Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

16 April 2011. A sends: Roger Dingledine writes that the US Navy uses Tor for open source spying:

http://idtrail.org/files/Dingledine%20-%20Tor.pdf

28 March 2011. Add comments from 1997 on TOR, called then the Onion Router.

25 March 2011. Add messages from A3 and JY.

24 March 2011. Add message from A and EFF.

 


22 March 2011

Creators of TOR:
David M. Goldschlag <goldschlag[at]itd.nrl.navy.mil>
Michael G. Reed <reed[at]itd.nrl.navy.mil>
Paul F. Syverson <syverson[at]itd.nrl.navy.mil>
Naval Research Laboratory

More:

http://www.onion-router.net/Publications/IH-1996.pdf
http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
http://www.onion-router.net/

 


TOR Made for USG Open Source Spying Says Maker

Date: Tue, 22 Mar 2011 16:57:39 -0400
From: Michael Reed <reed[at]inet.org>
To: tor-talk[at]lists.torproject.org
Subject: Re: [tor-talk] Iran cracks down on web dissident technology

On 03/22/2011 12:08 PM, Watson Ladd wrote:
> On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk<joebtfsplk[at]gmx.com>  wrote:
>> Why would any govt create something their enemies can easily use against
>> them, then continue funding it once they know it helps the enemy, if a govt
>> has absolutely no control over it?  It's that simple.  It would seem a very
>> bad idea.  Stop looking at it from a conspiracy standpoint&  consider it as
>> a common sense question.
> Because it helps the government as well. An anonymity network that
> only the US government uses is fairly useless. One that everyone uses
> is much more useful, and if your enemies use it as well that's very
> good, because then they can't cut off access without undoing their own
> work.

BINGO, we have a winner!  The original *QUESTION* posed that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a mid-point?"  The *PURPOSE* was for
DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever).  Not helping dissidents in
repressive countries.  Not assisting criminals in covering their
electronic tracks.  Not helping bit-torrent users avoid MPAA/RIAA
prosecution.  Not giving a 10 year old a way to bypass an anti-porn
filter.  Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin).  I should
know, I was the recipient of that question from David, and Paul was
brought into the mix a few days later after I had sketched out a basic
(flawed) design for the original Onion Routing.

The short answer to your question of "Why would the government do this?"
is because it is in the best interests of some parts of the government
to have this capability...  Now enough of the conspiracy theories...

-Michael
_______________________________________________
tor-talk mailing list
tor-talk[at]lists.torproject.org

24 March 2011

A sends:

From: A
Date: Thu, 24 Mar 2011 01:41:41 +0000
Subject: Cryptome Fwd: Re: Fwd: The onion TOR network
To: cryptome[at]earthlink.net
Following the publication of the email extract on TOR, I asked
the EFF what they made of it. Here it is. You can of course publish it.
---------- Forwarded message ----------
From: Rebecca Jeschke <rebecca[at]eff.org>
Date: 23 March 2011 21:29
Subject: Fwd: Re: Fwd: The onion TOR network
To: A
Hi A.  This is from Senior Staff Technologist Seth Schoen.  Thanks -- Rebecca
-------- Original Message --------
Subject: Re: Fwd: The onion TOR network
Date: Wed, 23 Mar 2011 11:15:24 -0700
From: Seth David Schoen <schoen[at]eff.org>
To: Rebecca Jeschke <rebecca[at]eff.org>
CC: chris <chris[at]eff.org>, Peter Eckersley <pde[at]eff.org>,
    Seth Schoen <schoen[at]eff.org>
Rebecca Jeschke writes:

     any thoughts on this?
It's totally true that the military people who invented Tor were
thinking about how to create a system that would protect military communications.  The current iteration of that is described at 
https://www.torproject.org/about/torusers.html.en#military 
right on the Tor home page. 
However, the Tor developers also became clear early on that the system wouldn't protect military communications well unless it had a very diverse set of users.  Elsewhere in that same e-mail discussion, Mike Perry (a current Tor developer) alludes to this: 
https://lists.torproject.org/pipermail/tor-talk/2011-March/019898.html 
  In fact, the best known way we have right now to improve anonymity   is to support more users, and more *types* of users. See: 
  http://www.freehaven.net/doc/wupss04/usability.pdf   http://freehaven.net/~arma/slides-weis06.pdf 
The first link is to a paper called "Anonymity Loves Company", which explains the issue this way: 
  No organization can build this infrastructure for its own sole use.   If a single corporation or government agency were to build a private   network to protect its operations, any connections entering or   leaving that network would be obviously linkable to the controlling   organization. The members and operations of that agency would be   easier, not harder, to distinguish. 
  Thus, to provide anonymity to any of its users, the network must   accept traffic from external users, so the various user groups can   blend together. 
You can read the entire (ongoing) discussion about government funding for Tor development via 
https://lists.torproject.org/pipermail/tor-talk/2011-March/thread.html 
(search for "[tor-talk] Iran cracks down on web dissident technology"). 
-- 
Seth Schoen Senior Staff Technologist                         schoen[at]eff.org Electronic Frontier Foundation                    https://www.eff.org/ 454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107 

Subject: Re: [tor-talk] Iran cracks down on web dissident technology
From: A3
To: John Young <jya[at]pipeline.com>
Cc: A2, cypherpunks[at]al-qaeda.net

On Tue, 2011-03-22 at 17:43 -0400, John Young wrote:
> Fucking amazing admission. No conspiracy theory needed.

Wasn't this already very common knowledge?

Subject: Re: [tor-talk] Iran cracks down on web dissident technology
To: A3, A2, cypherpunks[at]al-qaeda.net
From: John Young <jya[at]pipeline.com>

That's what the Eff-folks advocating TOR are saying. And point to a
file on Torproject.org. See:

http://cryptome.org/0003/tor-spy.htm

However, this appears to be a giant evasion perhaps a subterfuge,
even reminds of what Big Boys say when customers learn they are
siphoning customer data. Read the privacy policy the lawyer-advised
apologists bark, and upon reading the privacy policy see that it only
emphasizes the subterfuge. Openly admitting siphoning is supposed
to make it okay because everyone does it under cover of lockstep
privacy policy. Reject that.

If the Tor operators really know what they are being used for, then
they should admit to being agents of the USG, as Michael Reed had
the guts to do.

Claiming this US spying role for Tor is well known is a crock of slop,
but then spies lie all the time and care not a whit that they peddle
shit for eaters of it. If you believe them and like what they do then
don't shilly-shally, just do what Michael Reed did but others are
too ashamed to do after having been duped since 1996.

If Reed's precedent for honesty is followed, there will be an
admission that the Internet was invented for spying by its inventor.
And then cryptography and other comsec tools. And then cellphones
and the like. Hold on now, this is getting out of hand, the apologists
will bellow, everybody has always known that there is no privacy
in digital world.

Actually, no, they did not. And those who knew keep their Janusian
mouths writhing to reap the rewards of deception. Now that is a truth
everyone knows. No conspiracy theory needed.

http://cryptome.org/jya/onion.htm25 April 1997: Add Lucky Green’s comments.
3 March 1997 (Thanks to LG for pointer)


Date: Sun, 02 Mar 1997 18:20:49 -0800
To: cryptography[at]c2.net, coderpunks[at]toad.com, weidai[at]eskimo.com
From: Lucky Green <shamrock[at]netcom.com>
Subject: PipeNet implemented?

At the FC’97 rump session, Paul Syverson from NRL presented a paper titled “Onion Routing”. The description of the system sounds very much like Wei Dai’s PipeNet. However, the development team seems to be unaware of PipeNet and the discussions about it that we had in the past.

NLR has currently five machines implementing the protocol. Connection setup time is claimed to be 500 ms. They are looking for volunteers to run “Onion Routers”. It appears the US military wants to access websites without giving away the fact that they are accessing the sites and is looking to us to provide the cover traffic. What a fortunate situation.

They said that the source would soon be on the web page, but so far it has not appeared.

http://www.itd.nrl.navy.mil/ITD/5540/projects/onion-routing/

 


To: cypherpunks[at]cyberpass.net
Date: Fri, 25 Apr 1997 01:24:29 -0700
From: Lucky Green <shamrock[at]netcom.com>
Subject: Re: A new system for anonymity on the web

At 12:59 PM 4/20/97 -0700, Steve Schear wrote:

>Hal,
>
>What do you think of the “onion routing” approach from the group at Naval
>Postgraduate? How would compare it to this newest proposal?

Neither one of them is any good in its present form. The folks at the FC’97 rump session got to watch Jim and myself poke truck sized holes into the NRL design within seconds of them ending their presentation. :-)

Here was a US military research lab presenting a system they thought would give them a way to surf the Net anonymously by using the public for cover traffic. [Let me just spell out here that I believe that the people from NRL and Cypherpunks are on the same side on this issue. Their concern is COMSEC, not SIGINT.]

Anyway, we knew how to crack their system without even having to think about it, since folks on Cypherpunks, especially Wei Dai, had discovered various venues of attack on such systems long ago. Cypherpunks are teaching the military about traffic analysis. :-)

The one good thing about NRL is that they seem to be willing to learn. [The other being that they get paid to write our code for us.] Though I get the distinct feeling that they don’t like the required solution. There is simply no way to harden the system against attack without using a constant or at least slowly varying (I would guess we are talking about periods of several hours here, certainly not minutes, but I haven’t done the math, nor do I have the time to do so) bandwidth data stream between the end user and the first Onion Router. This will invariably require special software on the end user’s machine. I think the best design would be a client side proxy. [That much Crowds got right.]

As to Crowds, they got to be kidding. How many end users are willing to become, even without their direct knowledge, the last hop to <enter evil URL here>? I believe that relatively few users would want their IP address to be the one showing up in the server log of <enter seized machine’s name here> because their jondo happened to be the exit point chosen.

 

 

— Lucky Green <mailto:shamrock[at]netcom.com> PGP encrypted mail preferred

“I do believe that where there is a choice only between cowardice and violence, I would advise violence.” Mahatma Gandhi

http://cryptome.org/0003/tor-spy.htm