Let’s start with the basics: Tor was developed, built and financed by the US military-surveillance complex. Tor’s original — and current — purpose is to cloak the online identity of government agents and informants while they are in the field: gathering intelligence, setting up sting operations, giving human intelligence assets a way to report back to their handlers — that kind of thing. This information is out there, but it’s not very well known, and it’s certainly not emphasized by those who promote it.
Peek under Tor’s hood, and you quickly realize that just everybody involved in developing Tor technology has been and/or still is funded by the Pentagon or related arm of the US empire. That includes Roger Dingledine, who brought the technology to life under a series of military and federal government contracts. Dingledine even spent a summer working at the NSA.
And the vulnerabilities they mention are not attacks on Tor. The Freedom Hosting attack targeted an old version of Firefox that shipped with old versions of the Tor browser bundle, and only affected users who ignored the browser bundle telling them they needed to upgrade. If the NSA is actually a global passive observer, Tor won't protect you from them, because it isn't designed to protect against a global passive observer. They're open about that too. I get the impression the author read the start of some threads from the Tor or liberationtech mailing lists last year, and didn't bother to read the rest of the threads.
I'll share an exchange I had with a Reddit user about this topic. It started a month ago when the "Feds cover-up documents about how local police use stingrays" story broke. We ended up having what I felt was a fairly productive discussion come out of what began as hyperbolic one line quips; he was generally supportive of government surveillance, saying: In the end, he advocated that I run a tor node as well. Fast forward two weeks later and the XKeyscore leak shed some new light on the USG's relationship with TOR; remembering my previous exchange with him, I sent him a PM asking if he had an opinion on it. He responded but was generally dismissive of it, essentially saying that most of it was already known. Looking at it now, he hasn't been on Reddit since, so who knows what happened to him. At the end of our exchange, I said: I knew, even before talking with him, from my own research about TOR, that it was born as a military project, but I was under the impression that it was no longer under the control of the USG, and I certainly didn't know that most (all?) of the TOR traffic was being surveilled, stored, analysed and deanonymized by the NSA. I would wager that most schmucks like me probably didn't know that. Am I right to not want to be involved in TOR given what is now known?Most of what we say is monitored, that is true, but that started by voluntary consent. We give our information to third party corporations who are not as strongly protected by the Fourth Amendment, and then wondered why the government chose to dig up that treasure trove. If you want to protect yourself from that, you can use a service designed by our own government, called Tor. When used properly, it is nearly impossible to crack.
I believe in the value of privacy and I think the aims of the TOR project are worth supporting, but after talking it over with my partner, I'm not sure I would feel comfortable running a TOR node on my home computer. It seems like it is only bound to increase one's NSA footprint and despite so many people being rather cavalier about NSA lists and databases, I'd prefer to avoid them where possible and convenient.
Chelsea Manning, back when she was Bradley, observed that the best defense against surveillance is to have a low profile. After all, they're listening to everything and recording everything. But they're not analyzing everything. The NSA's approach is now and has always been to increase the likelihood of finding a needle in a haystack by making the haystack as large as possible. Firing up a TOR node is basically like lighting a match next to your needle. Suddenly there's smoke, burning embers, crackling, etc. Granted - the NSA may or may not (go with may) be able to read what's coming out of and going into that TOR node... but all of a sudden, they have a reason to care. Intelligence is about profiling, probability and surveillance. If you match the profile of someone they're interested in, there's a probability you will experience surveillance.
Dingledine was criticized by Tor community for the obvious reason that funneling traffic through a handful of fast nodes made surveilling and subverting Tor much easier. Anyone can run a Tor node — a research student in Germany, a guy with FIOS connection in Victorville (which is what I did for a few months), an NSA front out of Hawaii or a guy working for China’s Internet Police. Faster it gets the easier it is to subvert, but very few people will use the browser at its current speeds.In 2012, Tor co-founder Roger Dingledine revealed that the Tor Network is configured to prioritize speed and route traffic through through the fastest servers/nodes available. As a result, the vast bulk of Tor traffic runs through several dozen of the fastest and most dependable servers: “on today’s network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays.”