TOR was created by the government. It functions on a handful of entrance and exit nodes with a lot of bouncing around different nodes in between. If you control an exit node, you can see the traffic moving through it. Control enough exit nodes, and you have a good chance of intercepting something interesting.
There have been times in the past where the usual 4-5k nodes jumps by 10k+. If a single entity controls those 10k nodes, then they can now monitor 2/3 of the total traffic on the network, and it's not hard to do. You could do it with just a few high end servers. I could probably spend $3,000 and monitor 2/3 of the traffic for a month or two. It's not a secure network. Do not treat it as such. If you really must use it, use end to end encryption and a vpn as well.
Even the TOR developers openly admit it was never designed to thwart the likes of the NSA. Use of TOR likely has complicate things for the NSA. In some cases may even limit visibility. But overall, TOR is not a significant barrier to the NSA given the level of resources they have to throw at it.
TOR was designed to help the likes of those in the Middle East, NK, even China. But companies like Cisco have specific products which they now sell to these countries to help even them combat and defeat the use of TOR.
Use of TOR likely has complicate things for the NSA. In some cases may even limit visibility. But overall, TOR is not a significant barrier to the NSA given the level of resources they have to throw at it.
The reason I provided the link is for you to stop relying on hunches like this, and actually learn the specifics of what TOR will, and will not do.
No hunches. My info comes directly from the developers. If you need information and it differs from what I'm saying, you probably shouldn't listen to you.
Because the TOR developers don't have eyes inside of the NSA. If they did, they sure as hell wouldn't say. As such, it's educated speculation based on published NSA capabilities and resources. I also have critical security infrastructure software running inside many three letter agencies (in a past job). It's not like I'm talking out my ass.
If you know anyone speaking in absolutes, they either work for the NSA and are in violation of the law and their contract, or they are liars.
view the rest of the comments →
metawizard ago
TOR was created by the government. It functions on a handful of entrance and exit nodes with a lot of bouncing around different nodes in between. If you control an exit node, you can see the traffic moving through it. Control enough exit nodes, and you have a good chance of intercepting something interesting.
There have been times in the past where the usual 4-5k nodes jumps by 10k+. If a single entity controls those 10k nodes, then they can now monitor 2/3 of the total traffic on the network, and it's not hard to do. You could do it with just a few high end servers. I could probably spend $3,000 and monitor 2/3 of the traffic for a month or two. It's not a secure network. Do not treat it as such. If you really must use it, use end to end encryption and a vpn as well.
RoundWheel ago
Even the TOR developers openly admit it was never designed to thwart the likes of the NSA. Use of TOR likely has complicate things for the NSA. In some cases may even limit visibility. But overall, TOR is not a significant barrier to the NSA given the level of resources they have to throw at it.
TOR was designed to help the likes of those in the Middle East, NK, even China. But companies like Cisco have specific products which they now sell to these countries to help even them combat and defeat the use of TOR.
HighLevelInsider ago
The reason I provided the link is for you to stop relying on hunches like this, and actually learn the specifics of what TOR will, and will not do.
RoundWheel ago
No hunches. My info comes directly from the developers. If you need information and it differs from what I'm saying, you probably shouldn't listen to you.
HighLevelInsider ago
Yet you also said:
"Likely "may"
RoundWheel ago
Because the TOR developers don't have eyes inside of the NSA. If they did, they sure as hell wouldn't say. As such, it's educated speculation based on published NSA capabilities and resources. I also have critical security infrastructure software running inside many three letter agencies (in a past job). It's not like I'm talking out my ass.
If you know anyone speaking in absolutes, they either work for the NSA and are in violation of the law and their contract, or they are liars.
Take your pick.
HighLevelInsider ago
There's an NSA internal document that was linked so you can read what they actually do.