Leo Kelion hat für die BBC ein Interview mit Andrew Lewman, Geschäftsführer des Tor Project, geführt: Tor Project’s struggle to keep the dark net in the shadows
Sie sprechen über Geschichte, Funktionen und Nutzer des Netzwerk zur Anonymisierung von Verbindungsdaten, die Zusammenarbeit mit staatlichen Stellen sowie die Auswirkungen der Enthüllungen des letzten Jahres auf das Projekt:
Kelion: A few years ago if we had talked about the dark net and Tor specifically, a lot of people would have been scratching their heads. Nowadays that has changed. Has being thrust into such prominence caused problems for the Tor Project?
Lewman: It’s been more challenging, because we now we sort of have many more eyes, looking at what we do, scrutinising everything we do. Constantly questioning, should we do this, should we do that? For the most part, though, we continue to work on the same core principles we have for the past 10 years. And, you know, we will continue to do so. At the core, we are researchers, and we do research. And our software is an example of what we would write if we were going to write software. And hundreds of millions of people are now relying on Tor – in some cases, in life-and-death situations – and that’s what we pay attention to. We would be very sad if anyone was arrested, tortured and killed because of some software bug or because of some design decision we made that put them at risk.
Kelion: But if you read about some of the reports and bounties being put up to overcome the protections you offer – is there concern that the project is a small group of people and there are huge amounts of effort being put against it?
Lewman: We are around 30 people in total, and think of the NSA or GCHQ with their tens of thousands of employees and billions of pounds of budget. The odds there are obviously in their favour. With the bounties and things it’s sort of funny because it also came out that GCHQ heavily relies on Tor working to be able to do a lot of their operations. So you can imagine one part of GCHQ is trying to break Tor, the other part is trying to make sure it’s not broken because they’re relying on it to do their work. So, it’s typical within governments or even within large agencies that you have two halves of the same coin going after different parts of Tor. Some protect it, some try to attack it.
Und dann gibt es noch dieses spannende Detail:
Kelion: You’re saying there are people in the NSA and GCHQ who go behind their bosses‘ backs to give knowledge to you to fix potential flaws in Tor?
Lewman: Right. We’re one of the few open source projects that take anonymous bug requests – completely anonymous. We don’t need your email, we let you log into our bug track anonymously – many people do it through Tor – and they report these fantastic bugs that if you think through, someone with a lot of experience and a lot of time has researched this bug and said: „Maybe you should look here, maybe you should fix X, Y and Z.“ Sometimes it includes a patch that says: „Here’s my code fix.“ And we look through all this stuff very carefully, and we’ve been totally impressed by the quality of bug reports that we get both on the software side, which is a coding error – sometimes very, very subtle – or on the design side, where you know you guys made a design decision here and maybe you want to consider some other use cases
Daraus hat die BBC einen eigenen Artikel gemacht: NSA and GCHQ agents ‚leak Tor bugs‘, alleges developer
Aber das ganze Interview ist lesenswert.