crypto

Tor compromised

It has long been known that much of the resources for Tor are provided by US spy agencies. Which is not necessarily a bad thing, since they might want a means for communicating that no one can spy on.

However, Lucky Green, a key figure in the privacy community, has issued a warrant canary – what you issue when you are forbidden to tell people you have had a warrant served on you.

The canary fails to tell us that a US spy agency is inside his servers in a way that tells us that a US spy agency now is inside his servers and a many other Tor servers.

In a warrant canary, you say what you are forbidden to say by failing to say things that you would otherwise be expected to say.

This inclines me to Moldbug’s solution, assuming his interpreter and compiler can be sufficiently small and self contained that one can make sure that everyone runs the same one. But if the interpreter and compiler exceed sixteen thousand lines, then defending them against this sort of attack becomes difficult.

6 comments Tor compromised

Mycroft Jones says:

Soon as I knew about the US Navy funding the original Tor development, I knew it was compromised from day one.

plur says:

This isn’t necessarily a warrant canary — by all appearances it would seem to be related to the Tor board of directors changing out recently following accusations of sexual harassment by Jacob Appelbaum. A warrant canary is typically a revocation or failure to publish a document saying ‘we haven’t received an NSL’ or similar.

Anyway, the cool kids use I2P 😉

jim says:

As a response to a sex scandal, seems absurd. Indeed the sex scandal is absurd. Why would Tor directors care? Why would Lucky Green care? The sex story is a cover for something else.

Anonymous says:

Is the fact that Tor is compromised by TLA a problem for random users outside of the US? (What about those outside of the borders of the “International Community” – in Russia or in China?)

Sam J. says:

“…Moldbug’s solution, assuming his interpreter and compiler can be sufficiently small and self contained that one can make sure that everyone runs the same one…”

Red Programming Language

https://en.wikipedia.org/wiki/Red_(programming_language)

“…Red is easy to embed (“Think Lua”) and very lightweight (no more than a megabyte)…”

[…] Jim was an incredibly busy beaver this week. In addition to his articles above, he has a quick note: Tor compromised. […]

Leave a Reply

Your email address will not be published. Required fields are marked *