Silk Road forums
Discussion => Security => Topic started by: redgerbil on January 09, 2013, 06:40 am
-
You are supposed to go and download updates to tor to be secure. What if le/interpol or someone else for that matter replaced the software with a modified version that sent out ip's etc. How would we know? Is there anything in place to protect against this? Discuss.
-
You can verify the signature. The Tor packages are signed by a Tor developer named Erinn Clark.
Of course, it's possible that somebody put a gun to her head and forced her to sign compromised packages. In that case, download the source from the Tor Project's Git repository, audit it to make sure it is secure, and compile it yourself. That's paranoia level 9000, but I'm sure there are people who do that. :)
-
Who's to say this person wont take a million dollar bribe, or even 10 million+. this place is getting big not to mention the other shit accessed through tor. lots of people want to shut it down. and then there are hackers
-
Right, and that's where option 2 comes in. You can download the source code, read it yourself or get a competent, trusted friend to read it, confirm that it isn't doing anything malicious, compile and run it.
-
so many paranoid ass people here. if you think le is going to take over tor then dont use it
seems like a pretty simple fix to me, eh?
-
I think that would be an impossibility Tor is not run by one person or one group it's thousands of computers connected together in no way could they take down tor without tipping their hat And the second that Hat was tipped 5 seconds later everybody on Tor network would know about it and the Gig would be up
-
Other than people "blowing the whistle," as it were: no, there's nothing in place to prevent this. I think about it quite often, actually; I don't really expect it to happen, but I'm always cautious with updating Tor and where I actually get the archive from.
Tor is actually partially funded by the military, and the lead developer has frequent contact with the FBI. Some of them use it too, apparently.
-
was about to say that.
i heard tor was government funded/created as well :P
-
Tor is actually partially funded by the military, and the lead developer has frequent contact with the FBI. Some of them use it too, apparently.
While it started out as a project of the Naval Research Laboratory, which is a military research facility, today it is funded by more mundane government agencies like the National Science Foundation and the Broadcasting Board of Governors.
All their finances are open.
https://www.torproject.org/about/sponsors.html.en
https://www.torproject.org/about/financials.html.en
-
Other than people "blowing the whistle," as it were: no, there's nothing in place to prevent this. I think about it quite often, actually; I don't really expect it to happen, but I'm always cautious with updating Tor and where I actually get the archive from.
Tor is actually partially funded by the military, and the lead developer has frequent contact with the FBI. Some of them use it too, apparently.
The Tor developers strike me as a pretty libertarian bunch. They do have frequent contact with the FBI, but it is mostly just telling them the basics of how Tor works and why they cannot help them trace people who use Tor. The lead developer of Tor went to school at MIT and then worked for the NSA for a brief period of time, after he quit the NSA he implemented Tor with another person from MIT. The original concept for Tor came from the US navy, however the actual implementation of Tor does not have a direct tie to the US military other than the fact that the lead dev briefly worked for the NSA.
-
I did not know that thank you