Tor’s nine “directory authority” servers could be compromised and traffic sent elsewhere, says Tor co-founder Roger Dingledine. Even worse, several of those crucial servers are managed by people working for the government. Did I mention Tor is heavily funded by the government and Dingledine worked at NSA one summer? Conspiracy buffs, start your engines.
It appears we’ve all bit a bit misled by how Tor works. It’s not decentralized at all.
Yes, we said “centralized.” For all the talk about Tor being a totally independent ad-hoc system that operates outside the realm of anyone’s control, it does in fact have a highly centralized network architecture that’s run by key Tor developers and insiders. There are currently nine directory authorities — one is run by Tor developer Jacob Appelbaum, while another is run by Tor cofounder Dingledine himself.
The administrators of these directory authorities have a lot of power over the way information is routed through Tor — including the ability to prevent certain Tor nodes from taking an active part in the network. Which is interesting considering that several of the people in charge of managing the routing system are drawing their salaries from Pentagon and State Department grants.
Dingeldine says the attack is imminent. He’s hardly reassuring about their ability to stop it
The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.
We hope that this attack doesn’t occur.
So, if Tor remains safe, why is he worried enough about a possible attack to go public about it?
And just what is Tor?
NSA? DoD? U.S. Navy? Police surveillance? What the hell is going on? How is it possible that a privacy tool was created by the same military and intelligence agencies that it’s supposed to guard us against? Is it a ruse? A sham? A honeytrap? Maybe I’m just being too paranoid…
Unfortunately, this is not a tinfoil hat conspiracy theory. It is cold hard fact.