>. Tor does not prevent Google from scanning your emails or recording your search history. Tor does not prevent Google from tracking your location via your Android phone, creating and saving a detailed day by day map of where you go and what you do. Tor works to an extent. If you an individual trying to hide from the NSA or the FBI or the FSB, Tor might give you some measure of protection — if you are very technically savvy — but it is a limited sort of protection. It does not protect users against corporate surveillance. But it does provide a false sense of privacy. That is why Silicon Valley companies like Google and Facebook support Tor: it sells a version of privacy — privacy from the government — that does threaten their own surveillance business models.
Most people that use TOR use either TBB (the TOR Browser Bundle) or Tails, or somethign similar. TOR is a core feature in the package but much more is needed to have some semblance of security.
Levine's argument is equivalent to saying SSL doesn't provide security, or door locks don't provide security, because they don't secure against every type of attack.
Not defending the article, but this particular argument makes a point that needs to be heard. There are people who think they are safe from surveillance and detection because they use Tor, not realizing where the actual failure points for their internet security really reside.
This is simply garbage. I used to enjoy some of his writing, back in the Exile days, but the moment he & Mark Ames went to work with Paul Carr / NSFWCorp / Pando everything went to shit.
They started pushing so much fiction and outright lies masquerading as journalism that I have permanently linked them & all associates to /dev/null.
Also, let us not forget that when the Snowden saga was breaking out, Paul Carr, Levine and the rest went into a frenzy where they attacked Assange and Snowden non-stop, trying to downplay the incident and also saying that it wasn't even something newsworthy. The biggest news story in _decades_ was staring them in the face, and these geniuses didn't have the intuition to see it.
I wish I'd kept the recordings of their online radio broadcasts, Paul Carr especially would run to find a rock to hide under.
I am not sure why Ames/Levine immediately dismiss anything linked to The Intercept or Skahill or Greenwald. Actually I do know why, Ames has decided anything touched by The Intercept's backer, the founder of Ebay, is tainted since Omidyar funded a group that had the same interests as Soros in Ukraine, also he tried to destroy Craigslist, plus he funds microloans. There's some evidence to support microloans cause a lot more harm than good in 3rd world countries.
It's difficult to keep all of the threads straight! Ames has a good memory and keeps grudges for a long time. Maybe forever.
Ames and Levine are mad that Omidyar pays Greenwald and Scahill handsomely.
The rivalry and petty tweeting between them (it's mostly Ames vs... everyone) is sad, I enjoy the journalistic output of Scahill AND Ames and I think they should be friends!
The main argument against The Intercept is a technical journalistic point.
It's very good practise at a news organisation for investors to have zero editorial control. This is especially necessary for investigative journalism, since the main aim is to dig dirt.
The Intercept doesn't have this - Pierre Omidyar has influence over what gets published. That makes it difficult (probably impossible) to publish stories that reflect Omidyar or his business interests in a negative light.
For contrast, note how Pando has publically attacked its own investor Peter Thiel over his secret funding of the Hulh Hogan/Gawker lawsuit.
I don't know how the NSFW/Pando stuff started. I don't know how it stopped. I wasn't paying attention. 'Paul Carr' is just someone I see mentioned in Twitter sometimes to me. What happened there?
>I don’t know why either. When I found out that the Chaos Computer Club in Hamburg is kind of the center of this global hacker-encryption culture, I was surprised.
>There is a strong undercurrent of right-wing movements in Germany, right?
This is a bullshit insinuation. The Chaos Computer Club was founded by leftists in Berlin and they have consistently criticized projects of the CDU, Germany's largest right wing party. They tend to be much more left wing libertarian than right wing libertarian and they are very far from being conservative in any way.
second that, there is and always has been a strong attitude against all forms of discrimination and right-wing movements in the ccc - see the unvereinbarkeitserklaerung [1] from 2005 for example. you can argue, that the reaction of the ccc in some cases of community-members acting against this spirit came too late, but not by making disguided accusations when you have no idea what you're talking about (like levine did in that interview)
This is a bit like saying you can't trust AES because it was declassified by the NSA and offered to the public.
It works well enough within its limits. There is nothing that will protect you from active surveillance from a global actor and given enough time passive surveillance will de-anonymize you as well.
As for the part with government level actors using Tor, it's not surprising or new, why wouldn't they use it ? Just another tool.
And if you are using Tor to sign in to Google, then your threat vector is local and you are trying to increase security (privacy) in communicating with your trusted party (Google), not anonimity. Or that would be the logical assumption in using Tor this way.
I'd keep going, but the point is he seems to misunderstand what Tor can and can't do and even how to use it for any given scenario. As though the default usage in any scenario should offer complete anonimity against all possible forms of surveillance.
It kind of reminds me of "we need backdoors in crypto that only we can access" level of understanding.
A pedantic point: AES was never "declassified by the NSA". AES is a standardized version of the Rijndael algorith which was developed by Belgian cryptographers and standardized by US standards bodies after a public submission period.
The DES, which preceded AES as the US standard encryption algorithm, was based on an IBM-developed algorithm (Lucifer) that was modified by the NSA. The modification to the DES S-boxes by the NSA was regarded by many as a weakening or backdooring of the algorithm, but subsequently it was revealed that the NSA was aware of a type of attack that the modification rendered the resulting DES algorithm immune to (differential cryptanalysis).
True, should've said 'because the NSA was involved in the design of the standard'. They never classified it (the design), but I think they did in DES.
And it makes sense, especially at the time, to harden against differential cryptanalysis because it's the more efficient method, scales better and requires way less computing power than trying to bruteforce the key. But pushing for the shorter key suggests they were trying to leave themselves a reasonable chance of succes if they had to go last resort and try to bruteforce the key, as they were one of the few actors at the time that had access to enough computing power.
This is among the most uninformed commentary regarding Tor that I have ever read. The author seems to understand nothing about the history of Tor, the usage of Tor, the technical design of Tor, Tor security research, encryption strategy, or the reception of Tor within the U.S. Government.
I can't even take umbrage with anything that's written here, because the author's basic factual axioms are simply wrong.
EDIT in Reply:
I started fact checking, and I couldn't past the first two paragraphs. It is a work of fiction that, if it occasionally flirts with the truth, does so almost certainly by chance.
Below is my rather unorganized beginning of a fact check:
------------------
I would like to fact check the entirety, but I'm running short on time, so I'll skip his tin-foil hat pre-ramble:
>Tor became a prominent feature of political discourse around the world in 2013 when Edward Snowden popped up on the scene...
False. Tor rose to prominence far prior to leaks, particularly with the Arab Spring and the Silk Road. The first appearance on the front page of the NYT was in 2009 [0] A year prior to the leaks, Foreign Policy named Dingledine et al. to its Top 100 Global Thinkers list.[1] Snowden's sticker didn't start start that fire, although it might have added some fuel.
>I knew about some of the pit-falls and problems of Tor: I knew that if you signed into Google using Tor, it didn't really matter because Google still had all the information about your personal account. The same with Facebook. So Tor didn’t really solve the corporate side of surveillance.
>I knew about some of the pit-falls and problems of Tor: I knew that if you signed into Google using Tor, it didn't really matter because Google still had all the information about your personal account. The same with Facebook.
So Tor didn’t really solve the corporate side of surveillance.
So now, I have to ask. Has this guy just found a way to make a living getting stoned and spouting faux-anarchist nonsense?
Not signing into websites with your real name while on an anonymous service is the 1+1=2 of anonymity. So to remain anonymous, just... don't announce your name. That isn't a "pitfall." That's just common sense.
Around the point at which he was inventing grand conspiracies, particularly through close and perfect action of a monolithic government, I couldn't take it seriously any longer.
He says in the interview that a global adversary like the NSA just needs to cross index a unique characteristic about yourself to de-anonymize your identity, even if you're using TOR.
The fact that onion routing cannot resist the global passive adversary is well documented and also publicly acknowledged by the Tor project itself.
This article is garbage. It makes a ton of patently false claims and as well as completely unsupported claims, which are buried in irrelevant political opinion, and on top of that the opinion of the interviewee on Tor is of no consequence.
If you use Tor the same way you have used a regular browser there could be an 'image' of your online habits to compare with (not applicable within the darknet).
But if the user doesn't use it in the same way, the likely attack in most cases is traffic correlation. This works by having large visibility over entry nodes and visibilty over the final destination (ex: a website). Given enough activity and time you can by process of elimination deanonimize the user's ip.
According to Levine, everyone connected with the Tor project is no-good, either a scoundrel or a fool.
He also thinks that using Tor to protect your privacy is useless because the NSA has global reach. Apparently he is unfamiliar wit the concept of threat profile. If the CIA is after you, you are in trouble in many different ways. But for many thousands of other people, like whistle blowers, dissents in many countries, and any ordinary citizen who just doesn't want to be tracked by all the corporations online, Tor is great.
This article is like when you go for a beer with your contrarian mate and they cook up a bunch of insinuations based on half truths. Too much bullshit to be credible.
I'll paste a single quote for you to help anyone thinking of reading this drivel to make up their mind before reading. I personally enjoyed to see how some people will allow themselves to force a narrative if it only serves to help their political agenda. Here is a quote that explains why the author dislikes Tor:
> What is Tor really useful for? For media piracy, for child pornography, for drugs, intelligence, and deflecting from corporate surveillance.
And here is a quote telling you why he thinks this:
> At its core, the crypto culture is very right-wing. In America at least its tied to nationalism, to white power movements, to libertarianism: it is born out of a very conservative, right-wing view of the world, that sees the government and any of its attempts to meddle in the lives of the people as an evil force. And Silicon Valley is a pretty right-wing place. They have more liberal values towards gay marriage and things like that, but actually it is a very male-oriented, very white place; and very opposed to any kind of social programs that are run by the state, or any state attempts to regulate private property or enterprise. And these things overlap. The culture is very regressive, and maybe some of that exists in Germany, I don't know.
And the following (in reference to how corporate spying is worse then government spying):
> It’s a really useful PR tool that helps deflect peoples’ worries about privacy on the internet from the true problem, which is Silicon Valley, and redirects the conversation from corporate surveillance to government surveillance. Government surveillance is a problem, and it’s important that people talk about it, but it needs to be a broader conversation. You have to start at the corporate level and work up I think.
I think there are a few HUGE problems with this logic and I really hope the author/interviewee can answer these questions for me:
1. Why is being right-wing inherently seen as bad or immoral?
On all of the political charts I'm usually far libertarian and far right. Does this mean I am immoral? Does this mean my opinions are less valid? This is a common tend today to call something a "right-wing" philosophy but I would never do that, in an attempt to shame the believers, for a left-wing philosophy.
For instance, one such left wing philosophy would be welfare. I can definitely see how welfare helps people, I definitely support some form of welfare in a society, and I'd keep supporting it given a different political climate in America. The idea that every human should have at least some basic standard of living (food, water, shelter, a bed) resonates strongly with me. What I don't necessarily support is the government, or any single corporation for that matter, handling it. Does that mean I'm evil? I don't think so but many people seem to feel this way now and it deeply troubles me. Some people think that disagreeing with a single portion of an idea really means you want to tear down the totality of structures built around the idea. That's definitely not the case.
I'd much rather instead of me giving money to the government, the government giving money to a charity organization, and then that charity organization giving it to the people I'd want a much more direct way of doing this transaction, preferably a way that is verifiable and with little overhead.
2. Have you read anything from the crypto-anarchist movement?
I'm definitely not part of these people but I do think that their ideas still have some merit. I'd also like to say that these people are anything but "based in white power and nationalism". Anything but. If you've read any of the popular pieces [0] you will see they are extremely against any power structures. That is entirely the basis of their ideology. They want the benefits of a governed society without the ability for a government to medal. I'll let this person explain since I'm not qualified to answer this [1].
3. What qualities do you think an anonymization network should have? Are the spy community and pedophiles using your software not a good benchmark of the success of your anonymization network?
They are both groups with very strict needs: they cannot be discovered, they must be able to transfer lots of data often, and they also must be able to do it from behind strict firewalls in some cases. These are both the exact use cases of someone from (Insert Dictatorship) who is afraid of someone hacking off one of their limbs because they said something long the lines of "I don't agree with (insert policy)".
If pedophiles and spies aren't using your free-speech platform to communicate then it's not safe enough for them, and it's definitely not safe enough for someone behind "enemy" lines in a dictatorship with not access to news/unfiltered opinions.
> I'd much rather instead of me giving money to the government, the government giving money to a charity organization, and then that charity organization giving it to the people I'd want a much more direct way of doing this transaction, preferably a way that is verifiable and with little overhead.
I live in an area of the country known in the media for its giving of money to the needy. A lot of the money goes through charities and non profits. I don't see how the added layer benefits the homeless at all.
I thought this part was a very interesting perspective.
----
I read a little about the origins of Cypherpunk ideology in the 80s and 90s, and what struck me was how they talked about encryption technology the same way that right-wing libertarians talk about guns: as an instrument that could defend them against government tyranny, and everyone could have it, and once everyone had it, they would all be safe from tyranny.
Absolutely. The ideas that surround Tor are the same ideas that float around NRA speeches: guns are liberty. If everyone has a gun, there will be no bad guys, there will be no crime, no government tyranny, because everyone will be equally powerful. It’s a libertarian utopia, it’s about equalizing power, but it ignores the deeper social, and economic, and political issues of power in society.
----
It would be great if those same people focused on surveillance, encryption, and the Fourth Amendment, which I think are the true threat to and protections for everyone's liberty; and not on armed government suppression, firearms and the Second Amendment, which IMHO are extremely unlikely threats, and promote violence and are anti-democratic (those with guns and not votes make decisions, because when outvoted those with guns can ignore the votes of their fellow citizens).
Well the US federal gov't already has the bigger guns, the bigger iron to crack your crypto and more prepared and motivated people to do it on their payroll. Not to mention airplane carriers and nuclear subs armed with nukes. Just because everyone and their dog owns a gun, police can shoot you for "resisting arrest" especially if you are armed. The Swiss also own guns, but they have none of this madness. As a sidenote, your vote does count as a Swiss citizen in Switzerland and you never have the feeling that "the system is rigged". They do have madness of their own, yet it still looks more sane.
I'm confident that heavily armed hicks trying to found some sort of confederacy 2.0 could offer at least as much resistance as the Taliban. The US government doesn't exactly have a great track record of successfully suppressing insurgencies, even without having to do it on American soil, which would increase the public relations hit for collateral damage (I imagine CNN would care more if predator drones started bombing American weddings, for example).
I wonder whether the Swiss system of proportional representation contributes to the relative sanity and/or to the Swiss people's confidence in the system. As a British person, I envy people who live in countries with proportional representation, but I don't understand the Swiss system.
The confidence comes from two things: proportional representation and direct democracy. The people vote about the tiniest of issues (should the sound-proofing be extended on this bit of highway?), which gives a feeling of direct power. It's awesome, but probably doesn't scale all that well since everything is 'scoped', i.e. only those affected by the outcome get to vote, meaning the bureaucratic effort is immense (maybe that's something where AI can help?).
The downside with proportional representation is that it really only works as long as you have "near two party" conditions. I.e. two large parties plus a couple of smaller parties are ok. Once you have many medium sized parties, the outcome of your vote on a respective government becomes completely unpredictable as well, because you will get pretty random coalitions. Because this forces all parties to get rid of major disagreements, it feeds fringe demagogues agitating against the "mainstream". Eventually those conditions can lead to "great coalitions" of the remaining larger parties, which then have 2/3 majorities and similar things you would want to avoid.
The problem we have in the UK is that multiparty politics has arrived and the existing First Past the Post system has the same problems and more. For example, it has a habit of handing power to a party without a majority of votes (randomly, when it doesn't produce coalitions).
If you take the view that majority rule and minority rights is necessary for democracy, a majority government without a majority of votes is a problem. If you don't take that view, then you would probably want a different non-proportional voting system, but we've already rejected AV (instant runoff voting) in a referendum.
Most people that use TOR use either TBB (the TOR Browser Bundle) or Tails, or somethign similar. TOR is a core feature in the package but much more is needed to have some semblance of security.
Levine's argument is equivalent to saying SSL doesn't provide security, or door locks don't provide security, because they don't secure against every type of attack.
What a terrible article.