Getting our goats
The fact that the Snowden saga has reached new levels of absurdity would be highly amusing if it didn't also have life-and-death implications for those who rely on Tor. Remember, the U.S. State Department trains foreign dissidents on how to use Tor to protect themselves.
If the NSA can pwn Tor, don't you think the Iranians and Chinese can too? If they haven't yet, they've just received a thorough primer on the topic.
Mind you, it's not an easy problem to deal with. Any tool that can be used by the good guys can simultaneously be exploited by the bad guys; that includes guns, telephones, highways, and the Internet. In most of those cases, there are clearly understood restrictions on what (mostly benign) governments can do to subvert these items when necessary for the benefit of all.
But the NSA seems to operate under its own set of rules, with minimal if any oversight. And who's to say where the spying stops? The FBI has already used these techniques to compromise Tor communications in an effort to hunt down black market websites and kiddie pornographers. It's a very short leap from this to the cops assuming anyone who uses Tor must be doing something bad and is thus automatically a suspect.
In an essay in the Guardian, Bruce Schneier argues that the NSA needs to be a helluvalot more transparent about the activities of its various Goats and Giraffes. Why? Because that makes us all more secure. Per Schneier:
The NSA has two conflicting missions. Its eavesdropping mission has been getting all the headlines, but it also has a mission to protect US military and critical infrastructure communications from foreign attack....
But with the rise of mass-market computing and the Internet, the two missions have become interwoven. It becomes increasingly difficult to attack their systems and defend our systems, because everything is using the same systems: Microsoft Windows, Cisco routers, HTML, TCP/IP, iPhones, Intel chips, and so on. Finding a vulnerability -- or creating one -- and keeping it secret to attack the bad guys necessarily leaves the good guys more vulnerable.
Far better would be for the NSA to take those vulnerabilities back to the vendors to patch. Yes, it would make it harder to eavesdrop on the bad guys, but it would make everyone on the Internet safer.
By exploiting the weaknesses in Tor to fight terrorism, the NSA helps enable terrorist governments to identify, imprison, and murder their own people. That's the most absurd thing of all.
Does NSA spying make you wary of using Tor? Post your soon-to-be-unencrypted thoughts below or email me: firstname.lastname@example.org.
This article, "The Tor teardown, brought to you by goats, giraffes, and Thor's hammer," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely's Notes from the Underground newsletter.