promises by Anonymous Coward · · Score: 0

    Privacy is dead. Get over it already. The panopticon is a reality and it was inevitable the moment it became technically and economically feasible. There's nothing you can do.

  24. Seattle, WA 98194 USA by Max_W · · Score: 1

    We will never implement front doors or back doors into our projects,...

    The mailing address of the Tor Project is in Seattle, WA, USA. If they mean it then it makes sense to check where's the nearest Consulate of Ecuador. Better be safe than sorry.

  25. That's disconcerting. by Anonymous Coward · · Score: 0

    Tor of all projects should be structured in a manner where nobody needs to promise anything. If there is a tangible entity in the situation to meaningfully make such a promise, there is a tangible entity to blackmail or slap with an NSL or compromise in other manners.

  26. I liked TOR before by Anonymous Coward · · Score: 0

    when they were more rapey and less sjwarriory

  27. Re:^^This. And.. Slashdot is FBI, promoting FBI no by Anonymous Coward · · Score: 0

    Whereas the smart child-rapists like you will be perfectly safe.

  28. No front door access? by UberVegeta · · Score: 1

    "We will never implement front doors or back doors into our projects..."

    Isn't the whole point of the "back door" idea that people are expressly permitted to enter through the front door if they have a key? Why are they hating on legitimate receivers of encrypted data?

    </pedantry>

    --
    I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
  29. Newtons Cradle by Anonymous Coward · · Score: 0

    Actually it said "TOR Stinks" and then listed ways they planned to take over TOR.

    http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

    So they said, they'd get more nodes to ensure they controlled the route: Newtons Cradle.... DONE.
    Cookie leakage... aka Egoistic Giraffe... DONE.
    Ronin tracks node lifetime to match up with end point connections.... DONE.
    Hidden servers.... GCHQ was working on ONION BREATH attack.... DONE.
    REMATION II... GCHQ sets up TOR nodes on Amazon AWS.... DONE.

    Keep in mind this was 2012, it doesn't take them long to set up more nodes and you can see from the node numbers they did that. It wouldn't take them long to use those nodes to cross match times. You can see from the way hidden servers drop quickly that ONIONBREATH was done.

    Hilarious I'm sure for the spooks, but Hong Kong and (other) could use TOR right now. I doubt anyone in UK will spill the beans on any illegal GCHQ surveillance using TOR, it simply wouldn't be trustable at this point. It isn't that TOR would be attacked by domestic actors, that was inevitable. It was that TOR *foundation* itself has been undermined to the extent that it does not fix clear problems.

  30. Translation: by puddingebola · · Score: 1

    Translation: Tor has back doors in its services.

    1. Re:Translation: by Anonymous Coward · · Score: 0

      That is like saying the Internet has back doors.

      Sure, if you're a fucking idiot.

  31. No, they usually _don't_ say that by Anonymous Coward · · Score: 0

    Actually, no. I understand why you'd think that, because adversaries should lie to each other.

    But if you look around, you'll see that companies who write software intended to work against their users usually either admit it (in their terms of service), or at least refrain from saying they're for the users. Lying would be dangerous because it would just risk lawsuits when/if they got caught.

    (And then with Free Software projects like Tor, what would be the point in lying? They definitely would get caught, since people actually do read that code.)

    I think it's great the Tor team is doing this, because so much user-hostile software doesn't claim to primarily advance the users' interests. Instead of using words like "Free" or "Open Source" (since these terms apparently have limited appeal) it comes down to "for the user" vs "for someone else at the user's continuous expense" and those are concepts that almost any user can understand.

    Projects merely asserting their good intentions could create selection pressure which overall increases the quality of software.

    You're never going to see a "social contact" from companies like Apple or Facebook, or if you did, it would be mercilessly critiqued for its lawyerese way of not really promising to behave well, so the bullshit would backfire.

    Or, maybe in the distant future, they could develop using a meaningful social contract, but would be a result of an industry-wide reform toward a pro-user agenda, brought about by users selecting software developed under social contracts!

  32. Re:^^This. And.. Slashdot is FBI, promoting FBI no by gweihir · · Score: 1

    So you believe TOR is used by "child rapists"? Funny. How would you even rape a person using a piece of software? I guess the rest of the mental activity you are capable of is of similar quality.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  33. Re:^^This. And.. Slashdot is FBI, promoting FBI no by Anonymous Coward · · Score: 0

    Was Ed Snowden vulnerable you stupid mother fucker? Do you think a live DVD of Tails is vulnerable you dumb mother fucker?

    Do you know what a Live DVD is?

    Yes, use the old version not the new compromised version you idiotic mother fucker. Do you think since he wasn't snooped they took out the snoops or added snoops?

    You retarded mother fucker.

  34. Re:^^This. And.. Slashdot is FBI, promoting FBI no by gweihir · · Score: 1

    Fascinating. New heights of stupidity of the AC are revealed. A true cave-man, and one of the non-smart ones.

    Do you even know what a "known vulnerability" in software is? Here is a hint: Loading it from a DVD does not help one bit it is still vulnerable.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.