Tor and the Silk Road takedown

by arma | October 3, 2013

We've had several requests by the press and others to talk about the Silk Road situation today. We only know what's going on by reading the same news sources everyone else is reading.

In this case we've been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network). The FBI says that their suspect made mistakes in operational security, and was found through actual detective work. Remember: Tor does not anonymize individuals when they use their legal name on a public forum, use a VPN with logs that are subject to a subpoena, or provide personal information to other services. See also the list of warnings linked from the Tor download page.

Also, while we've seen no evidence that this case involved breaking into the webserver behind the hidden service, we should take this opportunity to emphasize that Tor's hidden service feature (a way to publish and access content anonymously) won't keep someone anonymous when paired with unsafe software or unsafe behavior. It is up to the publisher to choose and configure server software that is resistant to attacks. Mistakes in configuring or maintaining a hidden service website can compromise the publisher's anonymity independent of Tor.

And finally, Tor's design goals include preventing even The Tor Project from tracking users; hidden services are no different. We don't have any special access to or information about this hidden service or any other. Because Tor is open-source and it comes with detailed design documents and research papers, independent researchers can verify its security.

Here are some helpful links to more information on these subjects:

Technical details of hidden services:
https://www.torproject.org/docs/hidden-services

Our abuse FAQ:
https://www.torproject.org/docs/faq-abuse

For those curious about our interactions with law enforcement:
https://blog.torproject.org/category/tags/law-enforcement
https://www.torproject.org/docs/faq#Backdoor

Using Tor hidden services for good:
https://blog.torproject.org/blog/using-tor-good

Regarding the Freedom Hosting incident in August 2013, which is unrelated
as far as we can tell:
https://blog.torproject.org/blog/hidden-services-current-events-and-fre…

Some general hints on staying anonymous:
https://www.torproject.org/about/overview#stayinganonymous

The Tor Project is a nonprofit 501(c)(3) organization dedicated to providing tools to help people manage their privacy on the Internet. Our focus continues to be in helping ordinary citizens, victims of abuse, individuals in dangerous parts of the world, and others stay aware and educated about how to keep themselves secure online.

The global Tor team remains committed to building technology solutions to help keep the doors to freedom of expression open. We will continue to watch as the details of this situation unfold and respond when it is appropriate and useful.

For further press related questions please contact us at execdir@torproject.org.

Comments

Please note that the comment area below has been archived.

October 02, 2013

Permalink

I really appreciate all that you folks do to keep Tor operational and in service so those of us who couldn't build a Tor look-alike ourselves can use what Tor provides. Thank you.

You guys are so full of shit... 60% of your funding money comes from Government subsidiaries. Yes it's true servers have to be configured properly to provide the proper security but as far as I'm concerned Tor is the a comprised network that probably the NSA runs half the relays and god knows about the exit nodes. ANYONE ELSE FEEL SAFE USING TOR AFTER FREEDOM HOSTING AND NOW SILK ROAD?

ANYONE ELSE NOTICE IT'S THE ILLEGAL SITES GETTING NABBED? IF THAT'S NOT A CLEAR INDICATION THAT TOR IS INVOLVED WITH THE GOVERNMENT THEN i GOT A BRIDGE TO SELL YOU IN SAN FRAN.

Sorry for the caps but I'm tired of the lies and deceits from this camp of developers that promote their values and are nothing but two face government lackeys.

As for the funding discussion: a) you wouldn't even be saying 60% if we weren't so transparent with all our finances, and b) we publish everything we do and you can look at it and decide for yourself. I have a longer answer over at the "quick ant" blog post:
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

As for the NSA running half the relays, see my comment below:
https://blog.torproject.org/blog/tor-and-silk-road-takedown#comment-356…

As for the "do you feel safe" part, there are some serious adversaries attacking the Internet these days. It may be that Tor can't protect you against the NSA's large-scale Internet surveillance, and it may be that no existing anonymous communication tool can. "Stop using the Internet" is a perfectly reasonable answer. See the discussion in the "quick ant" blog post for more:
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

October 04, 2013

In reply to arma

Permalink

Hi, if you made Tor a subscription service the community could support the developers and increase the number of relays 10fold. Torproject llc could lease out their services to various 3rd parties who would handle payment and take a set % to setup additional nodes. I would be more than happy to pay over $100 a year to pay for a more resilient Tor.

That is a terrible idea, no one has the right to charge Tor users a subscription fee. What about the people in Egypt, or Syria, or China that require the use of the Tor network? They can't afford a fee to get important news in and send important messages out.

yeah sure, make everyone pay then your anonymity goes to the FBI together with your bank details. As long as America believe that they are the world police, everyone is in danger

Totally agree. Most of the successful raids , have been through subpoenaed bank accounts; more so on the VPN companies that promise anonymity. Just look at Hushmail as a good example. You can no longer use a free account with Hushmail while using the TOR network (due to the owner having his balls owned by the Feds). So now the owner of the company insists on payment for such an account, when using TOR.

I'm amazed actually, that people as well as the TOR team , have not done more research on CIPAV . This nasty little virus has been used before on the TOR network, rendering everyone powerless to hide their privacy.

Some guy recently managed to obtain the virus, and reversed engineered it . From the sounds of it , with a few tweaking here and there , TOR development could create a "No-script" Firefox equivalent add-on to the TOR Firefox to prevent such a thing from happening. HIPS is now the biggest issue on internet privacy/ security now. someone seriously needs to develop an add-on HIPS for this, to prevent such programs as CIPAV from working .

That is a great idea. However, you need to leave a space for free users, and open another space for paid users. Tor might have this option already, I think. You pay a subscription, and you get faster speed than the free user does.

Now how do you suppose to speed up a Tor connection through dozens of servers all over the globe?
Got a magic pill for that? Duhhhhhh

I would pay $100 a year even if some countries people cannot. Listen carefully, the Arab nations can afford to fund TOR forever with the monies they have. TOR has been a relief from little brother (state government) slowing down my work related work on the internet and tracking my every move, when fact is our ITS service department plays video games 90% of their time...fact...seen it...watched it...was disgusted. I praise TOR and they work they are doing. Charge me a monthly fee of $25 and I will still pay...rock on TOR....sad to see Lava go to the wayside.

You are merely repeating that chorus over and over again to get fewer people to use Tor. More users and nodes make Tor more secure.

Yeap, I have said that all along especially when they got to Mt. Gox and took everyone's bitcoins. The feds have been in on this all along and have made money off of it. So take the money and help pay off the motherfing deficit, stop paying the Congress members and quit giving them full pensions after two years of service. To all of you self righteous, conservatives, the Supreme Court has approved this health care bill, so get your head out of your asses, accept the same health care as the rest of us, drop your pensions, except for what you have paid into it and pay the other 800,000 government employees who need a pay check.

As one of those "self righteous, Conservatives" I'd like to invite you to lick a dogs' anal glands until they bleed. I am disabled through no fault of my own, and now I'm supposed to stand in line behind skateboarding morons, 14 year old gang-banging single mothers with AIDS/crack babies, 11,000,000 "undocumented democrats" and heroin addicts, welfare frauds faking mental retardation and militant members of Islam that are here to plan for the downfall of my country that all want the same Social Security Disability I get? Screw that, I've had cancer since I was two years old and fought hard all my life to work and pay in, only to be repeatedly turned down when I needed those benefits when the radiation damage and chemo therapy side effects caught up with me at 28. The lovely state of New Jersey literally forced me out of the state while illegally denying me benefits for OVR and I was forced into the roles of welfare and foodstamps once I reached PA. Finally, having been turned down three times for benefits despite every doctor they sent me to saying I was honestly disabled , I got a PA DAP advocate and put the matter before an administrative law judge who instantly approved and expedited the case, " Due to the over-whelming preponderance of evidence"- which meant the law office that presented the case (when I say presented, I mean literally shuffled three or four pages) got 25% of my back pay and settlement and when I wanted to sue the people responsible for holding up my money and driving me to the point of suicide, I was told I was lucky I'd get as much as I did and should keep my head down. The glorious People's Republic of New Jersey was later sued by the Feds for forcing out and/or preventing disabled people from moving into the state and LOST! But I never saw a dime from it. Now I have to sit in waiting rooms with the scum of the earth who brag about the ways they trick doctors into giving them narcotics they don't need so they can sell them and supplement their prostitution income and welfare fraud. It's gotten so bad that where once I could walk into my doctors office unannounced and be seen without an appointment, I have to wait up to three weeks to see a doctor three towns away using a medical assistance service because I can no longer safely drive. And every driver tells me the same stories of how the filthy drug addict/pushers get the same rides from Philly to Pitts PA for their dope and the drivers don't dare tell the cops because, of course, they have a confidentiality clause in their contract. Now I can't even get refills for my non-addictive pain patch and pills, I have to travel to a doctor 45 miles away to pick the script up in person no matter how much pain I'm in or how foul the weather is and there are NO REFILLS allowed on pain drugs at all, all thanks to dog shit like you and the liberal traitors who are too afraid of the vermin infesting our country to take a stand. I won't even get into the gun control issue here, I'm sure you think it's perfectly OK for roving bands of Crips and Bloods to kill white cripples for fun and profit. Doctors here are retiring at record rates, Obama is demanding what amounts to a National ID card for forced health coverage while denying the need for voter ID and a piece of shit like you wants to run his mouth at the only real American's left.

Hey bro, you know of any other browser, thats a little less known. I did 7 yrs down the road, don't want a repeat, jus curious, The SouthEastern Flyer, thanks

The first articles out on Silk Road made it quit clear he was arrested due to being turned in by a close ally snitch, not by their tech ability.

Here is a novel idea;
If you are tired of Tor is there anyone preventing you from rolling your own?!
Only incompetent amateurs whine about an other man's business in which they, themselves, have no place to be.

p.s. NOT DEFENDING NOR PROMOTING TOR JUST SICK AND TIRED OF THE ABOVE AND ANY OTHER TWO-BIT CLICKER. (Oh Yeah; I am sorry about the caps but... Well, i dont remember exactly why...)

"ANYONE ELSE NOTICE IT'S THE ILLEGAL SITES GETTING NABBED?"

Well, yeah. Do you expect the FBI to take down legal sites? You're a special kind of idiot.

I don't know.I'm paranoid anyway,by nature.I used to use Tor because I hated the idea of being snooped on and not because I'm doing anything illegal.I was hoping there was finally a way of using the Net privately but,at the same time,I know that at this point there is no such thing as true anonymity in the real sense of the word.You gotta expect there will be weaknesses in any so-called secure environment and that those weaknesses are sure to be exploited by entities known and unknown.Now,as far as Tor being partly funded by the government,I've always had concerns there.You shake hands with the Devil....ect.,ect.This did raise quite an eyebrow with myself and many others because we all know what happens when good 'ole Uncle Sam shows up to cash in his marker.He manipulates the process by swindling you into a no-win situation.Next thing you know,Uncle Sam is behind the wheel,Tor Project designers is in the passenger seat and we the people don't even know whose driving the damn car.If this is not the case right now it's sure to be in the future.The government doesn't just give you anything.There will be a price,now or later.I applaud Tor Project in their efforts to advance Internet freedom and privacy for us all.I just wish they would continue their efforts independently of government involvement in any way.I'm sure there are many financially independent people all over the world who would contribute financially to the continued development of the Tor Project.I know I would,if I could.Having private donors and continued transparency would be a huge first step at assuring us a little more peace-of-mind when we surf the net.The best step is to never trust a piece of security software in the first place and stay paranoid and cautious.Check and double-check everything,every step of the way and never think your hidden and safe.I know it's a terrible way to have to use the Internet but it beats the alternative if your Internet activities are illegal or your just wanting to be anonymous.I'm standing with Tor,at least until they prove themselves to be untrustworthy.I have confidence they will figure out a way to work through these setbacks so,I choose to give them the benefit of the doubt.But,as with any other software company,I do so extremely cautiously.No disrespect to Tor Project designers.As I said,it's just in my nature.

Interesting how loud ignorant people seem to yell to spew their stupidity around.
You didn't say one thing to make me believe you know anything about what you said.
Have you looked at the code to put you're value of security or lack there of on it.
Nope, I'm sure you didn't.
The way you talk to people you don't even know is really sad. Shows a very Juvenal mind. How old are you, fourteen? Oh sixteen sorry senior sir!
There are hundreds, if not thousands who know the value of TOR and use it every day to protect their very lives.
I do for one.
Oh and read the fine print. Tor alone does not protect you. You must be able to do something you have not exhibited and ability to do. THINK!
It helps if you have an IQ larger than you're shoe size too. Helps even more if you apply what intelligence to what you do instead of ranting like you just did! Please do not spread you're DNA around.

Quote:

"ANYONE ELSE NOTICE IT'S THE ILLEGAL SITES GETTING NABBED?"

I'm new to this whole thing, so this is an honest question:

Why wouldn't the illegal sites be the ones getting nabbed? Why would they nab people who aren't breaking any laws, and what would they nab them for?

October 02, 2013

Permalink

The last thing posted on Ross Ulbricht's public Google+ account:

"anybody know someone that works for UPS, FedEX, or DHL?"

October 02, 2013

Permalink

Literally nobody believes the official narrative.

Can you say: P.A.R.A.L.L.E.L C.O.N.S.T.R.U.C.T.I.O.N ?

When they jail the next tor operator next month, it still will not prove anything but a trend. They will be just lucky, but anybody in his senses can point out the existence of a Bletchley Park, thats SIGINT 101, information theory and a nice tin-foil hat.

I think you are right, they will not reveal anything and do parallel constructions instead.

When I hear "tor operator" I think "Tor relay operator". And I would hope that's a separate fight. Hopefully I can convince you to change your terminology to confuse people less.

But that said, yes, I started out thinking along these lines too, until I read all the details of just how much this guy screwed up. I think we have to throw this data point out when we're trying to find trends.

*That* said, I think we have to expect that there are now many more groups in law enforcement who are ramped up and educated about attacking this sort of site. So we should expect more news like this in the coming years, and even worse, hearing more news won't really tell us more about which theory to believe.

If only there were a few more people out there leaking documents....

October 04, 2013

In reply to arma

Permalink

arma, do you seriously believe one of the most wanted men in America running a 1.2 billion dollar business would give his real photograph and contactable address to a violent motorcycle gang?

Or that somebody knowledgeable about cryptographic currency enough to construct a random mix would wire assassination funds from a bank account?

Or that a long time hidden service operator wouldn't know to use Tor to administrate a remote server as root?

Or for that matter he didn't use an anonymizer to advertise an illegal business he himself setup.

Or that he met with federal agents and mentioned he got contraband from an illegal market.

It is possible that DPR's opsec was sloppy and he did some foolish things.

But it is more likely that a great deal, perhaps everything, of what we are hearing is total bullshit. Yeah he got caught. But not for any of the reasons we've read.

Going a level deeper into speculative territory, it is also possible that the Bitcoin forum connection is nonsense. Why? Because, and I'm just putting this out there, maybe that quoted text forum post with his Gmail address in it isn't real. Totally retroactively fabricated. Nobody seriously remembers back that far and there are only two or three publicly available services which offer the ability to analyze old forum postings, all of which live under USA jurisdiction and definitely have assets cultivated at them.

Before Snowden, I'd have said bullshit. Now I'm not so sure.

Hey, who knows. I think it's clear that they did more things in the investigation than they wrote up in their indictments.

My guess is that the things they wrote up did happen -- they risk having their case thrown out if they don't have all their ducks in a row.

But whether the things they wrote up were the way they busted him originally? It seems more likely that they got a tip from somewhere (his employee? something else?), found him, and then set about creating a set of facts and a timeline that look like a great case. And alas, that's not a conspiracy theory -- it's their job to do it that way.

October 06, 2013

In reply to arma

Permalink

(My guess is that the things they wrote up did happen -- they risk having their case thrown out if they don't have all their ducks in a row.)

yeah and they had chemical weapons in IRAQ

:: On October 6th, 2013 Anonymous said:
(My guess is that the things they wrote up did happen -- they risk having their case thrown out if they don't have all their ducks in a row.)
yeah and they had chemical weapons in IRAQ ::

Psst actually they did. Was there.... but we had to get them out before the world realized who gave it to them.

Oh please! Jar-heads still, till this day, have " mission accomplished" tattoo-ed on their arm and "Semper Fi , Hoo rah!" mentality. You guys just don't want to look like a-holes for playing follow the leader and being duped. Trying to save face after a decade makes you[all US mil-personnel] look more like a reinforced a-hole.

Actually it was confirmed on news broadcasts that the weapons existed, but was kept far more hush hush than everything else the various media outlets wanted to put out, all in the name of profit.

And frankly, I don't care if someone has the opinion that we shouldn't have gone in there if the opinion is consistent across administrations. The problem is, they haven't been consistent with the media, though we've entered 3 different countries for less reasons than Iraq, which by the way we had authority to go in based upon a treaty signed, and broken, by Iraq. Not that those were the reasons stated to the public, which was the idiocy of that past administration amongst many other mistakes.

The militant anti-military groups are the assholes, outright. Hypocritical bitches, the lot of ya.

agreed but in the modern world only a slim percentage of the population will come to realize these things e.g. the cia training and funding the mujahidean (Al Quaida in propogandic news) right up until 911. There is no war its simply a strategic takeover and seizer of resources, and also a good way to keep up funding. the best funding for militarys nowadays is successful terrorism hence 911.

October 06, 2013

In reply to arma

Permalink

It's their job to bring the administration of justice in to disrepute by violating the REASONABLE restrictions placed upon them? It's their job to remove freedom from people for violating the same set of laws that they themselves violated through parallel construction?

If your code is anything like your world view, I have serious hangups about starting a hidden service.

On the bright side, your cripplingly naive and presumably pessimistic (ohh no! the terrorists! think about what the terrorists would do with freedomz!) world view has gained one more pair of competent eyes (unless I'm the REAL Dredd Pirate Roberts, sporting an eye patch, arrr arrr arrr) auditing the code.

My initial fear is that the NSA can knock individual suspects' connections off the internet and correlate inaccessible hidden services with disconnected clients to spot the "bad man hidding from the government's caring eyes".

This can be mitigated by having a multi-homed setup... redundant connections to TOR and what not... but even then, the NSA could catch me!

Imagine a Venn diagram with "IPs with the last octet being divisible by 3" and "IPs with the first octet being divisible by 2" both showing a dead site. The NSA would know I have a multi-homed service when none of their initial "divisible by 3 -> success, divisible by 3 & first octet divisible by 2 -> failure, divisible by 3 & first octet not divisible by 2 -> failure" search failed to narrow down the pool of potential IPs.

Now the NSA knows that the trusted server, used to update the publicly accessible servers, is multi homed. They also know that these 2 or more connections have common attributes--that the last octet of both is 3 for example.

The NSA, with their power over ISPs, can knock off more refined groups of IPs within the "successful" area of the Venn diagram. When 2 circles in that area are found that result in success, you can keep on using the parameters of one of the broad circles while refining the other. Eventually, you get the individual IPs.

Ohh noez!

I guess you can't successfully host a hidden service in the U.S., where the government controls the internet?

How is what they're doing any less evil than what China does, by the way? Both stifle freedom of expression--one publicly and the other through parallel construction.

* posted on the clearnet from my cellular internet... 'cause I can't possibly be harmed by government anymore than I have already been. *

(some thought) problem how to simulate continuous work of disconnected server?
Maybe tor (exit?) node should send some irregular junk back to the client and client just drop it. Will it lower correlation between client and server? Junk can be in any form for example bad checksum packets, or rare flags combination ResetSynAck etc.

DPR left his email on a bitcoin forum asking people for help - it's right here, not fake or "made up" https://bitcointalk.org/index.php?topic=47811.msg568744#msg568744

He also had his real name on a stackoverflow help request then changed it to a new fake one

DPR was an idiot, an idiot who made a site that got seriously popular and he made a bunch of money. He was still an idiot and didn't clear his tracks.

Anybody dumb enough to incriminate their-self on these airwaves, hell they get what they deserve, theirs so many ways to go about anonymity on everything you do on here, just saying.

October 02, 2013

Permalink

The complaint says that the server running Silk Road was imaged and forensically examined in late July. This was done surreptitiously by the hosting provider at the request of the FBI via local authorities and the Mutual Legal Assistance Treaty. They used the server's ssh config to find the VPN server he was logging in from and the VPN server's last login record to find a cafe near his house. They were able to correlate the location based on Google's records of the email account that was previously used to solicit users and help on the BitCoin forums, which he accessed from home the same day he logged into the VPN server. Other information on the Silk Road hidden server was used to correlate with openly sourced information to get the probable cause needed to arrest him.

The complaint does not reveal how they located the Silk Road server, so it could have been an attack on Tor.

Yep. It looks like there are a lot of ways that things went wrong, but they haven't specified exactly which ones they made use of first. We should keep watching and learning. Let us know if you find anything more concrete!

October 02, 2013

In reply to arma

Permalink

Although we don't know, it is far more likely the FBI used a vulnerability in the server to get it to reveal its address (perhaps by sending a packet out on the open internet) then, say doing traffic analysis or some other attack. Especially given the operators lack of caution relative to the risk and apparent lack of serious technical skill.

Also, another indictment that has surfaced reveals that DPR arranged for a delivery of 1kg of cocaine from an undercover agent to a SR employee. The SR employee was arrested and it is possible that information his computer led them to the SR server.

A third possibility is the SR server, or some other related server, may have done some BitCoin transactions without using TOR, allowing investigators to locate it.

All of these much easier than attacking TOR...

Also, another indictment that has surfaced reveals that DPR arranged for a delivery of 1kg of cocaine from an undercover agent to a SR employee. The SR employee was arrested and it is possible that information his computer led them to the SR server.

Can you provide a link to the source for this information?

Ubiquitous network surveillance (NSA) used in conjunction with a DoS would highlight the route to any hidden service. In light of Snowden's leak, this is likely possible and would be used to kickoff an investigation for court admissible evidence.

Yep. The trick is that "ubiquitous" in this case needs to include the location of the hidden service. If he put it someplace they're watching, yes, else no. Now we get to wonder exactly how much they're watching in terms of foreign jurisdictions.

October 07, 2013

In reply to arma

Permalink

CIPAV

I find it strange that nobody is considering that illicit methods might have been used in finding the server. Since Edward Snowden's leaks we all should be aware that secret services have been monitoring ALL internet traffic and have successfully forced companies to work together with them.

They might have used a DDoS attack to bring down the server and then locate it by analyzing the internet traffic of whichever country it was located in.

They might have cooperated with the host and had them look for keywords related to the silk road on all their hosted servers (or did it themselves).

Or they might have compromised the whole of the TOR network.

The criminal complaint in fact doesn't even have a parallel construction, it has no mention at all on how the server was found! That's just suspicious.

I don't think they're watching ALL Internet traffic. But what fraction are they watching, and how is it distributed across the globe, is a great question that we'd all love the answer to.

What do you think about the "oh but the Maryland complaint provides all the details" answer that a lot of people here are giving? Convincing or still suspicious?

October 02, 2013

Permalink

Dude, you can google for the original post where he uses the same name he used to announce the silk road to advertise for developers using an email that's just his full legal name. Tor can't help you if you use it to A.N.O.N.Y.M.I.Z.E your connection to the FBI.gov crime report form.

October 02, 2013

Permalink

So is using a VPN while also using the TBB a bad idea? If so, that should be added to the list of warnings.

If you use a VPN and go from there to the Tor network, it should be ok. There are a few downsides, like if "they" are watching your VPN provider for some other reason, but not you, then they'll get to see your traffic when otherwise they wouldn't.

If you use the Tor network to reach your VPN, that's typically worse -- you're aggregating all of your traffic at one exit point, who can then build a pseudonymous profile of your activities to guess who you are. Or maybe they just look at the credit card address, depending on how you pay for the VPN.

But if you just use a VPN, full stop, like apparently this guy did? We've heard a lot of stories about how that can go bad. Tor isn't in the picture.

October 03, 2013

In reply to arma

Permalink

I decided to stay away from tunneling the tor traffic through VPN. In case of a persistent use of one and the same VPN provider their logs (likewise the network provider logs) will enable traffic analysis, user/use estimation and profiling.
What makes it better? At this point I suggest to cover the wanted tor traffic with extra traffic. My 'wanted traffic' can be seen but it looks like an ant in an anthill. Hard to isolate.
I think we touch the discussion around entry point rotation.

October 03, 2013

In reply to arma

Permalink

" if "they" are watching your VPN provider for some other reason, but not you, then they'll get to see your traffic when otherwise they wouldn't. "

How is using a VPN to access Tor any different than using your own ISP? This just moves the point from which you reach your entry guard, which may provide more privacy from "they". Please elaborate.

The issue is that there are now two places (and all the network links between them) that gets to see your traffic. "You -> VPN provider -> Entry Guard" shows traffic to a different part of the Internet than "You -> Entry Guard" does. So what they can see in each case depends in part on Internet routing, and in part on whether they (for whatever reason) had already decided watching "VPN provider" was a good move.

October 04, 2013

In reply to arma

Permalink

Lets assume they dont have to watch the VPN provider because they are already watching all the lines going between you and the VPN. Would it not be better to use bittorrent cover traffic while accessing Tor over an encrypted VPN connection to a VPN server located in the same non-monitored country as the bridge you are connecting to?

I dont think it matters anymore if they are watching the particular endpoints (entry node, exit node, website) because they are watching the main backbones the connections go over. The only way to circumvent this is to move ones connection to Tor out into a non-monitored country where it does not pass over monitored lines.

October 04, 2013

In reply to arma

Permalink

Don't get it. The "Two places seeing traffic = Bad" thing. Because I didn't think they were. The traffic from You -> VPN provider is encrypted.

Tor only shows up under DPI from VPN provider -> Entry Guard. Still encrypted, but "they" know Tor is being used. It still can't be correlated with with traffic from You -> ISP.

So you're comparing one collection of random gibberish with a second much bigger collection of random gibberish from many sources.

Am I missing something here?

Just because it's encrypted doesn't mean they can't see the traffic flow.

If your logic were right -- that they can't do anything unless their DPI box says it's Tor -- then using an Obfsproxy bridge would provide bulletproof anonymity.

If they're watching your destination website, and they're watching you send traffic to your VPN provider, those are the beginning conditions for a correlation attack.

"Pad the heck out of your VPN traffic" seems like it will help, but will it help enough to matter? Open research question.

October 13, 2013

In reply to arma

Permalink

It seems to me that, if the TLA's run a large portion of the nodes, then they can do traffic analysis on where those nodes send and if the traffic comes out the other side or terminates there. They can unravel the network one node at a time toward the most popular hidden services.

One case where being a high traffic node is a bad thing.

Solutions?

  • Yes. Pad the traffic between nodes. Establish a minimum traffic level and don't let the nodes traffic drop below this point.
  • More nodes. Ones not owned by the government, not controlled by the government. But how do you prove this?
  • Some way of blacklisting a node if it is found to be a front for someone trying to disable TOR. But then they could use that same blacklisting to disable all the nodes they can't control leaving only the ones they can. Possibly a trust system? lines of trust? My node will only talk upstream to a few nodes I trust? Not that I'm running a node, of course.
  • Maybe a mirroring system. Let a hidden service exist in more than one place, managing service updates and control across TOR on another layer of VPN pretending to be yet another set of nodes. I remember one of the darknets had some way of caching stuff across the hosts so you didn't even know what your computer was serving up to the community.

October 03, 2013

In reply to arma

Permalink

So if I have a transparent VPN on my computer, then bring up the Tor browser this is ok?

Then you're in category one in my list above. It is a reasonable thing to do -- it makes you safer in some ways and less safe in others. If you think your VPN doesn't keep logs and isn't monitored by anybody else (well, and if you're right ;), it's probably a net win.

October 13, 2013

In reply to arma

Permalink

You -> Open Source VPNMesh of anonymously funded VPS/Rental servers, using application routing such as Tinc (open source) -> Tor.

Benefit: Run Tor at higher speeds. Contribute some bw back to Tor on some or all nodes and mask your traffic.

In the last 10+ years, the only packets that have left my computers were my VPN meshes. OpenVPN, then Tinc. I pay for servers using truly anonymous methods (not bitcoin). Say what you want, it has worked out well and is quite handy for routing around problem internet links.

It's not worse than using your own real IP address.

The point about VPN is that although it hides your real IP address, the service is being provided by a third party company.

If you are being investigated by LEA and they know the VPN IP address you used, they could (as happend here) get your real IP address from the VPN provider.

This all depends of course on LEA knowing your VPN address which they're not likely to do if you're using it to access TOR (as opposed to outside TOR, which is what appears to have happened with Ulbricht)

October 03, 2013

Permalink

Tor Project and Mozilla Foundation should analyze the takedown page for any new exploits that the FBI may be using and if either product is compromised, then issue an emergency update.

October 03, 2013

Permalink

What is being done about Hidden Service technology? It has not been updated in a long time.

October 03, 2013

Permalink

I still haven't seen a valid explaination for how the FBI managed to track down the servers without access to DPR (he was still under surveillance at the time).

The post above mentioning 1k of cocaine: this is the first I have heard such a story in my reading. Would it be paranoid to consider the possibility that it's in someone's interest to throw us off the track of a vulnerability?

October 03, 2013

Permalink

Is the general consensus that if there were more relay's (and or more exit nodes) Tor would be more secure?

Yes, but that's not the whole story.

First, it depends on the *location* of the relays relative to what the adversary can see. As an example, if the adversary is already watching a given part of the Internet, and ten more people start running relays there, it's going to hurt rather than help Tor's overall anonymity, because it increases the fraction of capacity that the adversary can watch.

Second, there are a variety of attacks in the research literature that don't care about network size. See http://freehaven.net/anonbib/ and https://media.torproject.org/video/25c3-2977-en-security_and_anonymity_… for more details.

October 03, 2013

Permalink

Tor was initially developed by the NAVY wasn't it? Couldn't they have embedded backdoors in the code? Or is this a stupid/moot question?

October 03, 2013

Permalink

two completely different and very illegal entities taken down within months of each other after running for years on TOR. I think this points more towards a problem with TOR that the FBI or someone found but didnt report to TOR developers.

Interesting stuff... software is as flawed as us humans... are we truely sorry to see either go though?

October 03, 2013

Permalink

Tor is still safe, and will always be as long as the developers keep up to date with cryptography developments and other computer developments.

The mistakes that lead the authorities to the Silk Road owner were human errors, not some flaw in Tor or BitCoin or Tor's hidden services. Tor offers warnings clearly written that you need to keep your data safe and improve your browsing habits if you access your email with your full legal name and do the other stuff from Tor at the same time .... well who's fault is this?

I only hope this will advertise Tor to more people and will attract more users whom will run relays.

Thanks. Unfortunately, I disagree with your "as long as the developers keep up to date with cryptography developments and other computer developments" part. There's a thriving research community finding and fixing issues with anonymous communication designs (Tor in particular, because we make an effort to be easy for academics to analyze).

There are a variety of research attacks right now that I think would work if done by a smart attacker with a medium amount of resources. We're working on fixing them, but we'd love some help. See also http://freehaven.net/anonbib/

That said, it's interesting here that even though potential attacks on Tor exist, all the high-profile cases in the news lately found other things as even lower-hanging fruit.

So the lesson is that anonymity and security are really hard, since you have to get it right at every level.

October 03, 2013

Permalink

Make sure your VPN provider doesn't log/keep logs and is outside of the jurisdiction you reside in.

And make sure your VPN provider's upstream doesn't keep logs either. And their upstream's upstream. And make sure none of the traffic transits an ISP with mandatory data retention requirements (like most of Europe).

October 13, 2013

In reply to arma

Permalink

Read as "Impossible". You'll have additional point of traffic logging and connection to your bank account. Commercial VPN companies surely are/will be forced/willing traffic logs to agencies. They can promise you anything it does not mean they will do it. Words are very cheap now.

October 03, 2013

Permalink

According to Reddit, the Feds shut the SR down completely and lots of dealers are up a creek without a paddle. Bitcoins are gone and there is no way to recover. Lots of people are in hot water now.

October 03, 2013

Permalink

It is looking like the government is finding new ways to track down Tor servers to stop the entire Tor Network they are even giving US citizens grief for running exit relays with our own home computers. The US government is becoming unsafe for its citizens and people are unable to do business without the government getting kickbacks from either taxes or unfair attacks on the government.

>>... they are even giving US citizens grief for running exit relays with our own home computers...

Some cases/evidence oto support this claim would be nice?

October 03, 2013

Permalink

It seems like the discussion is focused on pointing out this guy's mistakes that led to the server's exposure. I agree that that is the most reasonable explanation for what has happened and it is difficult to imagine a breach in Tor. However it is important to note that it is very difficult to not make any mistake over the course of years administering a hidden service.

Part of the problem for me is that services that provide anonymity on the internet like Tor are not yet fully integrated with one's system. I think that in order to succeed these services need to find ways to be readily available and be as transparent as possible to the user.

I don't have a solution for the problem but it seems to me that if Tor continues to depend so much on the exceptional behavior of its users, then every single one's anonymity will eventually be compromised.

October 03, 2013

Permalink

But what about this:

If we are using TBB to hide our traffic from our ISPs ect., which does work or doesn't it. A VPN provider is just an additional service provider. The encrypted traffic from the Tor client passes the ISP, the VPN and enters an entry guard. Thus both cannot see contents or connection details. Or is this all wrong? From what i gather from the site 'how tor works' it has to be like this. If not, why?

Thats correct but if it exits the VPN and crosses a tapped cable before entering the entry guard then it isnt any different than just connecting to Tor directly, from the perspective of a global adversary. Using a VPN will still protect against a local adversary (ISP level).

October 03, 2013

Permalink

Nodes I thought could be opened by anyone including NSA and the likes, if so how safe could TOR be in these circumstances.????

October 04, 2013

In reply to arma

Permalink

He is asking how safe Tor can be because anyone can run (open) Tor relays even the NSA.

Well, the goal is to distribute trust over multiple relays, so it shouldn't matter if one relay in your path is trying to track you.

But we do need to grow the Tor network more, to raise the bar for an adversary trying to do this attack. Right now it's not that hard to run 5% of the Tor network. Check out https://compass.torproject.org/ for the tool we wrote to explore this issue.

That said, if it's actually the NSA you're worried about, you should be worried that they're monitoring pieces of the Internet that include honest Tor relays. Monitoring Tor relays is pretty much just as good as running them, for the attacks we're talking about here.

October 03, 2013

Permalink

I think it's only safe to assume at this point that Tor is primarily controlled by US government forces (NSA, FBI, etc.) and they will be using this to their advantage. Since timing attacks are about the only thing the Tor network has been consistently vulnerable to, they've realized they need to control a majority of the network. There's no doubt they have the resources to do so at their disposal...

Personally, I no longer feel comfortable using Tor and believe the network to be compromised. There have been two major takedowns of hidden services in the past few months. Whether or not these things should have been taken down is moot. Ends can't always justify the means. It isn't an issue of morality but one of integrity. I will continue to run my pass-through relay for the betterment of the network...however, at this point, it's only a drop in the pond.

I think you're right to be worried that these large organizations are working on ways to infiltrate Tor. That said, I don't think they run the majority of the network (or anywhere close).

But that shouldn't be as good news as it sounds. You skipped something else to be worried about -- they don't have to run relays if they can just watch existing relays.
See my libtech post for more explanation:
https://mailman.stanford.edu/pipermail/liberationtech/2013-August/01059…

October 04, 2013

In reply to arma

Permalink

Note that I did not say they run the network, but merely that they control it. As you said (which I agree with), they could be just watching a majority of the relays. Perhaps I should have used a better word, but I meant to encompass the two.

However, none of this changes the fact that I believe the network to be compromised and unsafe. It's really sad because I've been really enthusiastic about Tor and its vision since I first heard about it about four years ago.

October 07, 2013

In reply to arma

Permalink

Did you know the NSA use TOR as a secure network . I would be rather "chuffed" about such a agency that relies on a network. You lot are obviously doing a better job in secure communications than a 50.000 dollar waged NSA employer .

October 03, 2013

Permalink

What about a "serverless" architecture as in Freenet? Totally bad idea?
I'am not claiming that it is better than the present solution, but wondering nevertheless..

It's worth exploring. Freenet is a "storage" service, whereas Tor is a "communication" service. In Freenet you basically store documents and they get cached around. Whereas Tor can handle a broader variety of protocols (web, irc, voip if we can get it fast enough, etc).

So it won't be as easy to have what seems like a normal web browsing experience.

Also, the set of anonymity attacks that work against a design like Freenet is overlapping but not the same as the set that work against a design like Tor. Don't make the mistake of thinking that since fewer academics have written papers analyzing Freenet that it is therefore safer to use. Much research remains all around.

October 03, 2013

Permalink

Hey guys

Guys

Can you help me a bit: how can I connect to a Tor hidden service using curl in php?

Thanx!

Well, that's certainly *an* issue. See also https://blog.torproject.org/blog/hidden-services-need-some-love

But it's interesting to notice that so far as we can tell, that *isn't* the real issue here. The real issue is that things are even worse. Somebody trying to maintain anonymity with a large organization over a long period of time has to do everything perfectly.

I liked the way one of the commenters phrased it on http://arstechnica.com/security/2013/10/silk-road-mastermind-unmasked-b… :

"""
The thing is, not everyone starts out intending to be a criminal mastermind. That's the problem. Most of these things he was nailed by, they were things he did before he actually started Silk Road. It's obvious he very quickly realized that he was going to turn into a criminal mastermind, and started to take precautions, but this guy did (if his linkdin profile is at all genuine) have a pretty legitimate life going before this.
"""

October 04, 2013

In reply to arma

Permalink

Maybe Tor wasn't compromised in this case. Maybe it was.
A parallel construction is in fact not an entirely unlikely scenario.

Hidden Services are apparently not safe as this credible document points out.
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

As the document hasn't (to my knowledge) been refuted by the project means that the server locations of Hidden Service sites can be revealed without much effort.

Why no security alert?

Depends what you mean by "without much effort".

You might like the discussion at
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

As for why no security alert, I've been trying to get a free moment to write up the issues so people can understand them, but instead things keep catching fire and I have to help make sure journalists don't write wrong things about Tor that will make even more work for us.

See https://trac.torproject.org/projects/tor/ticket/8240 if you want to help out. And see the 'hidden services need some love' post for more things that need work.

October 03, 2013

Permalink

It is clear after reading the complaint that every evidence they provided came from imaging the server in July and accessing the logs. It is explained in the complaint, they located the internet cafe after accessing the VPN provider, and after reading the SR logs. Not in the opposite way. The stackoverflow posting and the initial publishing of SR could never reveal that information.

The important point here is how they could locate the server's real IP address.

October 04, 2013

In reply to arma

Permalink

Have you actually read the Maryland indictment? It's certainly a plausible hypothesis that they got the IP address from the employee-turned-witness (the dates fit), but it certainly doesn't say that anywhere. The NY complaint lists the responsibilities of the employees (pg. 19); it's not clear that knowledge of the IP address of the server would have been necessary to carry out these tasks.

This site has links to both documents (NY/Maryland) and a legal analysis:
http://www.popehat.com/2013/10/02/the-silk-road-to-federal-prosecution-…

October 04, 2013

Permalink

The discussion here seems to focus on how they busted the hidden service server operators, which is of course of high interest. But please let me ask another question: Do the visitors of hidden services have to worry these days, assuming they don't do anything completely stupid like posting information that could be associated with their identities?

I think there are three possible scenarios:

a) A flaw in the underlying software, like the firefox exploit on FH.

b) Traffic correlation, which is already discussed in the Tor warnings.

c) Passive interception of all tor traffic streams and brute force to decrypt it later, which would be the worst scenario.

Am i right with this assumption? And further:

- As far is i know, with traffic correlation the attacker would be able to find out which user is connected to which hidden service at a given time, which is bad. But since all traffic is end-to-end encrypted, he would still not be able to see the content that was transmitted?
- Assuming the last scenario, where the attacker is able to decrypt the recorded traffic completely (at some point in the future or even now), he would see the transmitted content as well as the clients and servers IP, is this correct? To deanonymize one completely, the attacker would still need to get the correlation between the IP and the user of this IP at the same time, which means he has to "ask" the ISP - If the ISP doesn't store any logs, you would be fine?

I answered a similar question at
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

If you intercept the Tor stream *at the client* (or at the entry guard, or in between) and break all the crypto later then you know her IP address and also her destination.

If you intercept it elsewhere, you only know the previous hop in the Tor circuit, no matter how good you are at breaking crypto.

Hidden services make the story a bit more complicated, because it's actually two Tor circuits glued together. So the same analysis is accurate for each of them separately.

That said, breaking the end-to-end encryption on hidden services is even trickier for an attacker who runs or observes some relays and plans to break the crypto, since the first half of the crypto handshake goes over the introduction point circuit, and the second half goes back over the rendezvous point circuit.

All of *that* said, yes, hidden services do have to worry these days against a smart and medium-resourced attacker:
https://blog.torproject.org/blog/hidden-services-need-some-love
but see also
https://blog.torproject.org/blog/tor-and-silk-road-takedown#comment-356…

October 04, 2013

In reply to arma

Permalink

Thank you very much for going so much into detail! Just to be clear if i understand you right: Intercepting at client side means it could be:

a) Directly at the client
b) At the clients ISP
c) At the entry guard
d) At the entry guards ISP

Is this correct? Thanks again!

October 05, 2013

In reply to arma

Permalink

Another user here. This is an interesting topic. First of all, thanks for your excellent work on tor and also for keeping us all up to date!

Concerning your cited answer to this question (https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…), i'm a bit confused. You said 'So in this case it doesn't really matter what the ISP keeps or doesn't keep'. In my understanding this should only be true if the intercept happens at the client itself or at the clients ISP. If they are intercepting the traffic at the entry guard or somewhere in between, they may get the clients IP, but still have to cooperate with the Clients ISP, right? And same thing for the other side at the hidden service.

Ah! I see. You are imagining a world where they track the user back to a Comcast IP address, but then they go to Comcast to ask who it is and Comcast says "oops, I deleted my logs already, sorry bye". Yeah, maybe this works sometimes. But a lot of places either give you a static IP address, or a dynamic IP address that happens to stay the same for months at a time. And "we tracked it back to a Comcast user in San Francisco but we're not sure which one" can by itself be a lot of information for an attacker.

Once you've gotten to the point where your defense is "You can learn my IP address but I hope it doesn't help you learn who I am" ...something has gone wrong before this point.

October 04, 2013

Permalink

Nice, can't even use a TOR product to post a comment here. ORBOT Fail
http://www.imgur.com/JD0LbFR.jpeg

Sigh. I really want to believe in this product, I really do but when simple things like posting an annonymous comment fail, how can it truly be trusted to leave cookies around with the plethora of browser attacks combined with stupid kids who download Windows 8 XTRA-SUPER-ULTIMATE-UBER Edition and wind up with more infections than actual operating system files?

Luckily the savvy users won't have a problem but the secure-minded won't use cookies and i guess they won't be commenting here either....

Hm? You might want to use the Tor Browser Bundle, the package that Tor provides.

We like the Guardian Project, and we're happy they're working on an Android port of Tor, but if you're going to use phrases like "this product" then that's not our product.

That said, it seems you're complaining that Orbot's configuration was too locked down to let you interact with the blog. That sounds at least better than 'not locked down enough'.

October 04, 2013

Permalink

Thanks for the update. I'd like to know what your (i.e. the tor developer's) stance is on the paper "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" (which can be found under http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf).

They conclude that Tor's design of hidden service might require a redesign. To quote: "We believe that the problems
we have shown are grave enough to warrant a careful
redesign of Tor’s hidden services."

What do you think about this?

October 04, 2013

Permalink

#BEWARE [1] : Orbot (Android) leaks *ALL* dns traffic while using the "Select Apps" option, it totally *screws* anonymity
#BEWARE [2] : If used with Firefox in "Selected Apps" it doesnt work. It *should* redirect Firefox traffic via Tor but it still uses your ISP instead!

Hi,
as i pointed here:
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

there are some serious bugs in the discontinued (?) Orbot for Android.

Today i've found another one:
DNS traffic fails in the "Select Apps" option of Orbot.
I tried using Vlc as a selected app and the vlc traffic was supposed to be *entirely* routed through Tor (Orbot)
but i've noticed that the DNS traffic isnt redirected to port 5400 and it arrives to my home router and then to my ISP.

So Orbot is used for data traffic but the DNS resolving is done using *my* ISP thus revealing very important details, *zeroing*
my anonymity.

As a "fix" i had to do this:
1)as root: "iptables -A OUTPUT -o wlan0 -p udp -m udp --dport 53 -j DROP" #(and optionally "-p tcp ...." )
2)on the terminal: "tor-resolve the.host-idlike-to-connect.to"
3)go on vlc and change the links substituting the host with the ip address (obviously some time this will not work. Ie. in case of
multiple names associated to that server)

Another problem i noticed is that Orbot (or Android or whatever) completely *ignores* the "Select Apps" setting regarding Firefox.
It means that if i select Firefox in the Orbot configuration *nothing* changes and firefox still continues to directly use my ISP
instead of getting its traffic routed via Tor.

is there a way to fix these issues? is there a way to get and updated Orbot version ? (i'm using the one that comes with F-Droid)

NOTE:
when i use "tor-resolve" on the debian chroot i made on the phone, the dns query works well and gooes via Tor
(my router detected no dns traffic in this case)

Which version of Orbot are you using?

If you are using Firefox, why not try this configuration: https://guardianproject.info/apps/proxymob/

Orbot is hardle disabled. Please get the latest release from here:
https://guardianproject.info/releases/orbot-latest.apk

or via F-Droid repo:
https://guardianproject.info/repo

or Google Play or Amazon App Store, if you trust those sources.

I'm using Orweb, *NOT* Firefox. (firefox doesnt work with Orbot)

I get Orbot from the guardianproject repositories it is the "last" version
the last update was ~ 2 month ago, but the date is still "2012" ( ?!?!?! )

if you tell me that the Orbot from the F-Droid repo is the working one i'll try to get it from there.
I suspected the guardian repo wasnt good. Indeed the dont even have put repo key fingerprint on their site.

So i think: " what the **** i installed ?" i cant be sure i have a "real Orbot", since the guardianproject doesnt allow the user to verify the download.
AGAIN: *NO* fingerprint on that website, last time i checked.

And, no, i dont trust Google play/amazon ecc

firefox works fine with orbot, you just need proxy mobb installed. in fact, orweb was declared unsafe by the Guardian Project themselves because of a major vulnerability in flash videos.

really? have you tried using tcpdump to see if something (like DNS queries) leaks out or are you basing your assumption on the fact that "the webpages load well" ?

i think you should just try to put something like vlc/firefox in the "Select Apps" menu and then while using them try to see via tcpdump if *all* that traffic pass through Tor.

October 04, 2013

Permalink

Arma can you comment on the following article that describes a number of FRAME and JS attacks the NSA can perform when using Tor for clearnet purposes?

http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-onli…

Will your organization finally put a stop to this by disabling scripting by default and blocking all embeddings? If not your funding, than this policy more than ever make us question your motives.

Great question. Keep pushing, I'd say.

The fundamental problem is that too much of the web relies on Javascript. Our first 1000 users were smart and would understand the issues, but the next 500000 users are just normal Internet users.

I guess I'll turn the question around: how come Firefox, Chrome, IE, etc all ship with JavaScript enabled? And how come you're not pushing them to turn it off?

I guess the answer is "well they're just for normal web users, and Tor is supposed to keep people safe from everything". But if people means everybody, there's the tension.

October 06, 2013

In reply to arma

Permalink

Given that the Tor project is understaffed and underfunded I can't really see why you bog yourselves down with trying to make Tor "transparent". You took a wrong turn somewhere.
Take TBB for example. Many - me included - were extremely puzzled by your reasoning behind having JS enabled by default. Tor should *never, ever* put user friendliness ahead of security. The same goes for the apparent vulnerabilities of Hidden Services. As soon as these were known the Tor project should have raised an alarm, however damaging to the project it may have been. Instead you did nothing, causing far more damage.
Hidden services need much more than a "bit of love". If they are unsafe then what's the point? A redesign is needed (and you should avoid the complexities of seamlessly migrating any standard website with its myriad of protocols to Tor). Bare bones is fine as long as its safe.

Agree completely.

The users can always *enable* whatever scripts they want if they wish to lean more towards usablility end of the trade-off. What's the point in making them vulnerable *by default* if you know they are noobs and unlikely to turn the scripts off?

The "if people don't find tor easy to use they won't use it and so would be less secure" argument doesn't cut with me. Given that we *know* now that these agencies are *specifically* targeting tor uses with such exploits, at least make the agenies use their more valuable tricks. At least make them play better to win.

October 04, 2013

Permalink

If an adversary controls enough nodes, or enough of the networks on which the nodes exist, said adversary can then deanonymize the traffic. This is a published weakness in Tor.

For instance, the Flordia tech company that was profiled some years back. They were building a very large network, costing millions, and elluded that they would flood the tor network with nodes such that they would control the entry, transit, and exit nodes. Thus, there would be no real anonymity.

Cisco has been caught installing back doors into their routers to give the USG Spooks the ability to track all data transmissions in China; but who says this hasn't been done elsewhere? Or everywhere? Once again, no anonymity.

The NSA is already exposed for their extensive monitoring of US internet traffic. Likewise, if they are monitoring enough of the traffic they can follow the packets through using timing attacks and other known weaknesses in tor.

So then why is everyone so surprised that tor has been compromised? Even if the media story is dubious, especially with how quickly they reported on the investigative techniques used (how many stories have a detailed investigative strategy reported so soon after the arrest?).

This story is necessary to quell any suspicion. Probably, the tor operators know these weaknesses are being exploited. Possibly, they have instituted a means to salt the packet data to permit it to be more easily tracked across the tor nodes. In any case, unless Snowden released information showing this is the case, we will never know for certain.

You're right, all you have to go on is the source code, the detailed design documents, all of our public conference talks, and the hundreds of academic research papers.

What was the Florida tech company?

October 04, 2013

In reply to arma

Permalink

It wasnt a tech company, it was some rich guy who wanted to infiltrate Tor a few years ago to catch pedos. I think he committed a million or two to the project and gave up.

October 04, 2013

Permalink

Seems to me that if the kids are suspected of doing anything that Uncle Sam, Mother Russia, Cousin Blighty, Principle China, or any of the other big bad grownups can't monitor or control, their only way of dealing with it is to slap wrists, secretly listen in on our den meetings or ban us from listening to the music we want to hear... ha. so.. the matrix is alive and kicking.. :(

Anyway, I for one don't think Tor is the problem here, I don't think it's 100% safe, but everybody should know that - it's made blatantly clear when you visit the download/install section that there are known security issues, but, that with care, you will be granted a certain anonymity provided reasonable precautions are taken care of by you at your laptop or desktop end..

The silkroad situation is always going to be a conspiracy theorists dream.. but... he did (reportedly) make a lot of silly mistakes, the least of which imho was getting involved in hit man contracts and ordering fake id's from his own site to his own address.. (allegedly)

Nobody knows for sure, and probably we, the community will simply have to work harder at being more aware that the walls can sometimes hear, and careless talk costs lives etc..

For what its worth, in my humble opinion, this guy was running a site that kept logs (wouldn't a security minded admin clear everything more than a week old that's past it's relevancy..?), a site that had so much traffic and so many users it was inevitable that there'd be stings set up by multiple interested gov agencies, and above all, a site that was near top of the 10 most wanted.. wiki-leaks and the pirate bay are small fry to a guy who's helped shift a billion (reportedly) dollars worth of drugs and illicit goods isn't it..

Enough though, I'll end by saying I think Tor is still worthwhile, and believe the information within it's network remains secure, just make sure your ip or email isn't in anything coming out of an exit. I believe bit-coin will stabilize and there's a lot of propaganda and false speculation floating around (probably originally of government origin somewhere, but because they used tor when they wrote the articles, we'll never know for sure.....:) that's trying to harm both.

governments can't read whats IN tor (or if they can, the odd email or small site selling weed should be of little importance..), and they don't like bit-coin.

scare, break, lie, smash.. it's the grownups way :(

October 04, 2013

Permalink

Finally SR goes down.What a loser, DPR HAAAHAAAHAAA . Gave up? CP and Dope markets are a embarrassment to the network, peddle your SHIT somewhere else or join SR.

October 04, 2013

Permalink

If NSA operated a large number of TOR servers, how hard would it be for them to triangulate users and data? How do we know NSA doesn't operate a large number of TOR servers?

October 04, 2013

Permalink

Anyone simply tried "heavy" or how about "Risky" experiments to see whats going on?

How about using 'secure' email et al to "threaten" well..use your imagination..what sort of threat should normally in 'transparent' systems pretty much guarantee a 'door knock/kick'?

Anyone?

Or is is literally..and I do mean Literally..ALL "..Mere Smoke Of Opinion"? (H.D.Thoreau)

Frankly the REALITY is very simple whether one wishes (tech fanatic closeted fascists this means you..("I think steve jobs is a hero and I cannot wait for 'smart clothing' and 'driverless cars' and 'fine grain presence monitors in my smart home'..gall!" aka Total Surveillance Whether The Rest Of Us Like It Or Not) to 'poo-poo' it or not; POWER! This is an "Example" being made of someone who literally..no figure of speech..read the forbes article..Literally stated basically his TORsite was 'about' sticking it to the man.

So the Federal BI even stated this is their OVERTLY Fascist/Totalitarian statement re. 'No One Can Resist The FBI'...well..EXCEPT of course whomever is killing (what is it now 400 plus?) HUNDREDS of Women in Juarez..or gosh..just oh I dunno The ENTIRE Drug "War"..or the 40,000 odd "Missing People" annually..fact..FACT is American "Law Enforcement" is increasingly "About" fascist and totalitarian "Mass Surveillance, Control and Coercion, Via The Necessities Of Life!". Using RFIDS in your cars "Fast Track" set up to trace EVERYTHING you do for control and coercion not "law Enforcement"..but simply.."Revenue Streams" etc..sad endless etc..

Crime and Criminals are THRIVING or hadn't anyone noticed?

Crime..Including HOMICIDE..is in fact..UP globally and Nationally.

So I hereby BEG you Freedom loving techies out there to create ANOTHER "Silk Road" but this time make it "Perfect"..and you might want to "Incorporate" because make enough bread and guess what? Your "Corporate Citizen Rights" are the ONLY "Rights" the FBI RECOGNIZES and furthermore Protects..and if that's not enough? PAY OFF your "Regional Corporate Fascist Representatives" aka your local senator or congressman/woman to inact a legislative "Silk Road 2 Protection Act" and SHAZAM! Safety from coercive federal maggots.

> How about using 'secure' email et al to "threaten"

Not really a smart idea over Tor -- they'll track your threatening email back to the Tor exit relay and then hassle them to shut down. For a concrete example, a research group at Georgia Tech ran a Tor exit relay, but then somebody sent a bomb threat through it and the administrators told them to quit running it.

So doing things that make Tor exits less sustainable hurts the network.

October 04, 2013

Permalink

I have a bomb in my shorts and I will bring down a plane to Florida.....or...ionia... or skyrim
This is a test and only a test.
Sheesh........
how stupid

October 05, 2013

Permalink

Would using a pc firewall to block all traffic except the ones coming from tor.exe eliminate the treat from known and unknown failures in Firefox?

October 05, 2013

Permalink

"Sorry, your query failed or an unexpected response was received.
A temporary service outage prevents us from determining if your source IP address is a Tor node." - is it only me?

October 05, 2013

Permalink

The more I think about this...the more it seems the safest way to operate a Tor Hidden Service would be:

Whonix -> Open Public WiFi (or compromised, non-public WiFi) -> offshore anonymous VPS in a country unlikely to cooperate with US authorities (Russia?)...paid for with anonymous Bitcoins.

The server could also use some distributed storage like Tahoe-LAFS (with most storage nodes hosted on different anonymous VPSs or some pubic grid and NOT the VPS running the web server) or Freenet for it's root directory.

Everytime you connect via Whonix to your Anon VPS...

0. connect Whonix-Gateway to open wifi
1. create snapsot of Whonix-Workstation
2. connect to Anon VPS and do what you need to do
3. disconnect
4. revert Whonix-Workstation to previous snapshot...leaving no? forensic evidence of the administration session that just took place

Of course, keeping this disipline up for years on end would be the hardest part.

One might also worry about their Anonymous VPS being compromised (by authorities or criminals). I wonder if i2p eepsites or Freenet might be a more secure option than Tor hidden services if the NSA, FBI, etc. is part of your threat model?

October 05, 2013

Permalink

ok SR is down, we don't know yet (if we ever will) how they found that server..i'm just average internet user and i found out about tor like 6months ago. Digging soon i learned about SR and it's a damn shame it's down. I feel sorry for DPR too. Dunno what are his other crimes besides SR and i think we should write a petition to free him out. lol I'm sure that he just got overwhelmed with stuff going on in his life and he probably did some mistake(s). I have this feeling that he is just a good guy. I hope he doesn't get big conviction. This is great movie story. Also i read that he had some partner. Why? Is SR that complicated to run? And major question is why someone else doesn't do SR again. (i loved that green camel) Does one really have to be a mastermind to make SR same as it was? But maybe somewhere in Europe this time? USA sucks.

October 05, 2013

Permalink

Tor developers:

Please make Bitmessage (the only truly anonymous email service left) available on Tails.

Thanks

October 05, 2013

Permalink

If an adversary can monitor a significant fraction of the exit traffic, finding the IP address of a hidden service appears trivial.

Run a bot that accesses the hidden service at known random intervals.

Cross correlate the exit traffic timing with the random interval sequence.

The length of time required depends on the proportion of the total exit traffic the adversary can monitor. and the volume of traffic.

Am I missing something? I can't think of any way such an attack can be defeated other than using a large number of servers which introduces a serious set of logistical problems with an associated risk of other errors.

In short, I think the idea of SR is delusional. Once a well resourced adversary knows it exists, it's only a matter of time.

Would not hold up in court. (Correlation data)

Also, the NSA has no interest in anyone on this thread. That is, unless you believe you are a defense threat. They don't care about your porn, weed, etc...

As for the FBI, they do not have access to that level of monitoring. They monitor at local ISP's, usually without a need for a warrant. That is not enough for correlation attacks in most cases.

October 05, 2013

Permalink

I'm a Canadian living in the states and I'm in my 60's so have the " big bro" complex. I want to browse the net, and even order things at times that are not anyone's business by mine and the person at the other end. I'm also Irish and have been a bit political in the past. I would never hurt anyone but do have a view point the US government most likely wouldn't like. I just found out about THOR and this sort of site and am interested................good for all of you !
Peace out !
Myrna

October 06, 2013

Permalink

arma, how can you sleep at night, knowing that the only reason Tor exists is for criminals to have a safe haven for illegal activity and the fact that you intentionally make these illegal sites easy to find.

I'm glad the FBI is taking steps to stop this madness. But it seems 99% of tor users are disappointed.

lol i don't understand this post at all..
tor doesn't exist for criminals only. Not all ppl who wanna be invisible are criminals. I understand that logic why would you wanna be hidden if you don't have nothing to hide but i don't support it. Citizens of USA are monitored so even if you say "wrong word" and u draw attention monitoring is starting in bigger way. The question is who is monitoring and what are his intentions. If they can monitor some hacker can use that way too. (I can use Tor to be invisible for bad guys). Maybe the agent who monitors is in big problems cause he doesn't have enough money to support his medical treatment for kid so he starts selling information he collects..etc..lot's of examples for misuse..same as for Tor. So my point is that Tor is not meant for abuse but there will always be ppl who will use it for that.
And by this I conclude that you believe that all politicians and/or cops are straight and legal just because they are law.
And by the way if human society is directed to be same for everybody everywhere there wouldn't be good and bad guys. At least not in this proportions today.

You're so right!

Also, with the rampant increase in knife crime globally i've been petitioning cutlery manufacturers to only produce soft latex spoons, as metal knives can be used to stab people.

/facepalm

I see you did not read anything on Tor Project page (https://www.torproject.org/) take a while and read a little bit.

The Tor Project is there to provide anonymity tools to normal people.
Some of that "normal people" do things against the law, they are the criminals.
As you can see, criminals go to jail.

You have to blame the criminals. Not the tools or their developers.

October 06, 2013

Permalink

arma,
I share your frustration with dealing with "takers" whose only motivations are to complain and bemoan the work you have done. I pledge to get educated on the issues and start contributing more to the project and on behalf of privacy rights. Thank you for what you do in this critically important area.

October 06, 2013

Permalink

i am not the smartest person .. but i wouldnt use tor to access any site or do anything i am not suppose to do from my home internet... or any isp that i pay for with my credit card.. this has to lead to failure in any situation.. this is what prepaid internet wifi is for... go out buy a internet stick .. log in thru a vpn and dont login from anywhere u live.. simple if u are in a car traveling on vpn on prepaid on tor thats alot of investigating ... or just dont do anything you can get in trouble for

October 07, 2013

Permalink

I have just came apon Tor and I must say great job. I'm not a super noligable person with how code and all the other jumbo you guys are talking about. And understand all the debate of is this a flaw, weak point, ext. But from the news lately on the Government that help build most of the Internet Security. You I would asume you are way ahead of Google, Firefox, IE, Ect. And would be a model of which to follow and improve off of. So you sir and "yor" TOR team fucking rock in my mind and thanks for your fore thought and prepping for these days to come after every one realized fuck the government dooped us and all of our users out there. And from what I understand the government employes majority of the minds that could rebuild or plug the wholes that the government had them put in! So thanks for the hard work you should get a public service award or the nobel prize!

October 11, 2013

Permalink

Hi arma, hi all.

There is actually a way to compromise the system, broke into and determine real IP address of the hidden services -- http://www.i2p2.de/how_threatmodel.html#intersection (Intersection attack). However, it is only feasible if an attacker has a lot of resources in its disposal. "Perfectly" achievable in the case of government or really huge corporation. Ordinary person simply don't have such amount of resources.

So, there is a legitimate reason to think that owners of both Silk Road and Freedom Hosting were captured by this attack. FBI lies that they made this through detective investigation. Very sad but true: there's no way to resist against this type of attack, neither Tor nor I2P couldn't resist.

You may also skip through the threat model description page to figure out more insightful things.

Cheers.

There are actually some easier attacks than this one that work against Tor (and probably against I2P and others too).

https://media.torproject.org/video/25c3-2977-en-security_and_anonymity_… has a pretty good overview from a few years ago.

The interesting point here is that it looks like there's even *lower* hanging fruit, in the form of endpoint software vulnerabilities, and that's what adversaries of this size keep choosing (or if you want to get into the next level of paranoia, keep trying to convince us they're choosing).

October 11, 2013

Permalink

Guys all of you can calm down, the webhost ip address was found using the the following "bug" (the mistake of DPR in this case):

It is an information leak on the Silk Road server. It appears somebody located a debug or info screen on the Silk Road server that dumped configuration and environment variables. Some possibilities:

The output of Apache's mod_status (example)
Output of phpinfo() (example)
A custom debug page that is part of the Silk Road application

It could have been found by checking known locations of status and debug pages or checking common locations (eg. /phpinfo.php).

This means there is no way to exploit TOR. Also it confirms this blog post, TOR can't stop the FBI from finding the ip address that is being dumped because of the mistake of the site's owner.

More info at: http://security.stackexchange.com/questions/43266/in-the-silkroad-taked…

October 12, 2013

Permalink

Does anyone know WHICH VPN provider this guy was using? Many of them claim to not log/store IP addresses, but now I am beginning to wonder...

October 14, 2013

Permalink

hey there is no100% security on line u all theres is safe safer and near imposible to hack but if its man made another man can hack u so here is my sujestion way the risksWhat ur desires are and do ur own computations as far as risk and the risk u wana take

October 14, 2013

Permalink

WAS/is accessing SR/other hidden services thru orbot just as safe as thru the tor browser?

October 20, 2013

Permalink

Yea I agree but until we get a faster pipelines to the Tier 1 Networks of which there are only 13 or so worldwide. Tor won't be any faster. Not to mention ISP have to get on board which most haven't yet. How many Gigabit service providers do you know which aren't in South Korea or maybe Japan lol. We don't have that kind of penetration yet here as they do in South Korea which is at close to 90% last I heard. Here I have a radical idea which might just work. Strangely enough this has been done in some third world countries which don't have much access to the web.

I remember reading something somewhere about some community in Africa. They set up their own private internet using Radio transmission antennas? The range isn't all that great but I have heard small community which have the system in place get pretty good speed. However if you connect from this system to the normal web then your identity is compromised. However some of you guys I am sure could work Tor into that. Mobile private networks are really the future outside of an ISP's control. Probably some time away yet though. Some of you guys probably know more about this then I do as I just remember reading it awhile back but not sure where. Well just an idea is all.

October 20, 2013

Permalink

Did anybody else think it was fishy that Mozilla departed from their norm (and have now switched back) to distributing a Tor browser with Javascript defaulting ON. This fitted nicely with the Javascript hack that revealed the origin of hidden site connections.

Also, the LEO's did hack legal sites as well as illegal.

So Mozilla will sell out and LEO's will act illegally if they are anonymous.

> Did anybody else think it was fishy that Mozilla departed from their norm (and have now switched back) to distributing a Tor browser with Javascript defaulting ON

Citations please?

(I hope that in trying to track down your facts you will run across the fact that Mozilla doesn't distribute Tor Browset at all, and then you'll go check some more of them.)

October 22, 2013

Permalink

Some of the posts (smelling of paranoia) convince me that the kind of world they show we will be living in, in futuristic/sci-fi movies may actually become reality... :)

Before some of you come out with all your artillery and murder me with with your posts, I take off.

Relax and have fun in life!!

November 03, 2013

Permalink

The Silk Road and Freedom Hosting busts were both a result of NSA spying. Why do you think Marques planned to flee the country after reading the Snowden leaks.

The NSA took him down because he was planning to flee. They were content to just sit there monitoring him until the Snowden leaks (because we all know they're more interested in power and couldn't care less about actual drugs or child porn).
The so-called police work that ended in the arrests and shutdowns of both Freedom Hosting and The Silk Road were nothing but a smokescreen.

I hope there is some sort of evidence to show what really happened. Or at least I hope to see some tech savvy reporters actually ask a few questions rather then giving American law enforcement the benefit of the doubt (which is just insanity at this point).

We make the mistake of believing it doesn't matter how someone is busted so long as we're all sure they're guilty. It matters greatly! In fact I'm MORE concerned with these "don't ask don't tell" cases that both sides of the debate can't be bothered arguing about because they're both equally disgusted by the victims. It shouldn't matter!

The most pathetic aspect of all of this is that I'm sure both busts were more to do with trying to attack Bitcoin then anything else. Ask Saddam Hussein what happens when you screw with the almighty USD! Oh wait.

December 19, 2013

Permalink

I check TOR sites and the deep web every so often just to see how much has been taken down. I believe there is a lot of criminal activity that needs to be put to a stop from peds to drugs to weapons. I am very happy the government is working hard to bring an end to it. It's not that I don't believe in privacy, I just do not believe in allowing criminals to have a free reign on their evil plots. I hope Tor does not get brought down, just those who use it to break laws.