Shallot donor means annual donations in excess of $100k USD. From the Tor website[0], it appears Mullvad is the only donor in excess of $49k USD annually (and possibly the only donor above $10001 USD).
I can totally imagine they're using Tor for some undercover (foreign) operations or similar. I don't think the US Government with all its branches is known to practise exactly what it preaches.
And why they open sourced it. All the fancy onion routing would be useless if the fact that you use it already identified you as a CIA spy. They need other people to use it as well for TOR to be useful to them.
> I can totally imagine they're using Tor for some undercover (foreign) operations or similar. I don't think the US Government with all its branches is known to practise exactly what it preaches.
The US government has different parts with different goals: https://www.washingtonpost.com/news/the-switch/wp/2013/10/05... (paywalled). IIRC, the NSA has interests in conducting surveillance, and the State Department has interests in allowing liberal foreign dissidents to defeat surveillance.
Ironically meaning that the gov does the cat and mouse game with itself. Self-reinforcement learning. Quite an effective optimization method if we're being honest.
Fifty odd years ago, the Advanced Research Projects Agency of the US Department of Defense invented a major portion of the internet's foundation: ARPANET.
Now, the internet is used to shitpost en masse, and serve porn and cat photos to billions across the globe, do its creators have any regrets?
I think the ethics of the US is on display for all!!!
> Ten years ago the US Navy invented Tor, an anonymous web browser. Now the ‘dark net’ is used to trade guns, drugs and child pornography, do its creators have any regrets?
I hope they don't. I certainly wouldn't. Despite some of its glaring downsides, I firmly belive that Tor is a net positive for humanity.
Yes, the Tor Project as I mentioned. Or, it's theirs now, anyway. I'm not sure if the original creator was affiliated with the Tor Project at the time. But it wasn't the Navy.
> The onion routing framework was a naval research lab thing.
I didn't mean to dispute that, but after reading my comment I wasn't clear. It was a few years after the Navy released it that the Tor Project became an official entity. I was mostly disputing the erroneous statement that the US Navy released the Tor Browser 10 years ago.
For what it's worth, the creators of Tor have stated their philosophy around that problem. Effectively that they shouldn't be the arbiter of what people can access
Its creators can't be blamed for this. Just like we don't blame the post office for circulating CSAM and drugs.
Unfortunately you can't have near-absolute privacy without some people abusing it. This is just a given.
And if the US hadn't supplied tor, the bad actors would have used i2p or invented their own. By supplying the tech at least they have some measure of visibility.
People here are overwhelmingly against privacy when it enables criminals to hide. Almost every crypto thread is dominated by concerns about KYC and AML.
Or, possibly, that some people don't agree that cryptocurrency shares the same fundamental principle. Cryptocurrency isn't actually that anonymous and certainly isn't private, after all.
Or that people have objections to it on completely different grounds, not on anonymity/privacy grounds.
Plus, what yjftsjthsd-h said.
There are many reasons why what you perceive as an inconsistency may not, in fact, be.
I, in generally, (absent some exceptions like privacy coins) agree with you.
But the assertion wasn't that crypto is private, it's that the crypto threads evoke anti-privacy viewpoints like the need for KYC. KYC is inherently anti-private, it's a warrantless compelled search by the government of your papers for identity. My perception at least is different attitudes on average on those threads, like people are more accepting that privacy needs to be invaded to prevent criminals.
Your comment implied that you thought of that as an overwhelming sentiment on HN, though. I don't see any reason to think that it is (or isn't) based on the comments.
Well, parts of the US government engage in arms trafficking and drug trafficking (sometimes at the same time, as in Iran-Contra). I hope they don't do CSAM trafficking or human trafficking, but I wouldn't be surprised at the least.
The US Government also funded and build the Internet (or at least ARPAnet). The government also benefits from Tor being actually anonymous.
It is worth being aware of course, but to my knowledge we have no evidence that Federal law enforcement has used anything other than old fashioned detective work to solve any Tor related cases.
There's always the possibility of parallel construction, but I would expect some reasonable evidence supporting this in some high profile busts.
It would however be common sense that the US gov. Wouldn't burn a TOR 0-day (or other means of breaking tor anonymity) for anything but the highest of high profile cases, especially considering it would end up in court records.
They can either spy and let it slide because 1 guy buying weed on whatever replaced the silk road isn't worth that, or they can find the guy, arrest him if he's done something big enough and invent a way they found him. Hell, they could even say they found him on clearnet, the guy isn't gona go "your honor, i sure did buy those illegal drugs online but i used TOR so how did they find out"
My current biggest reason to believe TOR isn't breached on a massive scale is that snowden had nothing to show about it.
I'm not sure which page of the link above (the tax return) I'm supposed to look at... Where does it say the US govt is funding Tor, and if so, by what amount are they funding Tor?
> Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.
> We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.
The Tor Project is primarily funded by the State Department and DARPA. Make of that as you will.
This is brought up sometimes as some clever gotcha but Tor gets funding from many sources, and DARPA and the other US agencies that give money to Tor (like OTF) give on the order of 10s of thousands of US dollars per year. OTF (Open Technology Fund) — recently severely diminished — was funding tons of anti-censorship efforts like this with small grants to help get American propaganda into Iran, China, etc. Helping spread the message of the US Government is apparently a more valuable goal than surveillance of western citizens.
I think people miss that the US government (as basically all governments) is not a singular entity with absolutely aligned objectives. Or even how tools don't have universal purposes. It's far from inconceivable that the US government wants to use use Tor to hide spies (CIA) as well as use Tor to help people communicate against their own governments (Department of Democracy). This isn't even opposing objectives, which we also see in any large entity (see encryption in general).
Painting the US government with a broad brush as "absolute evil" is just as bad as painting it with a broad brush of "savior of the world." Neither allows us to actually improve our government because in the former you can't encourage good actions and the latter doesn't allow you to discourage bad actions. If everything is bad then there are no degrees of bad. If everything is good there's no degrees of good. If Democracy is an optimization problem (it is) then this is like trying to find the optima by going in a constant direction with a constant step size.
I thought it was rather obvious that "shit is complicated and requires nuance" but I'm often impressed how common it is to pretend things are simple and obvious.
Their tax documents unambiguously state that the US government is their primary funder.
At any rate, the USG has enormous leverage over the governance of Tor and that should worry anyone that pretends to care about their online privacy re: Tor.
Mullvad putting out PR about funding TP as a peer of the USG doesn't make TP look good, it makes Mullvad look seedy.
> Their tax documents unambiguously state that the US government is their primary funder.
No one is objecting to this fact. We're all objecting to your conclusion that because the US Gov gives Tor money that it is not secure and/or has a nefarious purpose. This is quite literally the same logic people use to justify the anti-vaccination movement and many other dangerous conspiracies. You don't have to trust the US Gov (what American does?), but you need more than association to prove something nefarious.
What is your point? PBS indeed puts out blatant USG propaganda from time to time, including egregious instances like that al-Jolani hagiography from FRONTLINE. FRONTLINE in general is a total mess of misinformation when it comes to international issues.
I could ask the same of your original comment. Seems you like hand-waving at grants, and letting the reader come to a conclusion as a way of suggesting there's something nefarious happening. You don't like it when it's used elsewhere.
Typical divisive comment to stir the pot. It could even suggest you are being paid by an enemy of the US to disrupt or discourage/encourage discussion on particular topics. Of course, I'll use your tactic, and not provide any further information on this. I'll leave it up to the reader to wonder.
> blatant USG propaganda
All in the eye of the beholder. Which was your goal of your ambiguous hand-waving.
Roads and bridges were funded by the US government. Really makes you think, huh?!
{The Internet,Linux,Boston Dynamics,Shockley Semiconductor,US Universities (especially MIT, Stanford, and R1 universities)),Silicon Valley,Covid Vaccines,GPS,Scientific Research,<insert random subject>} is/are/was funded by the US Government. Make of that as you will.
It's not transparent (or at least any more than any other means of accessing TOR). If you at all access the internet through somewhat normal means (without running your own ISP and connecting to an IXP physically) you are placing some level of trust in a service provider.
What these sort of VPNs do is allowing you to move that point of trust to another party than the one that maintains your intrastructure (your normal ISP). You do not give them any more trust than your normal ISP, but since your normal ISP is usually more regulated it is a good idea to scrutinize the VPN provider more.
I trust mullvad more than my normal ISP on privacy. mullvad is also one of the few VPN providers that has not sold its product as a end-all-be-all privacy solution while a lot of others have been spreading FUD (things like saying that your ISP can see in cleartext all your traffic even though 99% is over https, saying their products protect against hackers when there is no evidence for that, etc.).
I would not rely on bridges if you ever need to deny that you used Tor at a certain point in time though they may be useful for bypassing some censorship systems. A VPN could hide Tor use from your ISP but that obviously comes with a different set of risks (the VPN provider will know you are using Tor).
What do you mean by transparent? If you mean that a VPN can see you are using Tor and when, sure, but I'm not aware of circumstances where that would matter.
Almost any proxy configuration could be useful in a specific scenario. It's almost always a tradeoff.
For example, you could trade off your ISP knowing that you connected to Tor for your ISP knowing that you connected to mullvad and mullvad knowing that you connected to Tor.
Given that they have literally switched their nodes to be diskless and released lots of their work to strongly disable logging in systems, that may be acceptable for most users.
Well I am. I have a right to. If you want to have plausible deniability when you inevitably must do something legally wrong but morally right, then you must always be hiding.
Fair enough, but I have no idea how that would require me to always use TOR, lest the insanely unlikely scenario arise that I need to expose some hidden information.
Also wait, whistleblowing on the government? I’m not privy to anything like that.
Maybe not now. But you don't know what your life will look like in 10 years, or even 20. People end up in politics more than they ever imagined, out of necessity. It's the OpSec equivalent of holding something behind your back and saying "no, there's nothing there." Makes you look even more guilty. You look a lot less guilty if you hold non-suspicious things behind your back often. Then people are more likely to think you're odd, rather than guilty. Kind of a bad example, but you get the point in the abstract.
Suddenly starting to join the Tor network often around the time some major information is leaked would be a strong correlator pointing to your guilt. I'm just using one example, but there are many scenarios where this matters.
Yea, I am cool breaking a British law nobody in my country has ever been prosecuted for breaking, but my point is I’m not hiding about that, it’s a tech problem I’m avoiding, not a legal one.
I feel like there is no scenario where it should be allowed to forget that all the claims are always falsifiable. Not saying they are lying, just that no one ever truly knows. It's important to not be complacent with that.
It's true we can't know for 100% certain, but things like third party audits can give one sufficient confidence (depending on your risk tolerance, of course)
You're being downvoted presumably as a vote of support for either Mullvad or Tor, but you are allowed to have those opinions. I wish people didn't do that!
The best answer I know of is that you cannot specify spending when you pay Mullvad. There is no place on the payment form to do it, and in the future (present?) you can only pay anonymously anyway, so there's no way to get in touch with someone who could do that, even if they allowed it. I imagine they wouldn't want to offer that option anyway, because it'd be way too complicated on their end.
[0] https://www.torproject.org/about/membership/