Tor isn’t safe from the NSA
The encryption method used by the majority of Tor servers and SSL, is likely readable by the NSA. This means that Tor may no longer be an anonymous safe haven on the internet.
A new report suggests that even Tor, a piece of software that allows you to access the internet anonymously, is not safe from the NSA’s prying eyes and ears. Tor, which is an abbreviation for “The onion router” encrypts your internet traffic and uses a series of volunteer relays to bounce it around the world, thereby masking your actual location. Because Tor is deemed untraceable, it is used by criminals, as well as activists, reporters and others who prefer to remain undetected. It has been used extensively to help people whose governments have shut down telecommunications and internet in their country to still communicate with the outside world.
One might have thought that such a system would be a good defense against the NSA’s increasingly Orwellian surveillance programs, but according to security expert Robert Graham, that isn’t the case. Graham has studied the encryption protocol which Tor uses and found that it likely isn’t secure and that the NSA should be able to read whatever data you send through it. The majority of Tor servers currently use version 2.2 of the software, which uses an encryption standard that the NSA has publicly cracked. Using the right (expensive) equipment, the encryption standard can be cracked in a matter of hours.
Chances are, groups even less friendly than the NSA may have the same technology
The general public doesn’t make use of Tor all that much, so while this does make redundant one of the easiest methods of staying out of sight, chances are it won’t affect you all that much. However, consider that the same standard for encryption is also used in many SSL secure internet interaction and you might start to become worried. Even if you’re not worried about the NSA, chances are, as Cory Doctorow points out, that other groups likely have the same technology as well; the tools needed are open source and freely available.