Re: [Tails-project] Integrity/Privacy Reliability of Tor

Delete this message

Reply to this message
Author: u
Date:  
To: Public mailing list about the Tails project, William du'Soleil
Subject: Re: [Tails-project] Integrity/Privacy Reliability of Tor
Hello,

William du'Soleil:
> I hope this won't be out of line (distasteful) to address as a Noob... but
> it's the reason I'm here. To try and establish confidence before going
> ahead with Tails.


You should always establish confidence with software :)

> Tails appears to be what I'm looking for (rather than a VPN for blanket
> use). Seems good to me so far; from the software dev. and what looks like a
> well-established, dedicated community -- but then I read the following
> quote attributed to Yasha Levine from his Feb. 2018 book, Surveillance
> Valley:
>
> "The Tor Project, a private non-profit that underpins the dark web and
> enjoys cult status among privacy activists, is almost 100% funded by the US
> government. In the process of writing my book Surveillance Valley, I was
> able to obtain via FOIA roughly 2,500 pages of correspondence — including
> strategy and contracts and budgets and status updates — between the Tor
> Project and its main funder, a CIA spinoff now known as the Broadcasting
> Board of Governors (BBG). These files show incredible cooperation between
> Tor and the regime change wing of the US government."
>
> Can someone please comment? If true, this obviously must present certain
> "compromises" to privacy reliability to Tails also, wouldn't you say?


First of all, I would like to refer you to our warning page:
https://tails.boum.org/doc/about/warning/ which points out what Tails
cannot do.

Concerning funding from BBG: many privacy projects receive funding from
BBG. While relying only on one funder is disputable, I personally am not
aware of funders interfering with code (and actually Levine acknowledges
this is not the case, too). Tor is free software, and any backdoors
might be noticed by people who actually read the code. Whenever flaws
are discovered, they are patched - at least that's what experience from
the past years shows. Levine mentions that in one case this patching
took time and that a vulnerability (which is that Tor traffic can be
easily distinguished from other traffic) was not immediately disclosed,
seems this happened 10 years ago to protect users from exploits.

As far as the above mentioned FOIA request and article is concerned, I
did not read it and thus cannot comment on what kind of strategy Mr.
Levine is talking about. In funding, contracts and status updates are
normal: the funder wants to know what the funded organization does. In
general though it's the organization that proposes a project / work, not
the funder.

The claim that Torproject is 100% US government funded seems to be
wrong, looking at Tor's sponsor page:
https://www.torproject.org/about/sponsors.html.en

I furthermore believe that no software is 100% secure, so one should for
example use encryption on top of using Tor.

This is no official statement from the Tails project, it's simply my
personal point of view.

Cheers!
u.