I thought Tor was suspected of being compromised, since is was originally developed by ex-government or military types? Is this the case, is Tor actually accepted as secure and free from government interference?
Also, I vaguely remember concerns about things like child porn being handled by exit points. Were the legal or moral concerns resolved? Or are such concerns accepted as being a thin end of the censorship wedge?
The Tor Project sprung out of a research project at the U.S. Naval Research Laboratory, and to this day a large part of its funding comes from U.S. government sources.
This is entirely fine as far as I can tell - the U.S. interest can be explained as two-fold:
First, it could be a genuine wish to fund projects with potential to support freedom of expression in parts of the world they think need it (Secretary of State Clinton has expressed this as a policy at least once).
Second, and I think this is the more important reason, is that the various intelligence arms in the U.S. need Tor for themselves, in order to provide anonymous means of communications for secret agents and other foreign operatives who work in hostile environments. The important thing to realise is that low-latency mixnets absolutely depend on being widely used by many kinds of users for many purposes, so that each user can hide in the crowd. Therefore Tor absolutely needs to be publicly available - if American spies were its only users, they would stick out like sore thumbs and the entire thing would be hilariously pointless.
Tor is of course open source and can be inspected for backdoors and such, and its design continues to be subject to scrutiny and research. If there is a danger involved, it is an attack where the U.S. government controls sufficiently many Tor nodes in order to be able to do traffic analysis efficiently. So far I don't know of any signs of this, and I question if they would want to sabotage a project that has such a useful potential for themselves.
In practice, yes. In theory, Tor does not protect against a global passive adversary, so if you believe that there exists an entity capable of observing all traffic on the net globally, and you have reason to believe you are a high-enough-value target for them, then you should not use Tor.
Tor is open-source and its developers and supporters include the EFF, Jacob Appelbaum, and others who (if you can trust anyone at all) would not cooperate with government surveillance. But again, it's open-source and lots of security experts regularly look at the code, so it's not so much a matter of blind trust. The reason it was funded by the US government is described at http://cryptome.org/0003/tor-spy.htm -- not because it helps governments to spy on users but precisely the opposite.
The fact that it's very unlikely it was created as part of some conspiracy doesn't mean that it's impossible to compromise a Tor user's anonymity. I'm not an expert but as far as I know the most credible large-scale attack against it is still the one described in this paper: http://wesscholar.wesleyan.edu/cgi/viewcontent.cgi?article=1... . To be successful, it requires controlling a very large proportion of Tor's entry and exit nodes.
(But to compromise many users, there might not be a need for a complicated, expensive large-scale attack -- if you can infect someone with malware, it renders whether or not they are using Tor moot).
But unless you already know who they are, how do you get malware onto their machines? The Tor Browser Bundle has been carefully tuned to minimise attack vectors, so it could be quite hard for people who use Tor "correctly".
Tor's security is in its design (which is free and open). And thanks to that it does not matter what the original purpose was. Everyone can run a router and thus contribute to the network.
I had a talk with Roger Dingledine(Director of the Tor foundation/ dev on Tor) about this (specifically regarding the NSA, which is who is one everyones mind I assume).
Tor, compromised or not, is completely worthless against an attacker who can monitor the entire network, observe both entry and exit nodes, and correlate packets. The NSA wouldn't bother compromising nodes since they presumably already can see all the traffic and a compromised node might expose them.
I thought Tor was suspected of being compromised, since is was originally developed by ex-government or military types? Is this the case, is Tor actually accepted as secure and free from government interference?
Also, I vaguely remember concerns about things like child porn being handled by exit points. Were the legal or moral concerns resolved? Or are such concerns accepted as being a thin end of the censorship wedge?