The governments of both these countries have attempted to curtail Tor's use:
The NSA's own documents acknowledge the service's wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for "general privacy" and "non-attribution", it can be used for "circumvention of nation state internet policies" – and is used by "dissidents" in "
Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was "created by the US government" and is "now maintained by the
The presentation continues by noting that "EFF will tell you there are many pseudo-legitimate uses for Tor", but says "we're interested as bad people use Tor". Another presentation remarks: "Very naughty people use Tor".
The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the
The trick, detailed in a top-secret presentation titled 'Peeling back the layers of Tor with EgotisticalGiraffe', identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of
According to the documents provided by Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by
The older exploits would, however, still be usable against many Tor users who had not kept their software up to date.
A similar but less-complex exploit against the Tor network was revealed by security researchers in July this year. Details of the exploit, including its purpose and which servers it passed on victims' details to, led to speculation it had been built by the
At the time, the
"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," Dingledine said. "Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.
"Tor still helps here: you can target individuals with browser exploits, but if you attack too many users somebody's going to notice. So even if the NSA aims to surveil everyone everywhere, they have to be a lot more selective about which Tor users they spy on."
But he added: "Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications."
The Guardian asked the NSA how it justified attacking a service funded by the US government, how it ensured that its attacks did not interfere with the secure browsing of law-abiding US users such as activists and journalists, and whether the agency was involved in the decision to fund Tor or efforts to "shape" its development.
The agency did not directly address those questions, instead providing a statement.
It read: "In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission. "As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that."
Most Popular Stories
- Twitter Coming to Phones Without Internet
- NASA Fellowships, Scholarships Bring Diversity to Workforce
- Dish Network Leads 2013 Top 50 Advertisers List
- Entravision Initiates Quarterly Cash Dividend
- Networks Vie for U.S. Hispanic TV Viewers
- Ad Counts Rise in 2013 for Hispanic Magazines
- Warner Bros. Unleashes 'Hobbit: Desolation of Smaug' Merchandise
- Shanghai Smog Forces Factory Shutdowns
- How to Arm Yourself Against CryptoLocker Virus
- Amanda Bynes Enrolls in California's FIDM