I believe it is worthwhile having a discussion about this. I don’t want to believe that Tor is a honeypot but the information presented here does not sound good.
If you participate in the discussion, please have read the linked page (yes, I know it is long). The goal is a productive discussion—not noise.
A very major flaw of the article’s presentation is that the evidence is a bunch of screenshots that are not directly referenced to the respective mailing list URL, so there is no convenient method to verify the claims. In addition, the questions do not have conclusive answers, so it relies on FUD from readers in order to give credibility to the article.
I’m sure people will disagree with me vehemently, but two things stand out with this.
First, the FBI is tremendously incompetent, especially when it comes to anything technical. If you listen to any podcasts about crime and anything online, or cyber criminals and investigations, the FBI does not use surreptitious means to get into anything. Probably because it would lead to questionable evidence collection. The FBI would rather do things like create and run an entire fake-encrypted “privacy phone” network to catch criminals. Which doesn’t exclude the honeypot angle, but means TOR would have needed to have been a honeypot from the start - and remain one that the FBI pays for to this day. The Anom phone network they brought down once it was good for their annual evaluations and only lasted 3 years. Why has TOR been up for so long?
Second, that nearly all the references to US government connections are surrounding the BBG/VOA and State and anti-censorship. For decades the US government has happily done everything they could to foment opposition to any governments they don’t like, and paying money to broadcast things like shortwave radio across Eastern Europe, China, and into North Korea because it’s hard to stop. It’s extremely on-brand for US engagement to hinge on “this messes with Russia and China enough to keep it, but you all have to tell us how it works well enough to look at darknet sites and do our own stuff in there.”
Tor was created by the US government to provide anonymity for it’s own spies to conduct their operations anonymously in remote countries
Tor was created by Nick Mathewson, Roger Dingledine and Paul Syverson. Tor is based on U.S. Naval Research Laboratory’s onion routing, where Syverson worked at.
The Tor Project recieves millions in funding from the US government
Bullshit follow the money argument. The US government is not a monolithic entity. Even NSA’s Information Assurance Directoriate and Tailored Access Operations / Cyber Command go up against each other. All agencies compete for funding and try to justify their budget and expansion of it.
It’s fine to use it only if you want anonymity against a state which is not the US nor one of it’s allies.
Here’s a top secret slide from Snowden documents. Anyone with access to this document in 2012 would’ve been black bagged or offed by the CIA.
Source: 'Tor Stinks' presentation – read the full document | US news | theguardian.com
In short, the only way for one adversary to deanonymize the vast majority of the Tor users would either for him to possess a 0day
Zero-days are just vulnerabilities that aren’t patched yet. They are a fact of life. Anyone who’s ever written software knows how shit-hard it is to write perfect software. Zero-day doesn’t make something a honeypot. Honeypot would be, if the software had zero-days that the company knows about, but intentionally delays or refuses to patch.
Or, it would require that adversary to control most of the nodes
Sybil attack isn’t required to deanonymize Tor users. You can do that with end-to-end correlation attacks.
Why would Tor serve the governments ?
Then he points out to slide that shows governments can benefit from traffic analysis resistance. Duh. You don’t want FBI agents to leave official government IP addresses to criminals’ servers.
Why would big tech participate in developing a tool that supposedly undermines it’s ability to trace internet users ?
Looks like Google Summer of code ALSO supported AbiSource Google Summer of Code 2008 | Google for Developers, a FOSS competitor to Google Docs text editor. The conspiracy goes even deeper!
The article cries about Tor being in touch with US government but doesn’t seem to care about the importance of communicating the benefits of dual use goods to the US government. Which is what’s preventing the project from being shut down.
“Using Tor to track users”
Makes scary highlights about emails about visualizing Tor users on a map. Yeah like this
Example of a study on deanonymizing Tor users:
Yeah, selecting EC2 sentinels both as entry and as exit nodes means end-to-end correlation attack. Nothing new. This is THE attack against Tor. It requires a well-funded adversary such as FVEY.
Tor sticks to entry nodes for a very long time so the chances are you’re not going to connect to the sentinel, and you’re fine. Or, if you do, the lifetime of one circuit is 10 minutes.
This is reaching towards sybil attacks. Nothing you can do but make it more popular and grow the network.
They obviously won’t ever admit officially to selling user data, as the userbase would flee from the network.
Or maybe they obviously don’t have the data?
Passive Adversary Deanonymization (the ISP is spying on the traffic)
A single consumer ISP getting lucky enough to have entry and exit nodes is rare.
This is what we covered just above with Team Cymru running Tor nodes for their own profit
This was a wider set of nodes. ISPs aren’t running their own Tor nodes.
Now according to Evgeny (the founder of Simplex Chat, which I’ve directly chatted with about on this topic), his approach to the problem is to rely on the law, KYC the node runners and force them to accept a ToS and sign a contract that contractually prohibits them from selling user data for profit, nor collect it either.
Simplex isn’t doing jack shit about hiding your IP-address by default. I’ve been extremely vocal about this in the past. It’s indeed hilarious Evgeny thinks intelligence agencies would play by the laws. The NSA plays by the secret interpretations of secret laws. It doesn’t give a flying fuck about some KYC when they’re legally obligated to lie about their capabilities and actions to keep the actions covert. The article got this right in
Except that it’s governments that are the ones that want anonymity to disappear on the internet, they are the tyrants that are writing the laws. So that’s not an option either. You cannot rely on the law because the laws are selectively enforced based on which law’s currently popular, and based on whatever the government wants gone.
**IMO The real solution here is to ensure that users’ traffic looks the same using extensive padding on the traffic shape and timing
Traffic flow confidentiality is really important, but Tor isn’t about that. Tor is about masking your IP-address. Looks like the author doesn’t understand the differences between the mechanisms to protect metadata.
The author then posts
which is kind of funny. Decoy destinations may obfuscate intent, but let’s say you connect to google, NYT, WaPo, and youtube, and over the next hour it’s YouTube that’s relaying traffic to you, three guesses which one you were actually using. You’d have to have an autonomous agent running on your system to do three other things at once to hide which one you’re doing yourself. That’s not in Tor’s domain.
Also, if one of them is about making molotov cocktails, you won’t get a free pass in court if you say it wasn’t you but an agent. You’re responsible for what your device does.
As for private data exchange, basically, communication, you’re not connecting to Al-Qaeda just to obfuscate you’re talking to your buddy about ICE. You’ll intercept a hell-fire missile just for the sheer possibility you are a member of Al-Qaeda.
The only nodes that you can trust are the ones that you are running yourself.
Ridiculous. If you are running the entry and exit node, and routing all traffic through those, you’re deanonymizing yourself. It’s like buying two VPS servers, and browsing through proxy chaining those two. It doesn’t work.
But if you are running more than one node (and keeping it a secret of course)
Yes I’m sure I can run an uninspectable Tor node on a server leased from a VPS provider, that can at any time view the server with their out of bound management system. I’m sure they’re extremely interested in fighting to tooth and nail with the government about keeping my server rental secret from the US government. And yes, the VPS companies that accept Monero are definitely not honeypots lol.
So what do I use instead of Tor then ? Yep, you guessed it. I’m working on a Darknet that is going to replace Tor.
So this is an ad for a competing product.
In the meantime we don’t have a choice but to use Tor, because sadly they’re the only usable darknet option out there currently.
99% of the article complained about the clear-web surfing, and the article didn’t even mention hidden or onion services, but they have the audacity to complain about Tor being the only usable darknet option.
I wouldn’t complain if they offered something tangible here, but, they did not address the number one attack, end-to-end correlation, in any way. They didn’t even mention the term. They talked about traffic flow confidentiality, but they didn’t know the term.
This article screams Dunning-Kruger.
Thank you for your contribution to this discussion!
I will focus on continuing on your points regarding Tor’s technical liabilities as they are my main concern.
Here’s a top secret slide from Snowden documents. Anyone with access to this document in 2012 would’ve been black bagged or offed by the CIA.
The slide states that manual analysis could at the time only de-anonymize a very small faction of Tor users. The first issue is that there are much more powerful tools at government’s disposals today which remove the need to any manual analysis.
Over time maps can be built of user behavior through AI-driven traffic analysis, which was in its infancy in 2012 compared to today. While “Tor Stinks” proves that the protocol wasn’t fundamentally broken cryptographically at that time, it does not disprove the “honeypot” theory in the modern context. A honeypot does not necessarily mean the encryption is backdoored; it can simply mean the adversary has enough visibility over the network (Access specific ISPs + run enough Guard/Exit nodes) to perform the end-to-end (E2E) correlation attacks you mentioned.
You pointed out:
Sybil attack isn’t required to deanonymize Tor users. You can do that with end-to-end correlation attacks.
This gets to one of the main problems. The article argues that the US government, through various funding bodies, inadvertently or intentionally encourages a centralized reliance on Tor. An adversary, like the NSA/Five Eyes (which are the major Tor haters generally speaking), that possesses a global view of the internet backbone, Tor’s lack of padding traffic makes E2E correlation much more feasible. The article’s suggestion of decoy traffic might be clumsy implementation-wise, but the underlying criticismm—that Tor lacks enough TFC (Traffic Flow Confidentiality) mechanisms to defeat a global passive adversary—is valid.
Regarding the “follow the money” argument:
The US government is not a monolithic entity. Even NSA’s Information Assurance Directoriate and Tailored Access Operations / Cyber Command go up against each other.
This is a fair nuance. However from the OPSEC perspective, does the internal bureaucracy matter to the user? If the state Department funds it to help dissidents in Iran, but the NSA exploits it to track users globally, the functional result for a user needing protection from the US (or its allies) is the same. The danger lies in the convergence of interests.
So this is an ad for a competing product.
I agree that this heavily colors the article’s objectivity. I am trying to separate the marketing from the technical critique. Even if the author is selling something, the vulnerabilities regarding Sybil attacks and lack of noise/padding in Tor remain topics worth scrutinizing.
Ridiculous. If you are running the entry and exit node, and routing all traffic through those, you’re deanonymizing yourself.
I believe the article was suggesting running nodes to verify network behavior and as a general rule that you can’t trust nodes that you don’t run to not be doing something malicious, rather than routing your own personal traffic exclusively through a single node you control (which, as you said, would be foolish).
TL;DR, article may suffer from some hyperbole, the core question: Has Tor’s threat model (designed 20 years ago) kept pace with the surveillance capabilities of the entity that originally built it and continues to fund it?
I do not really have enough technical knowledge to say for sure one way or the other, but I’m curious…are the claims that TOR intentionally works with the FBI to create a tool they can surveil? Or are the claims that it’s possible TOR is easier to exploit today than people generally think? Because the second claim, I could see being true. The amount the FBI spends on surveillance, it would be trivial for them to run a whole bunch of nodes, and AI traffic analysis is also basically trivial. AI can do the job of thousands of FBI analysts. The claim that TOR is intentionally creating a product that does this seems pretty far fetched.
Funnily enough, the domain posting this article (beginnerprivacy[.]com) is blacklisted by my 1Hosts Xtra DNS blocklist
Which for encrypted traffic means either end-to-end correlation, or mapping your device and guard node traffic against known fingerprints that connecting the server yields.
A honeypot does not necessarily mean the encryption is backdoored; it can simply mean the adversary has enough visibility over the network (Access specific ISPs + run enough Guard/Exit nodes) to perform the end-to-end (E2E) correlation attacks you mentioned.
No a honeypot is specifically either
Tor having a vulnerability or design flaw doesn’t make it a honeypot.
Tor lacks enough TFC (Traffic Flow Confidentiality) mechanisms to defeat a global passive adversary—is valid.
Tor can not have expectation for traffic flow confidentiality because that would require either a heavy bandwidth cap killing e.g. video playback, or, it would have to output at high bandwidth all the time, killing all other connectivity in your network. Tor Relays :: All shows the fastest Tor node has 1091 Mbit/s bandwidth. I have a 100Mbps connection at home. Three guesses how useful would it be if an onion routed link between me and my buddy with say Cwtch would consume 10% of bandwidth of five Tor relay nodes, 24/7.
Or in the case of exit nodes, it would mean I’d have to consume random YouTube videos 24/7, consuming its bandwidth.
A ton of people in this world live on metered connections. This tool does nothing to them either.
However from the OPSEC perspective, does the internal bureaucracy matter to the user? If the state Department funds it to help dissidents in Iran, but the NSA exploits it to track users globally, the functional result for a user needing protection from the US (or its allies) is the same.
The article’s argument was “Tor is not trustworthy because they take bad US government money.” The money isn’t made of magic nor does it come with strings attached. Any money anyone pours in, obviously makes Tor better. Why would they accept money that forces them to undermine all project goals, decades of effort, and their personal values? I don’t think you have any idea what cypherpunks are and how strongly they adhere to their ideology. I’d sooner take down my code than introduce any backdoor to it.
Even if the author is selling something, the vulnerabilities regarding Sybil attacks and lack of noise/padding in Tor remain topics worth scrutinizing.
Yes. But not under an article titled “Is Tor a honeypot”. This Just Asking Questions style of bullshit has no place here or anywhere for that matter. The privacy community has enough FUD to deal with. Whoever wrote that article and advertised their own unreleased software should publish a preprint for experts to scrutinize before advertising it. And they should approach critique towards Tor the same way, instead of the scammy AF look into Tor funding especially when it found zero things to be concerned about.
Has Tor’s threat model (designed 20 years ago) kept pace with the surveillance capabilities of the entity that originally built it and continues to fund it?
Yes, it still holds up. It’s not perfect and there’s a lot of work that needs to be done. But there’s currently nothing out there that’s better for low latency traffic in technical sense. Nym shows potential but will never be faster. That isn’t to say computing power and network speeds couldn’t shrink the gap over time. Nym also comes with the trade off of traffic flow confidentiality, but it’s not shooting it in random directions saturating the mixnet. To hide intent, it’s enough for it to slow down, and delay packets entering and exiting nodes by random amounts so that the entry and exit order varies.
Also
- “You pointed out:”
- “This gets to one of the main problems”
- “The danger lies in the convergence of interests.”
- “This is a fair nuance.”
- “I agree that this heavily colors the article’s objectivity.”
- “remain topics worth scrutinizing.”
- “functional result for a user needing protection”
- “I am trying to separate the marketing from the technical critique.”
- The endless emdashes (—)
- The overly formal punctuation
- A TL;DR summary
Your entire response screams ChatGPT generated post and I’m not sure why you’d do that. Is this low effort damage control?
So I’d like you to clarify if you (co-)wrote the article you linked above, and to let us know if you wrote the reply I responded to, yourself.
Finally, for author competence, there’s the smell test of https://bible.beginnerprivacy.com/ which is so edgy I ran out of bandaids:
I don’t oppose hacker culture and I enjoy watching Hackers (1995) every year or so, but I don’t LARP Crash Override on my spare time.
So whatever social change via criticism these people want to achieve, should look more like this
And less like this:
This isn’t just to bash them for immature sense of aesthetics. Anonymity network requires thousands of nodes and broad spectrum of users. Every user and node operator will remain only as long as as it takes for them to grow up from their edgy years. Then again, maybe the authors also grow up, and find some way to make this usable and credible.
And again, as always, this isn’t to shit on the legitimate effort, but to warn and protect readers by saying that the way this info is packaged screams peak of mount stupid.
