Tuesday, January 23, 2007

Why the government should embrace Tor

As security researchers keep saying, Tor really is useful.

And not just if you are worried about your employer firing you for looking up information on unions, or your husband finding out that you've been googling for information on spouse abuse laws....

If you're a government employee, and you're investigating someone, you really don't want server logs to betray who you are.

I -really- hope that the FBI has some kind of leased line/private DSL connection that they use when they investigate child porn cases....

At the very least, TSA clearly doesn't:

pnxuser1.tsa.dhs.gov - - [23/Jan/2007:05:58:32 -0800] "GET /chris/ HTTP/1.1" 200 2683 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"


Anonymous said...

1. Since you know you are under investigation, it would be kind of silly for the TSA to try to hide their tracks.
2. Even if you were under a secret investigation, would you be surprised if random TSA employees were checking you out?
3. Unless your husband runs the spousal abuse website and doesn't have access to your computer account (but knows the external details of your computer), I fail to see how TOR would help. Same goes for the employer/unions situation.

Anonymous said...

1. i've seen municipal and state law enforcement divisions make this same mistake. this exposes the fact that they (TSA and others) don't get it, regardless of whether the person knows they are under investigation or not.

2. heads up? thanks!

3. You've never seen whistle blower retaliation? shit, even SOX requires anonymous tips.

shameless plug: janusvm.peertech.org