×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wikileaks Was Launched With Intercepts From Tor

kdawson posted more than 3 years ago | from the secrets-have-to-exit-somewhere dept.

Censorship 157

The New Yorker is featuring a long and detailed profile of Julian Assange, founder of Wikileaks. From this Wired's Threat Level pulls out one salient detail: that Wikileaks' initial scoop came from documents intercepted from Tor exit routers. The eavesdropping was pulled off by a Wikileaks activist — neither the New Yorker nor Wired knows who or even in what country he or she resides. "The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for Wikileaks founder Julian Assange's assertion in 2006 that his organization had already 'received over one million documents from 13 countries' before his site was launched ..." Update: 06/02 06:31 GMT by T : In reaction to the Wired story, and the New Yorker story on which it drew, Andrew Lewman of the Tor Project points to this explanation / reminder of what Tor's software actually does and does not do. Relevant to the claims reported above, it reads in part "We hear from the Wikileaks folks that the premise behind these news articles is actually false -- they didn't bootstrap Wikileaks by monitoring the Tor network. But that's not the point. The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

157 comments

Old News Is Old (-1, Troll)

DarkKnightRadick (268025) | more than 3 years ago | (#32426312)

I read about this yesterday.

Re:Old News Is Old (1, Informative)

sammyF70 (1154563) | more than 3 years ago | (#32426326)

I didn't.

Re:Old News Is Old (0)

Anonymous Coward | more than 3 years ago | (#32426450)

You have to admit though, whatever his crimes, that Julian is a mysterious and exotic person, who has the most with beautiful hair.

Re:Old News Is Old (0)

Anonymous Coward | more than 3 years ago | (#32426466)

He looks like an extra vacant Bill Maher.

Re:Old News Is Old (0, Redundant)

DarkKnightRadick (268025) | more than 3 years ago | (#32426512)

You should try going elsewhere for you news aside from /. :p The first referenced article is the one I read.

Re:Old News Is Old (1)

X0563511 (793323) | more than 3 years ago | (#32427154)

Why? I can stand to wait a day or two (or much longer, usually). In return, I have much less places I need bother to look.

I, unlike some others, don't have an addiction to knowing what is going on RIGHT NOW everywhere else in the world.

Re:Old News Is Old (1)

DarkKnightRadick (268025) | more than 3 years ago | (#32427650)

I don't either, and generally I don't read the online (or offline) papers. I do get news from several sources though (mainly because I subscribed to a feed for keeping up with what groups are doing politically).

Re:Old News Is Old (1)

hairyfeet (841228) | more than 3 years ago | (#32428480)

Yes but you can in this case have your cake and eat it too. Just go to Daily Rotation [dailyrotation.com], make an account (If you want to have your settings saved and be able to access from more than 1 PC), choose which sites and headlines you care about, add any sites not listed with the handy "add site" at the bottom, hit save, and voila! All the major and minor sites headlines, all served up to you on a single page.

I find it a whole lot easier to have all the sites I like including /. all on a single page. With all the cool new tech coming out it is hard to keep up otherwise, at least for me. Give it a try, I bet you'll like it.

Re:Old News Is Old (0)

Anonymous Coward | more than 3 years ago | (#32428234)

Then why didn't you submit it yesterday?

Re:Old News Is Old (0, Offtopic)

Anonymous Coward | more than 3 years ago | (#32427278)

I didn't.

This is informative? Must be editors with mod points. Otherwise how does whether one person's first exposure to this story came from Slashdot inform the rest of us about anything? If this is informative then the parent post talking about how he had already read this elsewhere before it appeared on Slashdot is equally informative. Confirmation bias at its finest, folks.

Re:Old News Is Old (2, Informative)

sammyF70 (1154563) | more than 3 years ago | (#32427994)

Probably because my answer was just a different way of saying "so what? just because you read it elsewhere yesterday doesn't make it any less interesting for those who DIDN'T read it elsewhere. Considering the news in question, one day, or even one week, late doesn't make a difference"
I just put it in less words the first time around

Re:Old News Is Old (1)

_KiTA_ (241027) | more than 3 years ago | (#32428926)

I read about this yesterday.

I read this first post yesterday.

And the day before that. And the day before THAT. And the day be... well, actually, the day before that was some idiot 13 year old GNAA twit. But the day before THAT...

So what? (5, Insightful)

msauve (701917) | more than 3 years ago | (#32426322)

The summary is written as if Tor is suppose to be secure from eavesdropping. It isn't. It's supposed to offer anonymity. There's nothing to indicate that the _source_ of the documents was compromised.

Re:So what? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#32426372)

There's a very simple solution to this problem:

Encrypt your data before sending it over Tor

I sincerely hope any serious US agency using Tor for operations would take this precaution; it seems stupid not to do so, unless the goal is to provide disinformation

Re:So what? (0, Troll)

Philip K Dickhead (906971) | more than 3 years ago | (#32426428)

Why would you hope that? So that America remains as effective in screwing the world, dominating the weak, and murdering innocents?

Re:So what? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#32426462)

...because if the US govt agencies DIDN'T use such common-sense security tactics, they (and me, and my family, and my community) would easily be taken over by another government that is just as effective in screwing the world, dominating the weak, and murdering innocents.

I don't excuse our government's behavior, but it's not as if the rest of the world is made up of sane, caring individuals...

Re:So what? (2, Insightful)

Philip K Dickhead (906971) | more than 3 years ago | (#32426644)

They use the same secrecy to turn you into a slave.

Re:So what? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#32427140)

As long as they entertain us, we don't care. In fact, you're blocking the TV.. move out of the way..

Re:So what? (3, Insightful)

Unordained (262962) | more than 3 years ago | (#32427146)

I use a car to get to work. Terrorists use cars to blow things up. Clearly, the tool is equal to the usage.

Re:So what? (4, Informative)

blai (1380673) | more than 3 years ago | (#32427528)

Terrorists use bombs to blow things up.

Re:So what? (1, Funny)

Anonymous Coward | more than 3 years ago | (#32427614)

Terrorists use your mom to blow things.

Re:So what? (0)

Anonymous Coward | more than 3 years ago | (#32428718)

Do you question my fishing method?

Re:So what? (0)

Anonymous Coward | more than 3 years ago | (#32428554)

You can't fight for freedom if you're dead.

Re:So what? (-1, Flamebait)

fishexe (168879) | more than 3 years ago | (#32427194)

...would easily be taken over by another government that is just as effective in screwing the world, dominating the weak, and murdering innocents.

Um, ahem. Despite their best intentions, nobody is as effective in screwing the world and dominating the weak as our government. Hitler had a good run for a little while, but his government collapsed after not quite a decade and a half, never to dominate again! We, however, are still going strong. USA! Num-ber one!

Innocent world theory does not apply to govs. (0, Offtopic)

elucido (870205) | more than 3 years ago | (#32427190)

No government is innocent. No large group of people are innocent. No Corporation is innocent. The weak exist to be dominated as long as capitalism is the religion of the world.

As long as it's not our weak being dominated, thats the best we can hope for in the current world.

Re:Innocent world theory does not apply to govs. (4, Insightful)

Fjandr (66656) | more than 3 years ago | (#32427342)

The attempts by large groups to dominate the weak occurred long before capitalism, and will continue should capitalism ever cease to exist. It is simply one model of domination. There are many more in existence.

Re:So what? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#32426986)

No, this article reflects on Wikileaks not on Tor. The summary is written as if some information was more stolen than purposely leaked. This reflects on Wikileaks in two ways:

First, it seems somehow more noble when an internal dissident leaks an embarrassing secret, for example the Pentagon Papers. Whereas coming by information that was not purposely leaked is more suspect. (Though still possibly useful and possibly ethical. For example, publishing specs of the lost iPhone 4G.)

Second, since this information was intercepted by Wikileaks while being stolen *by someone else*, it points to Wikileaks' role in highlighting a security flaw in the source organization. Perhaps they wouldn't even have known about that theft unless Wikileaks published it.

So this isn't really about Tor per se.

Re:So what? (1)

Achromatic1978 (916097) | more than 3 years ago | (#32427798)

Though still possibly useful and possibly ethical. For example, publishing specs of the lost iPhone 4G

No wonder you posted AC. A brave soul, indeed, claiming on Slashdot that the publishing of the iPhone 4G specs could in any way be construed as 'useful', or even 'ethical'. Be ready for your attitude readjustment from the RDF faithful...

Re:So what? (1)

fractoid (1076465) | more than 3 years ago | (#32428144)

Hey now, I'm usually accused of being an angry anti-apple troll, and even I think that gizmodo was out of line. Apple employee loses a phone he was road-testing, gizmodo buys it (selling property you don't own is stealing, and buying it is receiving stolen goods), and then they rat the guy out, putting his job in jeopardy. It doesn't count as 'reasonable effort to return stolen goods' that they phoned some sales goon who said "um wat idunno".

Re:So what? (1, Informative)

burris (122191) | more than 3 years ago | (#32427016)

It's supposed to offer anonymity.

No, TOR provides untracability. Whether you want to be anonymous, use a pseudonym, or use your Real Name is up to you.

Re:So what? (1)

HairyNevus (992803) | more than 3 years ago | (#32428546)

So what is right. Who cares if WikiLeaks is downright stealing a lot of their leaks. Not that they are, this could be some disinformation made by people who are threatened by some things that have come out on that website. But even IF they're stealing, those documents are vital to keeping a lot of the power structure in check with the everyday citizen. Videos of military murders that had been misreported in the official story, etc...

A leak != Espionage (1)

crmarvin42 (652893) | more than 3 years ago | (#32426332)

Should rename them WikiThief.

My big question is whether or not their tactic for acquiring the documents is still usable by say, the Chinese Government.

Re:A leak != Espionage (0)

Anonymous Coward | more than 3 years ago | (#32426358)

Well from what I understand, China would have to be the end-node in the area where the server is actually being queried.

Still, despicable behavior by WikiLeaks. WikiThief indeed.

Re:A leak != Espionage (5, Insightful)

linzeal (197905) | more than 3 years ago | (#32426414)

Heh, there have been rumors this has been a bonanza for the intelligence community. If wikileaks is doing it you can bet every three letter agency in the world has been doing it too.

Re:A leak != Espionage (1)

Mithyx (1532655) | more than 3 years ago | (#32427018)

Based on recent experiences, I doubt the DMV has been doing anything this advanced.~

Re:A leak != Espionage (3, Interesting)

linzeal (197905) | more than 3 years ago | (#32427082)

The DMV has been given extraordinary powers since all these MADD sponsored mandatory DUI sentencing guidelines have begun to be expanded. My friend was arrested for suspicion of DUI in Oregon 2 years ago and was never charged but he still can't get it off his record.

That may be an understatement (1)

Burz (138833) | more than 3 years ago | (#32427080)

Almost anyone could get into that game, at least in a small way with one or more Tor exit nodes.

That's the problem with using something that bridges back to the normal Internet: Security can be quite low without painstaking preparation. I2P at least will not pose such a risk because your destinations are all inside the darknet, and even https is discouraged because the connections are considered secure as well as anonymous (your base64 address acts as the public key that pairs with your local identity which is secret).

Re:A leak != Espionage (1)

Tycho (11893) | more than 3 years ago | (#32428782)

So what does the USGS, USDA and the NOAA use to gather foreign intelligence? Well aside from contacting the foreign authorities through the standard methods.

Hmmmmm (0, Flamebait)

Vinegar Joe (998110) | more than 3 years ago | (#32426356)

Sounds like an excellent way to spread disinformation.....even better than say.....the New York Times.

Re:Hmmmmm (0)

Anonymous Coward | more than 3 years ago | (#32426442)

Sorry, "disinformation" implies that incorrect information is being deliberately provided. IMHO, the NYT actually believes what they print.

Re:Hmmmmm (0)

Anonymous Coward | more than 3 years ago | (#32426738)

Yeah -- which is why government officials (speaking on condition of anonymity, natch) sometimes tell believable lies to NYT (and other) reporters looking for a scoop. To spread disinformation. Which the NYT believes when they print it.

Moron.

Re:Hmmmmm (4, Insightful)

grcumb (781340) | more than 3 years ago | (#32427162)

Sounds like an excellent way to spread disinformation.....even better than say.....the New York Times.

You know, even as recently as the salad days of my youth, I could have labeled you a troll for writing that about the NYT.

Now, alas, all I can do is nod my head sadly in agreement.

transparency (3, Insightful)

rwa2 (4391) | more than 3 years ago | (#32426384)

Transparency is what the information age is for. It will be interesting to see how political bodies adjust... on one hand, the leaks are damaging, and truly innocuous or routine things can be spun and blown way out of proportion by opposition groups. On the other hand, they now have to behave to higher ethical standards (or at least the appearance of high ethical standards) because virtually anything could become public knowledge.

Re:transparency (1)

Yvanhoe (564877) | more than 3 years ago | (#32428518)

If higher ethical standards were incompatible with efficiency in a given process, I would like them to make their case and their point. The public opinion doesn't have very high ethical standards either.

Well I guess (2, Funny)

stillpixel (1575443) | more than 3 years ago | (#32426418)

those chinese hackers are good for something.. I'm thinking if we ever catch one though.. we'll sentence them to work in that Foxconn plant making iPhones ...

Worry (2, Interesting)

cappp (1822388) | more than 3 years ago | (#32426486)

Personally reading the linked articles made me really, really uncomfortable. Obviously wiki-leaks as a site has its own particular biases and political goals, everyone does, but the way in which they went about gathering this payload fills me with a really agonising ambivalence.

It really strikes to the heart of my feelings about wikileaks itself. Democracies require informed populations and accountability – they’re premised on the fundamental idea that the voting public makes choices based on more than partisan, or self, interest. For the most part, when considered on a population-wide basis, this tends to happen. For every insane extremist there is a balance on the opposite side of the political spectrum leaving those who cluster around the middle to chart a more reasonable course. That being said, moderation is not always the best of all options (only killing half of all people with foreign accents is hardly the ideal resolution to the war on terror) but it’s the best one we have. Wiki gives us a level of information we previously lacked.

However, the fact that they were born out of some ethically questionable actions worries me. It makes me question the source of their information, its reliability, and its purpose to a far greater extent than previously. I am forced to wonder what their goal actually is, and worry that I’ve been naive in believing that they’re interested in mature and reasoned public discourse. Perhaps that’s an over-reaction. Does the idea of Fruit-from-a-poison-tree apply here?

Re:Worry (2, Insightful)

DarkKnightRadick (268025) | more than 3 years ago | (#32426556)

I don't question the validity of their information. If their information wasn't valid, then companies wouldn't sue to have it taken down the way they have been. They'd be going with anti-defamation suits. They haven't been.

Re:Worry (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32426984)

Hard to see how we can talk about public reason when one side has information the other doesn't. In Soviet Russia much of the samizdat was of a purely factual nature, and by contradicting official reports delegitimized the government.

Re:Worry (4, Interesting)

cappp (1822388) | more than 3 years ago | (#32427094)

That's an interesting point, I'd not heard of Samizdat before. For anyone else who's out of the know - wikipedia defines it as

Samizdat was a key form of dissident activity across the Soviet bloc in which individuals reproduced censored publications by hand and passed the documents from reader to reader, thus building a foundation for the successful resistance of the 1980s

. I guess what I'm trying to say is that WikiLeaks is straddling the gap between public interest and public concern in a way that is beginning to make me feel uncomfortable. Just me. Despite what the mods have deigned from on high I'm not trying to troll or anything like that. I am genuinly concerned that the project is grounded in what I consider to be ethically-suspect actions that potentially reflect an attitude to privacy, security, and mature discussion that I find distasteful.

As to the accuracy, who knows what they're chosing not to show? That's a somewhat facicious point but there is an element of truth. If they're not above a little serrupticious information gathering then how can I trust that they're not also willing to make a few alterations here and there in what they chose to publisize. When they posted that video of military action the New Yorker ran an interesting piece at http://www.newyorker.com/online/blogs/georgepacker/2010/04/truth-but-not-the-whole-truth.html [newyorker.com] which makes some compelling points about the video as presented:

The producers themselves have chosen not to provide them. There appears to be a purpose to the omissions, which is underlined by the Orwell quote at the start, the prefatory explanation, the quotes and dedication at the end, even the way the helicopter crew’s cruel remarks are edited in a few places for effect. Although the producers identify the camera of the Reuters journalist who, along with his assistant, will be killed by Apache cannon fire, they don’t point to the AK-47 or the RPG launcher carried by other men with whom the journalists are walking in a group. Stripped of much context and weighted with commentary, this video is both an important document of the war, courageously leaked after the military had steadily refused to release it, and, in its way, a propaganda film.

I'm concerned that we're trading one kind of spin for another.

Re:Worry (1)

myowntrueself (607117) | more than 3 years ago | (#32427396)

I am genuinly concerned that the project is grounded in what I consider to be ethically-suspect actions that potentially reflect an attitude to privacy, security, and mature discussion that I find distasteful.

There should be no expectation of privacy for any unencrypted communication ever.

It is ridiculous to send unencrypted information via the *inter*net and then get annoyed when your 'privacy' is invaded.

I fully support privacy but ONLY when the person who wants privacy takes reasonable precautions. Otherwise they are idiots and deserve neither support nor sympathy.

Re:Worry (0)

Anonymous Coward | more than 3 years ago | (#32427872)

And yet it is largely illegal to intercept a phone call without a warrant because there is a reasonable expectation of privacy wherever we as a society decide there is.

Whole picture (1)

manaway (53637) | more than 3 years ago | (#32428022)

Films like this deserve to be seen. Anonymous distribution is, so far, one avenue to make that possible. If intercepted at an exit node by more than one party, that just gives more opportunity for an honest publisher and any propagandist a video to deliver to the public. Obviously it would always be best to have the whole unedited film available for reference. Though even then you have to use your critical skills to interpret what you're viewing.

For example: the New Yorker's "compelling points" of the video are, in my opinion, tangential and minor in the context of the shooting. You can ignore the audio and items circled, and still come away with the big picture. Some empty-handed locals, some locals with weapons, and journalists with cameras are walking around. Some foreign guys with weapons, part of an invading and occupying foreign military, are flying around in helicopters. The foreign guys initiate the killing of locals and journalists on the ground. Another group of weaponless locals drives in and tries to rescue the wounded, but are also shot, along with their kids, by the foreign guys. Make of that what you will. Looks like murder of innocents to me.

Re:Worry (1)

tsm_sf (545316) | more than 3 years ago | (#32428402)

Your problem, if I may be so blunt, is that you seem to think there might be one universal truth to any given situation. There isn't. There are only different perspectives.

Re:Worry (1)

Alex Belits (437) | more than 3 years ago | (#32427842)

In Soviet Russia much of the samizdat was of a purely factual nature, and by contradicting official reports delegitimized the government.

Only if you count Solzhenitsyn's historical fiction as factual. Because the rest was obviously fictional, merely seen as hostile by the government -- with genres from poetry to fantasy and science fiction.

Wikis are for wheels (-1)

Anonymous Coward | more than 3 years ago | (#32426488)

Anyone can set up a wiki and put lulz citationz needed or we will put you on wheels.

Fact, someone used your citations to support the fact that you suck cock.

Fundamental Flaw? (1, Redundant)

IonOtter (629215) | more than 3 years ago | (#32426528)

Would this be a fundamental flaw of the TOR network? If you don't know who's controlling the exit nodes, then you will never know if the information you send is truly secure.

One of the things we were trained for in the Navy-and something in which I got an abject lesson-is "Trust but verify". I "trusted" my senior petty officer when he told me that he'd secured the transmitters when we went to go raise the antennas. When I got back to radio to restore the "secured" transmitters, I found them happily pouring out 1000 watts of power with each ping, which were coming 2-3 per second.

My "Link-11 Sunburn" taught me that very important lesson: Trust but verify.

If you can't verify the network yourself, then don't trust it. Make sure the information you send over it can't be traced back to you in any way. Good luck with that, but do your best anyway.

Re:Fundamental Flaw? (4, Insightful)

Cougar Town (1669754) | more than 3 years ago | (#32426634)

Would this be a fundamental flaw of the TOR network? If you don't know who's controlling the exit nodes, then you will never know if the information you send is truly secure.

Tor offers anonymity, not security. Encryption and signing is for security. The two can be combined.

Re:Fundamental Flaw? (1)

DavidJSimpson (899508) | more than 3 years ago | (#32426648)

No, this is not a flaw in TOR. As has been stated in a previous post, the purpose of TOR is not security, but anonymity. If you want to have a secure connection, use an SSH tunnel (for continuous communication) or encrypted email (for a one-time secure message). Note that both of these protocols offer security, but not anonymity. If you want security and anonymity together, I suppose you could create an SSH tunnel through TOR, but performance would obviously suffer.

Re:Fundamental Flaw? (1)

X0563511 (793323) | more than 3 years ago | (#32427258)

Actually, SSH through Tor should be no slower than regular traffic through Tor. Assuming you have something more powerful on hand than some 1990s Pentium laying around.

Re:Fundamental Flaw? (0)

Anonymous Coward | more than 3 years ago | (#32427384)

I'm pretty sure the poster wasn't talking about ssh being slow, he/she/it was referring to how slow TOR is. User yer noggin, that's what it's there for.

Re:Fundamental Flaw? (4, Insightful)

Virak (897071) | more than 3 years ago | (#32426680)

No, this is a fundamental flaw with unencrypted communication, which is exactly what you're doing when you use Tor to access things outside of the Tor network without additional encryption. Either stay inside the network or ensure whatever you're running over it has its own encryption, simple as that. As always, the biggest threat to security is incompetence.

Re:Fundamental Flaw? (1)

Burz (138833) | more than 3 years ago | (#32427134)

Part of the problem is that the secure/insecure distinction has an explanation that is buried somewhere in a faq on the website. It would be better if people were given a browser with Tor that in one unified visual element allow people to tell immediately what the anonymity and security levels are at the moment.

SSL any better? (3, Informative)

Onymous Coward (97719) | more than 3 years ago | (#32427542)

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts. Any time your browser shows a secure and validated SSL connection it's because someone in your authorities list said it was okay. Just one authority. That's all it takes.

Go look at the list of CAs your browser trusts.

I just checked mine and I see 86 certificates belonging to maybe 30 different organizations. If any single one of those 30 organizations has a compromised certificate, my browser could show a bogus SSL connection as valid. So, I connect to Bank Of America, and the connection appears like a good SSL connection, but that's only because the fake cert in this attack was authorized by some rogue operator at "TÜBTAK UEKAE Kök Sertifika Hizmet Salaycs - Sürüm 3" or whichever of the 30 companies. That's a pretty long chain to deal with for a weakest-link-screws-you scenario.

Maybe some folks here didn't realize that this is how the model works. That's part of the problem.

So I might suggest understanding the difference between an anonymized connection and an encrypted one. Folks should understand how Tor works before using it. Already we have a problem with people using SSL without understanding it.

Anyway, I installed Tor and Torbutton recently and kept running across notices of how Tor works and that I should be aware of how it works to receive the benefits of it.

Here's another way you can protect yourself against bogus SSL certs, by the way: Perspectives [cmu.edu]. See the demo [cmu.edu]. There's a Firefox extension [cmu.edu].

Perspectives shows you an SSL cert's history. That is, how long that cert has been in use by the host you're SSL connecting to (as seen by a number of other hosts on the net). If the cert changed on you today, that's suspicious. If it changed today and you are the only person seeing that new cert, you might consider not using that connection for sensitive communication.

Re:SSL any better? (1)

DragonWriter (970822) | more than 3 years ago | (#32428438)

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts.

Rather, its only at most as secure as the least secure of the certificate authorities that your browser trusts; its quite possible that either your computer or the server you are accessing is, itself, less secure than any of the CAs involved, in which case those are the limiting factors.

Re:SSL any better? (1)

Onymous Coward (97719) | more than 3 years ago | (#32428858)

While we're at it, your browser SSL encryption is only as secure as the least secure of the certificate authorities that your browser trusts.

Rather, its only at most as secure as the least secure of the certificate authorities that your browser trusts

Yes, this is what I'm saying. Maybe I could have written it more clearly.

And I suppose we really shouldn't be referring to any one system's security as a limiting factor when all the systems -- your computer, the server accessed, the CAs -- add in.

Re:Fundamental Flaw? (1)

LaZZaR (216092) | more than 3 years ago | (#32426704)

The purpose of Tor is to provide anonymity. Given that in order for Tor to work it requires "community" participation, that means anyone can operate an exit node, but there is also an understanding that exit nodes can be used to siphon data. The key point here is that the exit nodes cannot determine the origin of the data, hence anonymity.

However, there is nothing preventing you from encrypting data over Tor.

Re:Fundamental Flaw? (1)

thePsychologist (1062886) | more than 3 years ago | (#32427058)

Please tell me you don't think Tor is secure in the manner you suggest?! It's not meant to be. Tor is for anonymity, not security for your information.

To put it more concretely, you want to use Tor if you don't want someone to know _you're_ doing something, which is not necessarily bad I should add. For instance, if you want to blog about what you saw last night in the alley. Tor isn't for sending information you don't want _anyone_ to read.

Anonymity protects you, not your data. So, you should use Tor for complaining about the government, and not to broadcast the location of your buried treasure!

THIS IS WHAT I"VE BEEN SAYING, P2P IS FOR COMMIES (0)

Anonymous Coward | more than 3 years ago | (#32426544)

Only the bad guys use P2P. FACT!!

Are you user of P2P?

You are a bad guy !! FACT !!

Commies, go home !!

you know you'll like it (0)

Anonymous Coward | more than 3 years ago | (#32426576)

take him to the greek looks totally gay. lots of slashfags will probably like it.

Wikileaks funds? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#32426632)

If you want to see how even Wikileaks volunteers don't know how funds are used in their organization read the following link at Cryptome

http://cryptome.org/0001/wikileaks-funds.htm

Cryptome has also published a lot of Wikileaks founder's personal emails in which, like many of us at different points in time in our lives, he speaks of how broke he is. After founding Wikileaks, he told an Australian newspaper Sydney Morning Herald that he did not use a single cent from Wikileaks for funding his personal expenses, but he has substantial private investments. Where did the money come from?

Cryptome has all the inside information about Wikileaks.

I am a supporter of the site thought. Not of the shady founder. Wikileaks good.

Real NEWS !! (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#32426726)

The recent flap over a Pennsylvania school district's use of tracking software on schoolissued laptops, supposedly to locate those that were stolen, makes me wonder how much illegal snooping goes on everywhere, whether initially intended or not.

If you didn't follow this story from the outset, the school district, near Philadelphia, provided students with free Apple laptops that had a theft-protection scheme in place; the laptop cameras could be turned on remotely for security purposes. So if a person stole the laptop, he or she could be identified on the camera. This was the basic justification for the program.

The case took an interesting turn when it turned out that the district had captured 56,000 photos from various laptops. Catching a high school kid naked in his or her room would constitute the collection of kiddie porn, another complication for these boneheads. The school district says none of the images caught anyone naked, though this seems hard to believe.

Unfortunately every sort of scheme like this one spirals out of control. Power corrupts, and absolute power corrupts absolutely. So maybe the school officials or their minions or both decide that this ability to turn on cam is more than a tool; it's a fun toy! One kid captured in the images and his family are suing the school district, and the FBI is investigating the situation for illegal wiretapping, with possible criminal implications.

The Need for Ethics 101

Very few schools teach civics or ethics anymore, and apparently few school teachers or administrators know what these terms mean. I have not heard much in the way of outrage by any other schools regarding this practice, which began with monitoring stolen goods and appears to have deteriorated into out-and-out spying and surveillance for fun. What does this tell you about American school systems? They're top heavy with administration and out of touch with reality. No wonder parents want to home-school.

I honestly do not believe that at any point in the surveillance program did the school snoops think they were doing anything wrong or unethical. This is the real problem here. In fact I'm sure some of the folks being rounded up are actually stunned by this investigation. "But we didn't know!"

I'm not sure how anyone can come to the conclusion that you can just turn on computer cameras inside private residences Orwellian-style, just to see what's going on out of curiosity. This is the kind of thinking you might have as a goofy 12-year-old before you learn about legality, and ethics. But these are adults with serious responsibilities. And I think it is the tip of a very big iceberg--one that no one is talking about.

Does anyone seriously believe this is an isolated incident? If you watch TV cop dramas this sort of thing is out-and-out promoted as the way to catch the bad guys. And in the USA lately, the entire public is seen as a potential bad guy, no matter the reality or likelihood. Everyone is a suspect getting on an airplane. Everyone is a suspect walking down the street. And public cameras are everywhere.

So it is not a leap of faith to just spy on everyone; after all, someone is probably doing something wrong, and maybe we can catch them this way. And as expected, someone was doing something wrong: the person surreptitiously viewing the cameras.

I can assure you other schools around the country are erasing their 56,000 photos ASAP as this case unfolds. I can assure you that whatever snooping program was used by the school district wasn't sold to just one customer. It surely wasn't coded in-house. Hopefully some irked supervisors will emerge and blow the whistle on other offenders.

Unless we want to just give up on freedoms and liberties in this country, this sort of Big Brother-is-watching-you nonsense has got to stop. If any leniency is shown toward the school district--any whatsoever-- then the wrong message will be sent. The prosecutors have to throw the book at these jokers. For starters, a school is supposed to exemplify good, not evil. Illegal activity cannot be tolerated within the American school structure.

Meanwhile, my advice to people using loaned computers like this is to always assume there is some sort of spyware planted. If you cannot find a way to ferret it out, at least tape over the camera and the microphone hole of these machines, and don't use it for any sort of computerto- computer chatting. Just assume you're being watched and heard. Because you probably are.

Tor has leaked much (2, Informative)

AHuxley (892839) | more than 3 years ago | (#32426744)

http://www.wired.com/threatlevel/2007/11/swedish-researc/ [wired.com]
As people might recall log-in and password information for 1,000 e-mail accounts belonging to foreign embassies where seen in plain text too.
Tor was always one huge honey pot built on the US telco network with all exit nodes collectable to the NSA.
Others are just building their own small data collection services on top.
Another man in the middle data retention story :)

Exit Nodes (3, Informative)

carp3_noct3m (1185697) | more than 3 years ago | (#32426842)

Anybody involved with TOR knows that EXIT nodes are a big potential risk, and not only have there been rumors of official government sponsored (and therefore tapped) exit nodes, but even /. had a story about it a long ass time ago. Recently the TOR guys have been trying to curtail this via a few different methods, but it is nothing new. Regardless, exit node sniffing is a novel way to get information, (for example, allow only .gov or .edu traffic)

rather, stuff coming from exit nodes (2, Insightful)

Onymous Coward (97719) | more than 3 years ago | (#32427372)

More precisely, it is not the nodes themselves that are the risk, but the (unencrypted) communication coming from the exit nodes.

this site eats shit (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#32426994)

just like a dick loving faggot.

Dedupe Bandwidth Savings (1)

Nemilar (173603) | more than 3 years ago | (#32427186)

The author mentions the disk access for deduped primary storage (he points out (rightfully so) that deduped primary storage will perform slower than non-deduped primary storage), but he failed to mention what I think is an important point when discussing deduplication and network performance/bottlenecks.

If you dedupe your backups (the author mentions, for example, a VTL solution), you then gain the ability to replicate only the unique data to your DR site. In terms of saving bandwidth, this can be an absolutely huge savings. Imagine if you backup to a VTL, and with dedupe you get an average 25:1 ratio; that means that, for the purposes of DR, you can replicate 25x more data through your pipe than you would have been able to, without dedupe.

This is why I only use Tor (2, Insightful)

fishexe (168879) | more than 3 years ago | (#32427228)

...for getting around the Great Firewall to d/l porn and access facebook, not for doing anything that needs to be secure.

Confirms my suspecions ... (0)

BitZtream (692029) | more than 3 years ago | (#32427668)

That Julian Assange is a fucking douche nozzle with a side of ass goblin. :)

Yes, mark me as a troll for assaulting the precious wikileaks, but really, he's a douche promoting what essentially amounts to corporate espionage in almost every case.

Re:Confirms my suspecions ... (0)

Anonymous Coward | more than 3 years ago | (#32428224)

What do you call "corporate espionage" on behalf of the society as a whole, though?

Re:Confirms my suspecions ... (0)

Anonymous Coward | more than 3 years ago | (#32428950)

I'm here to confirm that national governments are corporations.

There are many things about julian that are (0)

Anonymous Coward | more than 3 years ago | (#32427684)

not quite right. I am a little upset with julian assange over the book he co-authored many years ago called Underground. Alot of what he wrote were pretty much out and out lies and activities assigned to one person or group were actually performed by others. particularly things assigned to the australians and himself. He and the australians claimed they did alot of stuff performed by a good friend of mine who has never gotten the credit he deserved, he doesn't really care as he's not like that but he does get pissed off that people like julian, ropp, phoenix, gandlaf, electron, MoD, 8lgm and others parlayed his exploits into their fame and fortune and he didn't even get more than a few sentences in the book.

Education (1)

somenickname (1270442) | more than 3 years ago | (#32427700)

In the not so distant past, things like Algebra and Geometry were considered "premium" learning. Now, anyone who has been through high school has been exposed to those concepts and, even if they can't use that math, they have been exposed to it. The internet has become such a pervasive part of our culture that an understanding of how it works and even ethics classes on how to use it should be taught at an early age.

That doesn't preclude idiot bureaucrats without that education from thinking that sending information via tor and expecting the exit node to be secure but, it does put society in a place where basic knowledge about the fundamental structure of the internet is almost common sense.

Always look on the bright side... (1)

Michael Woodhams (112247) | more than 3 years ago | (#32428682)

Tor lets you collect your porn anonymously, but at a heavy bandwidth price. The three letter agencies are (we guess) providing Tor nodes with lots of bandwidth so as to be able to sniff the exit traffic.

Result? The NSA is subsidising your anonymous porn collection!

You don't have to care about encryption so long as you don't mind if the NSA has sniffed your porn before you do.

This is a difficult subject (1)

Dr. Evil (3501) | more than 3 years ago | (#32428732)

... it's a Wired article which doesn't suck.

Maybe Wired journalists are okay at writing about journalism?

I'm not sure if I should continue ignoring this publication. It's confusing.

Update: "...The point is that users who want to be safe need to be encrypting their traffic, whether they're using Tor or not." This flat denial of the assertion that Wikileaks was bootstrapped with documents sniffed from the Tor network is repeated unambiguously in correspondence from Wikileaks volunteers."

Okay, I have my answer. Continue ignoring Wired.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...