Incidentally, yet another technique that the documents describe is the very same one that the FBI used this summer to take down Freedom
HouseHosting, which had provided hosting for the hidden services on Tor and had become associated with child porn. (Tor took pains to stress that Freedom HouseHosting was not affiliated with Tor, and that, again, the shutdown didn’t mean anything in particular for the security of Tor overall.) That particular episode, unlike the Silk Road bust, didn’t get much attention in the press. (Was it because host providers are less interesting than online marketplaces, or because child porn is an ickier topic than drugs? Unclear.)
In any case, the staff and volunteers at The Tor Project remain confident in the security of the system, despite, and in fact because of, these new revelations. The latest document drop has revealed just how little progress the NSA has actually made in its battle against Tor, while allowing Tor to patch whatever small breaches in the system the NSA has found. Above all, Tor’s Roger Dingledine once again reminded readers, Tor’s greatest asset is its transparency. “Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice,” wrote Dingledine in a statement he sent to The Guardian and posted on the Tor blog Friday. “So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”
In the comments below that post, Dingledine also mentioned that at least one of the NSA documents appeared to be the work of a couple of college-aged interns, and did not necessarily represent NSA’s “master plan.” Good point. The presentation uses language like “Tor stinks,” and one slide features a ludicrous cartoon of “terrorist with Tor client installed”—he’s got a gun, he’s got a beard, and he’s wearing a bandit mask. And he’s apparently browsing the internet. Oh, and his desk chair is a giant onion.
Since Bruce Schneir has done so much important work in the area of encryption, and since he was so closely involved in the latest round of Snowden revelations on this topic, I’ll give him the final word for now. In the comment section of his personal blog on Saturday, one reader referred to the scoops from the day before and wrote, “I would be very worried if I depended on TOR for a critical site. It looks like the game is rigged.” Nope, wrote Schneier in response. “I think the moral of this story is that Tor is fundamentally secure.”