Tor Security Alert
Hi, I am a cybersecurity researcher, investigative journalist, and whistleblower female.
I have studied networking, network security, cybersecurity, privacy and anonymity principles, and similar topics for over 10 years.
I became an investigative journalist then whistleblower to investigate crimes committed by various government persons.
I used Tor to leak information implicating various governments persons in various crimes.
I believe Tor was infiltrated and compromised, a backdoored was added, or Tor was made easier to trace, or similar, because I have survived a targeted assassination attempt. This was not a random occurrence, and not a theory, it was a confirmed, via laboratory analysis, an assassination attempt by criminal government agents to target a hero whistleblower human-rights defender in a covert assassination attempt.
We should not just do anything the Government asks just because of their title "the government", because sometimes real genuine bad criminals can be in government positions. We must respect the individual rights of each user, by ensuring the Tor software is fully secure.
I believe the criminals in the various governments, compromised Tor via bribing a Tor Dev, or making an excuse like "national security" or any other list of government talking points to compromise it, and the criminals added a backdoor, or made Tor easier to trace in some manner. So then, the criminals in the various governments, could identify me, locate me, and assassinate a hero whistleblower in a targeted manner.
If they could find me they could find any Tor user. I changed my writing style, had a firewall, fully updated system firmware and software, used a new operating system installation on new hardware, on public wifi etc to prevent side-channel exploits.
Thus I believe the vulnerability was within Tor itself.
Thus, I conclude various steps need to occur to re-secure Tor.
1. We must conduct a top-to-bottom/comprehensive code security audit for all of Tor Browser and Tor Relays code. We must find, patch, and secure any vulnerabilities, weaknesses, or backdoors and re-secure the Tor code.
2. We should introduce additional traffic-analysis resistance measures into Tor, such as circuit padding for all connections/more connections, random connection delays like iat-mode=1/2 for all connections, and possibly decoy traffic. I also think having a Snowflake-add-on-like option to make every Tor user a small relay would enhance traffic-analysis resistance.
Tor says it can't defend well against a global network observer. But we do have global network observers in the world, which we should build defenses against.
We also need to ensure the code is fully open source, because corrupted government agents can try to make excuses to compromise Tor and use their badge and title to try to compromise the network. The corrupt government persons could stage events to make Tor look bad to try to justify compromising it. We must have Tor be immune to such suggestions, by being outside of the reach of any corrupt governments influence.
If Tor is un-saveable, we should start a new Tor-like software, outside of the reach of any and all governments influence on a private island or small country or territory without any influence over our decision making.
We can start another, several new anonymity projects outside of the US, Canada, France, Germany, UK, NZ, AU. Away and immune from governments influence.
The criminals became donors of Linux kernel and Tor and other privacy projects and used their donor status to try to weaken the security. Beware any donors involved in c0v1d-19 contact tracing or similar topics. Beware donors who came in around 2019+. Thus we must check for and patch security vulnerabilities in Linux, Tor, and other privacy services.
Thus, in order to ensure Tor and every Tor user is safe and secure, we must never degrade, backdoor, weaken, or make more easily traceable, any aspect of Tors code. Tor must be fully secure, non-backdoored, private, secure, and anonymous for all Tor users benefit, as journalists, human rights defenders, and whistleblowers working for the common good, depend on Tor for their safety.
We should setup more relays in diverse locations/datacentres. We should reformat and re-install Tor relays to clear infections/exploits that might be currently running. We should enhance Tor Relays security by for example using a Firewall, HTTPS update servers, and perhaps additional hardening, and Intrusion Detection Systems like Snort and Suricata to detect exploit-like behavior, to secure the relays operating systems.
We should accelerate the codebase transition to Rust to be more exploit resistant.
We must keep Tor secure, for every user, we must check all of Tors entire codebase and re-secure it. For the benefit of every privacy-loving netizen,
Re-secure Tor,
With Love.
arstechnica.com
www.reuters.com
