Delivery-Date: Mon, 25 Aug 2014 18:02:26 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 833311E0AD4;
	Mon, 25 Aug 2014 18:02:25 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D583C30AAF;
	Mon, 25 Aug 2014 22:02:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DD51930A91
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 22:02:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rchFqGhb-54r for <tor-talk@lists.torproject.org>;
 Mon, 25 Aug 2014 22:02:16 +0000 (UTC)
Received: from mail.anonymail.us (unknown [162.243.112.143])
 (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id C328B309A4
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 22:02:16 +0000 (UTC)
Received: from localhost (anonymail.us [127.0.0.1])
 by mail.anonymail.us (Postfix) with ESMTP id 68AC11029BF
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 18:02:14 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at anonymail.us
Received: from mail.anonymail.us ([127.0.0.1])
 by localhost (mail.anonymail.us [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id LaChasCAGt7Z for <tor-talk@lists.torproject.org>;
 Mon, 25 Aug 2014 18:02:10 -0400 (EDT)
Received: from [192.168.1.74] (172-4-22-58.lightspeed.tulsok.sbcglobal.net
 [172.4.22.58])
 by mail.anonymail.us (Postfix) with ESMTPSA id CAED61028E3
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 18:02:08 -0400 (EDT)
Message-ID: <53FBB25F.7060804@cpunk.us>
Date: Mon, 25 Aug 2014 17:02:07 -0500
From: Cypher <cypher@cpunk.us>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53FAA2EC.6080006@riseup.net>
In-Reply-To: <53FAA2EC.6080006@riseup.net>
Subject: Re: [tor-talk] BBC: NSA and GCHQ agents 'leak Tor bugs',
 alleges developer
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 08/24/2014 09:43 PM, Michael Wolf wrote:
> I haven't seen this mentioned here, but thought it would be of interest
> to the list.  Perhaps something for TWN?
> 
> "NSA and GCHQ agents 'leak Tor bugs', alleges developer"
> http://www.bbc.com/news/technology-28886462
> 
>> Spies from both countries have been working on finding flaws in Tor, a popular way of anonymously accessing "hidden" sites.
>>
>> But the team behind Tor says other spies are tipping them off, allowing them to quickly fix any vulnerabilities.
>>
>> The agencies declined to comment.
>>
>> The allegations were made in an interview given to the BBC by Andrew Lewman, who is responsible for all the Tor Project's operations.
>>
>> He said leaks had come from both the UK Government Communications Headquarters (GCHQ) and the US National Security Agency (NSA).

Interesting. We should remember that the spies are really living in a
two sided world. On one side, they need a reliable, hardened, Tor that
doesn't stand out from anyone else using Tor so that they can
communicate amongst themselves. On the other hand, they need to be able
to break Tor so they can do their jobs. It has to be a tough place for
them to be.

The article was very interesting - except the part about 'here's how you
might want to fix this'. I certainly hope that the Tor project /is not/
accepting patches submitted by NSA or GCHQ! Sure, I realize those
agencies could very easily embed someone within the project (in fact,
don't a few of the Tor project folks work in intel?) but developing a
trusting relationship by accepting patches just seems like a bad idea to me.

/me puts on tinfoil hat

Cypher
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

