news
Welcome to c/news! Please read the Hexbear Code of Conduct and remember... we're all comrades here.
Rules:
-- PLEASE KEEP POST TITLES INFORMATIVE --
-- Overly editorialized titles, particularly if they link to opinion pieces, may get your post removed. --
-- All posts must include a link to their source. Screenshots are fine IF you include the link in the post body. --
-- If you are citing a twitter post as news please include not just the twitter.com in your links but also nitter.net (or another Nitter instance). There is also a Firefox extension that can redirect Twitter links to a Nitter instance: https://addons.mozilla.org/en-US/firefox/addon/libredirect/ or archive them as you would any other reactionary source using e.g. https://archive.today . Twitter screenshots still need to be sourced or they will be removed --
-- Mass tagging comm moderators across multiple posts like a broken markov chain bot will result in a comm ban--
-- Repeated consecutive posting of reactionary sources, fake news, misleading / outdated news, false alarms over ghoul deaths, and/or shitposts will result in a comm ban.--
-- Neglecting to use content warnings or NSFW when dealing with disturbing content will be removed until in compliance. Users who are consecutively reported due to failing to use content warnings or NSFW tags when commenting on or posting disturbing content will result in the user being banned. --
-- Using April 1st as an excuse to post fake headlines, like the resurrection of Kissinger while he is still fortunately dead, will result in the poster being thrown in the gamer gulag and be sentenced to play and beat trashy mobile games like 'Raid: Shadow Legends' in order to be rehabilitated back into general society. --
view the rest of the comments
The book states that Signal and Tor were developed by feds, meaning they're completely compromised. It's in the latter chapters.
The fact that tor was developed by feds (CIA agents actually use it in the field, too, IIRC) does not mean it's compromised. Its source code might be among the most audited ones around, including by well-known cryptographers. When the NSA put a backdoor in Dual_EC_DRBG, it was identified quickly and outside of shitty security appliances from RSA in corporate environments, very few projects actually ended up using it. I suspect such a thing would happen with tor.
SELinux is similar: developed by the NSA, but also audited to shit by countless security researcher eager to put their names on the map.
Also, the fact that all tor services that were taken down by LE thus far we know of were taken down through human error on the operator's side or active exploitation of software flaws in the service itself, combined with the Snowden leaks describing tor as a constant pain in their backside, also point towards the same conclusion.
While I don't think Tor is innately insecure or cryptographically compromised, it has been known for many years that a lot of its network nodes are operated by feds. Just due to the way Tor works, if you happen to control every node being used in a session, then you have full control and can de-anonymize users. Anyone can volunteer to act as a bridge/relay/exit node, and the feds obviously have the resources to pull off targeted attacks this way if they wanted to.
Any specific evidence of compromise? Governments have been known to fund and even directly develop tools later used against them.
I don't have the book checked out anymore, but once you get to the part about Ross ulbrecht, it's right around there. At bare minimum, you can force someone's identity. 0day exploits have also been given to the intelligence services first.