In crypto we trust, but can we trust Tor?

We know for years that Tor is funded by the US Government. (2012 Financial Statement is here)

Some say that’s because the US government need a secure method to communicate with their agents. They’re everywhere around the world and they need secure communication.  This tool can help organizing things with strategic interest for the US economy as well. This group (including the developers of course) say: It’s all Open Source and good and safe and secure. Trust us!

But there’s another group of people who think different. They say – just follow the money and you’ll see that it’s paid by the US Government. They created a honey trap for all the dissenters to categorize, bundle and monitor them. Maybe they use it for secure communication with their agents as well, but we’re pretty sure that theirs a backdoor and they spy on all of us. They’re running a lot of exit-nodes and… You know what I mean.

What’s the truth? Can we trust Tor?
First you need to know that every security package ever delivered is deceptive.
You can’t trust neither the organizations nor the people working on it. You can’t trust the software created or the service provided. You’ll never understand the whole picture when it comes to the “Security industry”. This branch of the Military Industrial Complex is far above average growth. It’s a perfect cash machine that sells immunity – the irrational feeling of being save whatever happens. Countries (like the USA) are happy to spend billions of dollars for this illusive feeling. And then… a (more or less talented) playing kid hacks into SCADA or grabs some personal data from a poorly coded website and another bunch of millions of dollars are spend on security. The industry is like the Casino – it cannot loose.

Secondly you need to understand that the area of operation of a spy agency is –well, spying. This is not limited to foreign countries, diplomats and military secrets. It’s a all-embracing approach of gathering data about each and every one worldwide. The only limits are set by strict policies and oversight by lawmakers. Governments need that gathered data to rule, police needs it to preserve the system, economy needs it to find their advantage in competition … and so on.

Keeping above in mind and being (eventually) a US masterspy I would spend whatever amount of money to develop and run something like Tor.  But I also want to be very sure that there’s a “secure” backdoor implemented that enables my organization (and only my organization) to have all the information flowing through that net in plain text. Maybe later I would share the information or this backdoor with other agencies in return to having access to information gathered by them.

Wait – there’s a failure.
If there’s nothing like security (in the real world) there’s also nothing like a “secure backdoor”. So when we search the code we’ll find that backdoor and get access to that information. Cool.
Sorry, but that sounds much easier than it is. You need to be Jacob or one of maybe one hundred coding gurus to understand the program and the crypto stuff in it.

So what – is Tor secure, or not?
To be honest: I’ve no idea.

Best approach is to expect being monitored. You may use a fresh cash paid computer, install GNU/Linux, VMs, VPNs, use Tor, gnupg, jabber, encrypt all your files and communication, do everything ‘internet’ only via free open public WIFI, get paranoid  – and you know – feeling followed doesn’t mean you’re not actually followed…Stop!
You may follow my path by using different VPNs and Tor as well but please: Do Not Trust!
Anyhow you may join in, read the code and try to understand what’s going on. But be warned that’s hard work and it separates you from the blabbering nitwits. 🙂

29.08.2013, JD


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: