I have second hand knowledge of lawsuits that have been dropped by the FBI during discovery because it would require them revealing zero days they have on Tor. Recently this has started getting increasing levels of press exposure[1] including in CSAM cases.
The FBI has also continued to run CSAM websites after takeover to collect intel, and likely run honeypots for other content.
If your adversary is a state actor, particularly the U.S., tor alone is not sufficient for anonymity. It's fairly safe to assume they have the ability to deanonymize you. Your only safety net, it seems, is the value of other targets relative to you when it comes to them burning their "golden ticket" zero day. And even then, you're at risk of parallel construction.
If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
According to various sources, such as Snowden's "Permanent Record", the tor network was designed to allow spies in remote locations to communicate securely with a known endpoint (such as CIA headquarters) without anyone being able to easily trace their exact location. The content of the communication itself would not be readable due to strong encryption, but the metadata (source and destination headers) could reveal who was talking to who.
However, nation-states with enough backdoors to all the servers serving as tor jumpboxes could likely deanonymize the remote user (it's assumed they'd be watching all traffic going to and from the known endpoint, which in Snowden's case was a journalist's email server).
Snowden's method IIRC was to acquire a laptop or phone without leaving any identifying marks (ownership information), then drive around until he found an open wireless network which he could log onto, then he'd use that network over tor to connect to the journalists he was talking to. The device was used for no other purpose, never turned on and connected to his home network, etc.
There doesn't seem to be any way for two anonymous parties to find and connect with each other across tor in this manner however, without having some other side channel to coordinate time and place and exchange identifying information.
You can still hide the content of communication using PGP-style strong encryption, but even then, it's likely that keys could be compromised in some manner.
CIA likely hidden in plain sight so you wouldn't figure out their Tor node. Likely hosted in some DC rest of USA also uses, for example a colo or dedicated at Rackspace.
As for Snowden you just described a burner however he would still need to find or know that open WiFi hotspot.
I figured unless working for an intelligence agency or some ideological reasons there is no reason to go against the US government.
I don't think there is enough protection against such actor unless you are working directly for another state actor. And even that you won't keep anonymity. Check the North Korean gov cracker case. DoJ managed to figure out his name and photo despite that he works for a state actor.
That guy probably won't want to go abroad to most of the countries. Even countries competing with US such as China or Russia might send him to Uncle Sam for some exchange of interest. I actually think the Chinese probably provided some information to DoJ as he worked in the DaLian branch of a NK expo company for some years.
Most US law enforcement ability comes from their subpoena power, so you could presumably stay out of reach of that by limiting your infrastructure to be located in countries without friendly relations with the US. I doubt some babushka's VPS provider in Belarus is going to respond to a subpoena from the FBI. (However, the FBI probably knows this, and they know you know this... so they might purchase a VPS from that same babushka, to spy on the traffic of neighboring hosts via ARP spoofing and similar network-level attacks.)
Another area of exposure is payment networks (cryptocurrency or otherwise), so ideally you wouldn't purchase any infrastructure at all. But that's not always feasible.
And of course, to be absolutely safe you'd also need to limit your own physical location to countries that don't extradite to the US (and hope they don't sign an extradition treaty before the statute of limitations runs out).
> it would require them revealing zero days they have on Tor
I always figured this was the case for a lot of common things like full-disk encryption schemes, AES, root certs, etc. If there's a break, they wouldn't use it in court unless it's taking down a very, very big target.
Indeed. Very big targets are taken by 0 days, and like Op above mentioned, low hanging fruits are taken by parallel construction. Looks like there is a sweet spot in the middle, where they can’t be bothered.
I don’t think this is true unless the original evidence was obtained in violation of the fourth amendment, which zero days are not necessarily. You’re right though using parallel construction to launder prohibited search is illegal.
The purpose of laws like the 4A is to prevent the police from harassing innocent people by going on fishing expeditions. The purpose of the poisoned tree doctrine is to prevent the police from committing crimes as part of their work.
But if a plains-clothes police officer sees you load a kilo of cocaine into your car every Tuesday, on the same street corner, there's nothing illegal or immoral about him telling a uniformed cop to show up next Tuesday, to observe you doing just that. I see no reason why the uniformed cop should be compelled to reveal his source.
Now, if the plains-clothes officer was doing warrant-less break and entry in order to observe you doing the crime, that would be an ethical problem.
This does create a bit of a connundrum - where you often can't tell if parallel construction was used to cover for legal, or for illegal behaviour. But I see no reason for why the first case I presented should be forbidden. If pressed on the stand as to why the officer chose that street corner to be on Tuesday, they can avoid prejury by declining to answer, or just say that they were tipped off. I find it doubtful that a judge would compel the officer to answer, or to elaborate - he's not the one that's on trial, after all.
in your analogy, plains-clothes officer breaks into the private property without leaving a trace, by using unknown vulnerabilities in security of the place, leaves with evidence without being noticed gives that evidence to a supposedly uninformed cop, and development of that case leads to prosecution of the property owner. And you are saying there is nothing sketchy about that?
> And you are saying there is nothing sketchy about that?
It all hinges on whether or not they had a warrant to surveill the ISIS site.
If the police have a warrant to plant a hidden camera at a crackhouse, I don't see why they would have to reveal its existence, when they later stop and search a car full of drugs at a perfectly legal search at a border checkpoint. If they didn't have a warrant... That's an ethical problem, and it runs afoul of the fruit of the poisoned tree.
Likewise, if there's an informant or a mole at the crackhouse, do you think the police are obliged to notify the world of his identity, every time they arrest someone he tips them off to?
The legitimate reason is that it's not pertinent to the case. The accused is on trial, versus evidence publicly presented against him. If the prosecution feels that the evidence they would like to reveal in the trial is sufficient for a conviction, they have no reason to throw in 'Oh, and we have an informant who's been snitching on you and your fellow conspirators.'
It's not exculpatory evidence, there is no obligation for the prosecution to turn it over. There's no reason for the judge to allow a line of questioning into it unless the defendant can make an argument as to why its relevant.
I'm not a lawyer but my thought process is that the "parallel construction" is going to include some chain of information/observation > probable cause > search > evidence and parallel construction is going to include dishonest testimony in the observation or probably cause area.
In reality I know that its difficult and unlikely to be proven or prosecuted, but it seems like that would be perjury.
Honest question though and I'm curious if someone with more expertise can explain where I'm wrong.
One of my favorite HN comments of all time [0] suggested that MMO's provide plentiful means of covertly communicating:
>MMO's are packed with possible communication channels in addition to chat. Ever wonder if that annoying gnome in the auction hall is jumping in morse code? Could signals be sent with bids? Could a character's inventory contents be arranged to leave a message to someone else who shares the login info? Is that nonsense coming from what you presume to be a bot-controlled gold-farming crew really nonsense? When a game goes to great lengths to simulate a world, the possibilities for covert communication are nearly limitless!
The hunt for those responsible (eight terrorists were killed Saturday night, but accomplices may still be at large) led to a number of raids in nearby Brussels. Belgian federal home affairs minister Jan Jambon has said outright that the PS4 is used by ISIS agents to communicate, and was selected due to the fact that it’s notoriously hard to monitor. “PlayStation 4 is even more difficult to keep track of than WhatsApp,” he said.
Also in the film Four Lions where terrorists use an online game to communicate (basically an unbranded Club Penguin). Wouldn't particularly recommend watching the film (it isn't bad, it is just depressing...which is the aim) but the media coverage of this does suggest it is occurring.
Thanks to Snowden we know that the NSA is monitoring MMOs. I wouldn't doubt if the FBI wasn't watching over online games too especially the ones targeting kids like fortnite and roblox
If I were hiding from a state actor I'd use a high-bandwidth communications medium like video. In another life I worked for a large live streaming service, the infrastructure required to process terabits of video is mind-boggling in size, extremely technically challenging, and usually involves custom built ASICs and hardware that's expensive and in short supply.
Even with the NSA's budget and infrastructure, I don't think it's technologically feasible for them to decrypt and then semantically process or store that much content. Video is also the vast majority of traffic on the Internet so it would be trivial to hide in plain sight with some creativity (Using stenography to hide content in the video) With 4k you can pack a ridiculous amount of information into even a single frame, and that's one frame among hundreds of thousands, among billions of videos.
> Even with the NSA's budget and infrastructure, I don't think it's technologically feasible for them to decrypt and then semantically process or store that much content.
I have little doubt that they can store terabits of video content.
They let us know about their utah data center (https://en.wikipedia.org/wiki/Utah_Data_Center) which was estimated to have as much as 12 exabytes in 2013 and who knows what data centers they have they aren't mentioning. Back in 2003 they had no problems capturing every bit of data that moved over AT&Ts network. Storage is dirt cheap and they can just hang onto everything until they see a reason to dig into it. No need to process everything right away.
You'd think your video would be blending in with all the other video on the internet, but it really wouldn't. Streaming video put out by netflix is going to look very different than streaming video served via youtube vs streaming video over P2P etc.
OP said he doesn't "think it's technologically feasible for them to decrypt and then semantically process or store that much content" meaning it's more about just storing the raw data. Assuming they could store it perfectly fine (which is a big 'if' considering Cisco estimated 7.7 Exabytes of data would be generated per day by 2021), they'd still have to decrypt all the videos, semantically analyze each video (subtitles, object detection, face recognition, etc), find a way to index that information to make it queryable, and run analytics on that data regularly.
Ideally they wouldn't have to search everything when needed and could keep a running file on everyone (because lazily parsing data could be expensive and probably a waste on their existing current resources). That's not to say they can't do it, given that they probably have a huge budget, but it's also not a sure thing they can do it effectively for those who are trying to stay hidden.
Just as there is no perfect boat or perfect date, there is no perfect security or privacy.
You can make things more and more difficult for your adversary (and usually for yourself too) but if they are dedicated enough they can basically outspend you.
Therefore you need to minimize the apparent cost of your actions and their duration. You can afford to be a passing pain in their butt but you can't afford to be the focus of their eye.
Possibly with the help of another motivated state actor.
I believe one of the theories about the proliferation of the current organization of political entities is that the only organization that can reliably compete with one nation-state is another nation-state.
Probably. If you use a laptop once, on a public Wi-Fi hundreds of miles from where you live, while not being caught on surveillance, while using a stripped down privacy based OS, and then route yourself through Tor, you might be okay.
Not if you brought your cellphone on the trip. Or used a car that has a built-in SIM card and cellular modem. Or you bought that laptop from a supplier that registers all MAC addresses of sold devices. Or that laptop had Computrace or some other firmware-based anti-theft mechanism.
Even if you had a car without a cell connection, license plate readers and cameras make it easy for anyone with access to replay and reverse any traveling you do with any car.
This is basically how the prosecutor in the Idaho case is putting Kohberger at the scene. They've also used where his cell phone was pinging during the night of the murders as additional evidence he was there.
Meanwhile, detectives scoured video footage from cameras in the area and picked out a white Hyundai Elantra driving past the house three times before stopping on the fourth pass shortly after 4am. The car left 16 minutes later “at a high rate of speed”, according to Payne
Meanwhile, FBI investigators trawled through Kohberger’s cellphone records and discovered that he turned it off shortly before the attack, perhaps thinking it would help him to avoid detection. The phone springs to life again at 4.48am on a road out of Moscow.
The records also showed that Kohberger was in the area near the house at least a dozen times in the months before the attack, usually in the early morning or late evenings. Investigators said they were examining whether he “conducted surveillance on the King Road residents and was in contact with any of the victim’s associates before or after the alleged offense”.
What you're describing is likely overkill. Just buy a used laptop on Craigslist. Drive about 50 mi away. Park at a motel and take a yellow cab to a moderately busy Starbucks. Hack away, and then leave via yellow cab. Leave your phone in your car. Pay for everything in cash. Throw away the laptop.
There's a chance that you'll get caught on camera at Starbucks. But the cameras there, if any, aren't set up to provide full coverage and are rotated every few days.
Don't involve any other people , don't wear a disguise. If you're going to alter your appearance in any way, do it when you meet the seller to pick up the laptop.
added: You might want a burner phone to call the cab. But normally a motel desk will do that if you ask nicely.
When they trace the activity back to that starbucks I imagine the fact that you happened to be in the area that day, 50 miles away from your home, stopping at a hotel that requested a cab to that same starbucks would stand out rather quickly.
If you leave your cell phone at home that would help, but you still risk being tracked by your car or being caught on any number of cameras and identified via facial recognition.
I assume they'd be looking at everyone who was in the area and isn't following their usual routine. That's what I'd do anyway. I'd look into the owners of each device logged that isn't normally around.
Walking and driving without a mobile device on your person is sufficiently unusual that it's a form of metadata in itself. Look at the Kohberger case - they're using the fact he turned his phone off as evidence. In fact, this kind of pattern was even used by the Obama administration while targeting humans in the Middle East for extrajudicial killings. It's even more precise when coupled with traffic analysis: if every Tuesday, an IMEI disappears from the network shortly before another IMEI comes online, then those two devices are likely related. In your scenario, the phone disappearing from the network could be coupled with your car showing up on a traffic camera leaving your house. Ironically, you draw attention to yourself by _not_ advertising your metadata.
At a certain point, the world is full of so much metadata that you really can't control your own. Want to turn off location services? Make sure you turn off WiFi too, because a list of nearby access points and SSIDs is enough to pinpoint you down to a few meters. Want to spoof your location when using an app with network services permission? You'll need to spoof nearby access points and their transmission power to match them to somewhere in the real world. And you better make sure to do it inside a Faraday cage. Because no matter how careful you are, if someone else is walking by your clever hacking nest, and they do have location services enabled, then their phone will be able to pair their geolocation with your unique access point topology. Oh, and even with the Faraday cage, the fact your phone is seeing access points that no other phone has seen is a unique data point in itself.
Point is, you can be compromised without any action on your own part. Traffic analysis is hard to defeat, but you can mitigate against it by not committing crimes that motivate the government to spend resources on tracking you across disparate systems like mobile networks and traffic cameras. Or if you must commit those crimes, then you'll need to make sure everything you do is in the fattest part of the bell curve for every possible statistical test the government can use to analyze common behaviors.
Interesting post. Regarding Kohberger, you would think a PhD in criminology would have left his phone on and at his residence during and leading up to the crime. I read that he had a pattern of taking his phone with him on the same route for several months leading up to the murders... Along with the rest of the sloppiness, that seems to be fairly damning evidence and is low hanging fruit IMO.
Before the internet and mobile phone age I can only imagine how much harder crimes like this were to solve.
> Want to turn off location services? Make sure you turn off WiFi too, because a list of nearby access points and SSIDs is enough to pinpoint you down to a few meters.
Not just wifi, bluetooth is used for location tracking as well.
Barista talking to news after person is arrested by FBI: "As soon as they ordered the brewed coffee with no customizations after standing in line for 10 minutes, I knew something was suspicious. Who comes to Starbucks, stands in line for 10 minutes, and then orders boring coffee?"
Somehow your comment reminds me of Head First: Design Patterns, where decorator objects wrap each piece of the beverage order: SugarFreeCreamer around Vanilla around Vanilla around Caramel around Macchiato...
it depends on what you're doing (as far as I understand as a criminal news nerd)
the police-justice system is usually broke for commoners. So yeah, if you're not doing a serious offense, they will never catch you.
Where I live, you can buy weed. Even if the government says they're motivated to stop it, they don't have the resources to plant police everywhere.
If your home was 'visited' by burglars, they would just take fingerprints. They wear gloves, and that's enough to avoid the state actor.
if you're doing a real serious crime, you can kind-ish avoid attention, if you know retention laws and stuff.
if the (mostly digital) traces you generated are too old, they would have disappeared or would not be usable in court.
if you appeared on mall CCTV months before you did the crime, have been browsing sites over a year before, ... these data should technically have been deleted.- Just don't create new data in the meantime.
In a similar fashion, some white collar criminals host data in their lawyers office. it is so hard to have a warrant for a lawyers office that you can be safe.
A law teacher at our engineering college said it was convenient to hang out with a lawyer - just drop your phone in their purse if cops show up.
then, you can avoid some digital communications.
Putin and friends are well known for being mostly offline, unlike some ministers at western governments, for example.
Send letters, and you will have that perfect forward secrecy.
there has also been some stories about plausible deniability ( https://en.wikipedia.org/wiki/Plausible_deniability ), especially among rogue corporations and corrupt politicians.
ie when you create data, you can do it in a way where it says what it says, but it's not meaningful in court.
don't drag attention on you.
cops shows teach you how so many criminals are found out after a traffic stop, when they were speeding or ran a red light.
The government can't check everyone, so they check those who stand out.
Lastly, I remember watching a youtuber who got out of prison, and who said that three people could only keep a secret if 2 are dead.
it's a bit pessimistic and dark, but maybe don't just involve everyone in your crimes.
I would like to know if series like Breaking Bad are (or were) realistic.
I know some criminals learned a lot from movies.
Edit : or just befriend politicians, you would be above any law in most places.
Someone in France once stole 2.5 billions $ in one shot from the government. It what became known as the uramin scandal, and nobody was caught. So everything is possible.
> three people could only keep a secret if 2 are dead
Exactly. Which is why, not to start a JFK war, I think the Mafia killed JFK. If it were the CIA, or LBJ, someone would have talked. Anyone who knew what happened got whacked.
Given the statute of limitations on some crimes, I'm surprised they don't rotate out zero days and bulk prosecute a bunch of people using the same one. With a big case they're willing to burn one exploit, why not do the same for ten cases?
> I have second hand knowledge of lawsuits that have been dropped by the FBI during discovery because it would require them revealing zero days they have on Tor.
> If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
I would say that if you are doing something the US government has a significant interest in prosecuting, you might want to reevaluate your life choices and think about whether it is something you ought to be doing in the first place.
I know this is not going to be a hugely popular sentiment on here; but if you are doing something such that the US is going to burn a zero day to get you, the appropriate prior is that you are doing something supremely heinous and evil. You may in fact be on right the side of justice, but you do not get the benefit of the doubt by default.
The good, old “If you’ve done nothing wrong, you have nothing to hide” argument.
Just drop “US” in that statement and then reevaluate it. Then ask yourself why the US should be special in regard to (not) protecting people’s privacy.
Oh, I am well aware that governments have all kinds of unjust laws. I know some ex-Panthers who were on the business end of COINTELPRO. But they were open about what they were doing, and publicly articulated a compelling case for their cause - which was censored. Not to mention they weren’t actually breaking any laws.
Similarly, the public performance of civil disobedience was an integral part what MLK was doing with his civil disobedience.
Again I am not saying that the US government is always right. Just the person who is using Tor to hide illegal activity should not receive the benefit of the doubt.
And the “US” part of my comment is key here. There is a big qualitative difference between the US government and the N Korea government.
> I would say that if you are doing something the US government has a significant interest in prosecuting, you might want to reevaluate your life choices and think about whether it is something you ought to be doing in the first place.
Sounds like the people who ran the Underground Railroad would have had significant thinking to do, by your logic. They probably should have gone home and abided by the law of the land, like the fugitive slave acts and Dred Scott v. Sandford.
To say nothing people living in Iran and China today.
I am pretty sure the people who ran the Underground Railroad thought very long and hard about what they were doing.
I think a much stronger / more contemporary argument for you would be something like facilitating access to abortion for people residing in states where it is now illegal.
But a few questions here. Is something like this an exception rather than the rule? Do you think the FBI would burn a zero day to prosecute someone for this?
> the appropriate prior is that you are doing something supremely heinous and evil
Generally speaking I can agree but more specifically cases like Julian Assange come to mind. Certainly there are at least some people who are at risk of this kind of persecution and otherwise not doing something that would so immediately be considered in such a negative light.
Reality Winner is probably a better example since she is a US citizen.
How about ransomware gangs bricking hospital IT infrastructure? Seems like that is a much more common occurrence than the types of examples you are referring to. Hence the appropriate prior - absent evidence to the contrary - is that someone is doing heinous shit.
> but if you are doing something such that the US is going to burn a zero day to get you, the appropriate prior is that you are doing something supremely heinous and evil.
Or, you are someone like Edward Snowden, or some activist who is directly working against the US government's interests overseas. The US has a history of even assassinating activists that get too powerful (usually indirectly, by hiring some local goons), so using a zero-day to compromise them is table stakes.
> If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
Yep: stop breaking the law. The vast majority the US government has significant interest in prosecuting, the general public is OK with.
> The vast majority the US government has significant interest in prosecuting, the general public is OK with.
Did you really just shoot down your own argument by acknowledging that there are some things the government has a significant interest in prosecuting, but which the general public doesn’t find objectionable?
Sure. Which is the same as "for some minority of people the government is after, it is 100% acceptable and even desirable for them to use these technologies."
The law is a social, not a moral, construct, and tends to lag behind both. Ten years ago selling weed would’ve had the government using these same tactics against you; today you’ve got a shop front downtown. Fifty years ago being gay would’ve been cause for the FBI to surveil you. 70 years ago, supporting the policies of someone like Bernie Sanders would’ve done it.
Lol if you don't want to be fucked with by the government, just don't break the law! Unfortunately that doesn't work. Sometimes legal activities are best kept under wraps.
I have a signed and executed federal search warrant in my drawer. I was tossed in a cell. I was dragged to a hospital. I was sent the bill for the "search" and am currently being hounded by debt collectors. Nothing was found and I did nothing wrong. Sadly just following the law didn't work.
I'm sorry to hear that. I'd like to think that is a rare exception, not the rule. It certainly isn't what I experienced when I entered the USA as a foreigner (with a DAP and Sharp Zaurus which didn't get checked either back in 2005). I know there's an issue of discrimination among police; it is something we (society) need to combat.
Unfortunately it is so common ACLU had to send a warning to a long list of hospitals CBP works with [0] to do this kind of thing as part of a lawsuit [1]. They still haven't stopped and the hospitals continue the searches, in fact I was sent to one of the hospitals listed.
A woman (who they never even got a warrant for and nothing found) at the hospital I was at was forcefully penetrated in a pretty disgusting way and I'm unaware of any significant remedy for her despite a lawsuit [2]. The lawyer who took her case told me they'd given up on such cases when I spoke with them. I complained to the relevant medical state board and they basically said everything is kosher.
While in the hospital with officers, I had the opportunity to ask them about their history in regard to this behavior. They bragged to me of various nefarious activity, such as taking someone in because they had a trans female-to-male "appendage" so they accused it of being a drug smuggling apparatus apparently to fuck with them. It was clear to me in these discussions it is routine and common behavior, and they voiced to me it was profitable for them as they commonly were paid a very high overtime wage to sit in the hospital which is easy work compared to their normal job at the port of entry and allows them to buy expensive trucks.
2 (relevant details start bottom page 6) is a pretty brutal read.
The Spanish Inquisition charged procedural costs for their ... administrations. Usually on the subject's family, because of high mortality rate. Terry Gilliam has even said that this particular practice was one of the big drivers for doing Brazil in the first place.
Modern governments have learned from the history, and chosen to repeat it.
Yes. IF an officer accuses you of having controlled substances inside your body you'll be dragged to a hospital, which will perform the search, and then send you the bill. It doesn't matter that nothing was found and it was performed against your will at the behest of the government.
In USA I wonder how they forced you to enter contract with medical provider. A letter to debt collector to 'validate alleged debt and show me the signed contract' could be interesting.
I did that exact thing and they sent back a rejection of the dispute along with shitty screenshot of me listed as "guarantor" of ICE's health service corps lol. Obviously I refused to sign anything. I have no idea how the collectors even found me as I had no valid contact information as the feds put their own address as mine.
FDCPA has provisions for a letter with specific words to make them stop contacting you. They will likely ignore that, so consider if you would then sue for damages.
Most States have a 'declaratory judgment' law in which an issue is brought to court and decided. You could force them to prove a contract in a court. They will probably not show up. Or they could show up and you could get corrupt judge and lose.
Aren't you mixing up two different things? There's your problem, being harassed for something you say you didn't do. And there is the criminal's problem, being found out for something they did do. For the latter problem, not doing the illegal thing sounds like a solid strategy.
Law enforcement and the courts mostly do make the distinction effectively—it's what they are for. That they sometimes accidentally or deliberately fail to do so is true, but it doesn't license lawbreaking. In the US, there's a small chance of an innocent being harassed for something they didn't do, but a much larger chance of a criminal being arrested, charged, and jailed for something they did do.
If you don't want to be treated like a criminal, the smart choice is not to commit crimes, even though there is small chance you'll be treated like a criminal anyway.
The question at hand is not whether to break the law, it's whether to protect yourself from intrusion by state authorities with demonstrably little public accountability.
Actually I could have avoided the warrant had I broke the law. It was because I followed the law that I was harassed.
I could have easily jumped the fence to the US, and as a citizen unless caught in the act it'd be nigh impossible to prove I did anything wrong. Instead I presented at a port of entry where an insane officer claimed there was drugs up my ass.
Even leaving aside the question of whether the FBI actually compromised Tor, or just did something way more mundane like infect the defendant's PC with malware, the linked court document is really interesting.
Not only does the FBI decline to say how they determined what IP address the defendant used to access the Tor hidden service, but they're also trying to hide the fact that the defendant asked to see that information by requesting the court label the defendant's court filing itself a "highly sensitive document"? And the court granted that request? Is that normal? It seems really bizarre to me, but I'm not a lawyer.
If becomes widely known that the government can de-cloak Tor users, that will change the behaviour of their targets and so hurt their surveillance, so it's fairly common that the government wants to hide this fact. (same with stingrays, for example).
But just wanting to keep it secret is not enough. So they will claim that this has national security implications, saying some targets are terrorists. And courts defer very heavily to the government in this area, so the FBI might be successful.
Because just knowing that there is a break is enough to tip someone off, the FBI can and courts likely would classify a request for details as well as the details themselves.
>If becomes widely known that the government can de-cloak Tor users, that will change the behaviour of their targets and so hurt their surveillance, so it's fairly common that the government wants to hide this fact. (same with stingrays, for example).
As was discussed verbally at Defcon, a huge chunk of the exit nodes are either in the US or EU. Same for guards.
(The whole GCHQ vs several EU countries trying to do intel in parallel without a shared intelligence agency thing is perpetually amusing.)
Seems like this is a case of the government saying "trust us". They noted two ways that the feds could have gotten the IP address but how about a third, they targeted the guy and got the IP address from the ISP and said "look!, we found our guy" -occams razor.
I read the doc and it seems like the case is built on information gathered by the government but they won't say how. They don't want to say how because it's supposed to be a national security issue, which is understandable but not how our legal system works (or should work). They are saying that they got his IP via tor and that that IP address went to ISIS websites, but again they won't say how they have this information they are just saying "trust us". I'm saying that if they had targeted this individual, the feds thought he was up to something but had no real evidence, it would be really easy to find this guys IP address and then say he went to X website and he needs to go to jail -but we can't tell you how we found this out. Do you see where the problem is? We still have due process in this country or at least we're supposed to.
> I'm saying that if they had targeted this individual, the feds thought he was up to something but had no real evidence, it would be really easy to find this guys IP address and then say he went to X website and he needs to go to jail -but we can't tell you how we found this out. Do you see where the problem is? We still have due process in this country or at least we're supposed to.
Yeah, it's been a problem for a while now. I do think you're referring to Parallel Construction, a.k.a. evidence laundering.
I think a lot of this has been covered elsewhere before:
- when using tor you should disable javascript because a malicious or compromised site can use javascript to do non-tor stuff that potentially compromises your location. (can be a big pill to swallow, web without javacript is very 90s)
- Run torbrowser within a secure VM or separate device using Tails to minimize your activity footprint
- Use a VPN when connecting to TOR (I also put my TOR services behind their own VPN so even if the entry point is known you can't get the origin IP from it)
- As an added protection I use firewall rules to ensure that only the tor client process can communicate out, any other attempt to send or receive traffic to the public internet gets dropped.
Firefox supports proxy via unix domain socket and tor daemon supports unix sockets too, so you can setup torbrowser in a VM/container without any network access to add additional safety against leaks. The sole communication channel to the tor daemon via unix socket(s). For vm, use virtfs/9p to share between the daemon and browser, for container just bind mount it. To allow torbrowser to control the tor daemon, you can use socat as a proxy over an additional unix socket since tor's control port does not directly support using a unix socket.
The whonix project has good info on the environment variables you will need to set to get the torbrowser to play nice with an external tor daemon, so you do not need to resort to tor over tor which will make your traffic stand out.
IMO, torbrowser, on platforms that support it, should separate daemon and browser by default, with browser in a separate network namespace with no network interfaces.
But, if zero day in tordaemon, and your adversary is US gov't or other well resourced organization, it is probably still game over. Not to mention NSA scale traffic analysis that Schneier seems to be suggesting as a possibility here, which can only be defended against by only using Internet access that can never be tracked back to you. For downloading bookwares off libgen, the above mitigation is probably sufficient, though, if not a bit overkill.
> since tor's control port does not directly support using a unix socket
Note, this part is incorrect, the tor control port works over a unix socket natively. I just spent some quality time with the torrc manpage and am in the process of fixing my setup.
You should not do this. It is at best useless, at worst strictly negative.
A VPN tunnels all your traffic through their own servers, so they are a single point of failure roughly equivalent to your ISP. Anyone with access to the VPN servers could spy on all of your traffic, completely bypassing Tor. If you pay for the VPN with a credit card, you can be easily identified.
> You should not do this. It is at best useless, at worst strictly negative.
Whenever people write this comment I get the same vibe as when people say that all the recipes in The Anarchist Cookbook are rigged to fail - however I’m in a much better position to judge the technology then the chemistry.
Adding in the VPN (which you should already have and use regularly) before the first Tor guard or bridge node has several benefits - it obscures your usage of the Tor network by a causal observer at the origin (the FBI said they could tell Dread Pirate Roberts was using Tor from the ip addresses, just not what he was using it for - though they did note he was active on Tor during periods Dread Pirate Roberts was active although that alone wasn’t enough for a warrant), it obscures your origin ip to the causal observer at the guard or bridge, your activity is mixed with all other vpn users using the same vpn server(s) - some VPNs add a layer of indirection by routing your traffic through two servers, and it increases the total number of nodes your traffic flows through by at least 1 - unless you do a compile time change to increase the length of the route.
The risk of a party having control of both your vpn and all the tor servers in your path is not zero but at that point the universe pretty much wants you to be found. Should have gone to those Wednesday pot-lucks and put a little more into the building fund. ;)
The person in the article did not use a vpn and they traced the traffic to his mom’s house - amendment to the Ten Commandments of Selling Crack, “Don’t sell crack where your moms at”.
Paying for a vpn with a credit card doesn’t make you identifiable, the list of suspects is everyone who uses the vpn, or knows someone who has a password, or works for a company that maintains a pool of corporate accounts. Most VPNs don’t link outgoing connections to back to users, just so they don’t have to deal with people asking those sorts of questions.
It's not a good idea, but not for the reason stated here.
The TOR client will establish a tunnel OVER the VPN to the entry node, so the VPN provider will only see this encrypted traffic. The VPN server cannot spy on you.
When you connect to TOR it carefully selects your circuit for diversity over the Internet between each hop (for example avoiding your entry and exit nodes not being on the same service provider). By using a VPN your opening the possibility for something to go wrong here.
The situation is different, think about nodes and encrypted channels between them.
If you encrypt traffic on your host properly and send it off to a remote host, your ISP (node(s) in between) sees encrypted traffic.
If you create an encrypted VPN connection to a VPN providers server and then configure a second encrypted connection (e.g. through Tor) from that VPN providers server to a remote host, then your VPN provider is able to see exactly what happened on that VPN providers server; since that’s where the encryption (and decryption) happens.
> - Use a VPN when connecting to TOR (I also put my TOR services behind their own VPN so even if the entry point is known you can't get the origin IP from it)
Has this advice been studied? If everyone uses a VPN you could be reducing network diversity. A single compromised provider could make correlation attacks easier across the entire network.
I'm not saying that's certain, but I'm generally skeptical of "hone remedies" when it comes to Tor. There is so much potential for counterintuitive interaction.
… ROT13 is known to be a very insecure method of encryption, therefore you should run it twice on your messages to keep adversaries from reading your secrets.
Unless you’re completely certain it’s impossible for the VPN providers to coordinate, that sounds like a way to short circuit the entire tor infrastructure.
Is bandwidth profiling not used? Can't an agency on the scale of FBI, provided they can control the website contents or at least see the access logs, determine from passive observing of end user connections, who downloaded the website?
It does add another entity who can identify you (your VPN provider), but it doesn't strictly increase the surface area, since it avoids passive surveillance tripwires at your ISP looking for "interesting" traffic like active connections to Tor nodes. Now, if your ISP is monitoring Tor connections, they're probably monitoring VPN connections too. But at this point VPN services like Apple Private Relay are so commonplace that it's not too unusual to route all your traffic through a WireGuard endpoint. So the burden of surveillance shifts to your VPN provider, who may be worse or better than your ISP in terms of keeping logs, respecting privacy and responding to subpoenas.
Note that "VPN provider" could refer to any entity who is next in the connection chain after your ISP. That could be some public VPN providers like Cloudflare or Apple Private Relay (which is run by Cloudflare and Akamai). Or, if you host your own VPN, it could be your VPS provider. If your goal is to blend in, you probably want to use the public VPN provider where exit IP addresses are (theoretically) shared between a (limited) number of users at any given time. Whereas a VPN on your own box will have an exit IP that is uniquely attributable to you, making you not only easier to trace, but also easier to hack, through any vulnerabilities you might have introduced when setting up the server.
I wouldn't get so excited about this. There have been tons of javascript exploits to leak IP addresses in the past, it's more likely that than the FBI running thousands of servers.
Or even something way simpler, like the FBI secretly compromising the user's PC with malware prior to the arrest. Without more detail it's impossible to know whether this is even news.
Perhaps, but the only references I saw to 2019 in the criminal complaint[1] were with respect to Tor and his phone. I don't know if he was actually under surveillance that early or if this is just stuff they later found. While there are plenty of ways this guy could have attracted the attention of California, Florida, or federal law enforcement, it's entirely possible that seeing a US residential IP address is what started this case. I can't really tell without seeing dated search warrant applications.
The latest PDF[2] states:
In discovery, the Government has declined to provide any information related
to its TOR operation. The Defense therefore researched and drafted a motion to
compel such discovery. In the course of this research, the Defense discovered an
exhibit filed on the public docket in at least two federal cases with similar issues
(“Exhibit 2”). The document is partially redacted, purports to be the work of a U.S.
government agency, and is marked “Top Secret.” Outside of these public docket
filings, Exhibit 2 is widely available on public internet sources. A Google search for
Exhibit 2’s title yields 102,000 results. All of the top results apparently provide the
document itself, and most of these date back to 2013.
That would likely be a reference to something leaked by Edward Snowden given the year mentioned.
> Perhaps, but the only references I saw to 2019 in the criminal complaint[1] were with respect to Tor and his phone. I don't know if he was actually under surveillance that early or if this is just stuff they later found.
From a doc I found[0] he was under aerial surveillance (aka, the FBI Cesnas {related [1]}) since June 2018.
Also some of the facts in the case are...well this is from doc [0].
> Some of the surveillance footage is itself incriminating. (See Doc. 5, pp. 50-51) (asserting that Mr. Alazhari’s travel on certain days in May 2020 shows that he was “scouting targets fora potential mass shooting attack.”).
Out of curiosity, will we get more detail? Presumably the FBI would need to reveal to somebody how they obtained this information in order for it to be admissible as evidence ("he did this, trust us" probably won't fly in court), but is there a legal means by which they could do that without revealing their exact methods to the general public? (I don't actually know what the law says on this subject.)
Parallel construction. They use their real methods to identify the user, then once they know the user, specifically target them with simpler known methods to build evidence for the case. In the court filing, they present evidence that they've gained through known methods which don't work all that well unless you already have a suspect, but they actually caught the suspect using methods that are not public (and won't become so, unless there's an internal leak at the FBI).
But if they were using parallel construction, surely the criminal complaint wouldn't make claims they can't prove using the non-secret chain of evidence, right? Here the court filing alleges that the FBI knows what IP address the defendant used to visit a Tor hidden service. Don't they now have to prove that claim if they want the prosecution to succeed?
They also know what specific pages on the offending websites they accessed.
I'm wondering if the classified document wasn't about tor, but about the 'implants' aka malware that were leaked in the same set of Snowden documents.
I think as much as tor being broken in some fixable way, they'd like it known even less that the FBI installs malware on the devices of persons of interest who haven't been convicted of anything.
If they truly can't break Tor and they deem the person of interest important enough for "national security" then I don't think anyone who has studied history, American or otherwise, believes that they are going to throw their hands up and say "welp, that's it."
Or in the case of Ross Ulbricht, just makes up a story about how he was trying to kill someone by suggesting the idea to him. Then uses that to justify an investigation that just happens to be a dead-end but conveniently gathers a bunch of other evidence that is relevant to another case.
I think it's commonly known, maybe not proven, but also it's a case of can they? yes. Would they? yes. As long as you agree with those two premises it's pretty likely
Genealogists use parallel construction to build out their families. Data from a large variety of sources gets used to indicate and corroborate individuals.
It's rather annoying that the initial knee jerk reaction to any negative take on authoritarian government action is labeled as a conspiracy theory to try to discredit it.
The CIA did a great job getting that word out there. It's sad it's used to dismiss credible and logical conclusions so readily.
> it's more likely that than the FBI running thousands of servers.
Why not both?
From my experience over the years doing datacenter/transit/fiber/etc. type of infrastructure - just assume a government agency of some sort either outright operates an exit node, or has a wiretap on it. You can be the most trustworthy person in the world operating in the name of freedom - outright working for a say a colo provider. Unless you are the CEO, legal team, or the individual engineer responsible for it - you will have no idea you are also operating an exit node under surveillance.
I'd put money on well over 50% of the world's exit nodes being packet captured 24x7.
In WWII the Allies didn't want the Axis to know they had cracked Enigma. They used what today might be called Parallel Construction in order to make the intel look like bad luck and/or spies. They had to let some attacks happen because there was no way they could have known about them without decrypting communications.
The FBI running hundreds of servers is fairly likely, and could give enough data to suggest that all of their information is just grunt detective work.
> We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if we disabled JavaScript by default because it would cause so many problems for them.
That said, popular websites on/for Tor are free of JavaScript and they have implemented everything (such as captchas, or the "JavaScript is enabled" warning, and so forth) using pure HTML and CSS. They do use OpenResty[1], too, which is NGINX + Lua. Good stuff.
LibRedirect (https://libredirect.github.io/) can proxy Imgur, Fandom, Medium, and other links to no-JS alternative proxies, though some of the proxies are down or have broken Fandom images, and you have to disable the specific websites so you won't be redirected again.
It's called SSR, but unless you invest a ton of effort into architecture, it won't fallback to the point where buttons and links still work without js, it will just render.
if it's statically generated, yes. you can write an entire site in React using eg GatsbyJS, and it will be built ahead of time, and pages will be available as static HTML.
The NoScript approach is dumb because it easily supports temporary and permanent white-listing of sites, which is agreeable to many (but still problematic depending on what your risk profile).
With NoScript’s current approach, you get ruined when your JavaScript-free-optimized starts sending you nasty JavaScript.
JavaScript used to be disabled by default but too many users were complaining about pages not working. It's not very useful if you're a CFO trying to leak financial documents to a journalist but the website won't work.
Tech-literate people use JavaScript.enabled=false in about:config.
My favorite theory is that the US, China, NK, Russia, Israel, et al. are all running a large number of malicious servers, all of which adds up to a secure Tor network, since they'll never cooperate
I wish! But there most be some return on investment or they wouldn't be doing it. Tor is so much faster than it used to be so I think it is likely there is well resourced person who is up to something on Tor .
If nation-states stop running servers, then the last one standing gets control of the network. The ROI is defensive (denying your adversary a resource), rather than offensive (dominating that resource yourself).
> [...] it’s certainly possible that the NSA did the surveillance and passed the information to the FBI.
We already know that the FBI passes information to local law enforcement agencies and tell them to do parallel construction when the information was obtained illegally, so why not the NSA too? It's probably easy to deanonymize Tor traffic when you see everyone's Internet traffic (they don't even need to setup exit nodes).
I would not be surprised given that Tor was specifically created to anonymize the traffic of US spies. It was released to the public to give plausible deniability to the spies. A new protocol that ONLY spies used would be obvious to track down, no matter how much encryption it had. But if everyone is using it for different purposes then you have to actually have to break the encryption to know if someone's using Tor to check in with the CIA or if they're just so paranoid that they insist on surfing Wikipedia with it.
After reading Edward Snowden's autobiography (Permanent Record, great read), I feel like Tor, end-to-end encryption and similar solutions/products are basically a dagger through the heart of intelligence services. As such, I find it hard to believe that they knowingly gave the public such tools. And if they did, it sure as hell backfired on them.
It is not a "dagger to the heart", it is something they have to take into account.
What makes things harder for them makes it harder for the enemy, and vice-versa.
If anything, maybe it will help intelligence services realize that gathering intelligence is only half of the job, keeping secrets is the other half. Well, maybe they already realized it and we are not aware of that (it means it worked). But at the time of Snowden's leaks they failed big time. While most people focused on the content of the leaks and arguing about whether Snowden is a hero or a traitor, what I mostly saw is a guy who managed to break the security of the NSA. If a single guy can do that, what about trained spies backed by world power gouvernements? I guess countries like Russia and China already knew everything there was to know about the NSA. I could go for some "master plan" conspiracy theory, but my guess is just that the NSA is incompetent, or at least it was at the time of Snowden. Maybe that "dagger to the heart" is more like a wake up call, I hope for them.
Tor was developed by the US Navy. The military understands how crucial encrypted messaging is, and doesn't particularly care whether or not it's a dagger through the heart of other TLAs. In a bureaucratic battle between the military and domestic intelligence agencies, the military wins.
And additionally funded by the US State Department to provide anonymity for users seeking political expression in countries where that expression may be dangerous.
For very obvious reasons you don't need to run any nodes, craft any malware, or scrutinize a target's layer 3+ OPSEC, in order to break Tor. You simply go to tier 1 ISPs and buy up IP datagram headers going to/from entry nodes and you win. The only solution is a constant rate of fake traffic to the guard node.
Why? Snowden said they do traffic anaylsis on everyone, including phone calls. They find you via other means if you are not extremely careful like Snowden himself.
Discussion about these issues has been stifled since critics like Assange and Applebaum have been smeared (but not prosecuted) with sex charges and Greenwald is being depicted as a conspiracy theorist.
> After reading Edward Snowden's autobiography (Permanent Record, great read), I feel like Tor, end-to-end encryption and similar solutions/products are basically a dagger through the heart of intelligence services. As such, I find it hard to believe that they knowingly gave the public such tools. And if they did, it sure as hell backfired on them.
I have heard it somewhere but using Tor or end-to-end is like using armoured car to transport money between park bench and cardboard box. If someone wants you compromised, you will get compromised, it only matters how many resources they are willing to throw at you. And for average person, it's not a lot. So best way is to blend in. And using Tor, end-to-end, VPN(full of people with something to hide, it would be stupid not to infiltrate or honeypot) will make you stand out, you might even peek someone's curiosity. Not a very healthy way to operate on the Internet...
> If someone wants you compromised, you will get compromised, it only matters how many resources they are willing to throw at you.
Wants who compromised? What are they going to do against people who use no pseudonym and never originate from the same machine or the same physical location?
E2E and onion routing are potentially problematic -- if they aren't compromised by the government. When controlled by the government, they can lull the targets of government surveillance into a false sense of security. For instance, the government-run Anom[0] network that was completely compromised, but claimed E2E encryption. I wouldn't exactly call it a dagger through the heart of government sigint activity.
BBC which is run by BritishIntel Services, one of the very first things that they did when the war in Ukraine exploded was to set up many new TOR nodes
But yeah, TOR is certainly a double edged sword, but I am led to believe that they assess that it's offensive capabilities to pierce against Anglo-Oligarchy enemies offsets the drawbacks it produces on how they themselves deal with homefront dissidents
My take is that, well, yeah, that's one of the benefits of having overwhelming power and capabilities, that they can afford to take one or two punches in the nose, if that means that they will beat the ever living shit out of their actual enemies
> The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm
Based on what little I know of SSL, this suggests the server was compromised too? Or does tor do a bad job of certificate pinning?
Edit: Or the clients are/were compromised. Or the suspect’s computer was compromised. Or they can somehow decrypt traffic between client and server.
> Based on what little I know of SSL, this suggests the server was compromised too?
Not necessarily.
If a passive snooper knows I used Tor Browser to make an SSL request to en.wikipedia.org and received 987,654 bytes then immediately made a SSL request to upload.wikimedia.org and received 1,234,567 bytes that might be enough information to work out I visited https://en.wikipedia.org/wiki/National_Security_Agency.
That size-inference side channel leak has been patched for years, random padding is added between hops to mitigate this.
It is large files / DDoS going over the network that is still hard to obfuscate.
Which is why TOR is intentionally slow, especially when requesting larger files. If it wasn't, you could watch the lump of data traverse across the pipe.
Unless I'm missing some info, I don't see anything that points at them finding all this info through Tor or the server. They identified the user AND 'also found what specific pages Al-Azhari visited'. That could've happened from his PC after they arrested him. Language like this is always ambiguous in order to give out as little information as possible while still providing some.
To catch every random person visiting a site you do need to control most of the Tor nodes which is probably affordable for the three letter agencies.
To catch one specific guy doing one action one time that he might do hundreds of times without getting caught but he only needs to get caught once to get punished, if you only need to succeed 0.1% of the time you only need to own 0.1% of the nodes, as a simplification.
There's also the incredibly valuable chilling effect that he's being found guilty in public opinion of having read the wrong website once. If millions of people read the "wrong" website a dozen times a day for decades, you only need one bust in a couple billion accesses to generate massive propaganda that reading uncensored badthink is and should be punishable.
I'm not sure, it's been known for a while that javascript can be used to deanonymize Tor users and unfortunately most websites need JS to even begin to function so there's an incentive to leave it on. If criminals were more tech savvy maybe needing JS would become a red flag for any criminal sites, but you'd still need the discipline to not visit any other sites.
I don't think that is how timing analisis works. User can say to "entrance node" that it is also a node and that is how it can deny that it is originator. "Entrance node" doesn't know its position in a chain. Only Exit node knows its position.
I don't think that's totally true. At least, it's maybe superficially true but not in a real world sense. The entry node can see your IP by virtue of the incoming TCP connection and it's not hard to figure out if an IP is a Tor relay or not. The list of known relays is a list that you can just go and get. If it's not a relay, then it's a client, and you're the entry node.
No, this is not the timing attack I was thinking of. Your version of timing attack comes from inside tor network and that is solved by Entry Guards.
And besides you can also be Tor relay and a client.
This attacks are just bugs that are fixed.
The real timing attack that is not fixed and will not be (it is not in threat model), is when your ISP works with police (that has warrant) and gives them data. And police also controls server or exit node.
Possibly you replied to the wrong post; I don't know anything about timing attacks. My post was about whether the entry node knows that it's the entry node.
"The Tor Project suggests the perpetrator compromised the network via a "traffic confirmation attack".
This involves the attacker controlling both the first part of the circuit of nodes involved - known as the "entry relay" - as well as the exit relay.
By matching the volumes and timings of the data sent at one end of the circuit to those received at the other end, it becomes possible to reveal the Tor user's identity because the computer used as an entry relay will have logged their internet protocol (IP) address."
See my reply above, this are just bugs that are fixable.
"Timing attack" that will not be fixed is when police has warrant for your ISP, and police has ISP logs and destination server logs. (so it can compare the two)
Not related to Tor, but food for thought regarding anonymity...
Quite a few people online wear multiple masks. You're that wonderful professional on linkedin with your full name on display, the ideal grandson on Facebook, but also a Twitter shitposter and toxic gamer under the disguise of anonymity.
Its worthwhile to consider the anonymous version of you. I'm imagining that it won't take long before a few dots can be connected. Not by the FBI, surely they already can, but as a public service. AI reverse engineering your clicks, writing style, whatever other input.
Meaning, if there's a "socially less accepted" version of you, do worry. It seems inevitable to me that they ultimately get linked back to your true identity.
And to be clear, this isn't just about a burner account to let off some steam. Anonymity is also used to freely criticize employers, political ideas, the establishment in authoritarian regimes, and it's an essential defense for people/groups that are often the target of harassment.
To illustrate how easily this can go wrong, recently a giant Twitter dump resurfaced. It turned out to be a cleaned up 2 year old file, but it did send a lot of people into a moral panic. Specifically, some made the mistake to link their real identifiable email address to their burner account.
The bottom line is that anonymity is fragile and unlikely to last.
I have a Glinet[0] router that has Tor functionality and 'torifies' your connection, so even if there's some JS 0day that executes trying to decloak me, the adversary just gets a Tor IP instead of my home connection IP.
Note: I connect to Tor from my torified Glinet router which is doing Tor-over-Tor which is considered 'dangerous'[1] but I do it anyway.
This might be overkill for most, and I'm not doing anything illegal (I mostly browse clearnet sites instead of hidden services anyways).
If you read through the 10 year old presentation linked[0] you'll see they have ways to break just running over Tor. You really need to be running Tor on the machine, possibly via a VPN (like Mullvad or VPS+Wireguard/SSH), and either using Tor Browser, Whonix/Tails, or QubesOS.
My (updated) understanding is that running all things via Tor is slow without as much benefit as just a normal VPN and that if anything you use throw away VMs or Tor Browser sessions to avoid any way to correlate. Also note that a well known attack is simply knowing a connection is currently happening (preferably a long-running one) and cutting off the internet in suspected areas until the connection drops. So I guess either you need to avoid long running connections (I think you could do this in the local firewall?) or have redundant network connections like Dual ISP or ISP + LTE on something like Opnsense (cause wow, is it difficult to do this on Linux. I intend to blog about it someday soon).
A person might still use Tor because they would rather have only the Feds know what porn they look at rather than have the Feds and everyone else know what porn they look at.
I will never understand people who do illegal things over their own IP. Is it really that hard to find an open access point? Way back in the day when I torrented all my content I used a long-range wifi antenna connected to a public AP and a dedicated PC with a scrubbed drive that never connected to my home network.
> Also- the secret about torrents is that nobody really gives a shit.
That’s not true in some places like Germany. Just a few seconds of uploading a somewhat popular movie or porn without a VPN will get you a C&D + fees letter.
Yeah, because it's lawyers working for the rightholders sending them, not ISPs. You can sometimes get out, but only by replying properly, ignoring then will end in court.
Can confirm. I slipped up for a few seconds once while torrenting. My cease-and-desist letter from Sony was personally delivered to my door by the Hausmeister.
>According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019.
This is cherry-picked out of a larger case because we care that they know any information about what they did via Tor. I don't think he's specifically been arrested for visiting a website even one like an ISIS propaganda one.
The long-range wifi antenna has always sounded like an opsec urban legend to me. You'll be able to transmit signals to the router, but can you really receive them with any sufficient fidelity if the router itself does not also have a long range antenna or unusually high transmission power?
Disclaimer: I'm a total noob at anything radio or electronics (and would appreciate an education on this topic from someone who isn't!)
> A 10dbi gain yagi boosts your transmitted and received signal equally
I don't see how this can be true, as long as you're not arguing semantics and actually want to use the wifi. Wouldn't you need two identical routers outfitted with high gain directional antennas pointing at each other? That's easy to do when you control both of them, but the subject under discussion is connecting to public wifi of a router you do not control.
Surely a big antenna pointing directly at a router with a tiny antenna will send signals with more clarity than it receives them. The tiny antenna is broadcasting a weak signal in all directions, and the big antenna is transmitting a strong signal in one direction.
I believe that the big antenna could "pick up" some parts of the radio waves from the router, but wouldn't most environments be too noisy for your receiver to find any useful signal? By the time the already weak radio wave gets to your antenna, it's dissipated so much that you couldn't possibly read enough of it to put a meaningful signal back together, right?
using such setup wouldn't prevent anyone from finding you if you did illegal things that really mattered, like donating to a terrorist organization
you can proudly use it to download torrents (because nobody cares and the feds won't triangulate a signal for torrents), but they can definitely do it for terrorism and intelligence matters.
(check out all the stories of spies who had radios, from the 1914 to SOE to cold war)
As a bonus, you even post your story on HN, a site where analysts from all the governments and major companies of the planet meet to talk about tech...
McDonald's has video cameras pointing at every inch of their property 24/7. All they need is a timestamp from the AP and they'll go find your license plate in the parking lot on the surveillance tapes.
What kind of idiot drives a car with a valid personal license plate while committing crime?
I don't even drive a car when I'm selling shit on craigslist for fear they'll look up the plate and do dumb shit when they're mad the drill I sold them has normal battery life.
Most criminals (they're risk takers) don't really think these things out and a large percentage of them get away all the time. Stuff goes wrong, footage goes missing, cameras don't work, prosecution bungles some rules, etc.
Tor has a lot of pretty gnarly trade offs that will naturally keep usage low outside of people who really need it. The latency is nontrivial, exit nodes are congested and lots of sites don’t want to deal with Tor because so much abuse flows through it. Tor definitely has a similar problem to like voat or gab: a community with a strict no-witch-burning philosophy ends up filled with witches.
No offense but TOR is just too sluggish to be really useful unless you're a gay pirate assassin (or one of those three components)[0].
It has basically all the drawbacks a VPN has (most sites will distrust you on recaptcha, speed bumps, sometimes a connection gets timed out or dropped) whilst having a shitton of latency on top of that because y'know, it's free. There's always been more people willing to use TOR than the server space needed to prevent overburdening the network (in no small part because running the server space needed usually incurs significant legal risks since congrats, you've now become a target for law enforcement to bust your door down and ask why an IP you own a machine on is being used to upload CP to the clearnet - few people want to deal with this scenario for blatantly obvious reasons).
This isn't really something you can fix, it's just kind of an inherent issue with the protocol.
> in no small part because running the server space needed usually incurs significant legal risks since congrats, you've now become a target for law enforcement to bust your door down and ask why an IP you own a machine on is being used to upload CP to the clearnet - few people want to deal with this scenario for blatantly obvious reasons
Have you used Tor recently? I don't find it to be very slow. It's obviously not Gigabit but for just reading web pages it is more than enough. See https://metrics.torproject.org/torperf.png?start=2012-01-01&... - and that recent spike in latency only exists because of some DDos attack (I think).
It's about the same it's always been from roughly 2015. I've used it maybe 6 months ago to get around a YouTube geoblock?
What this graph doesn't really unveil but is so crucially important is that webpages have gotten a lot heavier over the years. In the past, you could visit most websites at a half-decent speed with a regular landline connection. Nowadays you need to download several megabytes of content before you can even load a page in properly.
Yeah, I think the FSF/EFF suggestion is for people to use TOR as much as possible. But that’s completely impractical day to day from my POV.
I recollect a case a few years ago, where they tracked a guy down on a campus through traffic analysis in a fairly quiet environment Torwise, and both endpoints were on the campus.
Realistically, what would need to happen for it to not be the case? How many millions or billions of people would have to use it before the government would give up and stop looking at you if you use it?
In order for that to happen you first need to convince people to either accept the hit in connection speed (which is terrible over TOR) or you need to significantly increase the amount of nodes on the network, the latter of which isn't going to happen because of the legal risks, which act as a chilling effect.
I interpret op to be suggesting Tor isn’t as anonymous of one who conducts illicit activity would assume. That seems to be the trend time and time again.
The fact that the three letters do more than spying on possible threats/terrorists, in particular, their practice for trying to cultivate future "agents of change" should send chills down the spine of any well paid and well educated tech workers.
I do believe that most people on HN qualify as "interesting" to these forces.
From Bruce of all people, this is a wildly provocative, unsubstantiated claim about routine takedown behavior from the feds.
I mean, nobody hates the gov side of the cryptography wars more than me, but this type of article is well below table-stakes for discussion. Especially by legendary professionals of repute like Bruce.
It's very disappointing to me. The price of clicks truly deconstructs the modern man's integrity...
There's a court document from a defender specifically referring to the evidence the FBI is presenting. Lawyers can be severely sanctioned if they lie in a briefing, so the lawyer drafting that has certainly seen a court document by the FBI stating that they got the IP of this user despite Tor. Bruce never claims more than that.
"Got the IP despite Tor" might just be user error, visited the site once with Tor disabled, or logged into the same account elsewhere with both their clear IP and their Tor browser. The exact same thing that happened to Silk Road.
That's possible, but the blog never claims otherwise. In fact it says "There are lots of ways to de-anonymize Tor users" so I think it's unfair to say Bruce is making unsubstantiated claims.
My take on it: He's sending out a reminder that Gov retains ability to extract people it wants from encrypted comms. He may have noticed a downturn in similar news stories.
That we don't know the methods used here, this seems to emphasize the old reasons to live in caution.
Section 702 is up for renewal soon. I don't think it is a coincidence Bruce is bringing this particular case now. It seems like he is trying to add fuel to the "repeal" fire.
Bruce has also been hardcore anti-cryptocurrency. From a pure cryptography perspective the innovations around zero knowledge proofs are very intriguing and it’s highly unlikely they would have happened as quickly without the monetary benefit of cryptocurrency pushing such research forwards. However Bruce is an extreme statist, and if he had his way I’m sure all cryptography would be backdoored.
This is, without a doubt, the craziest thing I have ever seen pushed out by a someone who purports to know something about cryptography, law, and political advocacy:
Could be a lot of things. Could be the FBI runs the site and specifically targeted him.
Or they run the site and it has some sort of browser exploit.
I'm guessing the first though. That they set up the site specifically to target him. The rest of the investigation involves them running eBay accounts to sell him weapons and such. Seems like the whole investigation was borderline entrapment to be able to arrest him on something.
No, it isn't. That's not what he was charged for, it's just one piece of evidence in the case:
> “From Mr. Al-Azhari’s attempt to acquire firearms through unlawful channels to his desire to provide material support to a designated foreign terrorist organization, it was clear Mr. Al-Azhari’s intention was to carry out an act of violence,”
> According to the complaint, Al-Azhari was an ISIS supporter who planned and attempted to carry out an attack on behalf of that terrorist organization. Al-Azhari, who has a criminal history that includes prior terrorism charges in Saudi Arabia, attempted to purchase multiple firearms over the course of the investigation, before acquiring a Glock pistol and a silencer. He also expressed admiration for Pulse nightclub shooter Omar Mateen and spoke of his desire to carry out a similar mass casualty shooting. Additionally, Al-Azhari researched and scouted potential targets in the Tampa area, including Honeymoon Island. He also rehearsed portions of an attack and the statements that he would make during or in connection with such an attack.
I’m interested what the case law is for arresting someone for intent to perform a heinous act. I’ve heard a lot from stalking victims and the like that often times police will refuse to do anything until the stalker has assaulted or murdered the victim in question, despite clear indications the stalker is actively planning to do harm.
There are plenty of laws about, say, attempted murder. Also, it’s possible for somebody to be convicted of shoplifting even if they’re nabbed before they leave the store if it’s clear that they were in the process of stealing items ( https://en.wikipedia.org/wiki/Attempt ).
“Conspiracy” makes it sound funny, but the basic idea is that when multiple people (and “multiple” means “at least two”) have conversations about committing a specific crime and one takes concrete steps toward committing that crime, then all people involved can be punished for conspiracy. Of course, the ones who were undercover agents don’t get punished. And the fact that the plan wouldn’t work doesn’t matter. If the FBI sells fake explosives to somebody and that person plants them outside a building and tries to set them off, the fact that they were fake doesn’t help them beat the rap.
The issue with stalking is that there isn’t a law against being in the same area as somebody else (unless there’s a restraining order). So, unfortunately, the police can’t make an arrest until a law is broken or the potential stalker at least tries to break the law.
I guess my confusion here is why stalkers aren’t arrested for intent to commit assault or murder in a similar way, I mean, this guy intended to help terrorists but he was largely doing this through otherwise legal channels like purchasing weaponry? What if a stalker buys a weapon, repeatedly tells a victim of planned murder plots, etc?
> What if a stalker buys a weapon, repeatedly tells a victim of planned murder plots, etc?
They're probably still committing a crime. The thing with terrorism vs stalking though, is the budgets that are being spent on preventing them. It's also the level of Law Enforcement that does the investigation. Local PD is much less capable and has much less man power than the FBI.
Also, in case of 'tells a victim of planned murder plots' this often happens in person with no record existing. This happens about as often as fake victims saying someone is threatening them. So it's hard to judge whether any report of death threats from a stalker is real.
I've personally worked on stalking cases and until you've got actual irrefutable evidence of a stalker having made threats, it's always a gamble. Even letters and messages are being faked by pretend victims. Overreaction by local PD, without evidence, is how people get shot when they get swatted.
Staking and terrorism are not the same. The FBI gets a boost to their career if they get a terrorism conviction, but there's no such incentive for more normal crime.
I doubt the Tor user was identified on the Tor network.
Most likely his Bitcoin donations gave him away, since Bitcoin is far from anonymous. He might also have left other clues such as an email address which he accessed from clearnet.
Anyway, it's pretty obvious LEA cannot identify Tor users en-masse. There have been several CP websites taken down which had hundreds of thousands of users, yet they only managed to arrest the website administrators. Only a handful of users were arrested, and mostly because of dumb mistakes.
>I ran a tor webserver for discussing geopolitics with friends on a pi for a few months before finding it had been compromised.
Not the fault of Tor. HSDir nodes could snoop on announced v1 .onion adresses. This isn't the case anymore for Onion v2 addresses.
But even if an attacker has the onion address of your webserver, he needs a way to compromise it.
Either through a vuln in your website or your webserver.
I've found the clearnet IP of some darknet markets by typing their <title> into the text input at search.censys.io. That's such poor opsec that I have to assume I identified a phishing proxy to the market rather than the actual origin server of the market itself.
It is really hard to believe that a malicious actor is throwing expensive tor 0-days at random onions.. or your website to "discuss geopolitics with friends" was a bit greater.
In both cases you could run a honeypot to catch 0-days.
the webserver was a simple nanohttp hackup on the oracle jvm, so Ill take some convincing java has an rce in its network stack, and they disguised it by spawning a process on the tor user after hacking the OS and covering that up sufficiently to leave no other evidence.
The only reason I spotted it was because I was checking for compromise by comparing any file/process changes every few weeks.
It was a few years ago, my guess back then was tor is the honeypot, given what happened recently with encrochat I wouldnt be surprised if a few years down the line it turns out it was.
Or maybe I misconfigured the server, or maybe the binary I used for tor was compromised, it was as much a test for whether I could trust tor as anything else and it failed. delete, move on.
It's very important to note that according to this document the FBI was able to both
- Obtain the person's IP
- Decrypt the person's traffic to see what pages they visited
I honestly do not believe the second is possible so it makes me question the validity of the first. I have a feeling Tor itself wasn't the issue, but rather something else.
There are known ways to de-anomymise tor users, but the article doesn't mention these are known (probing for alternative unhandled routes like non TCP) but also js etc can be used to recover real addresses etc. Omission of facts is a bit misleading unfortunately.
At some point I am confident that the mainstream use of the internet will evolve into something very similar to Tor. It will protect user privacy in ways that can't be defeated without machine access/user idiocy. We will look back on the days of our ISPs logging every single action we take, into perpetuity, to be forever used against you, as the dark ages.
Isn't all propaganda unofficial? It's not like there's a stamp on it ("This Propaganda was Approved by the Secretary of Media for the Islamic State"). Don't be fooled by that counterfit propaganda! Only buy the real deal!
Not at all. States can produce their own (and thus official) propaganda, but affiliates or supporters can do so on their own as well (unofficial).
When the ambassador of some country purchases advertising space in a national newspaper in the country they are stationed in and uses that to publish a letter or pamphlet, then that is likely officially sanctioned propaganda (the Chinese ambassador did this in the Netherlands to present the official Chinese view on certain matters related to China debated in Dutch media some years ago). That particular instance literally came with the stamp of approval (or rather the ambassador's signature).
Tor Browser by default it's useless, as it enables Javascript. Links+ with 127.0.0.1:9050 as the Socks4a proxy, enforcing everything connected into proxies (it has a setting for TOR) and not allowing cookies would be a safer option.
If the user's data passes through nodes owned by one entity or their partners in this case NSA, FBI, GCHQ etc, it's going to be quite easy to find the origin IP...
I know that Nord Security the company that own nordvpn has acquired AtlasVPN and I also know that the VPN market is quite concentrated, 7 companies owns dozens of brands. I would like information on those acquisitions... have I missed some important news?
I would like to know because NordVPN, while not as hardcore on privacy as mullvad, is still providing a useful service for protection against an untrusted wifi and geofence jumping.
do you agree based on your understand that if this TOR user had used Mullvad VPN services (or equivalent) he would've been fine/not detected by the FBI?
Oh oh I know! 38% the US government, 36% individual donors (people like me), 16% private foundations, 5% other (not US) governments, 9% corporations and 1.5% "other"
exactly. this isn’t to say that US agencies have backdoors written into TOR per se, but they have had TOR delay the patching of exploits in order to achieve the same end
I'll put it like this: if parts of the US government are using exploits to de-anonymise TOR users, which is hard to dispute, and they're funding the TP, which they are and always have done, and they're the US government, which has never had any qualms about interfering with companies that aren't funded by them, never mind ones that are, why do you think they wouldn't delay patches in order to maintain an exploit?
the US collective funds TOR so that they can exert control over the field of play, or even just keep it in sight. perhaps that control is relatively small and only used in extremely high-profile cases, but that's more useful than nothing at all
it's a parenting paradigm: it's safer for your kids to drink at home than out at a bar or in a park somewhere, because at least at home you can keep an eye on things
Not quite. The guy who wrote Tor can be clearly seen to have been studying a lot of these things in the later 90s, and it was pretty much always public, but only developed after he got the Navy to get him an NSF grant. Hell, in one slide he had made back then, he was even well-aware of some of the fundamental vulnerabilities in the protocol, and the (still too expensive) mitigations for those flaws, so it can't even be said that anything was concealed.
If we go back further to the original concept of chained anonymous remailers as envisioned by Chaum 40 years ago, it gets even harder to claim something like this.
Well, not all the exit nodes by now. But many of them.
Most people are probably leery of running an exit node, because its traffic is in the clear (modulo ssh) and often connects to disparate and shady servers.
This is what I've never understood about Tor. What possible incentive does anyone have to run an exit node? Seems like nothing but a liability for some extremely awful stuff.
There is no incentive to run any node other than feeling good about it or using it for intelligence purposes. It's a volunteer thing. But to run exits you just need a host who won't kick you for every single abuse notice.
The FBI has also continued to run CSAM websites after takeover to collect intel, and likely run honeypots for other content.
If your adversary is a state actor, particularly the U.S., tor alone is not sufficient for anonymity. It's fairly safe to assume they have the ability to deanonymize you. Your only safety net, it seems, is the value of other targets relative to you when it comes to them burning their "golden ticket" zero day. And even then, you're at risk of parallel construction.
If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
https://www.wired.com/2017/03/feds-rather-drop-child-porn-ca...
Edit, pulling up from the threads below:
Tor is just a layer. You still have to take measures to separate your identity from the device, the behavior, and the location.
When tor falls, the next question is "what do they see?" You have control over that.