LWN.net Logo

Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 5, 2013 5:43 UTC (Sat) by renox (subscriber, #23785)
Parent article: Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

That's funny: I remember arguing that using Tor against governments which can monitor networks is shouting "look at me, I have something to hide".
Against such kind of opponent, ,thereare only two real way to be safe: steganography or everybody using encryption(even weak one:it makes monitoring encrypted traffic very difficult).
The first is a pain to use, the second is a dream..

(Log in to post comments)

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 5, 2013 10:18 UTC (Sat) by robert_s (subscriber, #42402) [Link]

If you want to conclude that, don't conclude it from this article because it mostly shows the NSA having to attack the browser being unable (at least at this point) to effectively attack Tor itself.

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 6, 2013 17:11 UTC (Sun) by rgmoore (subscriber, #75) [Link]

I'm not sure that's a correct interpretation. The goal of Tor is to make browsing anonymous so it's impossible to figure out who's doing what. What appears to have happened is that they can now analyze the traffic enough to connect a set of browsing behavior to a particular online persona. That's critical, because it's quite possible to target a specific persona even if you can't yet connect it to a real world person. That they can't do it through Tor is not especially relevant; that they can do it at all is enough to substantially diminish Tor's value.

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 7, 2013 16:08 UTC (Mon) by gerv (subscriber, #3376) [Link]

"What appears to have happened is that they can now analyze the traffic enough to connect a set of browsing behavior to a particular online persona."

As I read the article, the stuff from the NSA is actually lamenting their inability to do this consistently. Where did you get the above from?

Gerv

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 7, 2013 8:29 UTC (Mon) by renox (subscriber, #23785) [Link]

Have you read the article??
It says that the NSA is able to distinguish Tor's users from other.
So as I said, using Tor is the equivalent of shouting "look at me, I have something to hide" (*), given that there are very few Tor users, I think that it is a really, really bad idea..

*:to be fair: this is only true if the 'opponent' has the ability to monitor Internet traffic.

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 7, 2013 8:40 UTC (Mon) by robert_s (subscriber, #42402) [Link]

"It says that the NSA is able to distinguish Tor's users from other."

Interestingly the article didn't touch on obfuscation proxies, whose goal is to make the connections look as much like e.g. https as possible.

I _don't_ think you can necessarily say that it will always be fundamentally impossible to hide ones use of systems like Tor from authorities.

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 7, 2013 16:52 UTC (Mon) by mathstuf (subscriber, #69389) [Link]

> given that there are very few Tor users, I think that it is a really, really bad idea.

What is the critical mass of Tor traffic that must be sustained such that the scale would tip over to the other way? I fear it's much higher than 50%, but I'd much prefer this path than dropping Tor (or an equivalent).

Attacking Tor: how the NSA targets users' online anonymity (The Guardian)

Posted Oct 6, 2013 4:03 UTC (Sun) by drag (subscriber, #31333) [Link]

> That's funny: I remember arguing that using Tor against governments which can monitor networks is shouting "look at me, I have something to hide".

This isn't a unreasonable sentiment considering that the majority of Tor Project's funding comes from the U.S. Department of Defense (which NSA's parent organization) and the U.S. State Department.

https://www.torproject.org/about/findoc/2012-TorProject-F...

Of course the DoD funds a great many huge number of things, much of it completely innocent. Just something to keep in mind, I guess.

It's good that it's open source so it's feasible to dismiss suspicions.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds