It is hard for me to come up with a better strategy for a Tor executive director, than to hire someone who is both a proven electronic civil liberties activist and a competent attorney to lead a project that has already been feeling the heat. Unfortunately, Tor likely will be publicly thrown to the angry mob by an ignorant representative the moment it is politically expedient and be seared on the grill of neocon pundits, all while the USG continues to push it covertly in places where American influence cannot as easily penetrate due to network censorship.
Steele has a long road in front of her, but she seems to be a great person to lead this project to success. Congrats to everyone working on the project; it is truly necessary in places like Iran to see a neutral Internet.
I think you're misdiagnosing where Tor is "feeling the heat" from. From an engineering perspective, it's been oversold as solving problems it can never hope to.
People who route their traffic through Tor are nearly guaranteed to get malware back [1]. Hidden Services are a hack that don't adequately protect your privacy [2]. And several who have staked their livelihood on being anonymous with Tor have been easily identified by law enforcement [3].
Tor is not a "cause" worth the this level of continued support. It is a research project, for a tightly scoped set of a research problems. In practice, it has several unintended and dangerous caveats that few are aware of. No amount of litigation is going to change those problems.
First, I would like to separate the little-t tor from big-T Tor for a second. I had the privilege of attending the most recent dev meeting and found the Tor Project to be an incredible group of people who are dedicated to a single mission[1].
Besides working on `tor`, members of the Tor project are also working on better censorship resistance[2], reproducible builds[3], and improving Firefox[4], among other efforts. To me, a motivated corps of technologists that have the resources to work on projects to protect user privacy can do anything under the right leadership.
> oversold as solving problems it can never hope to
If onion routing can't solve the problem of masking your location on the internet (thus providing greater anonymity) then what can? Right now I see it as the only practical solution for doing so. I also don't see any of the problems you listed as fundamental issues. Hidden services are fairly new, for example, and a new spec is being actively worked on.
I understand that it is sometimes billed as a panacea of sorts, but I feel that the Tor Project is honest with itself and its users about the protection that `tor` provides[5].
I agree with you 100% that Tor has its problems, and that it is a research project. It is not, and I do not believe it is, a panacea for strong anonymity on the web, and it is not intended to provide protection against a lot of things people think Tor provides protection from.
However, I disagree with your statement that Tor is not worth continued support. Even with its imperfections, I believe the Tor Project community is still working toward useful and productive goals on anonymity research, and is still a flagship of that to the greater public that is interested in protecting their privacy online. Maintaining a basic level of support for these ideals is parallel to Tor, but Tor in many ways is also a representative outlet for them.
Regardless of Tor's actual effectiveness, Tor's current profile is likely to make it the first anonymity tool of its kind to get attacked in the courts, especially if someone can do more than pretend there is a link between Tor and Islamic terrorism. How the Tor Project handles the litigation and political process that will stem from this heat will probably set case law, and with it court precedent, for other anonymity tools that come in its future. In that regard, Tor could become the PGP of the so-called second crypto wars.
One exit node out of 1110 is hardly a "guarantee", and I wonder what percentage of binary downloads are actually done over plaintext HTTP.
"Out of over 1110 exit nodes on the Tor network, this is the only node that I found patching binaries, ... This does not mean that other nodes on the Tor network are not patching binaries;"
"In 32 days I've found 15 instances where a node is sniffing and using my credentials and over 650 uniqe pagevisits which means that others also sniffs."
Again though, how many sites do you use that have login forms that don't use SSL.
I don't know the actual numbers and it might be very high, but I suspect many people do not use any, which makes this point not very important (unlike the one about hidden services)
Parts of Tor is a research project, but that makes it all the more important. It's not like anonymity is a solved problem.
Hidden Services is not a concept that originated with tor, but it operates at a scale no one has before, and as new problems surface and as adversaries scale up there are new things to learn from it. I wish more people could have the opportunity to do so.
Point 1 is relatively egregious as it's highly dependent on configuration, and even using default configurations 1/1110 exit nodes might _try_ to infect you, but there's no guarantee that they can. That being said: using trusted exit nodes really is always a good idea.
The only problem I see with hiring an attorney is that being such could be a weakness. An attorney is bound by some rules normal people are not. It is a bigger ask for an attorney defying a court order than for a normal person without a law license to be yanked.
Tor is a tricky beast. One can see a day where those in charge may have to take drastic actions (think lavabit). Perhaps a non-US person, or cross-boarder team, would allow tor to better survive an existential crisis.
If that's the case, Roger Dingledine is probably the one that should become a non-US person, given he is still leading the technical side of things from what I can see. He could be NSL'd just the same. At the end of the day, Tor is an American project, and still has to play to some extent by American rules. Doing that above board is really all they have.
Steele has a long road in front of her, but she seems to be a great person to lead this project to success. Congrats to everyone working on the project; it is truly necessary in places like Iran to see a neutral Internet.