Saturday, August 24, 2013

Did the U.S. government hack Tor?

On Twitter, Julian Sanchez suggests, "What if people decided on principle to deprive NSA of as much data as possible, even at the cost of convenience? Always use Tor, even though it's slower. Encrypt even trivial emails. Stop using PSTN. Always use OTR. Stop using PRISM search engines. It would be a mild pain in the ass. And after a week or two you probably wouldn't notice the difference."

This is likely good advice, although I wonder if a really determined NSA probe would be able to get all of your information. I noticed, for example, a ProPublica story about an attack on Tor.

In this cautiously-worded report, ProPublica raises the issue of whether the U.S. government was responsible for a malware attack on Windows machines running the Tor Browser Bundle, a popular way to use Tor. The author says that the evidence is interesting, but not conclusive.

ProPublica has a lot of good NSA coverage and it has a good apps to read its stories on your table, mobile phone, etc.


dirtydiscordia said...

A recent attack which led to the arrest of the founder of Freedom Hosting in Ireland is centered around the Tor Browser Bundle and the recent peculiar decision by the developers to enable Javascript by default. Malicious JS code was then used to expose user browsing behaviour.

Thankfully, Tor w/o javascript enabled doesn't have such a vulnerability.

I suppose the question is why Tor changed the behaviour in the first place.

gacord said...

And all of tis creates a huge pain in the ass for those of us that love to write javascript.

Mr.KhoaKaKa said...

This is a nice site. i'm a DJ Viet Nam.