(Disclaimer: I like to think that I’m still friends with Jacob Appelbaum, but I don’t agree with him on every single issue, and what I’m going to say below is going to be critical of the amount of code he currently has in the Tor project. But yeah, if you’re ever skeptical of something, it’s good to have proof)</em>
Recently, there’s been a lot of noise on PGPBOARD and Cryptome about Tor, Jacob Appelbaum and the US Government spying on you. There’s been suspicions of backdoors and other inproprieties with the Tor project. First, let’s deal with the allegations against Jacob Appelbaum saying that he hacked the Tor proejct. Tor is open source and I checked out the latest copy and did git blames over the files. As far as projects that I hack on go, Tor is a rather small project in comparison to most web projects, let alone WebKit, Firefox, the Linux Kernel or anything like that. Therefore, it took me less than an hour to go through all the files that Jacob touched and to read through them. Most of the changes are in the compatibility code. Of course, he co-wrote tor-fw-helper, so he owns all of that code.
The files he touched in the repo I checked out were the following:
- /src/or/or.h</li> </ul> Seriously, if you know C, it's not that hard to go through the Tor source code and see that what Jake wrote is understandable, even if you can't wrap your head fully around the way Onion routing works. The thing with Tor is that Jake was the public face of Tor, and explained how it worked by comparing it to the principles of Mutual Aid. The thing that people don't remember is that part of the people this aids mutually is the US Government, namely the Department of Defence and the State Department. This also could help the US allies, including Canada! Now, to deal with what popped up on Cryptome</a>! If you go to the Tor Project website, you will see their sponsors, and of course, their largest sponsor is anonymous</a>. Tor could be used to sockpuppet, except for the fact that since we know where the exit nodes are and can block all Tor users. From that perspective, Tor sucks at circumvention since we can block the endpoints and we can listen to the endpoints. What it DOES allow is for people to avoid being detected in logs like how the RCMP and CBSA were detected. I think this drives point home the fact that Tor is not a magical silver bullet, and that you should use a wide array of tools to protect your privacy online. However, Tor is still useful since you can audit the source code, and if the US Government isn't your immediate enemy at the time, it's perfectly safe to use. I recommend having a backup plan!