There's an interesting thread on the tor-talk mailing list, which I thought I'd repost here. user: Dear reader, I'm a Tor user. My interest in anonymity awoke in response to the European parliament passing the data retention directive in 2005. I did (and still do) not want my ISP to be able to spy on everything I do. I maintain a German web site explaining how Internet communication works, warning against data retention, and advertising anonymity via Tor [1]. I thought that there is not much to lose when using Tor (except for speed). Now, I'm about to include a big warning concerning Tor. Maybe I'm driven by fear, uncertainty, and doubt. But I doubt that. I'd like to see this e-mail as a consensus check I'm only talking about Tor users like me, living in a stable democracy. In my idealistic (or naive?) view, it's nobody's business to collect data about me as long as I'm not a suspect of crime. If they do anyways, they violate my (perceived) rights, privacy, and dignity. I'm using Tor as tool to fight that violation. (My reasoning does not apply to people under oppressive regimes who use Tor as protection from their own government when they coordinate and communicate and whose physical freedom and well-being are at risk.) Of course, since Tor's beginning the threat model has been excluding global passive adversaries (which are able to observe both ends of the torified communication) but I didn't consider that a real issue. However, now I do. Today, the GCHQ (GB) is running Tempora to spy on all transatlantic data, including three days of full storage for deeper analysis. The NSA (US) is doing all kinds of spying with PRISM, including rumors of tapping directly into the German Internet eXchange DE-CIX [2]. The DGSE (French foreign intelligence agency) is spying massively on the French (so much for *foreign* intelligence). The BND (German foreign intelligence) is allowed to monitor up to 20% of border-crossing Internet traffic; supposedly, they are looking at 5% right now and investing heavily to increase that number [3]. In 2007 Murdoch and Zieliski [4] developed traffic analysis techniques based on sampled data for parties monitoring Internet eXchanges (IXes). Apparently, the parties mentioned above have capabilities that go far beyond the paper's sampling technique. Thus, I'm assuming that global adversaries are spying on me. As I said, initially I worried about my ISP under data retention and considered Tor to be an excellent protection. Of course, that's only part of the story as I'd like to restrict who is able to spy on me as much as possible, whether my ISP, the ordinary criminal, or our governments's spies. Frankly, I only started to think about the last point after seeing the video "Enemies of the State" of last year's Chaos Communication Congress [5]. There, former NSA officials complained that the NSA is beating US citizens' constitutional rights into the dust. However, the existence of rights for Non-Americans was not acknowledged, and I wondered how my expectations should look like given that I'm not protected by the US constitution. Now, Tor re-routes traffic on a world-wide basis. I believe that without special precautions (I'm going to write a separate e-mail on that), my communication with the entry node as well as the exit's with the real communication partner will flow through big pipes and IXes, which are worth the investment of spying facilities; of course, terrorism needs to be fought... Thus, Tor does not anonymize; instead, it turns all my network traffic over to adversaries. Hopefully, Tor makes the adversaries' lives harder, and they need more compute power to spy on me. Maybe they find torified traffic more interesting and handle it with higher priority. In any case, I assume that torified traffic gets analyzed. In contrast, without Tor I'm *not* certain that all my traffic gets analyzed. Part of my traffic does not need to flow through big pipes and IXes but stays in local, untapped regions of the Internet. Thus, my warning could read as follows: 1. If you are using Tor, you should assume that all your network traffic gets stored, analyzed, and de-anonymized by intelligence agencies. 2. If you do not use Tor, you should be aware that your ISP could spy on all of your network traffic, while part of it (that part passing tapped IXes) gets stored and analyzed by intelligence agencies. Of course, there still is more fun in using Tor. What's your take on the current situation? Should the Tor FAQ include a similar warning? ========= arma: 1. If you are using Tor, you should assume that all your network traffic gets stored, analyzed, and de-anonymized by intelligence agencies. I don't want to tell you to stop worrying, but depending on how much you think these intelligence agencies collaborate, I think the "and de-anonymized" phrase might be overstated. For example, I would not be surprised if French intelligence doesn't has enough of a reach on the Internet to be able to break Tor easily -- simply because they haven't made enough deals with enough backbone providers relative to the locations of big Tor relays. Maybe they trade data with England and the US, but then again maybe they don't (or don't trade all of it). One of the unfortunate properties of the Internet is how it's much less decentralized than we'd like (and than we used to think). But there are still quite a few different places that you need to tap in order to have a good chance of beating a Tor circuit. For background, you might like: http://freehaven.net/anonbib/#feamster:wpes2004 http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09 and there's a third paper in this chain of research which I'm hoping the authors will make public soon -- stay tuned. 2. If you do not use Tor, you should be aware that your ISP could spy on all of your network traffic, while part of it (that part passing tapped IXes) gets stored and analyzed by intelligence agencies. I think you're underestimating the problem here. You say "Part of my traffic does not need to flow through big pipes and IXes but stays in local, untapped regions of the Internet." I think for the typical web user, basically _every single page they visit_ pulls in a component that goes through these 'big pipes' you refer to. In short, I think web users are in bad shape using Tor if their adversary is "every intelligence agency combined", but they're in way way worse shape when not using Tor. While I'm at it -- you don't think Deutsche Telekom has a deal with BND where they hand over all the internal German Internet traffic they see? I hope the era where people say "My government is doing everything that has been reported in the news so far, but surely they're not doing anything else" is finally over, but I guess it will be a while yet. ========= mp: It's also important to understand the limitations of these attacks. If the data they record is low resolution (such as Murdoch's IX sampled results), the accuracy will be poor. Murdoch didn't achieve any success at all until several megabytes were transmitted in a single connection, and even after that, the accuracy was heavily impacted by the prevalence of similar traffic elsewhere in the network (due to a phenomenon called the 'base rate fallacy'). As more people use Tor, the better this property gets. In fact, a Raccoon (when you run an anonymity network, you get all sorts of interesting characters) proved that the accuracy of dragnet correlation attacks falls proportional to 1/U^2, where U is the number of concurrent active users. This creature also pointed out the same property is visible in Murdoch's own graphs: http://archives.seul.org/or/dev/Sep-2008/msg00016.html https://lists.torproject.org/pipermail/tor-talk/2012-March/023592.html I think this property suggests that with better usability and some lightweight defenses, Tor can actually do quite well, especially for relatively small, short transmissions like website loads. I am worried about the level and duration of timing resolution that datacenters as large as the NSA one in Utah could provide (assuming that all that storage is for traffic, and not for stuff like mapping ECC curves onto Z_p). Even so, I still think protocol-level active attacks (such as RPW's hidden service Guard discovery attack, and the Raccoon's bitstomping/tagging attack) are far more likely to be how intelligence agencies and others will attack Tor: http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html