The German spy agency BND developed a system to monitor the anonymity network Tor and warned federal agencies that its anonymity is “ineffective”. This is what emerges from a series of secret documents published by the German Netzpolitik blog. The spies handed a prototype of this technology over to the US National Security Agency (NSA), in expectation of a favour in return.
One and a half years later, the BND warned German federal agencies not to use Tor. The hacker unit “IT operations“ entitled its report: “The anonymity service Tor does not guarantee anonymity on the internet”. According to the executive summary, Tor is “unsuitable” for three scenarios: “obfuscating activities on the internet”, “circumventing censorship measures” and “computer network operations for intelligence services” – spy agency hacking. The BND assumes “a very high level of surveillance within the network”, including the possibility that anyone can “set up their own so-called exit nodes for monitoring”.
Tor uses 1024-bit RSA, (A recent Ars Tech article said everybody should move to 2048, so it’d be nice to have some reassurance here.)
Tor project continue to accept money from the US Department of Defense and the Broadcasting Board of Governors.
The Tor project allow the Broadcasting Board of Governors to run major Tor relays and exit nodes (saving the traffic for later decryption) that they are part of the CIA/DoD’s psywar operations.
Paul Syverson works at the Naval Research Lab. Or the fact that Dingledine (NSA internship) and Matheson were private contractors for the Naval Research Lab.
HTTPS security relies completely on trusting a central authority (CA’s), and the CA’s are under the control of the NSA.
The same apply as well for debian/fedora/slackware/ecc keys fingerprints. We cant trust the Net because routing makes my traffic pass through the U(/N)SA territory or through ISP that are collaborationists with the Nsa.
If spook organization A happens to operate both the entry node and the exit node for your traffic, they could unravel your identity fairly easily.
If you are using Tor to send unencrypted information about yourself – like your email address or password – it could be captured by the spook’s exit node.
Tor doesn’t protect you against any and all threats. In the overwhelming majority of cases, though, Tor is clearly more secure than going naked into the InterWebs.
And remember that everything that our government cannot control it is illegal, and you don’t find it’s in google.