Tor Promises Not To Build Backdoors Into Its Services

An anonymous reader quotes a report from Engadget: Tor has published what it calls a "Social Contract" comprised of promises to users and the principles the team believes in. Whatever the reason is, its social contract contains one interesting pledge: "We will never implement front doors or back doors into our projects," the team wrote. Tor's ability to keep users anonymous made it the go-to browser of people looking for drugs, illegal firearms, hitmen, child porn and other things you won't find on eBay or YouTube. If there's a browser law enforcement agencies would want a backdoor to, it's Tor, especially since its main source of funding is the U.S. government. That's right -- the famous anonymizing network gets most of its money from a government known for conducting mass surveillance on a global scale. Loudly proclaiming that it will never build a backdoor into its services might not even matter, though. The government already proved once that it's capable of infiltrating the dark web. If you'll recall, the FBI identified 1,500 users of a child porn website called "Playpen" by deploying a Tor hacking tool. It led to numerous court battles that opened up the discussion on the validity of evidence obtained without warrant through malware. "We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights," Tor writes in the contract.

Actually...

5 eyes and 'friendly' nations.

UK and France both definitely doing so (run TBB and see how long it takes you to end up on a UK, US, or French entrance node that seems to build a substantial amount of its connections through the same country's nodes, or a collection of likely affiliated nations nodes (ex: UK, US, UK) Happens far too often to be considered statistically unlikely, and Tor has already stated that the node exclusion lists have been relegated to soft filters in the event that a connection cannot be created due to your exclusions a circuit may then bypass the exclusions in order to get online. Seems to be happening quite often in my experience. I don't have much more than forum posts to worry about, but for anybody who might be drawing government (esp Western) scrutiny I wouldn't recommend them to trust tor to actually provide partial, nevermind full, anonymity even if all precautions they list on their site are followed.

The era of Tor as a platform is dead. Unfortunately there is nothing ready to replace it. The next best anonymity system is I2P (which BTW has both java and c++ implementations available, so it's not a monoculture, unlike Tor!) But it isn't built to support outproxy/exit node shuffling like Tor does, and there is only a single outproxy being run at this time, causing extreme congestion for anyone needing clearnet access.

Already done

Knowingly?

To sum up, your browser connects to an owned server, from which it knows a list of owned directory servers and owned onion servers. It picks an owned route and encrypts with the owned keys of the servers along that route. U R Owned!

Then there are Bridges. These are extra servers tacked onto the list of servers to obfuscate the entry nodes, because the entry nodes are known and too easy to intercept.

To obtain a Bridge server detail, you send an email request to Gmail or Yahoo, or RiseUp email. Two (and likely alll 3) of which are revealed to have PRISM interfaces in the Snowden documents. i.e. you will be given a specific bridge server just for you, which makes the backdoor a certainty and makes it easy to pick you out from the traffic.

TOR has front back and side doors and it should be clear to you that TOR project knows this, just by looking at how Bridges are sent via those Gmail/Yahoo email servers. Snowden revealed the PRISM interface, did you see TOR project replace those US based backdoored email servers when Snowden's leak came out? No. So TOR Project knows the doors are there, and did nothing.