[daveloyall]

I am naive on this topic.

Sincere question: don't these facts call the utility of SELinux and Tor into question?

If the answer is "because math", well... I don't speak math. Being illerate in this manner, I must depend on the reputations of the parties involved (and the reputations of the parties that report who was involved!).

So... Can a person who does not trust the NSA trust products they paid for?

[simoncion]

> Can a person who does not trust the NSA trust products they paid for?

Remember a couple of things:

* The NSA relies on SELinux as a part of their internal computer security system. (However, as the NSA document leaks reveal, even the best system fails when poorly configured!)

* Both SELinux and Tor are open source software, developed in the open. It's not unthinkable that there's a problem with the design of the software of either project, but the commit history and mailing lists of both projects are available for public perusal and audit.

* Well regarded security researchers have looked at both Tor and SELinux and declared them to be reasonably well designed systems that do what they say on the tin.

Anyway. If the NSA involvement really squicks you out, there's always either Grsecurity and PaX [0] or AppArmor [1]. Grsecurity is primarily developed by Brad Spengler. PaX is developed by an anonymous cabal known as PaX Team. [2] AppArmor has been developed by Canonical (the Ubuntu guys) since ~2009.

[0] https://en.wikipedia.org/wiki/Grsecurity

[1] https://en.wikipedia.org/wiki/AppArmor

[2] AIUI, it is the PaX Team's refusal to identify themselves that prevents Grsecurity and PaX from ever being merged into mainline Linux.

[jlgaddis]

> The NSA relies on SELinux as a part of their internal computer security system.

And DISA STIGs (e.g., for RHEL) require SELinux to be enabled and enforcing.

[simoncion]

Man, those STIGs are both a blessing and a curse for defense contractors.

A blessing, 'cause if your system is configured as per the STIG, there's not a damn thing the auditors can say when they roll through.

A curse for many folks deploying a Linux system, 'cause if your particular variant of Linux doesn't have a STIG, -regardless of how similar it is to one that does- IME there's next to nothing you can do to get an auditor to approve the hardening work you've done.

[SchemeLisp]

Slightly off-topic here, but flipping through this[1] Abstract Algebra textbook(2009), I found it amusing that the author thanks NSA for support among others :D.

[1] http://www.amazon.com/Algebra-Chapter-Graduate-Studies-Mathe...

[INTPenis]

You can definitely trust the sensational value in finding out that any project advocating freedom and data security would be exploited by a government.

That's what I do, it's not perfect but I love reading source code and figuring out how things work so I know others, much smarter than me, love that too.

The public cases of the US government going after Tor, for example, have all read like external attacks on the protocol design flaws to build a larger case.

I would be more suspicious over placing exit nodes in libraries because I assume they're state owned in the US. Don't know since I'm not from there though. I just think it's sort of ironic because the attacks that have been performed all required possession of exit nodes.

[simoncion]

> I would be more suspicious over placing exit nodes in libraries...

Librarians are more often rabidly pro-privacy and pro-anonymity than not. They're often very well read, well educated, and know their history.

> I just think it's sort of ironic because the attacks that have been performed all required possession of exit nodes.

Unless you have information that I do not (if you do, please link to it) control of a single exit node gives you no more power than your ISP already has over you. What attacks were you thinking of? Keep in mind that Tor explicitly does not protect against:

* An adversary that can listen to the communication between a large number of nodes in the Tor network and targeted Tor users. (Similarly, Tor cannot protect against a malicious adversary who controls a very large number (1/3? 51%? I can't remember) of the nodes in the Tor network.)

* Tampering with or recording of the data that leaves or is returned by a Tor exit node. (Again, this is an attack that anyone between you and your communication partner can launch, whether you're using Tor or not.)

[INTPenis]

>Librarians are more often rabidly pro-privacy and pro-anonymity than not. They're often very well read, well educated, and know their history.

Few librarians are involved in network operations at the library though. I'm just speaking from my experience here in Sweden but that stuff is usually handled by a local IT department or out sourced to a company.

So the danger would be in having a federal oversight on network operations of libraries. I do not believe we have that in Sweden at least. Probably the US government allow libraries to manage themselves on that front too.

>Unless you have information that I do not (if you do, please link to it) control of a single exit node gives you no more power than your ISP already has over you. What attacks were you thinking of? Keep in mind that Tor explicitly does not protect against:

Exit nodes, as in plural.

So hypothetically if the federal government did manage network operations for libraries in the US, and the Tor network was successful in onboarding many libraries in this project, that could mean massive control of Tor exit nodes.

[ridgeguy]

I don't think they're state-owned, but they depend on community and county (and maybe state and Federal) sources for funding. Depending on the community politics, libraries could face funding cuts for running exit nodes.

If the library staff are at all bureaucrat-savvy, they can probably obfuscate the activity. I hope so. I think this is a very good idea.

[andreyf]

I think he means state-owned in the sense that the IC can easily watch the traffic going to and leaving the exit node, and with many exit nodes leveraging this into a passive attack on the network.

If this is true, if ToR is to stick to a goal of establishing truly anonymous browsing, ToR needs to establish links through a diverse number of jurisdictions.

[daveloyall]

That is interesting. Yes, many states have a "schools and libraries" WAN which public and private EDU-related facilities participate in. Said network is surely monitored by commercial network appliances. (BlueCoat et al.)

I haven't heard of them being monitored in more competent ways, but the opportunity is surely there.