I thought Tor was suspected of being compromised, since is was originally developed by ex-government or military types? Is this the case, is Tor actually accepted as secure and free from government interference?
Also, I vaguely remember concerns about things like child porn being handled by exit points. Were the legal or moral concerns resolved? Or are such concerns accepted as being a thin end of the censorship wedge?
The Tor Project sprung out of a research project at the U.S. Naval Research Laboratory, and to this day a large part of its funding comes from U.S. government sources.
This is entirely fine as far as I can tell - the U.S. interest can be explained as two-fold:
First, it could be a genuine wish to fund projects with potential to support freedom of expression in parts of the world they think need it (Secretary of State Clinton has expressed this as a policy at least once).
Second, and I think this is the more important reason, is that the various intelligence arms in the U.S. need Tor for themselves, in order to provide anonymous means of communications for secret agents and other foreign operatives who work in hostile environments. The important thing to realise is that low-latency mixnets absolutely depend on being widely used by many kinds of users for many purposes, so that each user can hide in the crowd. Therefore Tor absolutely needs to be publicly available - if American spies were its only users, they would stick out like sore thumbs and the entire thing would be hilariously pointless.
Tor is of course open source and can be inspected for backdoors and such, and its design continues to be subject to scrutiny and research. If there is a danger involved, it is an attack where the U.S. government controls sufficiently many Tor nodes in order to be able to do traffic analysis efficiently. So far I don't know of any signs of this, and I question if they would want to sabotage a project that has such a useful potential for themselves.
In practice, yes. In theory, Tor does not protect against a global passive adversary, so if you believe that there exists an entity capable of observing all traffic on the net globally, and you have reason to believe you are a high-enough-value target for them, then you should not use Tor.
Tor is open-source and its developers and supporters include the EFF, Jacob Appelbaum, and others who (if you can trust anyone at all) would not cooperate with government surveillance. But again, it's open-source and lots of security experts regularly look at the code, so it's not so much a matter of blind trust. The reason it was funded by the US government is described at http://cryptome.org/0003/tor-spy.htm -- not because it helps governments to spy on users but precisely the opposite.
The fact that it's very unlikely it was created as part of some conspiracy doesn't mean that it's impossible to compromise a Tor user's anonymity. I'm not an expert but as far as I know the most credible large-scale attack against it is still the one described in this paper: http://wesscholar.wesleyan.edu/cgi/viewcontent.cgi?article=1... . To be successful, it requires controlling a very large proportion of Tor's entry and exit nodes.
(But to compromise many users, there might not be a need for a complicated, expensive large-scale attack -- if you can infect someone with malware, it renders whether or not they are using Tor moot).
But unless you already know who they are, how do you get malware onto their machines? The Tor Browser Bundle has been carefully tuned to minimise attack vectors, so it could be quite hard for people who use Tor "correctly".
Tor's security is in its design (which is free and open). And thanks to that it does not matter what the original purpose was. Everyone can run a router and thus contribute to the network.
I had a talk with Roger Dingledine(Director of the Tor foundation/ dev on Tor) about this (specifically regarding the NSA, which is who is one everyones mind I assume).
Tor, compromised or not, is completely worthless against an attacker who can monitor the entire network, observe both entry and exit nodes, and correlate packets. The NSA wouldn't bother compromising nodes since they presumably already can see all the traffic and a compromised node might expose them.
In light of this week's subject of outrage, it's important to point out that TOR doesn't protect against a global adversary sniffing traffic at a significant number of nodes and then correlating sessions.
If they're actually following the "correct" way to implement tor routing, wouldn't they still be unable to determine the source / destination? I suppose if they're being shady, though, they could either route only to other known nodes they control, they could still track the traffic.
The client chooses every node that is used. The client picks the three nodes, and then encrypts the traffic using each of those three nodes public keys in order. Then each node in turn peals off a layer of encryption and passes it on to the next node, which is the only node that is able to decrypt the next layer.
The Tor client is also careful about picking nodes from a wide geopolitical range to minimise the chance of collaborating nodes in the circuit. If all three nodes are in the U.S., it might be easy for the government there to track the origin. But they'll likely have a much harder time if two of the nodes are in Russia and China.
If the adversary can watch the traffic at the entry node and any one of {the exit node, the websites you're visiting, a compromised router in between}, then they can de-anonymize your traffic pretty easily using statistical techniques. (All my links on this subject are a decade old; I'm sure there's newer research.)
The Tor client tries to take this into account when choosing entry and exit nodes, but it has to consider other threats as well and there's a limit to how well it can do. Remember the adversary only has to get lucky once to discover that you are a member of the Rebel Alliance and a traitor; you have to evade them every time.
Ross Anderson calls this "programming Satan's computer". It's like you have an NFA that always chooses the worst state transition rather than the correct one.
I agree with everything you've said, but just wanted to mention "Entry Guards" as the "solution" that the Tor Project came up with for, "the adversary only has to get lucky once". The idea being that the Tor client picks only a few nodes for network entry and re-uses them. Otherwise, eventually you'd connect to all entry nodes.
I thought Tor was suspected of being compromised, since is was originally developed by ex-government or military types? Is this the case, is Tor actually accepted as secure and free from government interference?
Also, I vaguely remember concerns about things like child porn being handled by exit points. Were the legal or moral concerns resolved? Or are such concerns accepted as being a thin end of the censorship wedge?