The code issues are too "subtle" to be from anyone else
Tor may be getting information about various vulnerabilities straight from inside the intelligence agencies of the world.The information comes from Andrew Lewman, Executive Director for the Tor Project, who told BBC that they have been receiving tips from both inside the GCHQ, one of the British spy agencies, and the NSA.
This has been possible through its anonymous bug reporting tool, something that has helped Tor immensely in tying up loose ends, patching up important vulnerabilities and more.
Considering that the NSA is known to have taken an interest in the Tor project mostly because it is highly annoyed with the fact that it cannot spy on people while within the network, this entire situation is quite ridiculous.
“There are plenty of people in both organisations who can anonymously leak data to us to say – maybe you should look here, maybe you should look at this to fix this,” Lewman said, adding they have always fixed the issues that were pointed to them after investigating the issues.
Since all these flaws are constantly getting fixed, users’ anonymity is protected within the network, which means the project accomplishes its goal.
These tips from inside the intelligence community come on a nearly monthly basis and they’re always towards “subtle” bugs within the code, things that wouldn’t normally be detected by regular hackers or users.
While he doesn’t exactly have proof of the origin for the leaks, he’s pretty sure that the NSA and GCHQ are it. “It’s a hunch,” he said. “Obviously we are not going to ask for any details.”
Lewman pointed out that you have to consider the type of people who would be able to do this, to detect these bugs, and who have the expertise and time to read Tor source code from scratch for hours, weeks, months and “find and elucidate these super-subtle bugs or other things that they probably don’t get to see in most commercial software.”
Since Tor allows for completely anonymous bug reports to be made, these spies can safely clue the Tor admins in on what needs to be done to prevent bigger issues and the deanonymization of the platform.
The Tor Project director also added that William Binney, another NSA whistleblower, told him once that one of the reasons why NSA workers would choose to leak such information is the fact that the agency spies on Americans, something that it isn’t supposed to be doing.