> Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000.
One thing i didn't catch is how they are sure that this is "one" great actor. Surely some of these servers were registered with the same fake mail address, but it seems that otherwise they are spread around the world and pretty anonymous. Did i miss something?
Not really related to the article, but what's the origin of picutres like the one used in the article? A few years ago https://www.humaaans.com/ was all the rage, is this something like this too? I can't imagine that each of these images is individually produced, I feel like they are assembled, but I can't find the origin.
Edit: answering my own question, https://blush.design/ (link found on the humaans page) has things that look a lot like that. So that's probably the origin. There are multiple artists listed on the website (https://blush.design/artists) but I can't tell which one did what. I can understand that it's very practical to be able to mix and match parts of images like that, but I personally find them very unappealing. But seeing how much they are used, maybe most people like them?
Eh, it's more common than that. I worked for a roboinvestor tech company that paid an artist to draw a bunch of this crap. The deal was that it was supposed to appeal to Gen-Zers, with diverse racial cartoon characters doing their best not to look like they were at work. It seemed super cringey to me at the time
Honest question: What would be the use case for Tor, as is compromised[1] and painfully slow (judging from my personal experience, using it in the US and Asia, across the years). Is there any occasion where it will be better to use Tor than your self-hosted VPN?
A point-by-point look of your source is a bit much for these comments (and they raise some great points that I either agree with or can't thoroughly rebut), but there's some interesting things in there that make me question the poster. They exclaim against being accused of spreading FUD, but use extremely emotional language and talk in absolutes when the reality is much less clear.
For example, they say "2017 court case proves FBI can de-anonymize Tor users", but immediately handwave the how away, because it's classified. Well then, that's not really a strong proof of Tor being compromised -- there are several ways the FBI could de-anonymize Tor users that have nothing to do with Tor itself (people being compromised by javascript, people posting pictures with metadata, people linking back to real-life accounts, people inadvertently posting identifiable information, people posting quasi-identifiable information that is correlated over time, people downloading XYZ that has a beacon in it, etc.)
I also can't help but wonder, if Tor is so thoroughly compromised and just a glowstick, why would the author finish with:
>For those who still want to access the Tor network, doing so through a reliable VPN service will add an extra layer of protection while hiding your real IP address.
If it's compromised to the core, a glowstick for LEA, enables the US government to "do spooky stuff", why bother giving a half-ass endorsement at the end of a hit piece?
It comes down to statistics. Using a VPN you are using 1 entity, so all a state actor needs to do is view that one entity's traffic. This may be time consuming and legally challenging if the entity is trustworthy and has servers spread across the globe, but there is still only 1 point that they need to monitor - I suspect many VPN service users are not randomly switching servers. You said "self hosted" VPN which if you are doing that at home it provides no anonymity (which i'm assuming is the point of the comment since the context is Tor). If you host it at a server you are anonymously renting (good luck doing that without opsec failure), it is still only your traffic there, you have no benefit of blending in with others.
With Tor, you can be assured that your attacker needs to monitor more than some % of the network (which can be done either by running nodes themselves or having a wide view of netflow data). Alphabet soup agencies are capable of this, but these attacks are expensive and non-trivial which is why historically the FBI and such use browser exploits the most. You shouldn't rely on Tor alone to protect your life if your adversary is highly skilled or funded, but chalking it up to a VPN is completely discounting the benefit gained from a larger anonymity set in the world's biggest onion routing network.
Wow there's so much FUD, hyperbole, and rigged language there. "Interesting" exchanges alright.
They go ahead and make FBI and backdoors bold to shock the reader but conveniently rest of the context is left out. The actual context being Roger giving a talk about Tor at one of these conferences where you also have government entities voice their (guess guess) desire for backdooring and wiretapping the internet (while tech people from the industry aren't convinced). The same shit you see discussed openly in the public all the time anyway, probably just with more pleading from the FBI because it's so hard to solve crime without industry's help. Nothing unusual here. The wording of this fudpiece sounds like it's trying to implicate the Tor developer in planting backdoors for the FBI, which is not at all what the exchange is about if you read the context.
"Tor privately tips off the federal government to security vulnerabilities before alerting the public" is also complete FUD. I'm so glad I read the whole stack of FOIA'd documents before this text.
The context here is that BBG (Broadcasting Board of Governors) is using Tor to circumvent censorship in places like Iran, China, Saudi Arabia, and Russia. Alright you can call that a propaganda arm of the US government if you're so willing, but anyway, Tor is one of the tools they rely on. They need Tor to circumvent censorship, so they need to address vulnerabilities in Tor that make it easy to censor.
This "vulnerability" isn't one that FBI uses to catch a drug dealer or a hacker, it's a vulnerability that makes it easy to fingerprint and block Tor traffic. Now Tor's use has historically been quite easy to detect and block (see e.g. this FAQ entry from 2008 [1]) and fixing that has been a long road, I don't know where exactly they stand today. The "vulnerability" is just one among many and the possibility of fingerprinting TLS has been mentioned in the FAQ. It's not the kind of vulnerability you would have to scream and alert the public to (they should've already been aware that it is possible identify and block Tor traffic). Rather, it's something they should quietly research and figure out a solution to and hopefully stay ahead of the game w.r.t. regimes that may attempt to block Tor.
Discussing the draft proposal for fixing this TLS fingerprint vuln with the people who they are working together with to keep Tor useful in Iran etc. is exactly what the Tor project ought to do! The fact that these people happen to be employed by the U.S. Government doesn't seem particularly relevant. But suuure, "privately tipping off the feds to a vuln while keeping the public in the dark" is a nice way to twist it.
Here's the thing, there are issues with Tor, there are issues with anything because there is no technical solution to perfect anonymity. I would not bet my life on Tor. But knowing what it's good for and what its limits are, Tor is a very useful tool, and IMHO it can only get better if it gets more users and more relays. I would always recommend being vigilant and looking out for bugs, backdoors, and other sketchy stuff, but this fud piece just doing a disservice against itself with all the hyperbole. It sounds more like they've got an axe to grind.
> The original Tor design was easy to block if the attacker controls Alice's connection to the Tor network --- by blocking the directory authorities, by blocking all the relay IP addresses in the directory, or by filtering based on the fingerprint of the Tor TLS handshake. Some government-level firewalls could easily launch this type of attack, which would make the whole Tor network no longer usable for the people behind the firewalls.
Sect. 7.1:
> Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes
I wish that Apple had chosen to use Tor for their private relay feature instead of building their own (closed) system. It could have been a huge increase in traffic for the Tor network but instead they built a worse version.
Tor never claimed resiliency against large-scale traffic correlation attacks. Anyone who can look at a sufficient portion of all internet traffic has a good chance of deanonymizing TOR users. The Snowden revelations could lead one to believe that the US is sniffing enough traffic to make this viable, but it's anyone's guess if they collect and synchronize enough data to make deanonymization of TOR users viable.
I2P always looked more promising to me, and more open about its threat model [1] and potential mitigations. But it's not built for browsing the open internet, so it has a somewhat different niche.
Tor was originally written by US intel agencies specifically to provide cover for spies. The release of the software to the public was specifically to provide plausible deniability for those spies. So there's always going to be some level of control and knowledge the US has about the network.
If your threat model is anything weaker than a hostile nation state then Tor is still probably good enough to use as a darknet. If you're doing anything illegal over Tor then you probably should be more worried about OPSEC failures or rubber-hose cryptanalysis.
It's better than Tor in a few ways, in particular how it handles DDOS attacks. I2P is also more focused on facilitating hidden services (eepsites) than being a clearnet proxy.
There's also Yggdrasil, although it doesn't seem particularly concerned about anonymity.
Mesh networks that don't operate as an overlay network could in theory be pretty effective to avoid large-scale traffic correlation attacks. If we assume that the US has effective control over the whole backbone network, and enough control inside the network of most commercial available ISP's, then there isn't much mixing networks can do. An adversary can always observe, inject, throttle, speed up, block and otherwise disturb the network flow in order to determine who is talking to whom.
I hope not. Tor being used for whistleblowing and censorship circumvention is one thing, but the onion network is pure anarchy and probably the worst case scenario of what the internet could become.
Tor in 20202: We've succesfully killed off 90% of all actually used (as opposed to botnet) tor onion services and we're happy about it. We're protecting our end users from themselves by forcing the removal of Tor v2 protocol from the codebase. We don't care because onion services were never really something we cared about, just an add-on to trick people into thinking Tor was a real network worth building a community in. It isn't. Tor is only for people who want a pseudoanonymous clear web proxy. Forget .onion domains.
Your link shows that there were about 170k v2 onion addresses in September 2020, while there were about 550k v3 onion addresses at that same date. The trends were only pointing up for v3 addresses while pointing down for v2 ones.
[+] [-] schleck8|4 years ago|reply
https://therecord.media/a-mysterious-threat-actor-is-running...
[+] [-] the_cramer|4 years ago|reply
[+] [-] Zababa|4 years ago|reply
Edit: answering my own question, https://blush.design/ (link found on the humaans page) has things that look a lot like that. So that's probably the origin. There are multiple artists listed on the website (https://blush.design/artists) but I can't tell which one did what. I can understand that it's very practical to be able to mix and match parts of images like that, but I personally find them very unappealing. But seeing how much they are used, maybe most people like them?
[+] [-] schleck8|4 years ago|reply
https://www.reddit.com/r/starterpacks/comments/jwsagt/big_te...
https://www.reddit.com/r/starterpacks/comments/groh5e/big_te...
https://youtu.be/lFb7BOI_QFc
[+] [-] chrissnell|4 years ago|reply
[+] [-] mmastrac|4 years ago|reply
https://www.worthpoint.com/worthopedia/1974-basic-computer-g...
[+] [-] vlaabx|4 years ago|reply
[deleted]
[+] [-] masterof0|4 years ago|reply
1- https://restoreprivacy.com/tor/
[+] [-] ziddoap|4 years ago|reply
For example, they say "2017 court case proves FBI can de-anonymize Tor users", but immediately handwave the how away, because it's classified. Well then, that's not really a strong proof of Tor being compromised -- there are several ways the FBI could de-anonymize Tor users that have nothing to do with Tor itself (people being compromised by javascript, people posting pictures with metadata, people linking back to real-life accounts, people inadvertently posting identifiable information, people posting quasi-identifiable information that is correlated over time, people downloading XYZ that has a beacon in it, etc.)
I also can't help but wonder, if Tor is so thoroughly compromised and just a glowstick, why would the author finish with:
>For those who still want to access the Tor network, doing so through a reliable VPN service will add an extra layer of protection while hiding your real IP address.
If it's compromised to the core, a glowstick for LEA, enables the US government to "do spooky stuff", why bother giving a half-ass endorsement at the end of a hit piece?
[+] [-] beardog|4 years ago|reply
With Tor, you can be assured that your attacker needs to monitor more than some % of the network (which can be done either by running nodes themselves or having a wide view of netflow data). Alphabet soup agencies are capable of this, but these attacks are expensive and non-trivial which is why historically the FBI and such use browser exploits the most. You shouldn't rely on Tor alone to protect your life if your adversary is highly skilled or funded, but chalking it up to a VPN is completely discounting the benefit gained from a larger anonymity set in the world's biggest onion routing network.
[+] [-] edmcnulty101|4 years ago|reply
Combine Tor with a VPN.
If your life is on the line with your content the more layers of protection the better.
[+] [-] foxfluff|4 years ago|reply
They go ahead and make FBI and backdoors bold to shock the reader but conveniently rest of the context is left out. The actual context being Roger giving a talk about Tor at one of these conferences where you also have government entities voice their (guess guess) desire for backdooring and wiretapping the internet (while tech people from the industry aren't convinced). The same shit you see discussed openly in the public all the time anyway, probably just with more pleading from the FBI because it's so hard to solve crime without industry's help. Nothing unusual here. The wording of this fudpiece sounds like it's trying to implicate the Tor developer in planting backdoors for the FBI, which is not at all what the exchange is about if you read the context.
"Tor privately tips off the federal government to security vulnerabilities before alerting the public" is also complete FUD. I'm so glad I read the whole stack of FOIA'd documents before this text.
The context here is that BBG (Broadcasting Board of Governors) is using Tor to circumvent censorship in places like Iran, China, Saudi Arabia, and Russia. Alright you can call that a propaganda arm of the US government if you're so willing, but anyway, Tor is one of the tools they rely on. They need Tor to circumvent censorship, so they need to address vulnerabilities in Tor that make it easy to censor.
This "vulnerability" isn't one that FBI uses to catch a drug dealer or a hacker, it's a vulnerability that makes it easy to fingerprint and block Tor traffic. Now Tor's use has historically been quite easy to detect and block (see e.g. this FAQ entry from 2008 [1]) and fixing that has been a long road, I don't know where exactly they stand today. The "vulnerability" is just one among many and the possibility of fingerprinting TLS has been mentioned in the FAQ. It's not the kind of vulnerability you would have to scream and alert the public to (they should've already been aware that it is possible identify and block Tor traffic). Rather, it's something they should quietly research and figure out a solution to and hopefully stay ahead of the game w.r.t. regimes that may attempt to block Tor.
Discussing the draft proposal for fixing this TLS fingerprint vuln with the people who they are working together with to keep Tor useful in Iran etc. is exactly what the Tor project ought to do! The fact that these people happen to be employed by the U.S. Government doesn't seem particularly relevant. But suuure, "privately tipping off the feds to a vuln while keeping the public in the dark" is a nice way to twist it.
Here's the thing, there are issues with Tor, there are issues with anything because there is no technical solution to perfect anonymity. I would not bet my life on Tor. But knowing what it's good for and what its limits are, Tor is a very useful tool, and IMHO it can only get better if it gets more users and more relays. I would always recommend being vigilant and looking out for bugs, backdoors, and other sketchy stuff, but this fud piece just doing a disservice against itself with all the hyperbole. It sounds more like they've got an axe to grind.
[1] https://web.archive.org/web/20080415073019/https://wiki.torp...
> The original Tor design was easy to block if the attacker controls Alice's connection to the Tor network --- by blocking the directory authorities, by blocking all the relay IP addresses in the directory, or by filtering based on the fingerprint of the Tor TLS handshake. Some government-level firewalls could easily launch this type of attack, which would make the whole Tor network no longer usable for the people behind the firewalls.
Sect. 7.1:
> Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes
See also the linked DRAFT "Design of a blocking-resistant anonymity system" https://web.archive.org/web/20080322054926/http://www.torpro...
[+] [-] nextstep|4 years ago|reply
[+] [-] aws-user|4 years ago|reply
[+] [-] wongarsu|4 years ago|reply
I2P always looked more promising to me, and more open about its threat model [1] and potential mitigations. But it's not built for browsing the open internet, so it has a somewhat different niche.
1: https://geti2p.net/en/docs/how/threat-model
[+] [-] kmeisthax|4 years ago|reply
If your threat model is anything weaker than a hostile nation state then Tor is still probably good enough to use as a darknet. If you're doing anything illegal over Tor then you probably should be more worried about OPSEC failures or rubber-hose cryptanalysis.
[+] [-] ravenstine|4 years ago|reply
https://geti2p.net
It's better than Tor in a few ways, in particular how it handles DDOS attacks. I2P is also more focused on facilitating hidden services (eepsites) than being a clearnet proxy.
There's also Yggdrasil, although it doesn't seem particularly concerned about anonymity.
https://yggdrasil-network.github.io/
[+] [-] belorn|4 years ago|reply
[+] [-] jimbob45|4 years ago|reply
Sure, they can listen in on you all they want, but what good is any of that if they can't use it against you in a court of law?
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] schleck8|4 years ago|reply
https://youtu.be/iItLpwkQMUQ&t=277
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] impetus21|4 years ago|reply
[+] [-] wellthisisgreat|4 years ago|reply
[+] [-] najqh|4 years ago|reply
[deleted]
[+] [-] superkuh|4 years ago|reply
https://www.darkowl.com/blog-content/tor-v2-depreciation-shi...
https://blog.torproject.org/v2-deprecation-timeline/
https://metrics.torproject.org/hidserv-dir-onions-seen.html
[+] [-] ziddoap|4 years ago|reply
All of your links describe why V3 is more secure and superior to V2. Are you whining about the increased security, or am I misunderstanding your post?
If I'm not misunderstanding, why was the over one year of warnings and multiple years of discussions not enough time to prepare?
[+] [-] est31|4 years ago|reply
Your link shows that there were about 170k v2 onion addresses in September 2020, while there were about 550k v3 onion addresses at that same date. The trends were only pointing up for v3 addresses while pointing down for v2 ones.
[+] [-] forgotmypw17|4 years ago|reply
I asked them about it at a talk when V3 was first being introduced, and they said they're working on a solution. Since then... ::crickets::