I think Tor is great. But Tor is inherently insecure, and the easier you make it for "normal" users to utilise Tor the more users who will get caught out by Tor's inherent insecure nature.
You're trading security for anonymity. That's should be Tor's unofficial tag-line.
I don't even need to convince you of Tor's relative insecurity, there is a front page article right now all about it:
You mean that by design Tor acts as MITM, and that end-to-end crypto should be used to provide integrity?
The major users of Tor need to consider even their ISPs as an adversarial agent - that they are being actively monitored and MITMed. In this sense, these users are not trading security for anonymity.
For those who trust their telecommunications carriers (in the US even in the face of CALEA) - they are certainly introducing a MITM. It's also important to note that the linked article considers the 'security bug' to be owned by software updaters and software vendors that that do not sign binaries - the vulnerabilities are not specific to Tor, but it does provide one mechanism to exploit them.
This is all a good reminder, as the Tor team themselves regularly say, that secure operational browsing and software practices are crucial to anonymity and security even with Tor installed.
Like any other software Tor has problems. Just look through their changelog. Tor has had plenty of issues. But on the whole it's very good.
Remember the "Tor Stinks" slide from the Snowden leaks? The NSA, with direct taps on the internet backbone, has had lots of trouble deanonymizing Tor users.
I would assume that the NSA no longer has difficulty deanonymizing tor users, mostly from their own sloppiness. For a sufficiently paranoid net user, they will already have other mitigating factors in place. No phone, no cctv, laptop booted from solid state media, all EEPROMs on motherboard in read only mode, etc.
Oh I agree with that. Targetted versus en masse surveillance, though, as the cost of personnel and equipment would have to scale with the number of targets to deanonymize.
Everyone's data gets sucked up as the default, but with Tor - I think they Snowden docs showed they could only get about 1/4 with automation. I do not remember the exact percentage.
The combination of CALEA, Stored Communications Act, and Patriot Act under the Third Party Doctrine mean the system stores and processes our data by default, over a sliding window. (IIRC there were some Snowden programs that had windows of around 5 years?)
With Tor you increase the cost to taxpayers a little and decrease the chances (especially with good cyber hygiene) that you'll give everything. If you use a cell phone you give your exact time and place 24/7. Even local police have access to these cell phone tracking databases. You can't Tor a cell phone.
Tor isn't really a good answer to the system. But if you need privacy, there's a corner in Tor.
I totally agree that more people should tunnel traffic over Tor, it only helps everyone the more people that use Tor. If one person used Tor, it would suck. :)
The problem with Tor is that anonymizes your endpoint but not the traffic itself. What it needs to do is scrub YOU from the stream. No logging into services, or providing bugmenot temporary alternatives. Once you are on a Tor session and you leak a single piece of info, that session is tagged to your user profile. Tor by itself is fairly low security. Great for getting out of shitty places, but it does not anonymize you in any way.
If I wanted to be truly anonymous, I would rather use some device that I don't use for anything else that I purchased with cash and browse from an open wifi or something similar
You're trading security for anonymity. That's should be Tor's unofficial tag-line.
I don't even need to convince you of Tor's relative insecurity, there is a front page article right now all about it:
https://news.ycombinator.com/item?id=8501557