The Sony hack will probably be used as an excuse, whether that's the main reason or not. That's how the US gov operates now. They take advantage of certain situations to pass or do stuff that normally would have no chance of passing, even if those situations are barely related to what they're trying to pass.

Example: The Patriot Act written many years before 9/11 by law enforcement agencies to help them in the War on Drugs, and then shamelessly used the 9/11 excuse to pass it. If the Patriot Act was "just about terrorists", then it should've referred only to terrorists. But it didn't. And now 99 percent of NSLs are used in drug cases.

I'm not sure if the above comment is downvoted because of the Patriot Act claim, but that claim happens to be correct. I wrote about this for CNET here:

http://www.cnet.com/news/how-bin-laden-and-911-attacks-shape... "Long before 9/11, the U.S. Department of Justice drafted the so-called Enhancement of Privacy and Public Safety in Cyberspace Act (PDF), which goes by the awkward and not very memorable acronym of EPPSCA. In July 2000, the Clinton administration forwarded EPPSCA to Congress, where it was introduced by Sen. Patrick Leahy (D-Vt.) and met with a generally chilly response... EPPSCA was designed to give police more authority to conduct Internet surveillance, not thwart terrorists armed with box cutters... within hours of the 9/11 attacks, the Justice Department had dusted off EPPSCA as a way to respond to bin Laden. On September 13, 2001, two days after the worst terrorist attack in U.S. history, the U.S. Senate approved the "Combating Terrorism Act of 2001," which includes portions copied directly from EPPSCA."

As for the rest of the above comment, this is likely to be a fluid situation and I'm reserving judgment until we know more. It is possible that the good folks at Tor are wrong (I'd like them to be!) and no seizure happens. Government authorities sometimes bluff.

I think it is worth noting that, while hard-coded, this line suggests that the DA list can be overridden ( https://gitweb.torproject.org/tor.git/tree/src/or/config.c#n... ). Theoretically this should allow the Tor project to provision replacement servers and publish their IP addresses without modifying the "hard-coded" list in every Tor client. With that said, I know very little about Tor and this comment should be taken with a boulder of salt.

The project would have to publish new source code containing new servers, and get everyone to upgrade immediately. I don't think there would be another way to restore the network (which is by design).

"I also understand that this list of trusted DA's is hardcoded into Tor clients"

forgive my ignorance, why would they do this in the first place? fear of MITM?

Because the clients need to get the list of nodes from somewhere.

You can read more about how this works at this URL: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt

just because they need a list of nodes doesn't mean they need to be hardcoded into the client. the other option of course would be to fetch the list remotely.

From what? A directory directory server?

From any peer? If the list is signed by a majority set of keys then it doesn't matter how it gets distributed.

Isn't finding a peer the original problem?

Bitcoin does this by storing a list of DNS hostnames, run by a set of the maintainers, that return periodically-updated lists of peers.

Previously, it also joined an IRC channel and got the list of hostnames from all of the other users in the channel.

Isn't that just replacing hardcoded IP addresses with hardcoded DNS hostnames? Not much of an improvement.

ah, point taken. i didn't think too hard about this apparently. if they had a host serving a list of trusted DAs, that host would be just as valuable a target.

Any Tor node could be a peer to distributed a signed piece of data.

Yes, but how does one locate a tor node without a directory server?

Maybe like Bittorrent DHT? The client could keep a cache of other known nodes. You could share them on pastebin versus having them b only hard coded. You could preloaded a hundred peer nodes, instead of 9 master nodes. It doesn't strictly eliminate the problem, but it makes it less likely that one or two governments can just shut it all down.

This is kind of how i2p does it. Currently i2p has like 6 "reseed servers" which bootstrap you into finding some other peers. Once you are connected to the network you then can contact "floodfill" servers, which are essentially a distributed form of the directory authorities. Floodfills are autonomously chosen routers on the network, and distribute other nodes to whoever asks.

I think so.

It wouldn't be very secure of Tor could be over-riden by an ISP inserting a bad DNS record in their servers.