The Tor Project web site makes a bold claim to its users:
"Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor."
Don't misinterpret this claim. It's not true that Tor protects you against "anyone monitoring your browsing".
On this web page, I provide you with the critical information missing from the Tor Project's website: if you estimate your adversary's resources in dollars, I'll estimated the probability that Tor will fail to protect you.
If an adversary is spending tens or hundreds of thousands of dollars to find you, that's a lift that most threat actors won't be able to do. Especially if they have to host a significant number of exit nodes for a lengthy period, which often means serving unlawful content which is very awkward for law enforcement.
It's definitely better than regular browsing for security, but it's not perfect.
Unfortunately, the money isn't just to find "you". You rent arbitrary exit nodes, and if you spend ~$30k / month, you'll be able to deanonimize >50% of users using Tor each month.
But the calculator states that if the investigating party has $150,000 a month budget for all targets they have a 100% certainty of getting your IP address... obviously this is false, so what else has the author claimed that is also not true?
The math and the code is all there. I’d love to have a discussion about what the real value is. Further, why hasn’t the Tor Project provided this calculation? Why hasn’t anyone? I think it’s necessary.
"As C3P will tell you: CSAM distribution on Tor onion services is not inevitable."
Lol, are we using the regular internet as an example of preventing all CSAM?
We've known for years that owning enough nodes results in the compromise of privacy and that it's likely the NSA has achieved this. Although there is some question around how that plays out if adversaries like China are also competing for similar node share percentage.
Correct me if I'm wrong, but this feels like a long-winded way of saying: if an adversary could control a significant portion of relays without being found out and for a not-insignificant period of time, it could defeat Tor.
Is it correct? Probably.
Does it justify the "Not secure at all" indictment? No.
The calculator also misleads in another direction, in that it could underestimate the probability of failure by only considering the "takeover" scenario, while I think it is much more likely to be defeated via other OpSec failures.
I wouldn't use Tor or any other anonymous services like SecureDrop without a VPN (preferably multi-hop). Otherwise you're advertising to the world that your IP address uses Tor, and that alone can be a huge reduction in the solution space for your adversary to deanoymize you.
"The small set of people that centrally control Tor software and centrally manage the Tor network have the power to act to stop this abuse without lessening their (weak) protections."
That the author has received funding from the DOJ makes me wonder what their proposed solution is.
> Why has the Tor Project created a network used extensively for child sexual abuse
Hottest take of the week right there.
Why do they seem to imply that Tor was somehow created explicitly with this purpose in mind? That's like saying only criminals use the Internet, just because it can be used to commit crimes.
I think they are taking Tor's words and applying it to a much broader scope than they originally intended.
> Tor Browser prevents someone watching your connection from knowing what websites you visit.
If someone is watching only your connection as it exits your local ISP and nothing else, then yes, this is in fact true. It's just not articulated that plainly.
But if the author actually went as far as they are trying to, they might as well tell people to just give up because there's a chance your attacker already controls the destination server you're talking to in the first place.
If you're going to the trouble of trying to calculate the chances that nodes in the middle are compromised, why not include the destination itself too?
> The small set of people that centrally control Tor software and centrally manage the Tor network have the power to act to stop this abuse without lessening their (weak) protections.
Source: trust me bro
> The world's standards for encrypting data are so secure that no one has enough money or time to brute force their way into properly encrypted data, not even governments. They are better off waiting for a scientific breakthrough that may never come.
This completely disregards the possibility that any one of a number of root CAs aren't already compromised or cannot be coerced by your attacker.
If you're going to claim tor is insecure, you might as well go all the way and say it's pointless to use anything at all, ever.
My apologies. I don’t believe that was their intent to create a network for csam. But after decades of it being used extensively for csam, why would they take no corrective action?
Clickbait title is usually a good indicator of clickbait content.
I see in the comments that the author is an academic, my cursory look of the site makes me disappointed to see such weak rigor applied here. This looks like a hit piece dressed up to sound scary. Not going to waste my time further on its claims when on the surface its given me this impression. Strikes me as yelling and not listening type of personality.
emeryberger|5 months ago
datadrivenangel|5 months ago
It's definitely better than regular browsing for security, but it's not perfect.
_alternator_|5 months ago
neutered_knot|5 months ago
leakycap|5 months ago
But the calculator states that if the investigating party has $150,000 a month budget for all targets they have a 100% certainty of getting your IP address... obviously this is false, so what else has the author claimed that is also not true?
saithound|5 months ago
bnl_umass|5 months ago
giantg2|5 months ago
Lol, are we using the regular internet as an example of preventing all CSAM?
We've known for years that owning enough nodes results in the compromise of privacy and that it's likely the NSA has achieved this. Although there is some question around how that plays out if adversaries like China are also competing for similar node share percentage.
bnl_umass|5 months ago
Gathering6678|5 months ago
Is it correct? Probably. Does it justify the "Not secure at all" indictment? No.
bnl_umass|5 months ago
Gathering6678|5 months ago
roncesvalles|5 months ago
IAmBroom|5 months ago
How exactly does someone in China or North Korea go about getting a multi-hop VPN to access Tor?
superfishy|5 months ago
That the author has received funding from the DOJ makes me wonder what their proposed solution is.
ranger_danger|5 months ago
Hottest take of the week right there.
Why do they seem to imply that Tor was somehow created explicitly with this purpose in mind? That's like saying only criminals use the Internet, just because it can be used to commit crimes.
I think they are taking Tor's words and applying it to a much broader scope than they originally intended.
> Tor Browser prevents someone watching your connection from knowing what websites you visit.
If someone is watching only your connection as it exits your local ISP and nothing else, then yes, this is in fact true. It's just not articulated that plainly.
But if the author actually went as far as they are trying to, they might as well tell people to just give up because there's a chance your attacker already controls the destination server you're talking to in the first place.
If you're going to the trouble of trying to calculate the chances that nodes in the middle are compromised, why not include the destination itself too?
> The small set of people that centrally control Tor software and centrally manage the Tor network have the power to act to stop this abuse without lessening their (weak) protections.
Source: trust me bro
> The world's standards for encrypting data are so secure that no one has enough money or time to brute force their way into properly encrypted data, not even governments. They are better off waiting for a scientific breakthrough that may never come.
This completely disregards the possibility that any one of a number of root CAs aren't already compromised or cannot be coerced by your attacker.
If you're going to claim tor is insecure, you might as well go all the way and say it's pointless to use anything at all, ever.
nickdurfe|5 months ago
unknown|5 months ago
[deleted]
bnl_umass|5 months ago
basedrum|5 months ago
I see in the comments that the author is an academic, my cursory look of the site makes me disappointed to see such weak rigor applied here. This looks like a hit piece dressed up to sound scary. Not going to waste my time further on its claims when on the surface its given me this impression. Strikes me as yelling and not listening type of personality.