Tor veteran exits, shuts down critical 'Tonga' node and relays
theregister.co.ukSince he considers it not ethical to continue, my guess is that there is some kind of government action attempting to force them to sniff or backdoor the service.
As for why he is announcing he is shutting it down rather than just pulling the plug, pulling the plug may well be considered obstruction of justice, but just refusing to donate materially can't be prevented by the government. It may well be that lawyers have advised him that by announcing his decision to not participate it gives the government reasonable notice to be able to find an alternative or take some action, and counting on there being no practical way for the government to respond without revealing that they are involved.
Edit: It may also be possible that he has become aware of a 'looming' threat to de-anonymize the service but can't speak of it, and he is announcing that he is pulling out since if he is subsequently compelled not to pull out it will act as a canary.
To me, this feels a lot like what transpired with https://lavabit.com/. Of course, that was a service operated by a company, not a open source software and a distributed network, but there might be paralells.
If you haven't read about it, read the post mortem on the Lavabit page.
To me, it's very likely that the government demanded backdoors in TOR code itself, or backdoor access to critical TOR infrastructure (bridge nodes, directory authority, large exit nodes, ...), all under gag orders that forbid any mention of this to the public.
Probably in the interest of 'national security'.
Can't be sure, of course, but I would not feel comfortable with using TOR for anything sensitive anymore.
Tbh, it sounds likely given he runs a number of exit nodes + a hard coded, trusted authority.
So yeah, I wouldn't be surprised if a bunch of suits leaned on him to "cooperate".
That said, iirc, as long as you own your entry node and its a public node...Tor remains secure since the only successful attacks have all required someone to be in control of the entry node you use to connect to the Tor network (at least, the attacks intended to expose end users).
> Can't be sure, of course, but I would not feel comfortable with using TOR for anything sensitive anymore.
Out of curiosity, what alternative(s) would you use?
Not the parent poster and no expert, but I'd probably buy a cheap random notebook from the store with cash and use it in free WiFis. Make sure to spoof your MAC address.
I mainly used Tor if I was on a dubious WiFi and was afraid someone was snooping on me - note that due to insecure exit notes you have the same problem there, too - or when something was blocked. But at least your employer doesn't see you use Facebook ;-)
Nowadays I use a server I rented in a different country as a SOCKS proxy which works well.
If you want to be anonymous towards the sure your accessing, I don't know of a good alternative. But many sites block Tor anyway now because people use it for spam or harassment.
Just a crazy idea, but if my safety needs were really high, I'd try to 1) buy botnet nodes and use them as a proxy or 2) build a ultra-low-energy Wi-Fi capable system (saw something commercial on HN the other day, forgot the name), set it up as a proxy, and throw it with a battery near a free Wi-Fi (coffee shop etc.).
Here is what the REALLY paranoid can do:
-) Rent a small virtual server overseas, payable by bitcoin
-) Make sure to only pay with bitcoins acquired anonymously (buy directly with cash, there are machines in bigger cities too. then run them through a bitcoin laundry to make sure)
-) Route all your traffic through the virtual server (over a VPN).
-) Keep using tor, but only proxied through the VPN
-) Only access your server from public wifi hot spots, with a laptop acquired with cash, and running TAILS or a similar privacy focused Linux distribution without persistance.
-) Keep all your confidential data on an encrypted usb stick that can be easily disposed.
Voi la. Easy, right? :D
I2P? Freenet?
Maybe some fingers of the government are demanding a backdoor, but other fingers of the government want tor to be as secure as possible. Tor is useful for the operations of national intelligence agents, too, and can only maintain that use when they know it doesn't have a backdoor which say the Chinese could then discover and exploit.
puts on tinfoil hat
Is it possible that maybe the US military have gone on to alternative methods of hiding their identity. If the NSA can mandate backdoor access to every data centre in the country then couldn't they work with the military to use those backdoors to hide their own identities. To an observer it looks like someone is accessing Google but in actuality it's a CIA field agent sending top secret information to the Pentagon using a backdoor in a Google data centre.
If that were the case, why give a months notice? If the person felt the security of his relays were compromised, I would expect them to take them down immediately and give notice afterwards.
Well, an agency might have just demanded the backdoor, threatening legal action, but not actually bringing any. So rather than cave or fight a legal battle, he decided to shut it down in an orderly fashion, yet uncompromised.
Of course it's also possible that it's all due to some infighting within the project or other issues we don't know about.
But the only reason for me for being so vague, in a critical project like this, is the potential of vulnerability.
He must have known that not mentioning any details would raise concerns like mine.
Appelbaum and the board are out. So now I'm curious. What about recent events have transpired in a way that he has to cut ties?
Does the organization still housecleaning to do? The Tor leadership jumped on the grenade, presumably clearing the area for everyone else. Is there an entirely different angle that I'm missing? Because that vague of a post only implies one.
Any risk that a coup or plant was brought in by the housecleaning? (honestly asked, I have no clue whatsover)
In a project focused on privacy, vague unclear statements of this sort convey a certain implication. There is, of course, no way to be sure what is intended, and that is rather the point.
If it were anything security-critical it wouldn't be happening over a month in the future.
what events? It would be great if he spoke openly, so people not following tor very intensively would know what is so concerning. Yes, I am living under a rock.
There's no event clearly referenced here.
The Appelbaum crisis is the most recent public drama, but that's mostly a settled matter and a fall has already been taken for it. It would be fairly strange to do this now over that incident.
Given which, it looks like someone involved with a privacy project is refusing to disclose their motives for shutdown, but also shutting down slowly and openly, the way you wouldn't if someone was knocking on your door. This is an ambiguous outcome to almost everyone.
>It would be fairly strange to do this now over that incident.
It wouldn't be strange if you thought the accusations were bullshit.
That's an interesting point - it hadn't actually occurred to me that this could be a reaction to the reaction. That would fit the timing (and maybe the ambiguity) much better than reacting to the original topic.
I am too. Very curious what he means here. His message is vague as hell.
How is a scheduled shutdown (2016-08-31) a "torpedoing"?
The Register, in the tradition of British rags, uses somewhat hyperbolic/clickbaity headlines. You'll note that torpedoing isn't used in the copy, just the heading.
I agree, though; for someone who (a) is a volunteer and (b) is doing it because he dislikes the direction of the organization, this is a remarkably civil disentangling.
Yeah, people need to keep in mind that the sites slogan is "biting the hand that feeds IT". After all, it is the current home of the BOFH series.
It is Alliterative
Perhaps they could've even gone furtherTor Torpedoes TongaTop Torian Torpedoes Tonga Tech"Voilà! In view, a humble vaudevillian veteran, cast vicariously as both victim and villain by the vicissitudes of Fate."
I'm afraid I read this in the voice of Pontius Pilate from the Life of Brian...
In Timultaneous Texit?
It's the Register, they're a tabloid. Though giving one month's notice of shutting down a major and as far as I can tell unique part of the Tor infrastructure is pretty major.
Maybe he's being sued by the NSA for data and his only "ethical" choice is to just shut it down and walk away, since he'll have been gagged by them in the same suit.
So what TOR alternatives are there? I came across this on here I think a few weeks back http://dspace.mit.edu/handle/1721.1/99859 but I'm not sure it is up and running or even if it is.
I2P and Freenet are the big ones.
All the rampant speculation in this discussion serves no good purpose and is more harmful than helpful.
What about meaningless comments such as yours with neither information nor speculation? Do they serve a purpose?
I personally like reading comments even if they are speculative, as I am interested but not an expert.