Executive Director Andrew Lewman Answers Your Questions About Tor and Privacy 53
A while ago you had a chance to ask Executive Director of the Tor project Andrew Lewman about fighting laws and technology that threaten anonymity and the importance of privacy. Below you'll find his answers to your questions.
The NSA TrueCrypt Ploy Again? by TechForensics
How can we ever be sure Tor has not morphed into an eviscerated TrueCrypt and that at some point, after achieving their means of compromise, the NSA won't force a version they can easily backdoor on the public?
They like to compromise software and then put it back, so it becomes an intelligence asset. In my understanding only a legal technicality allowed TrueCrypt to issue a cryptic public announcement which effectively let the public know TrueCrypt was potentially compromised. I wonder whether the NSA will even allow Tor to recommend a transparently ineffective alternative.
Lewman: No agency has ever asked Tor to put in lawful intercept access, also known as a “backdoor.” Tor is not subject to the same legal requirements as other Internet service providers or content providers to incorporate that into the system. Our FAQ answer states this clearly.
How can strategies be drawn so if Tor is easily, possibly undetectably breached, the public will have some inkling of it?
Lewman: Tor maintains an open community and believes in transparency. We always strive to report out as quickly as we can about any issues affecting the Tor network.
Cryptowall 2.0
by Anonymous Coward
Cryptowall 2.0 is using state of the art cryptographic services like Tor, Bitcoin, and file encryption, combined with standard exploits to hold data ransom. I think it's among the more sophisticated attacks I've ever seen. How do you think more malware of this type will pressure you to change the service?
Lewman: Tor is used by millions of people for legitimate purposes and certainly anytime someone uses technology in a way that harms other people, we are disheartened. Our approach to this is, and has been, to work with malware researchers and law enforcement to help people remove the malware or to change the incentives behind including Tor in the malware at all.
Tor connections
by Anonymous Coward
Why hasn't TOR moved towards a connectionless routing between the client and the exit node? A permanent connection is being established each time with the same pattern: computer -> entry node -> middle node -> exit node -> website. This can lead to a traffic pattern analysis, given an observer with enough "peer exchange nodes" under his monitoring. In some cases all the connections could be monitored with only country/continent level entry points. Wouldn't a bunch of state-less P2P like connections between the client and the exit node be better suited against such traffic inspection?
Lewman: We would love to get to the point that Tor could provide a connectionless routing between client and exit node that does not compromise anonymity. It is something that we have thought about for a while and started research on a while back. More research on this needs to be done in order to roll it out to the Tor network. We would love for someone to help further study that and help us figure out how to make that happen.
Have you used I2P...
by Anonymous Coward
And what are your thoughts on its design compared to Tor and as a complement to it?
Lewman: We try to keep up with any new technology that emerges and have tried many of the different online privacy products and software out there- I2P, Freenet, Retroshare, GNUNet and others certainly have some interesting work and research about online privacy. We are open to collaborating with anyone that shares our mission of protecting online security and anonymity for users.
Balance between simple privacy and lawlessness
by TWX
Tor can be used for good and for evil. How do you go about attempting to design the features of Tor to maximize one and minimize the other?
Lewman: The Tor network is designed to provide protection online for ordinary citizens, victims of abuse, and individuals in dangerous parts of the world share information over public networks without compromising their anonymity. Most of the people that use Tor have legitimate uses for wanting privacy such as activists or reporters that need to keep their locations private. Criminals can already do bad things and there are certainly lots of options available to them for breaking the laws.
Re:Balance between simple privacy and lawlessness
by mlts
Along the lines to this question, how can Tor's PR be helped? As of now, part of an IT person's job is to block Tor's exit nodes, on the application, kernel, and router level, because those nodes to be a source of many attacks. So, because of the bad reputation, it gets entirely locked out of many websites. This can be fixed by running a VPN over Tor so the exit comes from the VPN's servers, but there goes the anonymity for the most part.
Lewman: With so much concern these days about people’s privacy being compromised online, I would love more businesses to take a look at how Tor could help them protect their confidential documents like patents, product development ideas, or financial documents. Even in some situations when a company is doing competitive intelligence research online and it's important that the competitor does not know, it keeps the competitor from knowing that someone is looking at them online.
What is your biggest fear?
by AmiMoJo
What is your biggest fear? After the TrueCrypt developers were apparently threatened or otherwise convinced to abandon development, does the NSA worry you? The FBI has been complaining about encryption lately too, as have law enforcement agencies in other countries. Or is there something else that concerns you?
Lewman: My biggest concern is making sure that the 2.5 million people around the world that currently use Tor and the thousands of new people that download it every day, have a safe, reliable way to protect their privacy online.
Tor has been compromised
by kheldan
News stories I've read lately seem to indicate that the Tor exit nodes have been and still are being compromised by organizations and some oppressive governments. What are you doing about this?
Lewman: The Tor network has been around for 10 years and it has never been successfully hacked. Many have tried and many more will try. We work with researchers all the time to improve the network.
Darknet takedowns.
by brokenin2
Do you know how the takedown of so many "darknet" sites was accomplished recently, or do you at least have some suspicions? The government seems to by lying about how they took down the original Silk Road site, and I'm wondering if you believe this is to: a) Hide a technical solution that they have at their disposal, or b) Hide the egregiously illegal/inadmissable things they did to accomplish this, or c) some of each.
Lewman: We have no knowledge of how the agencies working together "took down” silkroad and other darknet sites but news reports vary widely on the actual number of sites that were taken down. We've been watching carefully to try and learn if there are any flaws with Tor that we need to correct. Nothing so far about this case makes us think they found a way to compromise the Tor software or network. The FBI says that their suspect made mistakes in operational security and was found through actual detective work.
Re: (Score:2)
Tor's integration with systemd, if any, would be very very tiny. Basically systemd would be responsible for managing the start/stop cycle of Tor and collecting any log files.
This is entirely optional, though. You can always run Tor without it being integrated into systemd's service management facility at all. If you need it in the background and headless, just run `screen -mdS tor [tor_cmdline]`.
I do not believe that Tor would be automatically running on a default Fedora install. You would have to enable it
Re: (Score:3)
I've been running tor using system without any issue at all for many months now. Like you say, it just starts/stops your network.
Maybe if you wanted to route ALL your network traffic over it you'd need to play with networkd and a proxy and all that, but this isn't a typical use case. It really wouldn't be any different than doing the same thing with any init/network-manager/etc.
Re: (Score:1)
Tor's integration with systemd, if any, would be very very tiny
Systemd would of course integrate to make sure your (alread undreadable binary) log files were now firmly encrypted and, like any good onion router, not decryptable by you but only by nodes at least 2 hops away.
I don't even know if I'm joking.
Re: (Score:3)
undreadable binary) log files
I saw what you did there, Roberts.
Re: (Score:1)
Its safe, just trust me! (Score:5, Insightful)
Wow, this guy just ducks every question. My trust in Tor goes down after reading this.
Re:Its safe, just trust me! (Score:5, Insightful)
Re: (Score:3, Interesting)
Yep, it sounded more like an FBI/NSA press release. The simple fact is that if you can't blend in, you're going to stand out. That is the big problem with Tor.
Re: (Score:1)
Except that according to Snowden's documents the NSA itself admits to not being able to break Tor. But obviously you're the kind of guy who thinks that Snowden is a "triple" agent and he carried out a giant NSA conspiracy to promote NSA-compromised software, right?
Re: (Score:1)
But obviously you're the kind of guy who thinks that Snowden is a "triple" agent...
Gee, now that you mention it, it does sound kinda plausible. After all, this really is industrial espionage, you know, find out what the other guy has, bla bla bla. It's like a form of 'trade', so to speak. I'll have to look into it.
Re: (Score:1)
Re:Its safe, just trust me! (Score:5, Insightful)
Agreed -- Lewman answered like the head of a corporation, not like the leader of a privacy movement.
The NSA TrueCrypt Ploy Again?
- trust us.
Cryptowall 2.0
- we're legitimate and don't like bad things.
Tor connections
- we're interested and have been considering this, but haven't made any headway. We need you to join our community and implement this for us.
Have you used I2P...
- yes. And most of the others. We'd love for their developers to join our community and implement some of their good ideas for us.
Balance between simple privacy and lawlessness
- we're legitimate and don't like bad things.
What is your biggest fear?
- that we won't get more people joining our community and will instead have people leave it.
Tor has been compromised
- it hasn't been compromised in the ways we consider important. Trust us.
Darknet takedowns.
- on the other hand, maybe it's been compromised and we just haven't figured out how yet. We don't know. Trust us.
Re: (Score:2)
Wow, this guy just ducks every question. My trust in Tor goes down after reading this.
I can't tell whether he's stonewalling, or TOR is successful enough to have a PR Tool answer these questions (without understanding them). I'd think that if TOR were subverted they'd be less obvious, but then again he could be playing the Manchurian Candidate (was he typing in Morse Code?).
Dammit, why did all the tinefoil hatters have to be right?
Re: (Score:2)
Yeah, sorry, when it comes to NSA subversion of crypto products and standards, not only were they right, they weren't nearly paranoid enough. The smart people have been trickling away slowly for 5 years or so now, as /. has been changing its focus to clickbait.
Re: (Score:2)
Unfortunately, that is my take-away as well. Meaningless corporate boilerplate, just if he was an FBI representative that tries to avoid lying about things he knows.
This is however not the way Roger Dingledine operates and his answers (I had opportunity to ask him questions way back, and he strikes me as a perfectly honest person and still does) are much, much better. I think this person here is more in place to allow the project to interface with law enforcement (and they do, they never made a secret of th
Re: (Score:2)
Law enforcement in many countries actually seems to be using TOR, as their own IP ranges routinely get blocked by shady enterprises. In his talks, Roger usually says that after they understand how TOR works, they are all for keeping it up and secure.
Re: (Score:1)
Bad /. mobile user experience. (Score:1)
The /. mobile site needs some way to collapse the answers, or to make it easy to jump past them to the comments. It takes forever to scroll past them when using a smart phone. I've already read the answers, so I don't want to see them again when I'm trying to read new comments.
It's true then, what I've been told some time ago. (Score:2)
Re: (Score:2)
Re:It's true then, what I've been told some time a (Score:5, Insightful)
It's hard to say. To be honest, to me they sound exactly like the non-answers I'd expect any executive officer to give. The fact they don't mention PRISM at all in reference to recent US government capability is definitely interesting, given that they used to openly state that TOR is weak against such widespread surveillance.
Wow (Score:5, Insightful)
Not even a politician could have given more non-answers.
Re: (Score:3)
My thoughts exactly while reading this. If you're not going to say anything more than generic PR-friendly statements that just sidestep the questions, then why bother framing it as an "Ask Slashdot"? Just pay Slashdot a few bucks and have them post a link to your webpage on the Slashdot front page.
Re: (Score:2)
Not even a politician could have given more non-answers.
It's more like the answers of a PR representative.
he dodged the good vs evil question (Score:1)
Re:he dodged the good vs evil question (Score:4, Insightful)
He didn't dodge it. He said "We're not worried about lawlessness. Our job is to make the most secure product we can. Our job is not to help enforce laws" It's a rejection of the premise of the question, sure. But it's not a dodge. It's a clearly articulated moral stance.
And, fundamentally, the laws people may be breaking could be morally bankrupt. Besides, it seems technically impossible to limit lawlessness without harming anonymity.
Re: (Score:2)
He didn't dodge it. He said "We're not worried about lawlessness. Our job is to make the most secure product we can. Our job is not to help enforce laws" It's a rejection of the premise of the question, sure. But it's not a dodge. It's a clearly articulated moral stance.
Your paraphrase would be a moral stance, but he didn't actually say that. His answer ignores that Tor is used for Evil, it doesn't come out and say that any evil created by Tor is a necessary byproduct of the good that it creates.
Re: (Score:2)
Yeah, if you insist every answer be self-contained. But the cryptolocker answer came first. Between the two, it seems pretty obvious.
Security Now (Score:2)
So this must be partially in response to the knowledge that Steve Gibson was going to be talking about some problems with Tor in this week's Security Now: http://twit.tv/show/security-n... [twit.tv]
Re: (Score:2)
TOR talks about these same issues on their site, how they are a result of deliberate choices, and why.
VPN servers not so secure... (Score:2)
I've listened to cell phone calls before just screwing around with a scanner. I've heard a person confirming a reservation and give their credit card number. This was mid 90's. So know how easy it is - or was at that time.
I found this post looking for something else, it's off topic for the thread. This pertains to Wifi as well as a PC.
"If you have to use public Wifi then use free VPN service like Hotspot Shield, CyberGhost, OkayFreedom, Spotflux, SafeIP or SecurityKISS which will provide the same security a