How safe are Tor users?

  • Given that Silk Road was just shut down, an article was published stating that:

    Tor Can't Always Keep You Safe; Just Ask Silk Road ... careful traffic monitoring and a little math you can figure out who connects to what on Tor. - Reference

    Another article - nearly a month older, claims something similar:

    Not Even Tor Is Safe From The NSA’s Prying Eyes ... The problem boils down to this – around 90% of Tor users are still using older software which can be hacked. The good news is that the latest version of Tor, version 2.4, isn’t believed to be ‘crackable’ by the NSA, as it uses something called elliptical curve Diffie-Hellman ciphers that are thought to be beyond its capabilities at the moment. - Reference

    Additionally, another states:

    Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on. - Reference

    • Are the articles referenced above true in their claims?

    What I can gather from this is that safety boils down to the habits of a user themselves. Are they using https, what information are they sharing online, what associations are being made.. etc. Related.

    • Assuming all safety precautions are taken into consideration by the user, how safe are Tor users - regarding anonymity?

    • Does Tor still present a threat to the NSA?

  • "Does Tor still present a threat to the NSA?"

    I believe that Tor was never threat to the NSA. There are several layers of 'protection' about Tor, thus several ways to attack users.

    1. The first layer is: software code. NSA software developers can misuse open code to find holes and bugs in the code. We can surely make the presumption that the NSA doesn't have any problems to employ the best programmers to do the task. Inside of this first layer are also developers of Tor software. They don't hide; they educate the FBI, and they don't hide that they are financed by government entities, but say that they are independent in their work, no matter who finances them. I would add (layer 2): if Microsoft reported bugs to the NSA before they made patch/update, why do you think Tor developers didn't do the same? Remember the story about the Freedom Hosting server, and the fast Tor browser bundle update after the system administrator was arrested. FBI hacked the Firefox browser (or they got bug information from Tor developers) and snitched all users of the Freedom Hosting server. It means even users who just use anonymous tormail (that's not against the law).

    2. Beside software, Firefox bugs are layer number 2.

    3. The third layer is: servers, so-called Tor nodes. Even if software and Firefox are perfect, Tor nodes can spy on users. Besides intruding spies in such organizations who operate Tor nodes, stronger servers gather more traffic and it helps the FBI analyze traffic. Make a website to sell drugs/guns and collect thousands of users, and you will get a lot of traffic. So they will catch you fast.

    4) The fourth layer is the PC. Microsoft, updates, antivirus software, all of them gather information from your personal computer and send it to different servers/companies. There are antivirus software that gather your links in the browser and send it for analysis to the producing company. Stupid example: When I want to visit movie servers, many sites are blocked as dangerous by Sophos antivirus software, so, corporations collaborate between themselves, and they can get information that I visit this or that website, together with my Mac and IP address. They can do the same when I use Tor software. So, if they want, they can hunt people on the basis of websites we visit.

    Besides this, your PC can even have an installed keylogger or some more complicated spying software produced for the NSA, and the NSA makes a deal with antivirus companies to avoid detection by antivirus software.

    I am not a professional, but I think users can protect themselves from developers and NSA with installing more and more private bridges and connect to them directly, to avoid public bridges and Tor nodes, But many people don't have money for that and they must rely on developers of the Tor network (who publicly cooperate with the US government).

    So, many Tor users are exposed, if they use a website or they administer a website which is hunted by the NSA. And, yes, they can be arrested if the NSA really wants to arrest them. It depends on how much you come to their attention, and how important it is for them to hunt you.

    Do you think people employed in data centers will refuse cooperation with the NSA? NSA can spy on every Tor node, with physical access to the server operating as a Tor node. When they attach a device for forensics to the server, or they install what they want in the server, they can spy without asking anything of the system administrator or owner of the server. And who knows how many nodes are even inside of U.S. Servers are the cheapest there, and many people will buy a server in the U.S. and many use Amazon S3 instances/servers to make Tor relays (Amazon, PayPal, and Visa/Mastercard. All of them are the right hand of NSA; just remember who sabotaged WikiLeaks).

  • That's a tough one. Anyway, here goes my personal take on this story:

    We don't have any extra sources --- all we can do is read The Guardian's article or the one published by the Washington Post, like everybody else.

    Even though we have no way to be certain whether the documents referenced in the article are, indeed, genuine, I still highly recommend you read the articles and their referenced documents for yourself.

    Assuming they are genuine and not a marvelous piece of misinformation, it seems that Tor does provide anonymity. The Guardian quoted from one of the presentations: We will never be able to de-anonymize all Tor users all the time. Another document labels Tor as "the King of high-secure, low-latency Internet Anonymity", with "no contenders for the throne in waiting". Warm, fuzzy feeling all around. :)

    It's also interesting to see that the best attacks mentioned in the presentations seem to attack the Browser behind Tor, and not Tor directly. And that using the Tor Browser Bundle seems to provide better anonymity than using your own combination of browser with just a bare Tor client.

    The short answer is that they're a lot safer than those who don't use Tor :)

    See posts to the Tor blog with the "nsa" tag:

  • To add to what's been said, particularly parts of bobrock's answer, remember that anyone can run a Tor exit node. After traffic has been decrypted on the exit node (as the last stage of onion routing), the data to be forwarded can be seen in the clear (assuming there's no more encryption besides Tor). The NSA can set up a large number of exit nodes, and catch a lot of people, but never all of them, because it is impossible for anyone to control the entire Tor network. I've been wondering lately how good a solution it is to simply use a secure VPN from a provider you know can never give up logs to anyone.

    As far as commandeering software to spy on end users, I think open source is a reasonable deterrent to that. The NSA may be able to hire great programmers to review code and find 0-day exploits, but that happens all the time anyway among hackers. Most private information that would be sent by anti-virus software and windows could be blocked by something like PeerGuardian, and if you wanted to invest the time and effort, you could try running Snort and developing your own rules for it.

  • I defer to Peter Palfrader's aka weasel's excellent answer to the main question, "How safe are Tor users?".

    Reading the closing sub-question, "Does Tor still present a threat to the NSA?", I'm wondering whether OP meant to say "Does the NSA still present a threat to Tor users?". The answer for that question is "of course".

    Regarding Tor as a threat to the NSA, it's arguable that everything is a threat to the NSA ;) If we take "King of high-secure, low-latency Internet anonymity" at face value, it's arguable that the NSA sees Tor as a credible threat. That's because the NSA apparently sees its mission as intercepting and querying all global communication, on all channels.

    There's something ironic about this. I get from Bamford's books that Navy intelligence was initially the major contributor to the NSA, and that the Air Force played catchup through at least the early 1960s. And of course, it was the Navy that initially funded Tor development.

    Anyway, perhaps the NSA is rather ambivalent about Tor. But there are others who might comment knowledgeably on that point ;)

    The NSA's dual mission was originally to protect "our" codes and break "their" (foreign) codes. Now that everyone uses the same "codes"...

    FYI, see A psychological history of the NSA by Joe Kloc (2013-10-18) featuring quotes from Glenn Greenwald's interview with Edward Snowden (video and transcript). Joe Kloc: "To Snowden, the lesson was simple: Somewhere in its six-decade history, the agency had spun out of control. The question is, how did it all go wrong?".

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM