Comment by system33-

Comment by system33- a day ago

13 replies

View on Hacker News

“The western governments run most of the exits” is one of those things everybody “knows” but rarely backs up.

The list of all relays is public knowledge by design. There’s contact information attached to relays. The big operators are known individuals and organizations. They contribute. Interact.

Which ones are actually the governments doing bad things against their citizens? It’s hard to tell? Then why do you make such claims?

Relays that observably do bad things are removed from the network all the time. Are those ones the government? Tor seemingly has a reasonable handle on the situation if that’s the case.

If the fed is doing correlation attacks, why would they run relays at all? “Just” tap the IXPs near major hubs of relays. Or heck, get data from the taps you already had. Silent and more widespread.

Pushing people away from tor potentially makes it even easier to deanonymize them, depending on the adversary model assumed.

lcnPylGDnU4H9OF a day ago

> “The western governments run most of the exits” is one of those things everybody “knows” but rarely backs up.

Thanks for pointing this out. Seems obvious in retrospect but I don't really recall seeing a lot of evidence for this despite seeing the claim quite commonly. That said, the use of "rarely" makes me wonder what evidence has been presented in such rare instances. Just curious. (Of course it's also fine if the phrasing was just communication style.)

Reply View 0 replies
Spooky23 a day ago

Tor was literally developed by the intelligence community. I’m sure there are a variety of means to gather actionable intelligence from it, with or without the cooperation of the exit node volunteers.

Beyond a principled stance re communications, I can’t think of a reason to use it. If you’re planning to resist some regime that controls telecom infrastructure, the fact that you’re using it is both uncommon and notable.

Reply View 11 replies
  • system33- a day ago

    Tor was literally developed by the Naval Research Lab. Not a part of the IC.

    I know because I work there. AMA (edit: about tor. Because people say a lot about it without actually knowing much. But now I should put my phone down so… too late!)

    To protect our most sensitive communications and vulnerable communities , Tor usage should be normalized so it is common and not notable.

    Reply View 8 replies
    • amatecha a day ago

      I think if the Tor Project wants to boost their network they might try putting anything about how to do so on their website, easily-accessible. I'm trying to figure out how to run a relay and having a pretty challenging time finding anything at all about this. They just really want me to download Tor Browser, it seems.

      Edit: I finally found it![0] I had to go to Donate, Donation FAQ, "Can I donate my time?" , "Learn more about joining the Tor community.", and then "Relay Operations" -> "Grow the Tor network" at the bottom right. I would really hope there's a more direct path than this...

      [0] https://community.torproject.org/relay/

      Reply View 2 replies
      • system33- a day ago

        Sorry that it is hard to find. This is the root link to point you towards.

        https://community.torproject.org/relay/

        Thanks for considering to run a relay.

        Reply View 1 reply
        • amatecha a day ago

          No prob - and thanks! Looks like I found it right as you were drafting this message. It would be really useful to add some call to action about "Help grow the Tor network!" anywhere on the home page. Partly just to increase the "welcoming-ness" but mostly to reduce friction for ppl who want to contribute, and help make it clear that the network needs support from whoever :)

          Reply View 0 replies
    • Nathanael_M a day ago

      Unrelated to Tor, what was your favourite project to work on that you're allowed to talk about? That must be a fascinating job.

      Reply View 2 replies
      • system33- a day ago

        Unfortunately the tor part is the part I can most obviously talk about. Not that I work on anything classified. I just need to be mindful.

        I got to travel to Canada, Mexico, and Europe (from the US) for tor meetings and privacy-enhancing technology conferences.

        More or less every single cell that goes through the tor network today is prioritized and scheduled by the cell scheduler I wrote.

        Reply View 0 replies
      • [removed] a day ago
        [deleted]
        Reply View 0 replies
    • Jach a day ago

      I still think the IC, and especially the state department, benefits from having Tor fulfill its actual design goals most of the time. There are operations and state department goals that can benefit from Tor working properly. It's the same with encryption in general -- the IC benefits from there being strong and bug-free crypto implementations. That they have in the past backdoored some of them doesn't change that they've also hardened others. I'm sure they come up with and deploy various attacks on Tor all the time, same with foreign nations (whom the state department would like to thwart). I'm skeptical though that they can do working attacks at any time and against any set of people.

      For your AMA, if you want: How's the job? What keeps you working there? How's patriotism these days?

      Reply View 1 reply
      • system33- a day ago

        The job these days is boring but secure. Tor stuff was more exciting, then I switched teams because grass-is-greener.

        At least for the teams I have been on and my view of leadership, there is very little political talk.

        But patriotism isn’t politics… lol. The higher you get the more “hoo rah America!” is a part of the motivational speech or report or whatever. Down here in the streets it’s just another job. Pride in the country isn’t much of a driver. At least for me.

        Reply View 0 replies
  • pushupentry1219 a day ago

    > Tor was literally developed by the intelligence community. I’m sure there are a variety of means to gather actionable intelligence from it, with or without the cooperation of the exit node volunteers.

    These two statements make little sense together. It was originally developed by the Navy. Okay. So why would they design it from the get-go with such a fatal flaw that would risk their own adversaries gathering "actionable intelligence" from it?

    I'd like to stress if we're talking about the Navy's involvement, then you're questioning the design of the whole thing from the very beginning, not just the current implementation.

    Reply View 1 reply
    • llm_trw a day ago

      People saying that the government funds Tor so it's insecure is like saying that the government funds the army which kills people on purpose, so any government hospital will also kill people on purpose

      Reply View 0 replies