A new release from the
Snowden files by the
GuardianFirst, some background on Tor.
Tor (originally called The Onion Router) is a free anonymous browser.
It describes itself as "an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security."
"Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location."
This post is not about how Tor works. It's about a recent release from the Snowden files by the Guardian that details efforts by the NSA (National Security Agency - one of the major US spy agencies); and GCHQ (the UK equivalent, the Government Communications Headquarters) to peel away the anonymity and privacy offered by Tor.
This is a link to the full "Tor Stinks" top secret NSA presentation to a joint NSA GCHQ counter-Tor workshop focusing on Tor analytics and exploitation, recently released by the Guardian from the Edward Snowden file.
This is quite a technical presentation on how the NSA and GCHQ plan to effectively peel the Tor onion - and remove the anonymity of it's users.
I don't understand most of it, but here are a few points that are made:
- "We will never be able to de-anonymize all Tor users all the time." (But by all accounts they are working on it.)
- "With manual analysis we can de-anonymize a very small fraction of Tor users." (Organizations that have annual operating costs in the $billions aren't likely to rely on "manual" analysis very much).
- There is a lot of talk about nodes and directing traffic to friendly nodes.
- The GCHQ runs Tor nodes under Newton's Cradle (Sorry, it does not say what
- GCHQ also set up Tor nodes on the Amazon AWS cloud
- Cookies are seen as a tool to identify and attack Tor users.
- There is a proposal to use Quantum to degrade/deny/disrupt Tor access (This may be reference to the Quantum supercomputer jointly operated by the NASA and Google [and presumably the various intelligence agencies]). There is an associated proposal to use Quantumcookies to force clients to divulge stored cookies.
- It concludes that:
- "Tor stinks ... but it could be worse".
- A critical mass of targets use Tor. Scaring them away from Tor may be counterproductive.
- The goal of the NSA and GCHQ is to increase their success rate in obtaining the true IPs for individual Tor users.
The following link is to a Washington Post leaked document - a 2006 research paper produced for the NSA's "Cryptanalysis and Exploitation Services" office. "It lays out the technical features of Tor and proposes a number of theoretical and practical attacks, some of which the NSA developed and used in subsequent years. Among other things, the paper describes an NSA-written adaptation of Tor, "indistinguishable from an original Tor client," which enables the NSA to gather intelligence inside the network. It also describes two kinds of "denial of service" attacks against Tor, code-named Coil and Flower, which are used to divert would-be anonymous communications into open channels."
The BBC Technology news reports that the NSA allegedly infected computers in an attempt to look at web traffic at both ends of the encrypted Tor communication path, rather than decrypt the path itself.The agency used links with US telecoms companies to sift vast amounts of internet data and identify traffic from computers connecting to Tor, the report said.
Once the users' machines were identified, the NSA allegedly used secret internet servers, codenamed FoxAcid, to infect the computers with malicious software. The BBC report says that the NSA used software called EgotisticalGiraffe to attack vulnerable older versions of the Firefox web browser.Tor remains the browser that provides the greatest privacy of all of the existing browsers - but it must be remembered that it is 80% funded by the US government and 20% funded by the Swedish government and non-government agencies.
Other anonymous browsers have been closed down owing to the US government demanding encryption keys (including, as has recently been disclosed, Lavabit - which was the service Edward Snowden apparently used).
My interest in Tor is related to my general interest in invasion of privacy and the insecurity of personal and business information. I don't have training in computer science; and acknowledge that I don't know how computer systems work. Being one of the ignorant masses, it's a bit like magic.
The Tor Stinks presentation does suggest that the global spy agencies have not yet been able to disable to destroy or subvert Tor. But they are certainly working at peeling the onion open.
The vast majority of users of Tor (other than the military, police and probably government agencies from multiple countries) are likely ordinary folk who don't have anything to hide, and just want their right to privacy respected.
There is a dark criminal underbelly who apparently also use Tor. I don't mind villains (criminals or terrorists) being unmasked. But, I think that looking for criminals and terrorists does not warrant giving the NSA and GCHQ and the related US and UK governments power over not just the privacy of individuals - but control over the last bastion of secure communication for military, police and government agencies from other countries too.
Are governments, along with businesses and ordinary people the world over destined to have any chance of privacy stolen from them by the US and UK? Why is the world allowing this? Why isn't the UN doing something positive about it?
The risks to loss of security of personal, business or government information are huge.
The volume (in the 100s of thousands) of people with access to personal, business or government data significantly increases the likelihood of substantial errors, abuse and fraud.
There is no convincing evidence that this spying has been effective in stopping terrorism or even criminal behavior. (What happened to all the rich tax dodgers - who were outed by whistle blowers, not spies? Nada, Nothing. Because the tax dodgers are protected by government, and some may actually work in government, or be cronies of the power elite in government, or front organizations for government agencies.)
Terrorism won't stop as long as countries (including major powers) selectively choose to invade other countries on pretext of countering terrorism - and overtly or covertly participate in civil wars to unseat or support incumbent governments because the preferred leader will create a better political climate for the economic interests of the invaders.
Global spying is like militarism - it is principally for political and economic gain, not to protect ordinary people. Only an ostrich would think otherwise.