Interview 989 – Pearse Redmond Peels the TOR Onion

by | Jan 13, 2015 | Interviews | 17 comments

The TOR Project promises its users a modicum of privacy protection from would-be information gatherers, both smalltime crooks and nation-state cybersecurity agencies. But do these promises hold up to scrutiny? And who is behind the TOR Project itself? And why did a TOR developer recently doxx a critic on Twitter? Joining us today to dissect this onion stew is Pearse Redmond of Porkins Policy Review.

SHOW NOTES:
Tor Project Overview

Tor, CSpace And ZRTP Are Your Passport To Anonymity

Porkins Policy Radio episode 26 Peeling the onion behind Tor, EFF, and John Perry Barlow

Almost everyone involved in developing Tor was (or is) funded by the US government

EFF Becomes Omidyar Network Partner

Snowden’s First Move Against the NSA Was a Party in Hawaii

High-Traffic Colluding Tor Routers in Washington, D.C., and the Ugly Truth About Online Anonymity

Embassy leaks highlight pitfalls of Tor

How the NSA got to anonymized Tor users

‘Spoiled Onions’ in the Tor Network, Researchers Find

Has Tor been bugged by the NSA?

TOR: “Solidarity against online harassment”

Taxpayer-Funded Privacy Advocates, Liberal Pundits, and Nazi-Rapist-Snitch Allies Make Case for Doxxing Critics. You Are Literally Next.

Shit I Never Tweeted: A Heretic’s Lament

17 Comments

  1. While there are numerous questions about TOR there is a clear suggestion that the designers knew the obvious weakness, considering the number of people involved, and left this weakness as a hole only they could exploit. This is detailed in my article “Are TOR holes intentional?” (http://distinctivist.com/Article-2015-01-13).

    • ah someone who actually knows tech, may i ask what you think of RINA? i think its a red herring frightening people away from tor because of whomever funds it, the tech is the tech and thats it. the yasha levine article is silly, and you should stay off the internet completely if you dont like government funding because it was created by DARPA. the main point here – does the tech work or does it not work and it does seem to work according to a lot of eyes on the source code. basically if your threat level is ‘government’ then you are pretty much eff’d before you do anything. if a government fascist agency wants to look at what you are doing, they can bug you with a sticker on your computer, they can compromise your machine end point and then your encryption is useless, there are so many ways they can do you down to scanning the tiny electrical signals put out by your screen and many many other things.

      but if tor was really compromised and (OF COURSE the nsa run exit nodes), then you wouldnt have any illicit activity going on there, which of course you do. the point is what can the NSA tell with their exit nodes, and it seems to be not a lot if youre doing it right. MITM attacks and http access (ie not https) are a risk to privacy whatever you use on the internet and TOR is no exception, and it says so on their site and TAILS site as well. however the recent pulled defcon talk on de-cloaking TOR users was worrying and there may be problems with it, but i think we have to focus on the tech here rather than what i see as irrelevant side issues.

      you can be anonymous on the internet, but you really have to know what you are doing. its quite hard. a second hand laptop (gotta check your firmware isnt compromised! http://www.wired.co.uk/news/archive/2014-01/20/open-source-laptop) running a decent distro of linux bought with cash and no cameras about, only connecting via public or open wifis (with no cameras about again) via say a service like TOR’ing into eg vultr VPN then through TOR again, would be very difficult to trace and even if your threat did trace the IP back to the open wifi network, they would have nothing on you because you leave and then connect with another one. i would also recommend a plastic nose and glasses if you are going this route.

      • While the debate of the technical underpinnings of the Internet will continue, we must decide if we are going to wait for others to make decisions and perhaps “make our vote count”, or develop alternatives that coexist.

        My effort with Matryoshka assumes that I cannot change the Internet as a whole, but starts at a low level, UDP, and builds a parallel model that includes security, anonymity, and a payment model that eliminates the network neutrality issue. The users of Matryoshka can voluntarily interact with each other and do no harm to the prevailing system.

        The objective behind Matryoshka is so you can be anonymous on the Internet without having to know what you are doing.
        We also have to get over the mantra that open source is the cure. Multiple eyes sounds good, but it is a simple phrase to hide a complex subject and masks numerous issues. A quick example is the heartbleed issue was with open source software. Open data, how we are doing things, is far more important in my opinion.

        It is true that if the government wants to spy on you specifically, they will. However, we don’t need to willingly submit to blanket spying. Matryoshka, TOR, and other techniques should be used to reduce our footprint.

      • yes absolutely, the heartbleed thing was really an embarrassment for the ‘open source community’, sorry richard stallman, i know he wouldnt like that phrase 🙂 the problem with people who dont know what they are doing is end point security i suppose. if indeed there are backdoors built into windows via secret deals with microsoft then again you have a problem. ive even heard that the NSA intercept amazon electronic items and add malware into them before sending them on to targets. linux / bsd is really the only way to go in that regard. even that they tried to mess up by reducing the amount of random 😉 if you are going to provide something for l-users as my friend calls them, then i guess the only foolproof way is to provide an OS or or maybe talk to the tails devs.

        thankyou for your efforts, i couldnt download your program to test it, the website didnt work for me. i think its pretty much impossible to provide a service to lusers that guarantees anonymity on windows tho, it has as many pitfalls or more as relying on really good coders and crypto peeps analysing source code. there *is a slight question mark hanging over TOR tho, theres always the worry someone has cracked something nobody else has figured out and is keeping it to themselves, which is the main worry with that defcon talk, altho i havent checked into it since i heard.

        the thing with RINA is (and there is now basic source out) you dont have to wait for people to take it up, you can use it now if you know what you are doing ( that means writing code at this point ) RINA *can co-exist with TCP/IP now, i spose its whether you agree with its design principles or not and they seem sound to me, the current system is not sustainable and is very wasteful as john day pointed out. with RINA mass surveillance is futile and meaningless. one of the reasons i like it 🙂 its the evolution of design scaled to the current problem not patched up to high heaven as it is now. id like to see a debate where someone refutes days ideas, in my opinion there isnt much of a debate, this guy has just had a eureka moment and simplified the whole idea beautifully. its now just a question of when ISPs take it up, and then after everyone else. IMO it is time to re-internet the earth.

      • Kris,

        There are so many technical issues here, but let’s look at it from what most readers would be interested in. Matryoshka is anarchistic, specifically an Anarcho-Christian perspective. I would be more than willing to go into that in another venue.

        Matryoshka plays well with others; it has its own IANA assigned port (4105). At the same time it does not require others or the permission of others including me. Security and anonymity were built in first. It works on top of Windows and soon other OSs and on bare hardware. The software is free. It allows for a free and paid services to coexist. It eliminates the net neutrality issues with technology and not legislation. It is designed to be simple so a seasoned person can understand all of it, and a novice can garner enough to be more than adept.

        The website has its issues as I’ve been stagnate on it for about a year due to funding issues. I’m more than willing to discuss things in detail. Please use the contact information on the ShofarNexus.com site.

      • you lost me at christian. religions are partly what is holding the human race back and i will not support that, furthermore anarchy and christianity do not go together in my opinion, which is why you see, historically a lot of churches burning in anarchist uprisings and in my opinion rightly so. religion is built on lies and oppression. anarchy is freedom. **furthermore the bible (new testament) is emperor constantines plaything and jesus was doctored by the romans to look as though he fulfilled the old testament idea of the messiah, but in actual fact, no miracles were performed, he didnt come back from the dead, and once you start to understand what revelations actually means (eg the seven headed beast being rome, jews living under the brutal occupation etc) you see that jesus, if he ever existed, was much more a political figure at the time than this messiah idea.the missing gospels of the time certainly explain a lot i think.

        one other point my friend brought up when discussing this on the heartbleed bug tho, its awful it happened but you cant write off or cheapen the idea open source as its a weakness vector that is well understood. heartbleed got fixed in the end and there will be more.

      • Kris,

        Your response is like saying because you are black, or Muslim, or Chinese you can’t do math and therefore you are wrong. This makes no sense. You are also looking at what others say about or do in the name of Christianity, rather than going to the source. The Bible is an anarchist document. I will contend point by point from the Scripture with anyone that this is true. The institutional church is a contradiction to the Scripture and should not be the reference. This is like turning to scientists for the truth rather than science. There is a difference. Both the institutional church and scientists are motivated by the things of this world and will compromise for it.

        In software, open source has also become more of a political idea or an idol rather than a rational principle. A dominant open source project is Android. Is this really what we should seek after or bow to? Android is a spy tool, but not because of security flaws, but the concept itself. Look at the history of software viruses. Early on it was fun and interesting. Now issues are found and kept quiet to be exploited for as long as possible. Was this true of Heartbleed? How much does open source actually fuel this?

        Matryoshka is solid concepts and technology, just as Christianity is solid history and theology. I will stand on both and contend on their merits and not on unsubstantiated feel-good statements.

      • the bible is a fairy story and this conversation is over. i dont do religious people sorry. good luck with your fairies and elves n stuff tho.

      • Kris,

        Atheism is a religion and it adherents are typically as blind as any other religious follower. This can be seen when they argue that they are right and others are wrong, but will not rationally contend.

        The consistency of a text written over 1500 years gives evidence to its divine origin. This is just one of many solid pieces of evidence. Constantine had nothing to do with that.

        I give reasoned evidence that TOR has a built in hole. That fact that I am Christian does not change the weight of that evidence.

        The fact that Matryoshka plugs that hole and is consistent with a voluntarist mindset is not inconsistent with me seeing the weight of the evidence to the veracity of Scripture.

  2. candideschmyles,

    The New Testament canon was formed by the Apostles in the first century and not the Roman Catholic Church or Constantine, who was 4th century. Stating “irrefutable scholarly fact” that contradicts history documented in Biblical and extra Biblical accounts draws question to your scholars and the veracity of your claim.

    Have people and organizations used twisted Christianity for dominance over others? Absolutely! Atheism has a similar history. However, this is an issue with those people and not the Scripture. In the same way, be a scientist who argues scientific fact that draws global warming or evolution into question and see how well you do in life. This is true with anyone in most any institutional church, as opposed to the Scripturally defined church, who dares question any doctrine that the institutional church takes.

    If you want to argue a case, don’t get your club members behind you, but use the facts. I would agree with your sentiment that I would express as following a dogma that leads in ways contrary to reason. However, as an atheist has pointed out, evolution is a fairy tale for adults. These fairy tales make us feel good as long as we don’t examine them. It is a dogma that we cling to with religious fervor. Atheism, as you so dogmatically cling to, is a religion, as many US Courts agree, irrespective of your denials.

    But this is all a distraction from the point of this web page. I must repeat myself:

    I give reasoned evidence that TOR has a built in hole. That fact that I am Christian does not change the weight of that evidence.

    The fact that Matryoshka plugs that hole and is consistent with a voluntarist mindset is not inconsistent with me seeing the weight of the evidence to the veracity of Scripture.

  3. Unnamed “dozens of historians” verses documented evidence from history that can be easily found at places like http://www.csntm.org or even https://en.wikipedia.org/wiki/List_of_New_Testament_papyri. Combine with that the thousands of non-Scripture documents of the period that either quote the Scripture or talk about people and events of the time and you compare that with Russell Brand lookalikes? Which one of us is on shaky ground?

    Even if I believe the moon is made of cheese, and offer rational evidence of a designed in flaw with TOR, why would my understanding the moon make the arguments about TOR invalid?

    I offer evidence to the veracity of Scripture, not unnamed authorities. I offered reasoned arguments for issues with TOR and that is invalidated because I am a Christian? Really?

    I do hope the moon is a good Munster or Brie.

  4. Candideschmyles,

    To paraphrase you “I have lived and worked in five countries and visited 32 and have observed the scientist and their individual faith is with anthropogenic global warming. The validity of source with respect to so called science is utterly irrelevant.” Really?

    You will not find an argument with me, or the Scripture, that the majority that claim Christ are not claimed by Christ (Mat7:21-23, Luk13:22-30). This appears epidemic in the US church. But you are looking at the adherents rather to what they adhere. Personally I will stand with Scripture before I bow to the institutional church. I will stand with scientific fact before the consensus of scientists.

    You remind me of the paradox in Proverbs 26:4-5.

    But we are off track. A rational person will argue from evidence not opinion; from science, not scientist; from Christ, not those who claim Christ. In the same way I offer evidence of issues with the TOR project. Challenge my suggestion that this was designed in with facts, not an ad hominem attack.

    • Candideschmyles,

      As you requested: I made my case that TOR may have a built in flaw. The response is I can’t be trusted because I am a Christian, but no arguments about TOR.

      I stated that I come from an Anarcho-Christian perspective, and was simply told that “anarchy and Christianity do not go together”. I would start with 1 Samuel 8 as a foundation that that is not true.

      Straw man arguments have been given, but substantive arguments have not been refuted.

      My Distinctivist site has the theme “Come now, let us reason together, says the Lord” Isaiah 1:18. I’ve attempted to follow that, but the best that is offered is ad hominem attacks.

      My objective for writing my article was to equip cobelligerents. This is consistent with an anarchist perspective. It doesn’t matter if you are Atheist, Moslem, Hindu, or whatever, we have a common enemy. Privacy is a common concern that we share while we disagree on other areas. The Intelligence community is the enemy, not that fact that I can offer substantive arguments for Christianity.

  5. It is very easy with certain VPN services to blend in VPN+Tor so that what comes out of the tor exit nodes is certainly not an issue. I won’t due publicity for a service I use sometimes but if you look it up, there’s good explanations of how using torified vpn (not the same thing as connecting to a vpn and then starting up Tor) is a very secure way if you really want. They say it themselves on the Tor website that if you want Tor to work well, you need to do certain things. Paying for a VPN service that offers this option with bitcoin or a prepaid creditcard bought with cash and there you go.

    Wouldn’t have recommended it before when tor nodes really slowed you down, but it is worth it now although if you want to go to .onion sites, well you can, you gotta keep tor browser open even if not using it because it creates the tor connection, but if you do so it will sever the double encryption scheme that happens when using your regular browser meaning you need to disconnect and reconnect. Not a major hurdle, and it will get you past sites that ban tor addresses (there’s many). Let’s say my favourite use for it is that since it hides the tor connection and gives you the regular vpn’s IP, IRC servers will let you in, and I’m online since ’97…I love IRC and always will :), unfortunately not all IRC servers will hide your IP so there you go, that’s always one issue on the major IRC networks that do not offer any way to hide your ip.

  6. New Leaked TPP Chapter Shows Countries Converging on Anti-User Copyright Takedown Rules
    https://www.eff.org/deeplinks/2015/07/new-leaked-tpp-chapter-reveals-countries-converging-anti-user-copyright

    EFF gets “briefed” on latest May 2015 TPP draft chapter on “Intellectual Property” which is not available anywhere…Who is their briefer???

    A draft of the Trans-Pacific Partnership’s “Intellectual Property” chapter from May 11, 2015 has recently been leaked to journalists. This is the fourth leak of the chapter following earlier drafts of October 2014, August 2013, and February 2011. The latest leak is not available online and we don’t have a copy of it—but we have been briefed on its contents.

Submit a Comment


SUPPORT

Become a Corbett Report member

RECENT POSTS


RECENT COMMENTS


ARCHIVES