> provided there’s a back door or vulnerability that only (1) knows about.
Do you have any examples from existing tools, e.g. Tor, for which that's true? Tor's been around a long time-- surely something would have surfaced at this point, but I haven't really paid attention to it.
(this link is specifically great for this subject as it lists more than 10 different attack / compromise programs that are being run - with quite a few of them being protocol attacks - in the comments section )
Tor is an interesting example. A number of attacks are made possible by monitoring Tor exit node traffic, especially at the scale nation states can bring to the table.
Sure-- but that structural shortcoming has been a thing for a long time-- I wouldn't consider it a secret vulnerability that Tor was facilitating for US intelligence, as was initially implicated. I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
I'm not in the field, but it seems like it would be way more useful for law enforcement working against criminals naive enough to think tor would be a one-stop op-sec solution (e.g. ANOM) than for nation-state-level counterintelligence.
If I remember correctly, Tor has been broken due to 'threat actors' owning enough exit nodes to successfully de-anonymize traffic given enough time and information.
pretty sure this is hearsay from a message board, but I can't for the life of me recall where or when I heard this.
> There is no real evidence that DARPA is morally compromised by the NSA in any way. This is unlike for NIST where there is evidence of such compromise.
Wait. Can you clarify this? I know that NIST's standards were compromised by the NSA or at least there is evidence of it. However, this is not necessarily the same as being morally compromised. The story I've read is that the NIST was taken for a ride by the NSA but weren't in bed with them. Is the narrative I have incorrect?
If you haven't seen it already, there was a post a couple of years ago here that got some traction on this subject, in context of a FOIA-related lawsuit filing by a (I'm to understand) well-regarded cryptologist:
TOR is PURELY designed for spies to use to hide among the network in countries throughout the world. It needs regular people to believe in it, to use it, but its only real purpose is for the spies. Regular users can and are deanonymised in real time and without using zero days. You just have to look at the network to see that you are almost exclusive connected to a series of entry/relay/exit nodes within 14 Eyes countries who share real-time data with each other. The servers are fast because most are using VPS. There was a time when it was more anonymous, when the relays would actually be random people's own computers across the globe, but it was too slow. The whole thing is gamed, and just because criminals are on there thinking they are anonymous is just because they are allowed to continue to keep the charade alive. I know I am going to be bursting bubbles here for 'true believers', but they have all been gamed for years. I'm surprised this info is Top Secret, it should be utter common sense to everyone by now.
(1) The defensive side wants the ability to de-anonymize and decrypt everything on demand so they can catch threats to the US.
(2) The offensive side wants to promote anonymous encrypted communications so they can encourage pro-democratic dissent in authoritarian regimes.