Why I still trust Tor, WikiLeaks, and Jacob Appelbaum.
I feel compelled to comment on Zed Shaw’s recent “analysis” of an apparent conflict of interest concerning Tor developer and WikiLeaks supporter Jacob Appelbaum.
If you don’t know what I’m talking about you should start by reading Why
I Don't Use Tor
I’m going to try to not be too “logical” in my argument because apparently that will cause my argument to be inherently flawed. So instead I’m going to try to mix emotion with logic in what I hope will not be too volatile a cocktail for this blog post to contain.
I’ve met Jacob Appelbaum multiple times, mostly through our mutual friend Zooko of “Zooko’s Triangle” and Tahoe-LAFS fame. He seems like a great guy, nice, smart, funny, and passionate about personal privacy. It was his demo of Tor on Android over cheap Korean BBQ which convinced me to give up my iPhone.
I’ve also met Zed Shaw. He was abrasive, and seemed offended that I did not recognize him as “Zed ‘Mother-Fucking’ Shaw” but who knows, maybe that was just his schtick.
The above linked post is not what I would consider a classic example of trolling. I believe that Zed Shaw probably believes the things he’s written there and that’s fine. I’m not one to judge people’s other personal beliefs, however his argument seems flawed not only because he bases partly on a well known-rumor that has been repeatedly denied while no evidence has ever been offered for it. But also because it makes certain assumptions which I’m not convinced are valid. 3 to be exact.
1) Jacob Appelbaum is in a position to drastically impact the security of Tor.
Yes, and no. He is certainly qualified, and what little I know of the project’s organization he seems to be in a position where he could make decisions which could impact Tor’s security. However Tor is an open code base, freely available for anyone to audit and not the work of one lone programmer. This does not mean that everyone is qualified to audit the code, I’m certainly not, however I think enough people care about personal privacy and anonymity that qualified individuals are looking at it.
2) WikiLeaks’ job would be easier if an insecure Tor were in widespread use.
I don’t think it would be. As far as I know, there is no evidence to suggest that information obtained by WikiLeaks has ever come from a source other than a conventional whistleblower. A person with some level of access to certain information decides that it is right, just, or worth 15 minutes of fame to leak some information. If Bradley Manning leaked those diplomatic cables, and that collateral murder video he probably didn’t have legitimate access to that information, but he also didn’t obtain it by setting up a rogue Tor exit node. He had legitimate access to military networks.
On a second point, in a future where Tor usage is widespread, I would also expect that you would see Tor Hidden Services also be widespread and any organization hoping to insure anonymity and privacy to their users would be better off running one of those than a normal website that users could access by Tor.
3) WikiLeaks’ job would be harder if a secure Tor were in widespread use.
I hope so, but probably not sufficiently so that it would be worth risking both Tor and WikiLeaks’ reputations to do so. On the off chance that an oppressive regime or a major corporation used Tor for all their most dirty little secrets it’s still more likely that the heavily bearded sysadmin in Reeboks and a Fedora would take that information and leak it than some hacker or even enemy government or corporation would steal it.
Of course, these 3 points only matter if you’re willing to completely ignore the fact that Tor and WikiLeaks’ interests do not actually conflict. WikiLeaks does not appear to be interested in posting the latest celebrity sex tape or pictures from Miley Cyrus’ Facebook page.
In conclusion I think it’s far more likely that Zed Shaw wanted to get some hackernews juice by blogging about WikiLeaks than it is that Jacob Appelbaum and Julian Assange want to read your email.
