Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tor stands strong against the NSA, but your browser can bring you down

Brad Chacos | Oct. 7, 2013
The good news: The NSA appears unable to crack the Tor network's core security. The bad news: That doesn't matter if your browser isn't secure.

The government agencies have also discussed "shaping" future Tor development to increase crackability—as the NSA did with NIST encryption standards and backdoors in other software —or actively disrupting Tor to drive users off the network.

Security expert Bruce Schneier has a mind bogglingly deep technical discussion of the NSA's Tor-skirting attempts in another Guardian article if you're interested in nitty-gritty details.

Protecting yourself
Even so, Snowden's documents seem to indicate that Tor's core security is intact, at least for now.

"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," Tor president Roger Dingledine told The Guardian. "Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard."

Indeed, endpoint protection was one of the four important security lessons learned in the wake of the Silk Road's smackdown. Keep your software up-to-date! The federal case against Snowden's email provider also drove home the point that email can never be truly secure—a minor concern for most folks, but a major concern for people seeking sanctity in Tor's anonymous network.

Tor also can't help you stay anonymous if you're running around the Net and filling out web forms willy-nilly, or if you're using certain browser plugins. Our tutorial to how (and why) to surf the web in secret has all the details.

Finally, regardless of whether or not you're using Tor, check out PCWorld's guides to NSA-proofing your data and protecting your PC from Prism surveillance. Even if you've got nothing to hide from the government, adopting strong security practices is always a smart idea.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.