[susan_segfault]

There's a lot in the book about this - it depends what you mean. Tor has a lot of social and technical design elements that try as best they can to minimise this risk. It would be pretty hard for intelligence services to compromise the Tor organisation in ways that meant they were deploying malicious code, for example. Plus, the way it's grown over the years has also given them some protections.

In terms of deanonymising people through surveillance (for example, by spying on the whole Internet and tracing you through the Tor network), Tor explicitly doesn't protect you against this. The decision was made early on - they switched all the high-security design elements to 'off' to make the network faster. They calculated that a hyper-secure network that was so slow no-one used it was less secure - i.e. made less privacy exist in the real world - than one that was less secure but used by millions, because that would give you a huge crowd of people to hide in. This gets really complicated - because you also want lots of different kinds of people using the network, so they can't tell if you're a drug dealer, an activist, a spy etc. just because you're using Tor.

Individual bits of major intelligence organisations can probably deanonymise you at some times, and not at others. The real question is if they can do so in a way that's dangerous to you in a sustained way, and if it's actually useful for them to do this. Usually, it's easier to do this through simpler mechanisms (bribing your friends, putting a camera in your bedroom, figuring out who you are etc.) than compromising the Tor network. Some security services absolutely will be researching and developing ways to deanonymise larrge numbers of Tor users at a given time - but in general, the budget for this is going to be quite high on a per-user basis (so you'd have to be a prime target for it to be worth it), and a lot of the complexity of the Internet geography makes this quite hard itself.

Ultimately, for any given high value target, there are usually easier ways to get them than through breaking Tor. In almost every case, a person will make a basic OPSEC error long before mass-scale traffic analysis gets them.

[generalizations]

The scenario that I understand is more plausible, is when state level actors might control some large fraction of tor nodes. Not that they have visibility into the entire internet (not ruling that out, though). The rule of thumb I've heard is that if you're a sufficiently valuable target, best assume Tor is compromised.

[belorn]

Controlling a large fraction of tor nodes is possible, but there is a large cost associated with it. Tor has a reputation system when it comes to nodes, and in order to gain a large fraction of tor nodes you need to continuously have a presence for a long period of time. Having such long term presence also risk gaining visibility and become detected, and require good and consistent secops. As the network expands this also mean the attacker need to expand in equal rate.

It is a assumed vulnerability of the network. The biggest question is if any state actor would consider it economical to do it compared to alternative methods. Personally I suspect that it is actually cheaper to have visibility into the entire internet, since that method bring value beyond tor and you do not need major secops to pull it off.

[generalizations]

Wouldn't the long term cost of doing that be amortized over all the potential targets it would help provide information on? Seems like it would be a valuable capability to maintain in the long term. Hundreds or even thousands of tor nodes would likely be a minor fraction of the budget of whichever state actor cared about doing that.

[jazzyjackson]

"don't become an enemy of the state" is my go-to security posture

[llmblockchain]

"don't become an enemy of any state" which is a little trickier.

[geraldhh]

same, though there are ppl that become so by chance or occupation

[barbariangrunge]

What about whistleblowers?

[generalizations]

I mean, the upstream question we're discussing is whether tor is appropriate if your threat model includes state actors.

[CommitSyn]

If you have a suspected target and you can shape traffic on the internet (state actor) there's a much easier way to gain access to the websites visited by your target than by controlling a large number of nodes. It's still noisy, but doesn't generate any scary warnings in tor browser (unless you look at the logs, or pay attention to your connected nodes like with the Onion Circuit GUI in Whonix).

Use a DoS attack against nodes, like the 2-3 years ongoing attack which has lately progressed to a 100% CPU usage DoS against any targeted node. You still have to control a decent number of nodes, but you simply DoS (or DDoS, much noisier) the nodes that your target is connecting to. Once you have them connected to your guard, relay, and exit nodes, you continue the DoS on other nodes until you get the data you need - shorter time is better. I believe this method is being used currently, as I read a post from someone about it recently and noticed something similar happening when I started paying attention to nodes, although it seems it may have stopped for now.

I'm sure there are many vulnerability chains being exploited in tor. Here's an interesting tidbit from the Snowden leaks, which most people took that screenshot of "tor stinks :(" to mean it's safe. At least with JavaScript completely disabled, right?

> Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.

> According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR. The Quantum system

> To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

> In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

> They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

> The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".

From https://www.theguardian.com/world/2013/oct/04/tor-attacks-ns...

Let's not forget about the NSA backdooring internet backbone routers and slurping data from undersea cables https://en.m.wikipedia.org/wiki/ANT_catalog

It's quite clear to me the US (and the other major Western players) are preparing for a large-scale war and know a great deal of spies are already living in the country. Warrantless wiretaps for any connections outside of the USA, and mandatory KYC for any cloud providers (VPS etc) within the US. In other words, the surveillance dragnet is now operating at a complete and full scale. Privacy is dead. If you would like to be an activist or give valid criticisms of the government, just know that your devices are likely going to be hacked and your communications decrypted. Airgapped computers may for now be safe with a faraday cage and components stripped out. Mesh networks like Briar are only useful as long as your phone is secure.

I wish I was simply being overly paranoid.

https://www.brennancenter.org/our-work/research-reports/refo...

https://torrentfreak.com/u-s-know-your-customer-proposal-wil...

https://www.ic3.gov/Media/Y2024/PSA240425

https://www.gov.uk/government/news/new-powers-to-seize-crypt...

[Jerrrry]

>DoS nodes

DoS'ing a server and correlating timeouts is a well-known but still discernible technique.

Random delays and packet data have been added to help bugger against this and timing/padding/other side-channel attacks.

At this point most servers operate multiple random timeouts + blackouts + array of mirrors/jugglers to mitigate this de-anonymization technique.

[keepamovin]

One gap seems to be provision of HTTPS for onions. LetsEncrypt should really get on this. Aligns well with their mission right?

[htrp]

The rubber hose cyptography xocd comes to mind

https://xkcd.com/538/