Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy

Interviews: Ask Executive Director Andrew Lewman About Tor and Privacy 61

samzenpus writes Andrew Lewman wears many hats: biologist, advocate against domestic violence, programmer, Executive Director of the Tor project and a member of the board of directors. He works to preserve the right to speak and read freely online by fighting laws and technology that threaten anonymity. Just how hard that has become is much clearer now that the NSA's interest in Tor has become public. Andrew has agreed to give us some of his time and answer any questions you might have. As usual, ask as many as you'd like, but please, one per post.
This discussion has been archived. No new comments can be posted.

Interviews: Ask Executive Director Andrew Lewman About Tor and Privacy

Comments Filter:
  • Simple questions (Score:4, Insightful)

    by Bodhammer ( 559311 ) on Monday November 10, 2014 @01:21PM (#48351941)
    Can TOR be trusted and how can I truly know that?
  • How can we ever be sure Tor has not morphed into an eviscerated TrueCrypt and that at some point, after achieving their means of compromise, the NSA won't force a version they can easily backdoor on the public?

    They like to compromise software and then put it back, so it becomes an intelligence asset. In my understanding only a legal technicality allowed TrueCrypt to issue a cryptic public announcement which effectively let the public know TrueCrypt was potentially compromised. I wonder whether the NSA wil

    • The problem is also that TOR still has value if it is monitored by the NSA, as it enables people in China and other countries to access censorship-poor (some might call it -free) internet.

  • was originally developed by the US Government, and is still supported financially by the US Government?

    "Few", or "almost none"?

  • The announcment of FaceBook being available on Tor seems to be a ploy to confuse single dimesion thinkers into revealing themselves. Is this being sponsored by alphabet soup agencies as a way to kind of model the topology of the Tor network, or is it more social experiment on how people who would login to their online identity while trying to be anonymous at the same time think?
  • Tor connections (Score:2, Interesting)

    by Anonymous Coward

    Why hasn't TOR moved towards a connectionless routing between the client and the exit node? A permanent connection is being established each time with the same pattern: computer -> entry node -> middle node -> exit node -> website. This can lead to a traffic pattern analysis, given an observer with enough "peer exchange nodes" under his monitoring. In some cases all the connections could be monitored with only country/continent level entry points.
    Wouldn't a bunch of state-less P2P like connectio

  • by kheldan ( 1460303 ) on Monday November 10, 2014 @01:56PM (#48352313) Journal
    News stories I've read lately seem to indicate that the Tor exit nodes have been and still are being compromised by organizations and some oppressive governments. What are you doing about this?
    • by AmiMoJo ( 196126 ) *

      If you are relying on the exit not being being evil you are doing it wrong. Tor still requires you to assume that your connection is untrustworthy, it just prevents people identifying your real IP address by analysing the packet headers.

  • Tor can be used for good and for evil. How do you go about attempting to design the features of Tor to maximize one and minimize the other?
    • by mlts ( 1038732 )

      Along the lines to this question, how can Tor's PR be helped? As of now, part of an IT person's job is to block Tor's exit nodes, on the application, kernel, and router level, because those nodes to be a source of many attacks. So, because of the bad reputation, it gets entirely locked out of many websites. This can be fixed by running a VPN over Tor so the exit comes from the VPN's servers, but there goes the anonymity for the most part.

  • We haven't heard any solid proof of a complete failure of Tor's privacy to catch a criminal through a serious exploit. There's a theory out there that a government agency wouldn't blow their cover just to arrest some copyright infringer or small time law breaker on a hidden service. They instead are passively spying to covertly and constantly catch terrorists who think they're protected or they're preparing for a gigantic sweep and mass arrests. What do you think is the likelihood of a situation like tha
  • by Anonymous Coward
    Have you received a National Security Letter?
  • by brokenin2 ( 103006 ) on Monday November 10, 2014 @02:24PM (#48352639) Homepage

    Do you know how the takedown of so many "darknet" sites was accomplished recently, or do you at least have some suspicions? The government seems to by lying about how they took down the original Silk Road site, and I'm wondering if you believe this is to: a) Hide a technical solution that they have at their disposal, or b) Hide the egregiously illegal/inadmissable things they did to accomplish this, or c) some of each.

  • It is my understanding that the number of hops within the Tor network is normally a fixed value, somewhere around 3. Given the potential for compromise of entrance/exit nodes in various countries, perhaps allowing a larger number of hops or even a randomly determined number of hops between two values might give more probability of not being detected. Could you comment on the number of hops chosen and how they relate to the probability of anonymity in the Tor network assuming all other suggested configurat
  • why slashdot doesn't allow visitors from tor?

  • What is your biggest fear? After the TrueCrypt developers were apparently threatened or otherwise convinced to abandon development, does the NSA worry you? The FBI has been complaining about encryption lately too, as have law enforcement agencies in other countries. Or is there something else that concerns you?

  • Tor can be used for both obvious good (e.g., subverting oppressive regimes), obvious bad (e.g., murder for hire, child porn), and a semi-bads (purchasing contraband, hate speech). Despite all of the good that Tor does, how does Tor morally justify itself in light of all the bad that occurs on its networks? Is there some way of weighing the good and bad (i.e., if it got bad enough, would you shut it down)? Or does it decide to not justify itself (i.e., it's just a tool, people will use it how they wish)?

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...