Forgot your password?
typodupeerror
Encryption Government Privacy The Internet

NSA Agents Leak Tor Bugs To Developers 116

Posted by Soulskill
from the right-hand-thinks-the-left-hand-is-a-jerk dept.
An anonymous reader writes: We've known for a while that NSA specifically targets Tor, because they want to disrupt one of the last remaining communication methods they aren't able to tap or demand access to. However, not everybody at the NSA is on board with this strategy. Tor developer Andrew Lewman says even as flaws in Tor are rooted out by the NSA and British counterpart GCHQ, other agents from the two organizations leak those flaws directly to the developers, so they can be fixed quickly. He said, "You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don't get to see in most commercial software." Lewman estimates the Tor Project receives these reports on a monthly basis. He also spoke about how a growing amount of users will affect Tor. He suggests a massive company like Google or Facebook will eventually have to take up the task of making Tor scale up to millions of users.
This discussion has been archived. No new comments can be posted.

NSA Agents Leak Tor Bugs To Developers

Comments Filter:
  • by JeffOwl (2858633) on Friday August 22, 2014 @09:38AM (#47728629)

    He suggests a massive company like Google or Facebook will eventually have to take up the task of making Tor scale up to millions of users.

    If one of those guys gets their hands on it you can forget about using it to hide anything from the government.

  • Another Angle (Score:5, Insightful)

    by Talderas (1212466) on Friday August 22, 2014 @09:54AM (#47728753)

    Am I alone in thinking that the NSA doesn't really care about exploiting flaws in TOR but rather is more interested in encouraging its use because they've exploited something else?

  • OPSEC (Score:5, Insightful)

    by Noryungi (70322) on Friday August 22, 2014 @09:58AM (#47728783) Homepage Journal

    If you are a Tor programmer, and if there are really NSA/GCHQ insiders who actually help you to correct bugs... For Pete sake, just keep quiet about it!!!

    Now, both agencies will have to initiate a mole-hunting operation, and you will lose these valuable insiders!

    On the other hand, it may paralyze these agencies for months, maybe even years, while they try to figure out who has been leaking invaluable bug information back to the Tor project.

    So it might be a wash. Either way, it also probably means that people inside the Puzzle Palace and the Donut are beginning to realize that enough is enough, so that is also encouraging.

  • by LordLimecat (1103839) on Friday August 22, 2014 @10:00AM (#47728791)

    Are you aware that Google is one of the last big internet guys who refuses to cooperate with the Chinese government? Or that they cooperate with the EFF, and run ChillingEffects to make people aware of draconian DMCA takedowns?

    Everyone's so eager to lynch the one big corporate ally that OSS / privacy advocates have.

  • by Anonymous Coward on Friday August 22, 2014 @10:19AM (#47728945)

    Seeing that the Chicoms aren't in a position to rendition, disappear, or NDAA top level management at Google, big whoop. As for Chilling Effects, another big whoop since Google probably receives 90% of all DMCA takedown requests, which is costly for them.

    As for calling the top advertiser on earth a privacy advocate, that is beyond ridiculous.

  • by cshotton (46965) on Friday August 22, 2014 @10:23AM (#47728993) Homepage

    It would be naive at best to think that Google is the "one big corporate ally that OSS" has. If you want to try and hang that badge on a single company, it's probably IBM. And regardless of the value and quantity of OSS contributions and support, definitely don't make the mistake of thinking that "Google" and "privacy" belong in the same sentence unless it has "doesn't do much to ensure" between those 2 words.

  • by mlts (1038732) on Friday August 22, 2014 @10:35AM (#47729149)

    Tor needs a PR boost if that ever is going to happen. As it stands right now, it is SOP for an admin to block all exit nodes at the incoming router, the IP stack on the machine, the web server, and the application, because of abuse.

    No big company is ever going to touch Tor as it stands right now, because of its reputation as a service for criminals (q.q.v. Four Horsemen of the Infocalypse.)

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...