> But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
So only with "manual analysis" can intel agencies have any success, and that appears to be with a small subset of users who have other vulnerabilities. But when targeting a specific user, the NSA appears to have had no success in de-anonymizing them.
This needs to be higher. I think this was the best scenario anyone who knows Tor could hope for. The attacks against Tor, when used correctly, are well understood. And, assuming this presentation is accurate,the capabilities of adverserial semi-global attackers aren't much different from what we were expecting.
I would love to see if they have similar slide-decks for I2P, which is often compared with Tor for Hidden Service/eepsite usage.
> But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
So only with "manual analysis" can intel agencies have any success, and that appears to be with a small subset of users who have other vulnerabilities. But when targeting a specific user, the NSA appears to have had no success in de-anonymizing them.