I have second hand knowledge of lawsuits that have been dropped by the FBI during discovery because it would require them revealing zero days they have on Tor. Recently this has started getting increasing levels of press exposure[1] including in CSAM cases.
The FBI has also continued to run CSAM websites after takeover to collect intel, and likely run honeypots for other content.
If your adversary is a state actor, particularly the U.S., tor alone is not sufficient for anonymity. It's fairly safe to assume they have the ability to deanonymize you. Your only safety net, it seems, is the value of other targets relative to you when it comes to them burning their "golden ticket" zero day. And even then, you're at risk of parallel construction.
If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
According to various sources, such as Snowden's "Permanent Record", the tor network was designed to allow spies in remote locations to communicate securely with a known endpoint (such as CIA headquarters) without anyone being able to easily trace their exact location. The content of the communication itself would not be readable due to strong encryption, but the metadata (source and destination headers) could reveal who was talking to who.
However, nation-states with enough backdoors to all the servers serving as tor jumpboxes could likely deanonymize the remote user (it's assumed they'd be watching all traffic going to and from the known endpoint, which in Snowden's case was a journalist's email server).
Snowden's method IIRC was to acquire a laptop or phone without leaving any identifying marks (ownership information), then drive around until he found an open wireless network which he could log onto, then he'd use that network over tor to connect to the journalists he was talking to. The device was used for no other purpose, never turned on and connected to his home network, etc.
There doesn't seem to be any way for two anonymous parties to find and connect with each other across tor in this manner however, without having some other side channel to coordinate time and place and exchange identifying information.
You can still hide the content of communication using PGP-style strong encryption, but even then, it's likely that keys could be compromised in some manner.
I figured unless working for an intelligence agency or some ideological reasons there is no reason to go against the US government.
I don't think there is enough protection against such actor unless you are working directly for another state actor. And even that you won't keep anonymity. Check the North Korean gov cracker case. DoJ managed to figure out his name and photo despite that he works for a state actor.
That guy probably won't want to go abroad to most of the countries. Even countries competing with US such as China or Russia might send him to Uncle Sam for some exchange of interest. I actually think the Chinese probably provided some information to DoJ as he worked in the DaLian branch of a NK expo company for some years.
> it would require them revealing zero days they have on Tor
I always figured this was the case for a lot of common things like full-disk encryption schemes, AES, root certs, etc. If there's a break, they wouldn't use it in court unless it's taking down a very, very big target.
Given the statute of limitations on some crimes, I'm surprised they don't rotate out zero days and bulk prosecute a bunch of people using the same one. With a big case they're willing to burn one exploit, why not do the same for ten cases?
> I have second hand knowledge of lawsuits that have been dropped by the FBI during discovery because it would require them revealing zero days they have on Tor.
> If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
I would say that if you are doing something the US government has a significant interest in prosecuting, you might want to reevaluate your life choices and think about whether it is something you ought to be doing in the first place.
I know this is not going to be a hugely popular sentiment on here; but if you are doing something such that the US is going to burn a zero day to get you, the appropriate prior is that you are doing something supremely heinous and evil. You may in fact be on right the side of justice, but you do not get the benefit of the doubt by default.
> If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
Yep: stop breaking the law. The vast majority the US government has significant interest in prosecuting, the general public is OK with.
Even leaving aside the question of whether the FBI actually compromised Tor, or just did something way more mundane like infect the defendant's PC with malware, the linked court document is really interesting.
Not only does the FBI decline to say how they determined what IP address the defendant used to access the Tor hidden service, but they're also trying to hide the fact that the defendant asked to see that information by requesting the court label the defendant's court filing itself a "highly sensitive document"? And the court granted that request? Is that normal? It seems really bizarre to me, but I'm not a lawyer.
I think a lot of this has been covered elsewhere before:
- when using tor you should disable javascript because a malicious or compromised site can use javascript to do non-tor stuff that potentially compromises your location. (can be a big pill to swallow, web without javacript is very 90s)
- Run torbrowser within a secure VM or separate device using Tails to minimize your activity footprint
- Use a VPN when connecting to TOR (I also put my TOR services behind their own VPN so even if the entry point is known you can't get the origin IP from it)
- As an added protection I use firewall rules to ensure that only the tor client process can communicate out, any other attempt to send or receive traffic to the public internet gets dropped.
I wouldn't get so excited about this. There have been tons of javascript exploits to leak IP addresses in the past, it's more likely that than the FBI running thousands of servers.
Or even something way simpler, like the FBI secretly compromising the user's PC with malware prior to the arrest. Without more detail it's impossible to know whether this is even news.
> it's more likely that than the FBI running thousands of servers.
Why not both?
From my experience over the years doing datacenter/transit/fiber/etc. type of infrastructure - just assume a government agency of some sort either outright operates an exit node, or has a wiretap on it. You can be the most trustworthy person in the world operating in the name of freedom - outright working for a say a colo provider. Unless you are the CEO, legal team, or the individual engineer responsible for it - you will have no idea you are also operating an exit node under surveillance.
I'd put money on well over 50% of the world's exit nodes being packet captured 24x7.
Not related to Tor, but food for thought regarding anonymity...
Quite a few people online wear multiple masks. You're that wonderful professional on linkedin with your full name on display, the ideal grandson on Facebook, but also a Twitter shitposter and toxic gamer under the disguise of anonymity.
Its worthwhile to consider the anonymous version of you. I'm imagining that it won't take long before a few dots can be connected. Not by the FBI, surely they already can, but as a public service. AI reverse engineering your clicks, writing style, whatever other input.
Meaning, if there's a "socially less accepted" version of you, do worry. It seems inevitable to me that they ultimately get linked back to your true identity.
And to be clear, this isn't just about a burner account to let off some steam. Anonymity is also used to freely criticize employers, political ideas, the establishment in authoritarian regimes, and it's an essential defense for people/groups that are often the target of harassment.
To illustrate how easily this can go wrong, recently a giant Twitter dump resurfaced. It turned out to be a cleaned up 2 year old file, but it did send a lot of people into a moral panic. Specifically, some made the mistake to link their real identifiable email address to their burner account.
The bottom line is that anonymity is fragile and unlikely to last.
I have a Glinet[0] router that has Tor functionality and 'torifies' your connection, so even if there's some JS 0day that executes trying to decloak me, the adversary just gets a Tor IP instead of my home connection IP.
Note: I connect to Tor from my torified Glinet router which is doing Tor-over-Tor which is considered 'dangerous'[1] but I do it anyway.
This might be overkill for most, and I'm not doing anything illegal (I mostly browse clearnet sites instead of hidden services anyways).
A person might still use Tor because they would rather have only the Feds know what porn they look at rather than have the Feds and everyone else know what porn they look at.
I will never understand people who do illegal things over their own IP. Is it really that hard to find an open access point? Way back in the day when I torrented all my content I used a long-range wifi antenna connected to a public AP and a dedicated PC with a scrubbed drive that never connected to my home network.
>According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019.
The long-range wifi antenna has always sounded like an opsec urban legend to me. You'll be able to transmit signals to the router, but can you really receive them with any sufficient fidelity if the router itself does not also have a long range antenna or unusually high transmission power?
The fact that the three letters do more than spying on possible threats/terrorists, in particular, their practice for trying to cultivate future "agents of change" should send chills down the spine of any well paid and well educated tech workers.
I do believe that most people on HN qualify as "interesting" to these forces.
From Bruce of all people, this is a wildly provocative, unsubstantiated claim about routine takedown behavior from the feds.
I mean, nobody hates the gov side of the cryptography wars more than me, but this type of article is well below table-stakes for discussion. Especially by legendary professionals of repute like Bruce.
It's very disappointing to me. The price of clicks truly deconstructs the modern man's integrity...
I doubt the Tor user was identified on the Tor network.
Most likely his Bitcoin donations gave him away, since Bitcoin is far from anonymous. He might also have left other clues such as an email address which he accessed from clearnet.
Anyway, it's pretty obvious LEA cannot identify Tor users en-masse. There have been several CP websites taken down which had hundreds of thousands of users, yet they only managed to arrest the website administrators. Only a handful of users were arrested, and mostly because of dumb mistakes.
It's very important to note that according to this document the FBI was able to both
- Obtain the person's IP
- Decrypt the person's traffic to see what pages they visited
I honestly do not believe the second is possible so it makes me question the validity of the first. I have a feeling Tor itself wasn't the issue, but rather something else.
[+] [-] r3trohack3r|3 years ago|reply
The FBI has also continued to run CSAM websites after takeover to collect intel, and likely run honeypots for other content.
If your adversary is a state actor, particularly the U.S., tor alone is not sufficient for anonymity. It's fairly safe to assume they have the ability to deanonymize you. Your only safety net, it seems, is the value of other targets relative to you when it comes to them burning their "golden ticket" zero day. And even then, you're at risk of parallel construction.
If you're sitting in front of a computer that you're using for something the U.S. government has significant interest in prosecuting, that device should be considered compromised and adversarial - you should act accordingly.
https://www.wired.com/2017/03/feds-rather-drop-child-porn-ca...
Edit, pulling up from the threads below:
Tor is just a layer. You still have to take measures to separate your identity from the device, the behavior, and the location.
When tor falls, the next question is "what do they see?" You have control over that.
[+] [-] photochemsyn|3 years ago|reply
However, nation-states with enough backdoors to all the servers serving as tor jumpboxes could likely deanonymize the remote user (it's assumed they'd be watching all traffic going to and from the known endpoint, which in Snowden's case was a journalist's email server).
Snowden's method IIRC was to acquire a laptop or phone without leaving any identifying marks (ownership information), then drive around until he found an open wireless network which he could log onto, then he'd use that network over tor to connect to the journalists he was talking to. The device was used for no other purpose, never turned on and connected to his home network, etc.
There doesn't seem to be any way for two anonymous parties to find and connect with each other across tor in this manner however, without having some other side channel to coordinate time and place and exchange identifying information.
You can still hide the content of communication using PGP-style strong encryption, but even then, it's likely that keys could be compromised in some manner.
[+] [-] markus_zhang|3 years ago|reply
I don't think there is enough protection against such actor unless you are working directly for another state actor. And even that you won't keep anonymity. Check the North Korean gov cracker case. DoJ managed to figure out his name and photo despite that he works for a state actor.
That guy probably won't want to go abroad to most of the countries. Even countries competing with US such as China or Russia might send him to Uncle Sam for some exchange of interest. I actually think the Chinese probably provided some information to DoJ as he worked in the DaLian branch of a NK expo company for some years.
[+] [-] commandlinefan|3 years ago|reply
Schneier himself predicted this in Applied Cryptography in the mid-90's.
[+] [-] dehrmann|3 years ago|reply
I always figured this was the case for a lot of common things like full-disk encryption schemes, AES, root certs, etc. If there's a break, they wouldn't use it in court unless it's taking down a very, very big target.
[+] [-] PartiallyTyped|3 years ago|reply
Asking about it on HN is definitely not one.
Relevant xkcd: 538 [1]
[1] https://xkcd.com/538/
[+] [-] hinkley|3 years ago|reply
[+] [-] NN88|3 years ago|reply
https://en.wikipedia.org/wiki/Parallel_construction
[+] [-] 77pt77|3 years ago|reply
Really?
What's stopping them from just lying?
Or claiming they had an anonymous tip?
[+] [-] tinus_hn|3 years ago|reply
[+] [-] geepound|3 years ago|reply
[deleted]
[+] [-] pfisherman|3 years ago|reply
I would say that if you are doing something the US government has a significant interest in prosecuting, you might want to reevaluate your life choices and think about whether it is something you ought to be doing in the first place.
I know this is not going to be a hugely popular sentiment on here; but if you are doing something such that the US is going to burn a zero day to get you, the appropriate prior is that you are doing something supremely heinous and evil. You may in fact be on right the side of justice, but you do not get the benefit of the doubt by default.
[+] [-] Fnoord|3 years ago|reply
Yep: stop breaking the law. The vast majority the US government has significant interest in prosecuting, the general public is OK with.
[+] [-] takoid|3 years ago|reply
And the relevant court document: https://www.documentcloud.org/documents/23569961-motion-to-r...
[+] [-] dang|3 years ago|reply
[+] [-] Ajedi32|3 years ago|reply
Not only does the FBI decline to say how they determined what IP address the defendant used to access the Tor hidden service, but they're also trying to hide the fact that the defendant asked to see that information by requesting the court label the defendant's court filing itself a "highly sensitive document"? And the court granted that request? Is that normal? It seems really bizarre to me, but I'm not a lawyer.
[+] [-] flotzam|3 years ago|reply
[+] [-] zxcvbn4038|3 years ago|reply
- when using tor you should disable javascript because a malicious or compromised site can use javascript to do non-tor stuff that potentially compromises your location. (can be a big pill to swallow, web without javacript is very 90s)
- Run torbrowser within a secure VM or separate device using Tails to minimize your activity footprint
- Use a VPN when connecting to TOR (I also put my TOR services behind their own VPN so even if the entry point is known you can't get the origin IP from it)
- As an added protection I use firewall rules to ensure that only the tor client process can communicate out, any other attempt to send or receive traffic to the public internet gets dropped.
[+] [-] DoItToMe81|3 years ago|reply
[+] [-] Ajedi32|3 years ago|reply
[+] [-] phil21|3 years ago|reply
Why not both?
From my experience over the years doing datacenter/transit/fiber/etc. type of infrastructure - just assume a government agency of some sort either outright operates an exit node, or has a wiretap on it. You can be the most trustworthy person in the world operating in the name of freedom - outright working for a say a colo provider. Unless you are the CEO, legal team, or the individual engineer responsible for it - you will have no idea you are also operating an exit node under surveillance.
I'd put money on well over 50% of the world's exit nodes being packet captured 24x7.
[+] [-] nomel|3 years ago|reply
Why? What's the hurdle for running a bunch of servers? How much does a server cost?
[+] [-] teawrecks|3 years ago|reply
[+] [-] UltraViolence|3 years ago|reply
[+] [-] archontes|3 years ago|reply
[+] [-] anonu|3 years ago|reply
If you had 10 years and the resources of the US Government, I am sure Tor has been broken many times over now...
[+] [-] generalizations|3 years ago|reply
[+] [-] fleddr|3 years ago|reply
Quite a few people online wear multiple masks. You're that wonderful professional on linkedin with your full name on display, the ideal grandson on Facebook, but also a Twitter shitposter and toxic gamer under the disguise of anonymity.
Its worthwhile to consider the anonymous version of you. I'm imagining that it won't take long before a few dots can be connected. Not by the FBI, surely they already can, but as a public service. AI reverse engineering your clicks, writing style, whatever other input.
Meaning, if there's a "socially less accepted" version of you, do worry. It seems inevitable to me that they ultimately get linked back to your true identity.
And to be clear, this isn't just about a burner account to let off some steam. Anonymity is also used to freely criticize employers, political ideas, the establishment in authoritarian regimes, and it's an essential defense for people/groups that are often the target of harassment.
To illustrate how easily this can go wrong, recently a giant Twitter dump resurfaced. It turned out to be a cleaned up 2 year old file, but it did send a lot of people into a moral panic. Specifically, some made the mistake to link their real identifiable email address to their burner account.
The bottom line is that anonymity is fragile and unlikely to last.
[+] [-] lysergia|3 years ago|reply
Note: I connect to Tor from my torified Glinet router which is doing Tor-over-Tor which is considered 'dangerous'[1] but I do it anyway.
This might be overkill for most, and I'm not doing anything illegal (I mostly browse clearnet sites instead of hidden services anyways).
[0] https://www.gl-inet.com/
[1] https://tor.stackexchange.com/questions/427/is-running-tor-o...
[+] [-] checkyoursudo|3 years ago|reply
[+] [-] causi|3 years ago|reply
[+] [-] 2OEH8eoCRo0|3 years ago|reply
Also- the secret about torrents is that nobody really gives a shit. They're more worried about pedos and terrorists.
[+] [-] maxk42|3 years ago|reply
I don't understand... how can this be illegal?
[+] [-] TechBro8615|3 years ago|reply
[+] [-] LastTrain|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] optimalsolver|3 years ago|reply
Just the fact you’re using it automatically makes you interesting and worthy of a closer look.
All well and good if you’re just maintaining a cookie recipe site on the dark web, but it’s rarely ever that, is it?
[+] [-] xnorswap|3 years ago|reply
[+] [-] Der_Einzige|3 years ago|reply
I do believe that most people on HN qualify as "interesting" to these forces.
[+] [-] 0xblood|3 years ago|reply
[+] [-] warinukraine|3 years ago|reply
[deleted]
[+] [-] adenozine|3 years ago|reply
I mean, nobody hates the gov side of the cryptography wars more than me, but this type of article is well below table-stakes for discussion. Especially by legendary professionals of repute like Bruce.
It's very disappointing to me. The price of clicks truly deconstructs the modern man's integrity...
[+] [-] Tepix|3 years ago|reply
[+] [-] Mizza|3 years ago|reply
[+] [-] Synaesthesia|3 years ago|reply
[+] [-] UltraViolence|3 years ago|reply
Most likely his Bitcoin donations gave him away, since Bitcoin is far from anonymous. He might also have left other clues such as an email address which he accessed from clearnet.
Anyway, it's pretty obvious LEA cannot identify Tor users en-masse. There have been several CP websites taken down which had hundreds of thousands of users, yet they only managed to arrest the website administrators. Only a handful of users were arrested, and mostly because of dumb mistakes.
[+] [-] stuckkeys|3 years ago|reply
Tor was broken a while back. Not sure why anyone would think it is a safe/private/secure.
Your ISP is always rattin you out.
[+] [-] nibbleshifter|3 years ago|reply
The FBI has done this before - inject a browser exploit into a site they compromised to identify its users.
[+] [-] jbirer|3 years ago|reply
[+] [-] charcircuit|3 years ago|reply
- Obtain the person's IP
- Decrypt the person's traffic to see what pages they visited
I honestly do not believe the second is possible so it makes me question the validity of the first. I have a feeling Tor itself wasn't the issue, but rather something else.