On 08/24/2014 09:43 PM, Michael Wolf wrote: > I haven't seen this mentioned here, but thought it would be of interest > to the list. Perhaps something for TWN? > > "NSA and GCHQ agents 'leak Tor bugs', alleges developer" > http://www.bbc.com/news/technology-28886462 > >> Spies from both countries have been working on finding flaws in Tor, a >> popular way of anonymously accessing "hidden" sites. >> >> But the team behind Tor says other spies are tipping them off, allowing them >> to quickly fix any vulnerabilities. >> >> The agencies declined to comment. >> >> The allegations were made in an interview given to the BBC by Andrew Lewman, >> who is responsible for all the Tor Project's operations. >> >> He said leaks had come from both the UK Government Communications >> Headquarters (GCHQ) and the US National Security Agency (NSA).
Interesting. We should remember that the spies are really living in a two sided world. On one side, they need a reliable, hardened, Tor that doesn't stand out from anyone else using Tor so that they can communicate amongst themselves. On the other hand, they need to be able to break Tor so they can do their jobs. It has to be a tough place for them to be. The article was very interesting - except the part about 'here's how you might want to fix this'. I certainly hope that the Tor project /is not/ accepting patches submitted by NSA or GCHQ! Sure, I realize those agencies could very easily embed someone within the project (in fact, don't a few of the Tor project folks work in intel?) but developing a trusting relationship by accepting patches just seems like a bad idea to me. /me puts on tinfoil hat Cypher -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk