[INTPenis]

You can definitely trust the sensational value in finding out that any project advocating freedom and data security would be exploited by a government.

That's what I do, it's not perfect but I love reading source code and figuring out how things work so I know others, much smarter than me, love that too.

The public cases of the US government going after Tor, for example, have all read like external attacks on the protocol design flaws to build a larger case.

I would be more suspicious over placing exit nodes in libraries because I assume they're state owned in the US. Don't know since I'm not from there though. I just think it's sort of ironic because the attacks that have been performed all required possession of exit nodes.

[simoncion]

> I would be more suspicious over placing exit nodes in libraries...

Librarians are more often rabidly pro-privacy and pro-anonymity than not. They're often very well read, well educated, and know their history.

> I just think it's sort of ironic because the attacks that have been performed all required possession of exit nodes.

Unless you have information that I do not (if you do, please link to it) control of a single exit node gives you no more power than your ISP already has over you. What attacks were you thinking of? Keep in mind that Tor explicitly does not protect against:

* An adversary that can listen to the communication between a large number of nodes in the Tor network and targeted Tor users. (Similarly, Tor cannot protect against a malicious adversary who controls a very large number (1/3? 51%? I can't remember) of the nodes in the Tor network.)

* Tampering with or recording of the data that leaves or is returned by a Tor exit node. (Again, this is an attack that anyone between you and your communication partner can launch, whether you're using Tor or not.)

[INTPenis]

>Librarians are more often rabidly pro-privacy and pro-anonymity than not. They're often very well read, well educated, and know their history.

Few librarians are involved in network operations at the library though. I'm just speaking from my experience here in Sweden but that stuff is usually handled by a local IT department or out sourced to a company.

So the danger would be in having a federal oversight on network operations of libraries. I do not believe we have that in Sweden at least. Probably the US government allow libraries to manage themselves on that front too.

>Unless you have information that I do not (if you do, please link to it) control of a single exit node gives you no more power than your ISP already has over you. What attacks were you thinking of? Keep in mind that Tor explicitly does not protect against:

Exit nodes, as in plural.

So hypothetically if the federal government did manage network operations for libraries in the US, and the Tor network was successful in onboarding many libraries in this project, that could mean massive control of Tor exit nodes.

[ridgeguy]

I don't think they're state-owned, but they depend on community and county (and maybe state and Federal) sources for funding. Depending on the community politics, libraries could face funding cuts for running exit nodes.

If the library staff are at all bureaucrat-savvy, they can probably obfuscate the activity. I hope so. I think this is a very good idea.

[andreyf]

I think he means state-owned in the sense that the IC can easily watch the traffic going to and leaving the exit node, and with many exit nodes leveraging this into a passive attack on the network.

If this is true, if ToR is to stick to a goal of establishing truly anonymous browsing, ToR needs to establish links through a diverse number of jurisdictions.

[daveloyall]

That is interesting. Yes, many states have a "schools and libraries" WAN which public and private EDU-related facilities participate in. Said network is surely monitored by commercial network appliances. (BlueCoat et al.)

I haven't heard of them being monitored in more competent ways, but the opportunity is surely there.