Tor has beefed up security, but does this make it a safe environment for those looking to be anonymous online?
Tor Browser 7.5 has been released this week complete with a bunch of security fixes that have already been rolled out to the Firefox Extended Support Release (ESR) 52.6 client it is built upon. Firefox ESR is similar to other versions of the Mozilla browser client, but doesn’t update as frequently apart from the regular security updates.
Earlier this month the latest version of Tor itself, 0.3.2.9, was also released and also included a bunch of security updates, including: better crypto, improved directory protocol (less information leakage to directory servers and smaller attack surface for targeted attacks) and better onion address spoofing protection. Security fixes include a denial of service bug using malformed directory objects to “cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal” and another where an attacker could “crash a directory authority using a malformed router descriptor.”
Anyone with any sense would understand that the feds have pwned Tor for years.
Well, it’s common knowledge that Tor exit nodes are a weak point and the FBI (amongst others) have been exploiting that for a number of years. That doesn’t mean that Tor cannot be used relatively securely, relatively easily. It rather depends on what you want to do while using it and what your privacy demands are. As well as factoring in the fact that security, privacy and anonymity are all rather different beasts of course.
What do security privacy and anonymity have in common? They are all an illusion.
Gary, you are close to being right. Guaranteed 100% no chance of failure security, privacy or anonymity is an illusion.