Did the FBI Pay a University to Attack Tor Users?

by arma | November 11, 2015

The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes. We publicized the attack last year, along with the steps we took to slow down or stop such an attack in the future:

Here is the link to their (since withdrawn) submission to the Black Hat conference:
along with Ed Felten's analysis at the time:

We have been told that the payment to CMU was at least $1 million.

There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.

Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.

This attack also sets a troubling precedent: Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses "research" as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute. Legitimate privacy researchers study many online systems, including social networks — If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk.

When we learned of this vulnerability last year, we patched it and published the information we had on our blog:

We teach law enforcement agents that they can use Tor to do their investigations ethically, and we support such use of Tor — but the mere veneer of a law enforcement investigation cannot justify wholesale invasion of people's privacy, and certainly cannot give it the color of "legitimate research".

Whatever academic security research should be in the 21st century, it certainly does not include "experiments" for pay that indiscriminately endanger strangers without their knowledge or consent.


Please note that the comment area below has been archived.

But of course! Child pornographers "get caught" every time the FBI executes an operation of questionable legality. If it wasn't for those child pornographers conveniently waiting to get caught every time, congress and judiciaries might do something about those illegal ops, but they can't because... think of the children!

November 11, 2015


It is TOR's failure to protect the hidden services, not the FBI's failure in choosing to take advantage of a disclosure issue. If your code is spilling everyone's information everywhere, don't go crying about how you're the real victim.

Tor is getting a bad reputation for its criminal infestation. Many people's first introduction to Tor hidden services is so they can pay a bitcoin ransom, or they hear you can get drugs or child porn on there. The FBI is totally justified in doing everything they can to find and shut down the sites. Every prosecution was against pedophiles and drug sites, and it's clear that they aren't going after innocent people for visiting innocent websites.

Few terms to look up first:
Net neutrality
Right to anonymity online
Freedom of speech
Right to privacy

Then you can also check the values and principles behind the Tor foundation.

Moreover, I am not sure if you would want to see all your info, search details, online habits revealed to the world without your consent.

oh let not forget some FBI undercovers also been caught with their fingers in the bitcoin tills and running rackets too not just the criminals. And the crime fighters also need TOR as much as the criminals and oppressed people too.

> It is TOR's failure to protect the hidden services, not the FBI's failure in choosing to take advantage of a disclosure issue. If your code is spilling everyone's information everywhere, don't go crying about how you're the real victim.

The expectation that "Tor" is responsible for failure is illogical. Tor is a project worked on by numerous individuals and cannot be attributed to a single individual or company. The very fact you, an individual, is attempting to treat "Tor" as a responsible party ('your code') is laughable. It's also a fallacy, which you probably already knew.

> Tor is getting a bad reputation for its criminal infestation.
I used Tor occasionally and do so for non-criminal purposes. While there may be users on Tor who are breaking laws, justifying widespread rights violations that include my rights is not a sustainable solution to catching criminals. A better question for all involved would be, "Why does the FBI think they can minimize crime (to zero, AFAICT) while violating our rights as free citizens and opening the door to abuse from corruption in their ranks?" If the cost of taking crime to zero is giving up my rights as a citizen and making me venerable to other types of criminals (corruption) then I choose another method, even one that allows some criminals to "get away with their crimes".

Assigning suffering to all of us collectively by violating our rights (collecting my private data) to eliminate perceived future suffering (drug sales to minors tomorrow) is an asinine approach, just like your FUD induced comment.

It is BOTH's failure.
A failure from the Tor Project, who failed its promises, but also a BIGGER failure of the democratic system in your country which is now endemic. And no, the FBI is NOT justified, they can't do whatever they want violating the laws and rights of their own citizens. These criminals (FBI and the researchers who are their accomplices) need to be prosecuted, and sent to jail. In democracy there are rules, if you don't like them then go to north corea or china.

I do not wish trolling or flaming but 1 m$ could change a life. I forgive the fbi and these researchers because so am i, i should accept it.
By the way, usa, eu, turkey promote a product that they do not have ; rules, democracy etc.

> I do not wish trolling or flaming but 1 m$ could change a life. I forgive the fbi and these researchers because so am i, i should accept it.

I do not understand.

> By the way, usa, eu, turkey promote a product that they do not have ; rules, democracy etc.

If you mean that US, EU, Turkey all falsely claim to be "democracies which obey the rule of law" [sic], then I agree. It's increasingly dangerous to be a dissident, but nonethless we all need to continue to try to resist the trend towards fascism, to the extent we feel we can. Tor can help.

I believe the folks at the TOR project are doing a public service by making these open source tools available to the public. It would be naive to think that these sorts of networks don't exist outside of TOR... I think the important question here is whether such networks should be accessible by any individual who wants to access them for the sake of anonymity and privacy. This isn't a "good guys versus bad guys" scenario, it is a privacy issue. Darknets and obfuscated digital networks are always going to be available to law enforcement and militaries. So, why shouldn't you be allowed to have access to something similar for the sake of your privacy? Clearly, there is a criminal element to TOR but the significance of the project extends well beyond criminal activity and restricting the public's access on the basis of that criminality would be a genuine disservice, in my opinion.

I also believe that any alternative to TOR would face the same challenges if it came under such scrutiny.


How much does it makes sense for militaries.and law enforcement to have their own anonymizing networks that only them can access, remember Tor started as a project of US navy and they realised it to the general public when they realised that if they were the only people using it it would be trivial to find out who their operatives were.

tor is for every one and open for new projects.
At the beginning, very wise persons decide to protect some persons ; it was in 1900 , these persons were useful for the world , the peace, the industry, the states (all around the world). So, they must not be involved or exposed in any criminal case , tor was like internet, a free (protected vip community ) network for these persons and only them.
' Militaries and law enforcement ' were considered as a piece of the world peace in the usa. It has changed , some of them had and will have big problem.
tor started as project of us navy because the budget was given to them and nothing more. It was open for every one because the cryptography science brought another universal dimension.
@remember ( i wonder what you could remember ! ).

Whenever I see "TOR" in comments on the net, it looks like paid disinfo to me. It's almost as if all caps TOR is a signal to other paid disinfo agents.

I know what you mean, but--- assuming you were serious--- I think it makes more sense to flag possible FVEY trolling by content than by an isolated stylistic feature.

It is true that USG employees (not just people in intelligence) often become accustomed to using all-caps acronyms, but as you can see from my own usage (USG, FVEY) not everyone who falls into such habits is a JTRIG operative!

In my view, content which raises suspicion of JTRIG style trolling includes such obviously false claims as these:

o Tor is "broken" [sic]

o Tor is "only used by criminals, terrorists, and pron purveyors" [sic]

o Tor is "already backdoored by the US government" [sic]

o Tor/Tails are "utterly useless if you are individually targeted by FVEY" [sic]

Despite all their Ph.D. psychologist consultants eager to advise JTRIG/TAO how to "disrupt" our community, I have not yet seen evidence suggesting that their trolling is more sophisticated than troll campaigns such as "Gamergate" which we have survived.

> content which raises suspicion of JTRIG style trolling includes such obviously false claims as these:

Another criterion is consistency with known principles of the deception units operated by FVEY (and Russia, and other nations), such as what is known in CIA as Magruder's Principle:

> It is generally easier to induce an opponent to maintain a preexisting belief than to present notional evidence to change that belief. Thus, it may be more fruitful to examine how an opponent's existing beliefs can be turned to advantage than to attempt to alter these views.

All of the above can be seen as attempts to cynically exploit pre-existing paranoia to cause anyone thinking of protesting to freeze in terror.

>It is TOR's failure to protect the hidden services, not the FBI's failure in choosing to take advantage of a disclosure issue. If your code is spilling everyone's information everywhere, don't go crying about how you're the real victim.

Classic victim blaming. Tor never made any claims to being perfectly secure. If I stumble across a poorly secured website, do I have the right to break into it, because someone might be doing something bad on it?

>Every prosecution was against pedophiles and drug sites, and it's clear that they aren't going after innocent people for visiting innocent websites.

The attacks performed didn't make a distinction between those targeted for investigation and everyone else. You don't get to wiretap my phone because someone down the street is a drug dealer, even if you don't prosecute me for anything. Or more analogous, you don't get to pay the phone company to wiretap me and hand over the recordings as a way of avoiding the legal process entirely, all for a crime I didn't commit or was ever even accused of committing.

Wiretaps require a special level of access. The attacks that happened could have been executed by you or me. The problem is that the Tor software is flawed and people thought something was private but it was right out there in the open. Their stupidity doesn't need special accommodation.

>Classic victim blaming. Tor never made any claims to being perfectly secure. If I stumble across a poorly secured website, do I have the right to break into it, because someone might be doing something bad on it?

Someone breaks open source software and uses it to get attention in the media, and it gets called security research, and anyone trying to stop it is an evil oppressor. (Look at weev)

Someone breaks open source software and uses it to catch pedos, and it gets called oppression and victimization.

This sort of attitude in the privacy community fucking disgusts me. It seems like people are more interested in protecting the ability of pedos and extortionists to operate, and use that as the gold standard for privacy. If the FBI can't catch pedos, we must be secure.

I'll either throw up or be compelled to throw-up. But I respect your comment regardless, this is a free world.

Tor is not a 100% secure, so as everything else man has ever made, get over it. We use Tor because it protects us way more than any other software out there. Rather than advocating what Tor cannot do, could you perhaps come up with a better solution? Tor has saved lives globally, thanks to a dedicated team. People giving themselves to a course rather than seeking pleasures and eating their bellies out.

"Tor is a failure" - Your idiot.

"The FBI is totally justified in doing everything they can to find and shut down the sites."

Actually that's where I would disagree. Sure, the FBI should go against people doing illegal things, but that doesn't equal justification of every form of prevention/investigation they can think of. For example if you're trying to get information out of someone, that doesn't justify torture even if the information is important. Or in this example, it doesn't justify invading the privacy of many innocent people. The same way you don't get a search warrant for all houses of a city just because you're quite sure there are some people doing bad things living in this particular city. (Even if that'd prove quite effective.)

"Tor is getting a bad reputation for its criminal infestation."

I won't deny this. Even though I don't understand why people don't do proper research themselves and then notice that Tor itself is not at fault. I'm just not sure how this relates to your other arguments. Just because something has a bad reputation that automatically leads to fewer rights?

I'm right behind you on that!
The FBI is NOT justified in doing EVERYTHING possible! By doing what they did here; THEY have become criminals themselves and nobody seems to care. What would happen to anyone outside of law enforcement doing the same thing they did? It's amazing to me that just because they consider themselves law enforcement; it's acceptable to society for them to commit a crime and go unnoticed!

Except their actions didn't only affect the anonymity of "pedophiles and drug sites". It affected everyone that made use of those compromised relays. Not cool.

Maybe every prosecution where we *know* they gained information from this was against pedos and drug sites, but we know the US government uses illegally obtained information to create investigations and cover up their sources.


Bypassing the fourth amendment undermines public trust, and they're spending extravagant amounts of tax money to orchestrate a cyber attack to do that. The FBI is perfectly able to investigate crimes within the scope of the law, and they've been doing that successfully for a very long time. Behaving in this way is harmful to their own mission.

Also, Tor is a tool, and can be used for many purposes. If someone commits a murder with a hammer, would you blame the tool manufacturer for making weapons?

The 4th amendment does not apply to things that are public.

When people think something is private, but it's actually out there in the open, that doesn't mean the government needs to pander to that misconception.

The attack against hidden services could have probably been done with anyone that has an internet connection.

> The 4th amendment does not apply to things that are public.

I think you need to recognize that one of the problems with current cyberlaws in all nations is the failure to reconcile the contradiction between a computer operated by someone from their own home (so Fourth Amendment would apply, no brainer) and an anonymous comment replying to a blog or bulletin board post appearing on some blog or bb hosted as a HS somewhere. For example.

Some legal scholars have argued that another portion of the Bill of Rights renders keyloggers unconstitutional:


The fact is that "the scope of the law" is a very shifting thing right now because all the crime is moving to the Internet and the police can't do anything about it. And when they actually do, people bitch and moan because I guess they don't want cops arresting people for crimes.

The fact is that if the police are going to be in any way effective in the Internet age, they need the ability to investigate crimes. The Tor community might be up in arms about this but there are also victims every day getting doxed, getting their sexual abuse shared, getting their money stolen, and this sort of thing is sometimes the only way to get justice for the victims.

Right now if you are the victim of a cybercrime, the odds of getting justice are about nil. Is that the world you really want to live in?

Fuck yes, it exactly is. You don't get it, do you? You don't get to force everybody else do your bidding just because you're too fucking stupid, in the same way you don't get to announce you're driving to the cliff edge today and everyone else had better fucking pay up to fund the construction of a gentle slope, made of robots, at the cliff edge to save you, and they had better shut up about how this is terrible, pointless, and stupid and "get with the program".

"victims every day getting doxed, getting their sexual abuse shared, getting their money stolen, and this sort of thing is sometimes the only way to get justice for the victims."

Because knowing that someone got fined or incarcerated over it would totally make it go away if something like that happened to me. Wrong. Just so you know, the police can't take that information back from the Internet for you.

Restitution is one thing, although I don't exactly see a lot of that going on, especially when we're talking about over-seas ransomware extorting people for money, or Bitcoins disappearing left and right. But what you mean by "justice" is a little unclear to me.

Sorry, but I'll take prevention before prosecution.

This is garbage. If I put a lock on my door that is breakable and then the FBI come and break into my house with out a warrant, the FBI are in the wrong, not the lock maker. You sound like an idiot when you make such blatantly dumb arguments.

It's not the "Ferguson Effect" that's causing social unrest in this country, it's pigs like you.

I was using Tor during the time they were de-anonymizing users. I was simply doing security research and at times looking at legal porn from well established, clear-web websites like Porn Hub. I use Tor because, frankly, I don't want the government, my ISP, or my DNS provider to know certain private details about my life and/or interests (which, to be quite honest, aren't that racy). What's followed has since been a many-year nightmare of stalking, harassment, spying, and character assassination orchestrated by the government in what seems like some Orwellian attempt to justify their gross constitutional abuses.

I was using VPN with Tor, so when they did their trace it pointed them to the VPN IP instead of my home IP. As a result, they needed to get creative.

Some of the tactics they used, in addition to typical surveillance, were:

- Cloning friends' social media accounts (without their permission).
- Masquerading as friends' accounts on certain messaging applications.
- Hacking and/or DDOS'ing routers offline.
- They used Windows Update to drop malware into the computer.

If you've payed attention to the security news recently, you might know that the government has sworn off using Windows Update, but I assure you they very much are and have been using it for some time (just covertly) and I'm almost certain Microsoft knows about it and may have signed the malware.

Another thing you guys might want to be aware of: I'm not certain, but it seems like they might still have the capacity to de-anonymize users.

You say Tor is getting a bad reputation for its criminal infestation. You fail to realize that the problem is not technology. That criminal infestation you are talking about such as the ones you mention are social problems not technological ones.

The problem is the technology. Before the technology, the cops had some success rate. Now their success rate is horrible, and we see massive communities of abuse with real victims(not just drugs), and no recourse for those victims.

When you say success rate, do you mean number of criminals caught over number of criminals, or number of criminals caught over number of criminals known about?

I'm interested to know how you calculate the former ratio using the number of criminals we don't know about. In the latter case, are you sure that wouldn't have anything to do with the fact that most of the general population knows more about all of the things going on in the world now versus before, simply because there are more ways to publish and read about it?

Or maybe it's just because the population is higher now, there is more data, and "Photos found on man's computer depicting children wearing clothes" or "Woman found with a toaster purchased on an underground auction site" still doesn't make a good headline.

Come back when you've added some control variables and have had your little study peer reviewed.

When the technology enables the criminal faction, yes, it is the technology at fault, not the social aspect.

Read what Albert Einstein said about the atomic bomb.

It is TOR's failure to protect the hidden services, but that does not make what CM and the FBI did any more legal or constitutional.

Age of consent laws are crimianl nonsense and so are any laws against the free use and trade of drugs. The real criminal here is the american. The same government that also happens to fund tor.

> The same government that also happens to fund tor.

USG does currently provide most of Tor Project's funding, and while this does not imply that Tor is some kind of "USG sting" (it isn't, quite the opposite in fact), this issue has been a concern for a long time. Recently the Project has taken steps to address the problem, and I encourage you to donate to the current funding drive!

It's not necessary that Tor accept no funding from any government or corporation, but we all now agree, I think, that Tor cannot continue to accept too great a percentage of funding from any "block", such as FVEY governments.

Wow....SJW was the first to comment and also completely miss the point (as these idiots usually do).

I'm sure other SJW types will take this criticism as my endorsing CP trafficking. NO.

The point is, dimwit, that the goddamned Federal government circumvented due process by outsourcing this "investigation" to this university, because the university was able to play innocent and say "We were just doing research".

The FBI is NOT "totally justified" in engaging in this kind of rogue law enforcement. Just because some good things may have come out of it, the end in no way justifies the means.

And don't give me that "well, if you've got nothing to hide" bullshit. Everyone has something to hide, and we have a right to do so. It's outlined pretty clearly in the fourth amendment. I've got nothing to hide, but do I want anyone - much less law enforcement - rifling through my underwear drawer, or looking at my computer just to make sure I'm not a criminal of some kind? HELL NO. I like legal porn, but I would be really uncomfortable if some pig or anyone else could just decide to go through my history and make a list of the kind of weird stuff I wank to. It's NONE OF THEIR BUSINESS, and certainly none of yours. Fuck off with your stupidity, and go study some history. While you're at it, familiarize yourself with the constitution before you do something stupid like cast a vote in an election being as ignorant as you are. FUCK.

So if the bank teller gets sick and runs to the rest room, it's OK for me to take the money from her cash drawer? By your logic, it would be her fault and not mine, so I guess I'll start looking for opportunities to get money in ways I used to think were illegal, or at least immoral. Understanding that everything is the victim's fault is useful, so thanks.

Saying, "The FBI is totally justified in doing everything they can to find and shut down the sites." shows such an incomprehensible and complete failure to understand the purpose of the 4th Amendment. While, they're at it, they should wiretap your home just to make sure that you are not breaking any laws.

It's sheeple like you who are the source of the U.S. political problems, and you will be the cause to the beginning the 2nd American Revolution.

the FBI and USA lock up more of it's citizens for non violent and victimless crimes than any other country in the world.

people buying drugs for personal use and people looking at porn anonymously are victims of hate crimes when they are locked up for doing something that hurts no one.

What people need to understand ist that almost every state in the world operates under the color of commercial law. Every "crime" these days is a commercial crime. If a person gets accused of a crime, the prosecutor floats a bond and attempts to make the accused person a surety on the bond by means of a trial. The accused person is always presumed guilty in a commercial court (Federal and State Courts). The trial itself is an opportunity for the accused to settle the commercial liability attached to his person. If he does not recognise this (and most people dont), he must either pay cash or go to the bonded warehouse (called prison) for a certain amount of time, so that the government can claim it has secured collateral on the bond. Maturity of the bond is accelerated if the collateral behaves well in the warehouse. On the maturity date of the bond, the government gets paid and the collateral is released from the warehouse.
The FBI does not look for "criminals" in the traditional sense. It looks for persons who violate US Codes and regulations because this generates credit for the state. It has nothing to do with the amendments. They are not applicable to people who are US citizens (generally people who have a social security number). The amendments are for non-corporate people. If one is a US citizen, one has waived such rights.

As far as Tor is concerned. It is a tool, nothing more and nothing less. A knife and a hammer are also tools. One can use a tool for honerable purposes or for dishonorable ones. It is up to the user. According to the arguments put forward by some here, one must be consequent and also ban all hammers, knifes, cars, well, literally everything that has the potential of being abused which is, well, really,..... everything. This is a stupid argument and is really made by people who have no capacity to think and act properly.

With the number of laws on the books now it is just a case of pick a person and find a crime. Al Capone was busted for income tax and Hillary Clinton is being busted for E-Mail. If they want to bust you they can find a crime to fit. ;(

The FBI is a regulated body paid by the public to follow those rules. If they are on the public payroll and hire hackers and crackers to indiscreetly and indiscriminately net fish for criminals they are breaking the law - unless they have a secret warrant or some such for a specific reason.

Rapists, murderers and child molesters will be around whether or not the FBI breaks the law or their professional ethics.

Therefore do not do it

Someone breaks into your house. You didn't have the perfect lock. It's your fault, so don't go crying about how the thief is to blame.

I don't have any proof, but because there is a possibility you might be doing something illegal, I think the FBI should plant hidden cameras in every room in your home, and 3 in your bathroom. They should also be allowed to access your bank account and all your credit cards so they can monitor your spending habits, and to make sure you aren't buying anything they don't approve of.

If you aren't doing anything wrong, you shouldn't have anything to hide, right?

All of the stuff on the tor browser is bad also your talking about the deep web -_-
which was made by the government....
Also there is good stuff on the deep web like waffle recipes :D and cat facts.
And in country's such as North Korea people can download books/movies off of the deep web using the tor browser to not get caught.

Man, say theoretically a student at university of Pittsburgh works his ass off changes his life, pulls himself out of the depths of hell from bad mistakes when he was a kid. Goes to a community college get a 3.7 in mathematics, obtains 3 months shy of 4 years clean from drugs and alcohol, he is so proud of himself, he proudly raises his head in respect to becoming a person addicts from his home town Erie, Pa can look at to change there own lives. So happy to Make it to the university he dreamed of, a couple weeks before heading to the semester reads an article about 'the silk road' thinks it may be a lie downloads tor, looks at the site deletes it, with no intent to use or do anything with it. Keep it mind this site is overly published, he forgets about it, the semester starts he realizes having a complicated past, that there is a constant stream of ci's following him, people trying to hack his computer. So he exposes himself tells these people, "I'm a good person, I don't do drugs", but they keep following, keep nagging, only to find what he had said about changing his life was all true. The under covers notice all he's doing is helping people, stays away from drugs, tells people to do the right with there life.without having a starting knowledge they were there, they push so hard, they drive him out of the college, looses something that meant the world to him. He's so ashamed of himself, they won't stop, but finally after talking to these people through texts, they realize the criminals are not the one there investigating, but the college that pointed the finger at him, to hide something they were doing. Destroyed his life had to leave Pittsburgh, where his apartment was 7 blocks from the software engineering institute. Could be true....all for nothing.

November 11, 2015


I wish some CMU students, faculty, or alumni would start a petition demanding that the university return this dirty money, or at least donate the same amount to The Tor Project.

No just release their names to the world. If I have done nothing wrong I have no problem with signing my name. On the other hand if I don't want to be identified I might just be embarrassed by my actions. ;)

There is a difference between reparations and repentants. You shouldn't ask them to support TOR, but rather just admit activity and refuse to participate in the future.

November 11, 2015


All fair points, but this post equates CERT/SEI, which is where this work was allegedly done, with Carnegie Mellon and that is a bit misleading. CERT/SEI are not academic department, but a semi-autonomous FFRDC within CMU. This is somewhat similar to the relationship between JHU APL and Johns Hopkins, MIT Lincoln Lab with MIT, GTRC with Georgia Tech...

Whether universities should host and support such centers is a matter of debate (e.g., in 1970, SRI became completely independent from Stanford), but equating directly these centers with traditional academic research departments is quite a shortcut.

So the FBI is using schools to do their dirty work for them?
I figured the alphabet-soup government institutions recruited all the talent from the universities, thereby removing talent from the market economy. The FBI and the like should have enough talent to do 'turn the gas valves' without mixing in with the universities.
All of these 'crimes' are victimless and just creates a jobs program for the government goons.
I blame the tax payers and voters.

November 11, 2015


> I wish some CMU students, faculty, or alumni would...

...contribute back to Tor, improving any weakness they found. great security research there.

That would mean that the l33t h4x0rz in the comp.sci lounge would have to get off their butts and do something other than comparing their e-peens and how torturous their class schedules are.

November 11, 2015


Ok, great, we know that you are outraged, angry etc. But would you supply any info whether you plan to resolve this issue on technical level? Can we assume that TOR is now compromised?

Not at all.

Last summer someone provided Tor Project with information from the withdrawn talk, which outlined the vulnerability. The flaw was indeed serious but within days it was fixed.

November 11, 2015


It was probably not CMU per se, but CMU's Software Engineering Institute (https://www.sei.cmu.edu/), which specifically works with defense agencies, government organizations, and the intelligence community (with the private sector as something of an afterthought). The SEI seems to be exempt from the usual research ethics review process due to the nature of their connections (an org that has and uses a SCIF tends to be able to get some exceptions to the usual processes). If anything, it was probably a "We need this, we'll pay you to do it, get to work" kind of deal.

November 11, 2015


Like most FFRDCs, CERT/SEI will basically take as much money as they can regardless of ethics or ability to deliver on contracts.

November 11, 2015


I used to draw loli porn for free but seems the CIA infected my brain and now I cant draw anything.

November 11, 2015


Ok... so let me get this straight ...

we should be upset that the FBI could expose drug kingpins, assassins, and child pornographers ...

... and we should be upset that some academics could study, and that a school got a large some of money, which many schools are surely lacking?

I love freedom of speech. I hate it when people are arrested for political crimes and non-violent crimes. But I have a bit of a hard time getting too upset about this event outside of my utopian idealistic "what if?" box. The end result was worth it and now Tor has been approving its security method.

Props to raising attention to the issue tho. I hope that more of those in academia will feel inspired to help improve tor as time goes on, especially through less harmful methods.

November 11, 2015


Dear 'anonymous' authors of the comments above, your names, addresses and social security numbers have been forwarded to the CMU principal for immediate academic suspension.


This is a really important acivity.

Even in the darkest days of the Soviet Union, Samizdat helped keep the spirit of freedom alive. Under Putin and rule by authoritarian elites in other countries, perhaps Tails can do the same.

November 11, 2015


The Tor community should stop persecuting security researchers! You are all only mad because they took down your beloved pedos.

November 11, 2015


Law Enforcement say if you haven't done anything wrong you have nothing to worry about .
I say as I haven't done anything wrong who are they to invade my privacy without legal right .

November 11, 2015


Do not complain. FBI gave us a favour. They paid for research which is unveiled some flaws in tor. They gave us a kick in the butt. That is good.

November 11, 2015


If the FBI was using every means at it's disposal to prevent further abuse of a child or children that's fine by me.
Drug sites providing services that result in our citizen deaths I also support.

However our right to privacy should trump that.

If a father abuses his child in his own home and then shares that information over the network encrypted or not - then other users of that network have a duty to report that abuse.
Fairly certain that the child in that case is non-consensual or doesn't have the ability to make and understand those decisions.

When these reports are received by the FBI what would you have them do?
Grab a beer and watch helplessly?
What if it was your niece or nephew?
What if it was your extended family - a whole lot of strangers knew about it, but you didn't?

If you are connected and sharing information to a community then you have the responsibilities of that shared community.

Copyright laws, whistle blowers, drugs, child porn, murder, murder for hire, just some things you know in your gut are wrong. But the reason we need anonymity to begin with is because the laws that are enforced do not meet the will of the people it's designed to protect. When Law and common sense are no longer even speaking to each other - this is what happens.

I'd like a country that had laws that makes sense, didn't send drone attacks to people I don't know ticking off another generation of ISIS or whatever the flavor of the month group might be out there.
Because the root cause of the problems are "LAWS" written by imbeciles for to protect profit - not the the people.

How about we have a country where we don't have the NEED to hide?

November 12, 2015


Tor propaganda machine in full swing again. Let's protect the pedos and drug barons.

What they fail to mention is that cell counting techniques are just as effective at deanonymizing people as the relay_early attack - and the former has not been fixed.

November 12, 2015


Has Carnegie Mellon researchers/students/board communicate about that? I would be curious to hear what they have to say. For the moment, I might consider blacklisting this university for any kind of collaboration/exchange in the future. Maybe we'll hear more from them if this blog post get enough echo. Thank you arma.

November 12, 2015


Much as I wish it were different, the fact is there is nowhere to hide, and nowhere that is safe.

The only thing TOR, and even data encryption are good for, is keeping the casual thief out of your pocket. But if you think for even one second, that this network keeps you safe from the prying eyes of The State, you are profoundly naive. Even Edward Snowden understood that all he was really doing was just slowing them down by using encryption and anonymizers. If they want you, they will take you, sooner or later. There is no escape.

The fact that they're using universities and other institutions in this endeavor, should also not come as any kind of shock. What is shocking, is that they had to pay anything at all up front, to get the university to participate.

If you *really* want to be safe from The State online, don't go online. It's just that simple.

November 12, 2015


You want secure and private use of the internet? easy... imagine it in your mind!, there is no such thing as privacy something or someone will be watching always. Just make sure that whatever you are doing is legal...

November 12, 2015


I have damaged eyesight and the person I live with was cut up badly looks like a different person. I'm not a pansy / sissy so I can hide publicly I live in a so-called modern society that has a rapid culture changes through immigration a schizophrenic nature. Opinions change overnight virtually on what is acceptable. Though it has become a cliche over used and abused word I am gay.

I rely on Tor network. 12/11/2015 you fuckers better not get me killed!

November 12, 2015


congratulation tor team

you survived a $1+ Mio attack
its a good news
Now, they have to spend $10+ Mio :)

November 12, 2015


Well it is just more of the same old New World Order crap where the common people are subject to the will of those who consider themselves as the elite. Your privacy is not allowed, and is even criminalized if you try and have it. Just look at what the NSA, DHS, and alphabet soup globally think of private citizens who use encryption, they are considered terrorists, or criminals. The only right they see you as having is the right to be a subservient part of the greater collective. The worst part is that the greater public swallows it as far as attacking Tor, or any other form of encryption. True freedom, and liberty will soon be a thing of the past without even a footnote being added for fear that it might incite any form of free thought. That CMU is a part of it is of no surprise, because it is always the Ivory Tower folk who see themselves as far superior to the unwashed, and under educated masses.

November 12, 2015


Maybe the answer to this is obvious to the Tor devs. Bandwidth is expensive. So why did you not just remove the Guard & Exit flags from those nodes? This way they would become middle nodes and contribute to the Tor network. And probably also tell the Authority nodes to automatically add the Family flag to these new nodes? But instead you decided to block them completely? Why? Also what is the backup plan if law enforcement seizes all the Authority nodes as well as the place where I am commenting right now?

November 12, 2015


To undermine,cause lack of confidence, play with grey areas of law by any group, party or organization in order to justify the disruptive flow of humanity's God given right to reach out, communicate, explore, question, think, imagine or in any other way stifle the mind of man from expanding beyond his mortal limitations is a CRIME AGAINST GOD and MAN. No government or group has the right to usurp the human experience of thought and harmless expression done in supposed anonymity to justify additional Gov. monies or promotions. I say lets spy on who is not using enough disinfectant in our water supply and invoke summary execution.

November 12, 2015


A thousand thanks to Matthew Green for speaking out against rogue insecurity researchers:

Why the attack on Tor matters
Op-ed: Comp sci researchers have a blind spot to ethical issues in their field.
Matthew Green
12 Nov 2015

@arma: please consider working with civil liberties organizations such as ACLU, EFF, EPIC, Privacy International to

1. lobby civil-liberties-friendly elements of both houses of the US Congress to mandate IRBs for network-security research (even better, extend the effort to US State legislatures, which have been well in advance of the federal legislature in addressing civil liberties concerns in some states, and to EU legislatures)

2. together with such groups, try to organize an academic conference addressing the ethical conundrums exemplified by the one million dollar plus payment to CMU

3. attempt to engage professional organizations in outreach to their membership, to organize campus boycotts, not just at CMU but at other US universities which do police work for a fee for the feds (cf the attempted boycott of academics who take NSA grant money)

November 12, 2015


Assuming someone was charged as a result of this attack, is this tantamount to law enforcement hiring a university to issue a survey to a large group of individuals asking them about their recent traffic violations, then taking their answers as written confessions and issuing tickets to violators?

Moreover, aren't researches typically prohibited from releasing individually identifiable data to ANYONE, law enforcement or not?

November 12, 2015


> If I put a lock on my door that is breakable and then the FBI come and break into my house with out a warrant, the FBI are in the wrong, not the lock maker.

You may be interested in these recent stories from Seattle (where the arrest in case discussed by arma occurred):



And at


look for the document titled "Performance Work Statement: Course of Instruction in Advanced Force Operations". Ponder the implications of the required experience for the course instructors which is stipulated in this document.

November 12, 2015


Federal agencies are pushing hard in all US governance arenas to force all US persons

o from using landlines to using cell phones

o from using wired only routers to using WiFi (non-WRT) routers

o from using personal hard drives or USB sticks for storage to using "cloud" storage

As with their encryption-workaround programs, they are pursuing a mixture of outlawing what they can, and enacting secret treaties with companies like Apple and Amazon to covertly evade any remaining legal protections for citizen data. (See the leaked White House memo on the USG strategy for obtaining backdoors by the backdoor.)

NSA likes to brag that we are living in the Golden Age of Surveillance, but evidently they feel that their work will not be done until they can freely access all the world's data, which currently they cannot.

November 12, 2015


So it is war?

All of us (citizens) against all of them (governments)?

Actions (burglaries, bribes, infiltrators, state-sponsored-malware, Stingrays, spyplanes, air-to-ground laser strikes) speak louder than words. Thank you, Comey, for clarifying how you view The People.

November 12, 2015



November 12, 2015


I used Tor to search for a Medical Problem That I have , Might Be ( Cancer) . I just did NOT want anyone to find out (employer ETC) , Also Family. So am I now In trouble ? Thank You Tor For everything you Do To Keep My search Safe. Plz keep up this blog as i try to Read it every day or two-three..etc etc. I Do Not think that is Correct way for Law enforcement To Handle Things. There is so much wrong in This world Today. But There is a lot of Great People Doing Good Thing's ,Try to focus on the Good Things. Thank's again Tor.

November 12, 2015


> Every prosecution was against pedophiles and drug sites, and it's clear that they aren't going after innocent people for visiting innocent websites.

The FBI very much wants you to believe this, but in fact there is plenty of evidence (both circumstantial and documentary) to suggest that the alleged concern over alleged epidemics of baby-raping maniacs or crazed ISIS operatives or heavily armed lunatics is a sham. The evidence suggests that the FBI's real concern is with

o Occupy movement

o anti-foreclosure movement

o student-loan reform movement

o anti-fossil fuels movement

o anti-fracking movement

o Socialist Alternative movement

o Sanders organizers

o the 15 dollar minimum wage movement

o Black Lives Matter movement

o "radicalized" veterans burned by VA

o Somali immigrants

o American Muslims generally

o union organizers

o student "radicals" (not just college but also grade school)

o Americans generally, aged 3-7 years (prime targets of NCTC CVE programs)

These are the people which the FBI really *really* does not want to see adopting Tor, strong encryption, or streetsmart opsec. Because they really fear an imminent popular uprising. Not so much because they fear the riots per se, but because a genuine uprising might be "handled" by the US military's Northern Command, rather than FBI.

A random sampling of major stories from the past few years:







> banks sat down with FBI officials to pool information about OWS protesters harvested by private security

Companies such as Cyveillance monitor blogs such as this for "open source intelligence", which is sold to banks and shared with DHS, FBI, etc.







Tip of the iceberg. All manner of lawyer-client, doctor-patient conversations, and jury deliberations are covertly recorded by the USG, which has secret rationales for considering that such conversations are *not* protected under US law, especially when the conversants are impoverished. In particular, the HIPAA Privacy Rule, one of the last remaining bastions of privacy in the US, has apparently been voided by the 21st Century Cures Act.

All of which adds up to a whole bunch of reasons why ordinary people badly need Tor.

So @Tor people: thanks for your work and please keep it coming!

> In particular, the HIPAA Privacy Rule, one of the last remaining bastions of privacy in the US, has apparently been voided by the 21st Century Cures Act.

"Hate-int" (dual to "love-int") is not just for NSA operatives, unfortunately. Here is an excellent new article from Charles Ornstein (part of Pro Publica's series on abuses of electronic medical records) on the horrific damage caused by even "small scale" breaches of medical privacy:

Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Charles Ornstein
10 Dec 2015

> Driven by personal animus, jealousy or a desire for retribution, small breaches involving sensitive health details are spurring disputes and legal battles across the country
> ...
> HIPAA does not give people the right to sue for damages if their privacy is violated. Patients who seek legal redress must find another cause of action, which is easier in some states than others.

The article fails to mention the concern that bills currently being considered or enacted in the US remove even the modest protection afforded to ordinary citizens by HIPAA, for which see

Privacy advocates blast 21st Century Cures bill
Bernie Monegain
14 May 2015

> In an analysis posted on the wesbsite of the National Law Review, lawyers Anna Krause and Paige M. Jennings, note that the Cures legislation would change HIPAA laws. The draft bill, they write, would add a new section to the HITECH Act to permit covered entities to use or disclose personal health information, or PHI, to certain entities for “research purposes” without authorization from the subject individual or a waiver from an IRB or privacy board.
> Also, they write, the changes would allow remote access to PHI for certain research purposes; allow one-time authorizations of the use and disclosure of PHI for research; eliminate limitations on remuneration for PHI disclosed for research purposes; and allow disclosure of PHI to FDA-regulated entities for research purposes such as comparative effectiveness analysis.

The bill says "research", not "medical research", so it appears to mandate warrantless access by agencies such as DEA, FBI, NCTC, Fusion Center analysts.

There is an unwritten principle in US LEAs and intelligence agencies which holds that "anything which is not specifically forbidden is permitted". The drafters of these bills know this very well and appear to deliberately to omit to construct each bills language "defensively", or even to properly define terms used in each bill. That is because the persons who draft the most dangerous portions of these bills are usually lobbyists and intelligence agencies, not Congressional staffers.

> "Hate-int" (dual to "love-int") is not just for NSA operatives, unfortunately.

Hate-int has been a feature of FBI's enormous waste of tax dollars over its entire history, back to when it was called the Bureau of Investigation, and J. Edgar Hoover was merely a 21 year old up and coming back room executive.

Perhaps the most notorious example of hate-int by FBI is the anonymous letter penned by William Sullivan, the number two man at FBI--- or, as some revisionist historians now believe, by J. Edgar Hoover himself--- urging Rev. Dr. Martin Luther King to commit suicide. The historian who discovered the original draft in FBI archives, Beverly Gage, described the significance of her find last year:

What an Uncensored Letter to M.L.K. Reveals
Beverly Gage
11 Nov 2014

> When the Rev. Dr. Martin Luther King Jr. received this letter, nearly 50 years ago, he quietly informed friends that someone wanted him to kill himself — and he thought he knew who that someone was. Despite its half-baked prose, self-conscious amateurism and other attempts at misdirection, King was certain the letter had come from the F.B.I. Its infamous director, J. Edgar Hoover, made no secret of his desire to see King discredited. A little more than a decade later, the Senate’s Church Committee on intelligence overreach confirmed King’s suspicion.
> ...
> The F.B.I.'s entanglement with King began not as an inquiry into his sex life but as a “national security” matter, one step removed from King himself.
> ...
> At this point Hoover decided to escalate his campaign. On Nov. 18, 1964 ... Hoover denounced King at a Washington news conference, labeling him the “the most notorious liar in the country.” A few days later, one of Hoover’s deputies, William Sullivan, apparently took it upon himself to write the anonymous letter and sent an agent to Miami, to mail the package to Atlanta.
> ...
> the debate over how much the government should know about our private lives has never been more heated: Should intelligence agencies be able to sweep our email, read our texts, track our phone calls, locate us by GPS? Much of the conversation swirls around the possibility that agencies like the N.S.A. or the F.B.I. will use such information not to serve national security but to carry out personal and political vendettas. King’s experience reminds us that these are far from idle fears, conjured in the fevered minds of civil libertarians. They are based in the hard facts of history.

Gage notes that

> The current F.B.I. director, James Comey, keeps a copy of the King wiretap request on his desk as a reminder of the bureau’s capacity to do wrong.

Comey wants everyone to believe he is a Boy Scout would never, ever, do harm to anyone for political gain. I believe the reports that he displays the wiretap order, but I doubt his sincerity when he claims to be determined not to continue what FBI has over its entire existence seen as its main mission: combating domestic "radicals" such as Martin Luther King--- or these days, Black Lives Matter activists.

FBI's widespread abuses were not limited by any means to encouraging Dr. King to commit suicide. Here's another long suspected abuse which has recently been confirmed in detail:

Pete Seeger’s FBI File Reveals How the Folk Legend First Became a Target of the Feds
David Corn
18 Dec 2015

> From the 1940s through the early 1970s, the US government spied on singer-songwriter Pete Seeger because of his political views and associations.

Yes, Pete Seeger, author of "Where have all the flowers gone?", "Turn, turn, turn", "If I had a hammer", and other classics. Founder of the Clearwater movement (which cleaned up the Hudson river). And--in the view of the FBI for more than three decades-- a bad American, a very dangerous citizen, and someone who posed a continuing threat to national security.

> According to documents in Seeger's extensive FBI file—which runs to nearly 1,800 pages (with 90 pages withheld) and was obtained by Mother Jones under the Freedom of Information Act—the bureau's initial interest in Seeger was triggered in 1943 after Seeger, as an Army private, wrote a letter protesting a proposal to deport all Japanese American citizens and residents when World War II ended.

The letter read:

>> Dear Sirs -
>> I felt shocked, outraged, and disgusted to read that the California American Legion voted to 1) deport all Japanese after the war, citizen or not, 2) Bar all Japanese descendants from citizenship!!
>> We, who may have to give our lives in this great struggle—we're fighting precisely to free the world of such Hitlerism, such narrow jingoism.
>> If you deport Japanese, why not Germans, Italians, Rumanians, Hungarians, and Bulgarians?
>> If you bar from citizenship descendants of Japanese, why not descendants of English? After all, we once fought with them too.
>> America is great and strong as she is because we have so far been a haven to all oppressed.
>> I felt sick at heart to read of this matter.
>> Yours truly,
>> Pvt. Peter Seeger

A few years ago, in a White House ceremony, war criminal and US President Obama awarded a medal to a survivor of the US concentration camps, and officially apologized for the incarceration of millions of US citizens during WWII. The very abuse against which Seeger was so eloquently speaking out, as was his right under the Constitution, even in time of war, even as someone drafted into the US military.

It is worth taking a minute to compare Seeger's letter (signed, which is how he got in trouble) with the anonymous hate letter penned by FBI agent William Sullivan (or his boss, J. Edgar Hoover); you can find the full text here:


Now which of these letters is a good example of a letter from a patriotic good American? The letter by Seeger, or the hate letter by Sullivan?

The FBI writes anonymous hate mail, and persecutes citizens who are brave enough to speak out against abuses by the government. Is that government of the People by the People for the People?

I think the answers are obvious.

FBI and NCTC are pushing their CVE programs, which include new inducements to American citizens to denounce their neighbors for acting or saying something deemed "suspicious" or otherwise "objectionable". In particular, FBI is encouraging schoolchildren to denounce their peers.

What could go wrong here?

Here is a recent example:

Friday, Dec 18, 2015 9:15 PM UTC
It’s the “clock kid” all over again: A 12-year-old Sikh boy is the latest victim of racist terrorism paranoia
Paula Young Lee
18 Dec 2015

> Why did the Arlington police hold a twelve-year-old boy with a heart condition for three days without alerting his parents? Why did the school principal call the police in the first place?
> Because his name is Armaan Singh Sarai, his working-class Indian family is Sikh, and a “bully” at his school accused him of having a bomb in his backpack.

Hate-int, indeed.

What could go wrong when FBI misinterprets legal and responsible dissent as a "danger to national security" [sic]?

Corn notes that after the American Legion forwarded Pvt. Seeger's letter:

> Military intelligence officers across the country began probing Seeger and his background. They searched police records in various locales (and found nothing). They discovered that a House committee had come across his name twice while investigating subversives in the pre-war peace movement. They secretly read his mail, including letters from his Japanese American fiancee, Toshi Ohta, who was living in New York City. The investigators were concerned that Ohta was working for the Japanese American Committee for Democracy, which promoted the American war effort but was considered by the military gumshoes to be a Communist-influenced group.
> ...
> As part of the probe prompted by Seeger's protest letter, a military intelligence agent visited the grade school in Litchfield, Connecticut, that Seeger had attended—and found the available records did not cover the period when Seeger had been there. (And, he wrote in a report, "it is doubtful that the information obtained would be of any value.") This agent also went to Seeger's high school in Avon, Connecticut.
> ...
> Another agent went to Harvard University, where Seeger had studied for a year and a half before withdrawing due to financial reasons, and he managed to review Seeger's academic records ("Grades in the first year were fair") and gain access to the membership list of the Harvard Student Union, of which Seeger had been the secretary.
> ...
> An [FBI] agent interviewed [Pete Seeger's] father [Charles Seeger] "under pretext"—meaning the agent cooked up a phony reason for the interview—according to a report he later filed. Charles told the agent that his son had "bummed around" the country, playing the banjo and singing, before being drafted into the Army, and was "very much interested in the common people."
> ...
> Early in the investigation, an officer at Keesler Field interviewed [Pete] Seeger, who noted that he was puzzled that he had not been deployed as an aviation mechanic, given that he had completed his training. Seeger pointed out that he played the five-string banjo well and requested that he be assigned to the Special Services Department, which provided entertainment for the troops.
> ...
> On May Day in 1943, a military intelligence agent in New York City named Harwood Ryan interviewed folk singer Woody Guthrie as part of the Seeger investigation.
> ...
> Ryan ... was suspicious of Guthrie and thought he was being cagey about Seeger's political beliefs. In his report, he noted that in Guthrie's apartment he had spotted a large guitar that bore an inscription: "This machine kills Fascists." Ryan added that he believed "this bears out the belief that the Almanac Players were active singing Communist songs and spreading propaganda."

And there you have it, in one perfect image. During its entire existence, FBI has spent uncounted billions of US tax dollars protecting America--- from Woody Guthrie's terribly dangerous anti-fascist guitar.

90 odd pages of Seeger's FBI file were redacted from the version obtained by Mother Jones using the FOIA. Sources say these concern active investigations of persons one to three hops away from Seeger.

See Tim Weiner's book Enemies for much more on the history of the FBI's war on domestic political dissidents, over the entire course of its unfortunate existence.

November 12, 2015


Would it help if you included in Tor's ToS that "you can't use this software if you're attempting to exploit it" or something to that effect?

November 12, 2015


I don't understand how the faculty, students, and powers that be at CMU aren't outraged and disgusted that this occurred at their university. Attacks on privacy software? Hiding the vulnerabilities? This is the antithesis of what CERT was created for... extremely troubling.

And, for that matter, Anonymous hasn't targeted both CERT and CMU? These folks go after far less nefarious attacks on privacy and civil rights. They have work to do, and it ought to involve the student body so that they grasp what is happening under their school's name.

November 12, 2015


Seems like Institutional Review Boards would be a good way to have recourse for these kinds of things. If the Institutional Review Board makes an error they are liable. Pretty straight-forward. Maybe have a list-of-suggested-guidelines for IRBs.

November 12, 2015


LOVE IT. After all of Nick and Roger's kissing pig arse, they do this. Of course no one here will learn from it.

November 13, 2015


Even with a warrant, the nature of Tor doesn't permit any single person to be identified without compromising the anonymity of other people. The distinction can only be made after the anonymity has been compromised.
The Tor network is quite a touchy area in politics. Criminal activity facilitated by the internet is not exclusive to the Tor Network, but it certainly is highly concentrated. Should the FBI turn a blind eye to all the criminal enterprises hosted on the Tor Network in order to preserve the privacy of a few bystanders?

Those that are innocent and have had their anonymity compromised haven't lost any of their civil liberties. They still have the Freedom Of Expression.
The FBI certainly haven't been squandering this asset in order to catch the small fish either. So while you may be using Tor to negotiate deals in order to do tax evasion, the FBI hasn't shown any interest in targeting these individuals who commit these white collar crimes, or crimes with a less serious nature; on the Tor Network.

Also, is it illegal for the FBI to compromise the anonymity of the users. After all if I operate an Exit Node, even though the traffic is not intended for me, it passes through my computer, and I can see what the content is and the pseudonymous-identity that it was intended for.

About the researchers; they shouldn't be morally obligated to participate in the Tor Project and Donate to them in order to 'atone' for what they have done. In this case; what they did was with good intentions. They saw the opportunity to catch these people who commit crimes of a vile nature, and financially profit from it.

November 13, 2015


No lawyer, so speaking off the top of my head here.
Is there such a thing as a common law maladministration tort in the USA?
If so could the FBI people responsible for the contract fall foul of that?
Thinking about it, if there was a distinction between that part of the university who undertook the research with a wide brief for intercept, and a set of data later handed over to the FBI, then could a maladministration tort be applicable to the joint enterprise as defined within the contractual agreement. If so that would leave both entities liable.
Is it unlawful to report suspected crimes? No.
Should one specifically go looking for crimes within the remit of general academic research? No.
Should academic research into criminal activity within a given sector of society report identified crimes? No.
Has TOR gained from the research? Yes.
Has the FBI gained? Possibly.
Has society gained? Possibly.
Has the University gained? Yes $$$$$$$.
Has academic research gained. No - BECAUSE THIS WILL TAINT ALL FUTURE ACADEMIC RESEARCH by reducing peoples willingness to co-operate in those more sensitive areas.

November 13, 2015


De-anonymizing foreign exiles of despotic regimes could mean a death sentence for these people using tor for free speech. FBI trots out pedo crimes every time they want to take your freedom. I'd love to see a tally of how many pedos and terrorists have been caught by spying vs how many non violent drug offenders have been caught, I wonder which tally is greater? End the drug war, end the spying, onions for all!

> I'd love to see a tally of how many pedos and terrorists have been caught by spying vs how many non violent drug offenders have been caught, I wonder which tally is greater?

This would be quite difficult, precisely because FBI does everything it can to hide such damning statistics, but it would also be an excellent research project for Pro Publica or another such investigative journalism organization.

We should indeed be concerned about FBI, NSA, CIA, DEA, NCTC etc possibly passing information on Uzbek or Syrian exiles back to their home country.

November 13, 2015



This summer, when two researchers at CMU suddenly pulled a talk, they were named as the persons suspected of operating the 116 rogue nodes which joined in January. In the comments, someone (probably an FBI shill) suggested:

> Someone should go to CMU and kill those researchers.

You replied:

> Yeah, uh, please don't do this. We like researchers. That's how we understand privacy and security these days. That's how the papers on http://freehaven.net/anonbib/ come to exist. Many of us are active in the research community.

Indeed, I think I see a consensus emerging that the proper response to discovering that some "researcher" has sold their data to the FBI for one million dollars is to shun them. Don't threaten them with physical harm, but when you see them, distinctly, slowly, and clearly state "You are dead to me", and walk away. Email the departmental mailing list. Write letters to the editor of professional newsletters. Name them and shame them. Advise visitors to refuse to shake their hand in the faculty lounge. Drum the evil-doers out of the academy.

People like that will be happier working directly (and covertly) for the US military or security forces anyway.

arma added (back in August):

> There is a lot of quite reasonable talk these days about "the real criminals", but it sure isn't those two researchers at cert.

I presume you have since updated your opinion of their character?

This summer, several users speculated that these two researchers might have not only recorded PII on real people, but might have passed it (or sold it) to the USG. You commented:

> Well, we don't even know that there is any collected data. I think there's a good chance that the researchers were planning to win fame and admiration at black hat, rather than planning to be an arm of the feds.

Too bad you turned out to be too trusting.

There's a lesson here, captured in the saying "fool me once, shame on you, fool me twice, shame on me".

It is not very pleasant living in a state of paranoia, but we must all recognize the unpleasant reality that our choices are between paranoia and willing victimhood. We are living in a global police state, with all that entails: infiltrators, intimidation, rampant corruption and state-sponsored criminality including burglary, kidnapping, torture, assassination, and the ever-looming threat of outright genocide.

Let's not overlook an important implication of the latest revelation of how far previous norms of civil behavior have been broken down by rogue agencies like FBI: if (one academic unit at) CMU can happily function as a covert "arm of the feds", so can similar units at other universities. So can DARPA. The US State Department. Maybe even NSF.

Many Tor users have for years urged the leadership of the Tor Project to make it a priority to seek to expunge USG funding sources, particularly funding sources allied to DARPA, such as SRI. To the ordinary Tor user, taking money from such sources will always seem weird, even suspicious. Your user base does not want Tor to be funded mostly by the USG, and IMO they are quite right to be suspicious of the motives of such entities.

Please forgive my presumption, but I cannot help but speculate that one possible reason for your refusal to consider to giving DARPA the boot is that you and some of the founders of Tor retain a soft spot for SRI and DARPA for personal reasons. If so, I can understand that people who have for years enjoyed working with particular NRL, SRI or DARPA colleagues might retain a fondness for such agencies, because they like particular people who happen to work there. Nothing wrong with that in principle: its only human to sometimes like some people who live on the other side of the trenches.

But-- assuming there is a kernel of truth in my guess-- you can't let personal ties blind you to the essential malevolence of agencies which enabled phenomena such as "targeted drone strikes", FBI/NCTC targeting of children aged 3-7 for CVE (Countering Violent Extremism) "interventions" (which in the UK already include removing children from homes!), deliberate aerial assaults on fully functioning trauma centers, warrantless suspicionless worldwide dragnet surveillance, militarization on the "home front" (a term which US special forces take much too literally), etc.

November 13, 2015


The FBI took $1 million of your tax bucks and paid a major University to do what? Beta-test the Tor software!! And, the result? The Tor software got even better! As for pedos, they don't need Tor; a trip to their local McDonald's and they can download all the pedo that they want. Any proxy will do, and for many, Tor may simply be too slow for them. The last hidden pedo site had 250,000 registrants, per the FBI who took the site down, and so, the pedos are out there, in mass. And short of complete totalitarianism (and, even with it), they will remain anonymous, unless they are careless (such as clicking on a flash video in spite of the Tor Browser warnings) and/or they dox themselves.

Bank robbers, of course, often use guns, ski masks, and plastic bags to do their nefarious deeds, and yet, those things remain legal for those who want to buy. With Tor and even with out it, there will be people (drug dealers and pedos) who will continue to do evil things.

November 13, 2015


This is damaging to the fabric of a free society. Though I do see how some blame lies with the TOR team, the FBI had no right using an educational institution as an arm of the law. That's right up there with issuing warrants on journalists for source information - plainly put, it affects our ability to access unbaised information and share ours with the world.

Though I'm hopeful it won't happen again, it's only a matter of time before they come up with a new method, or perhaps recycle an old one in a more sophisticated manor.

Only time will tell.

November 13, 2015


My daughter just told me she read the news and that she's leaving her PhD work at CMU for another university because of it. She's some kind of computer designer.

November 14, 2015


While I personally choose not to use of have dealings with those in the illegal drug or sexual slavery industries, I would be remiss if I did not point out that the same elites that overtly rape and pillage the economies of the entire world are also behind the above stated industries according to the documentary, "Let's Make Money." In short, freedom is just a delusion, war is an instrument of these satanic Nazis to help them cull the human herd , according to Satan's Ten Commandments a.k.a. the Georgia Guidestones in Elberton Georgia, U.S.A. There goal is to own the Earth and everything in, on, and under it.

November 14, 2015


Sooo... the feds exploited a security vulnerability in Tor to try catching drug dealers and pedophiles? And... I am supposed to be hugely surprised here? LOL!

November 14, 2015


Tor has been funded in the past by various government agencies, specifically including intelligence, so that US spies could fly under the radar of humanitarian / criminal traffic. If, now, Intelligence wants to de-anonymize Tor when they want to go after drug money, bitcoin, and pedos, to say nothing of "terrorists", then the same exploits they use will be used by others to go after people for political reasons, around the world.

To combat this, turn the focus of an exploit back onto US Intelligence, and out them where they attack Tor, or when they use Tor as rent-seekers.

When intelligence realizes that they MUST ACCEPT Tor, if they want to continue to rely on it for intelligence, then maybe we will see this die down. Spies need Privacy, real privacy, in order to operate, and they cannot have real privacy, if the rest of us stop using Tor, thus leaving every tor connection an obvious spy node.

For every FBI, DEA, or DHS takedown of a Tor site, there needs to be a corresponding outing, especially of obvious criminal behaviour, of spies coloring outside the lines of their jobs, taking them down. This may also be a great way to finally put an end to the DRM war.

Hey FBI, if you want to continue to use Tor, stop DRM prosecution, stop the pump-and-dump of bitcoin, stop the attacks on other Tor users. It is really simple- We Win, or You Lose!

November 14, 2015


[sarcasm] Thank you torproject, for helping terrorists coordinate attacks in secret. [/sarcasm]

Torproject, and all those who support it, are enemy of Republic of France and of its people.

> why didnt the FBI just go to the NSA to decloak Tor?

They have, of course, but NSA tends to balk at anything which might reveal to public scrutiny their illegal SIGINT methods or anything about what they think they know about anyone. NSA fears that if data from NSA spying in used by FBI in a criminal case, "sensitive information" might leak into court. NSA is determined to prevent even the slightest possibility of that happening.

The same fear explains the elaborate "parallel construction" routinely used by DEA to obscure the original source (NSA) of information used to build criminal cases against accused drug smugglers.

November 14, 2015


Former NCTC Director Michael Leiter wasted no time blaming privacy advocates for the Paris attacks. Hours after the events, when an interviewer asked him why expanded dragnet surveillance laws enacted in France after the Charlie Hebdo attack had not prevented Friday's attacks, he offered a one word answer "encryption".

But another "security consultant" offered a contrary view:

Paris and the new normal
The difficulty in monitoring grassroots terrorists activities render many countries fragile to such attacks.
Martin Reardon
14 Nov 2015

> the attackers most likely adhered to two principles that al-Qaeda perfected over the years: keeping their operational and support cells to the minimum number necessary to ensure a reasonable degree of success, and minimising or completely ruling out the use of electronic communications.

November 14, 2015


FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”
Revelation raises more questions than it answers, Carnegie Mellon still silent.
Cyrus Farivar
13 Nov 2015

> "The allegation that we paid [Carnegie Mellon University] $1 million to hack into Tor is inaccurate," an FBI spokeswoman told Ars in a Friday morning phone call.
> it's not clear from the FBI's statement which part is inaccurate: the specific payment amount or its involvement entirely.

Have no reporters asked the two CMU researchers for comment?

November 14, 2015


> an org that has and uses a SCIF tends to be able to get some exceptions to the usual processes

Quite a few SCIFs are shared by various federal and state agencies, and university "researchers" doing classified research (often using funds outside the intelligence budget), who are sometimes "retired" spooks. Some US universities even have CIA agents who work full time on campus in "security think tanks". Sources say that the ever expanding roster of federal agencies with access to NSA databases in SCIFs include several which have no obvious connection to intelligence or law enforcement or tax collection, such as the Department of Agriculture, Department of Education, and Social Security Administration. Even more strange, these agencies also operate their own SWAT teams.

There is a SCIF at Mineta Airport in San Jose which is said to be used by NSA, DHS, and FBI's aerial ELINT units. Confirmation that at least one FBI Cessna has an ELINT (Stingray?) capability (and carry laser target designators) was obtained recently by ACLU:


Ties between the University of Maryland and NSA are longstanding and well known. One might also mention Princeton and (think is awkward) MIT, but the fact is that the the intelligence agencies have a presence on most major universities, especially those located near major internet/software companies or centers of federal infrastructure.

"Retired" spooks are infiltrating not only universities but also political bodies. After leaving government, Michael Leiter worked for Palantir and apparently now works at Leidos, which changed its name from SAIC after the bad publicity resulting from it carelessly losing the employee information of millions of military members and their families, ironically including people working at the NSA/TAO cyberespionage facility in San Antonio. At least one former SAIC analyst is now a member of a key state legislature.

The same people who brought federal employees the OPM breach have also been entrusted with the personal medical records of a hundred million ordinary persons. The former SAIC split off a company which is now responsible for the "network security" (or better say insecurity) of one of the two largest providers of electronic medical records in the cloud, better known to intelligence agencies as "watering hole sites".

November 14, 2015


FBI denies paying to unmask anonymous Tor users, but does fund research by Carnegie Mellon
Andrew Conte
12 Nov 2015

> The FBI does have an academic partnership with Carnegie Mellon University's researchers, the agency acknowledged Friday, but denied a claim it paid them at least $1 million to unmask users of the hidden Internet known as Tor.
> ...
> CMU officials, including one of the key researchers, declined to comment. Alexander Volynkin, the researcher, and his colleague, Michael McCord, last year had planned to make a presentation at the 2014 Black Hat cyber security conference in Las Vegas demonstrating how the anonymity of Tor users could be defeated for $3,000 until university lawyers stopped them.
> ...
> The CMU researchers might have gone too far if they not only found a weakness in the Tor networks but then used it to identify everyone using the hidden Internet, said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, a San Francisco nonprofit that advocates for online privacy. “We're all for security research and discovering vulnerabilities like this,” he said. “But there's a difference between discovering the vulnerability and then abusing it. It seems to us like they crossed an ethical line.”

Wow, "hidden internet known as Tor"... None of these stories manages to clearly distinguish between using the Tor network to browse and using hidden services to connect to hidden servers.

Tor Project should have a page which explains the difference for the benefit of baffled reporters working under deadline pressure.

November 14, 2015


Edward Snowden ‏tweeted on 11 Nov 2015:

> Wow. @CarnegieMellon is America's Shanghai Jiaotong.

I *think* this might be in reference to the notorious attack on Google in late 2010, which according to Google specifically targeted (among many others) Chinese political dissidents living in the US.



> In February 2010, computer experts from the U.S. National Security Agency claimed that the attacks on Google probably originated from two Chinese universities associated with expertise in computer science, Shanghai Jiao Tong University and the Shandong Lanxiang Vocational School, the latter having close links to the Chinese military.

Someone please correct me if you know otherwise!

November 15, 2015


Isnt it be less bad maybe, having a University tampering with traffic cause they could have some common sense about human rights and so discard unneeded data at least? Well its offending against free human comminication anyway so consens may vote cutting tampering subnets from network!

November 15, 2015


It doesn't make sense that a prestigious university like CMU would agree to the inevitable damage to its academic reputation for a measly million. Do we know who accepted the money?

If they found out about it after the fact, that could explain why they've kept silent.

November 15, 2015


OK, I get that FBI are the bad guys here. I don't expect cries of "FBI is naughty" to change anything, and it's a waste of time to complain about it. I just want to know whether their exploit has been thwarted yet.

As I understand it, last summer someone who had access to a copy of the slides for the withdrawn talk informed Tor Project what they revealed about the nature of the vulnerability, and within a few days it was fixed.

November 15, 2015


After the Charlie Hebdo attack in January, the enemies of privacy were quick to blame "encryption we can't break" as the explanation for why the French intelligence services failed to break up the pre-operational planning. Prime Minister Cameron called for a ban on encryption, and the Indian government actually briefly established just such a ban (before wiser heads organized a panicked repeal). The French government also pushed through new massively invasive dragnet surveillance powers and rapidly expanded the roster of domestic intelligence analysts.

Obviously, more and more dragnet surveillance failed to break up the pre-operational planning for the attacks last Friday. That comes as no surprise to those familiar with the reasons why dragnet surveillance and the searching of ever more enormous haystacks for nearly microscopic needles customarily fail to achieve their stated goals. But within hours, the usual suspects, including former CIA director Michael Morrell and former NCTC director Michael Leiter, were claiming that "encryption we can't read" was the cause of the most recent attacks, with Morrell explicitly calling for "a re-examination of the balance between privacy and security". We know what that means: more dragnet surveillance powers, more restrictions on travel and communications and news gathering, fewer options for less-insecure computing.

People like Comey, Morrell, and Leiter would like to see all personal storage devices (hard drives, DVDs, USB pen drives) banned in favor of forcing everyone to store all their data in the cloud, where the USG can get at our private lives. They would like to ban all personal computing devices (desktop PCs, laptops) in favor of forcing everyone to do their computing in the cloud (which means: no anonymity, privacy, or security). But none of this really concerns "national security". It is all about population control. Control of an increasingly restive population by an increasingly isolated, unpopular and illegitimate financial/political elite.

The leaked White House memo on intelligence agencies anti-encryption strategy made it clear that the security police are determined to get their way one way or another, by means legal or not. The memo explicitly stated that an "untoward event" could be exploited to push through hasty laws mandating back doors. Such an event has just been provided by that other notable Enemy of the People, ISIS/L. (IS claims to a government, and is in fact functioning as the government ruling most of Syria, so the People should regard it as an established government, however barbaric, not as an underground terror group.)

These renewed calls to ban "unauthorized encryption" raises the urgent question: if the USG bans Tor, what is our plan? Shouldn't the Project have plans to relocate to a safer base, such as Iceland or Norway, on an emergency basis? Should the French government ban Tails, what is the plan? Tor and Tails might have only months or days to move before a new emergency law comes into effect, so the time to plan is now. People all over the world depend on Tor and Tails, and we need to ensure that these projects will continue regardless of ill-considered actions by the current FR or US governments.

I am optimistically assuming that Tor and Tails will not become illegal in every nation, but perhaps we should start thinking about that possibility too.

Laws banning secure private communication are like laws banning oxygen. At some point, even persons who have been law-abiding citizens all their lives have to recognize that no-one is morally bound to observe a law which would makes their continued existence illegal, even though they cannot be reasonably suspected of capital crimes. Failure to act on this principle was one of the root causes of why the Nazi regime was able to kill so many innocent civilians including young children: too few ordinary Germans mustered the courage to confront the government by refusing to obey a long series of laws which gradually made it impossible for persons of Jewish heritage to legally exist, regardless of whether they were suspected of having committed any crimes. The horrific memory of these events is one reason why modern Germans are so resistant to the current US-created global security-surveillance state.

We must also never forget that most German intellectuals even as late as 1936 refused to believe that the most civilized nation on Earth (Germany) could descend into state-sponsored criminality. When we hear "patriotic" Americans protest that their nation could never commit genocide, we must respond: in the past, it *has* committed genocide (against Native Americans, Filipinos, etc). Only those who recognize that the US enjoys no divine immunity from such enormous state-sponsored crimes can possibly be able to prevent this ever-present potential from being realized. Again.

Technology always threatens to permit every abuse targeting "mere" dozens or thousands of victims to be scaled up to target millions or tens or hundreds of millions. We must all remember that while "targeted drone strikes" might today appear to target "only" people "of military age" living in certain geographic regions, when enough actors possess enough armed drones, and enough "intelligence" infrastructure, very large scale attacks become possible, possibly even tempting to political leaders increasingly desperate to preserve their power and prerogatives. This week, Jihadi John, next week, perhaps, peaceful Black Lives Matter demonstrators. The government of India (the world's largest democracy) is already employing armed drones against mass protests in that nation.

We also need to recall that Los Zetas (the Mexican criminal syndicate) began its existence as an elite Mexican special forces unit. Bearing in mind recent arrests of DEA, DHS-CBP, FBI, and USSS agents on a variety of felony charges, and the rampant illegality of NSA/CIA/SOCCOM burglaries, buggings, kidnappings, torture, and assassinations, we can only conclude that these agencies are operating as state-sponsored criminal gangs, which have perhaps never been truly under the control of the nominal Chief Executive. Might they in future might spin off their own avowedly terroristic splinter groups? Another example from recent US history suggests this is not impossible.

A few years ago, the noted journalist James Bamford (author of three books on NSA) uncovered documents from the early years of the Kennedy administration--- which the Pentagon admits are authentic--- showing that the then Chairman of the Joint Chiefs of Staff, Gen. Lyman Lemnitzer, a political opponent of the Kennedys, was engaged in potentially treasonous activities of the most serious nature. From


> Operation Northwoods was a proposed operation against the Cuban government, that originated within the Department of Defense (DoD) and the Joint Chiefs of Staff (JCS) of the United States government in 1962. The proposals called for the Central Intelligence Agency (CIA) or other US government operatives to commit acts of terrorism against American civilians and military targets, blaming it on the Cuban government, and using it to justify a war against Cuba.

The Wikipedia article continues by saying that the plan was rejected by Kennedy, but Bamford says (and I think the available evidence supports this) that Lymnitzer's plan called for the US military to create provocations, without anyone ever telling President Kennedy that the US military was actually responsible for the supposed "terrorist attacks". These attacks would have included the downing of a civilian airliner. (In one version of the Northwoods plan, the downing would have been an elaborate hoax involving two identical aircraft to be switched mid-flight, so that one with zero to few people could be shot down while the other, with the supposed civilian victims, would land safely in a secret military airfield.) If this sounds like a Hollywood action film script, well, reality of often much stranger--- and always far more dangerous--- than fiction.

That was in 1962. I believe it would be dangerously naive to assume that, in 2015, there cannot be contemporaneous Lemnitzers running amok inside the highest levels of the USG.

Similar remarks apply to the French government, which has in its recent history hardly been immune from imperial abuses.

I believe that the Tor Project and Tails Project must be prepared to protect the millions of people around the world who depend upon Tor and Tails, by being ready to relocate or even going underground. What other alternative do we have, if the US or French governments declare "unauthorized" encryption to be illegal? Snowden said it best: "I cannot live in a surveillance state".

November 15, 2015


If IS (Islamic State in Iraq, Syria, Lebanon) wanted to ensure that the alarm call sounded by arma would be drowned out by a new outrage, the 13 November attacks in Paris could not have been better timed.

In the wake of the attacks, the enemies of privacy wasted no time in blaming:

o Tor
o Snowden
o amnesia in general
o encryption in general
o "encrypted apps" in particular

Paris attacks show U.S. surveillance of Islamic State may be ‘going dark’
Officials contend Snowden disclosures, use of sophisticated encryption and messaging apps are making terrorists harder to track
Michael Isikoff and Daniel Klaidman
14 Nov 2015

> Over the past year, current and former intelligence officials tell Yahoo News, IS terror suspects have moved to increasingly sophisticated methods of encrypted communications, using new software such as Tor, that intelligence agencies are having difficulty penetrating — a switch that some officials say was accelerated by the disclosures of former NSA contractor Edward Snowden.

(New? At least the reporters didn't call it TOR. Note that the anonymous officials did not quite say that IS is using Tor.)

How encrypted apps help terrorists stay below the radar
Apparent lack of chatter before Paris attacks may indicate a dangerous change in the way extremist groups are communicating with each other
14 Nov 2015

People such as former CIA Deputy Director Michael Morrell, former NCTC Director Michael Leiter, former FBI Deputy Director Timothy Murphy, NYPD Commissioner Bill Bratton, and NYPD Counter-terrorism chief John Miller all specifically cited "encrypted apps" to explain how IS was able to carry out the attacks without being detected in advance. Several of these current and former officials implied that because the attacks were coordinated, the attackers must [sic] have been using "encrypted apps". But none of the "journalists" quoting sometimes anonymous "intelligence officials" making these claims asked their sources whether they knew of any hard evidence to support them.

Indeed, the questionable assertion that the attackers were exchanging encrypted communications appears to contradict something NCTC Director Matthew Olsen said the day before the attacks, that NSA has overheard (repeat, overheard) IS members discussing cryptography, and that some IS members have "stopped using communications at all". Olsen also cited "encryption", but his remarks appear to call into question some elements of James Comey's rantings about the internet supposedly "going dark". Indeed, the rumored "lack of chatter" before the recent attacks seem to be more consistent with no communication than encrypted communication. Furthermore, some of the unsubstantiated anecdotes Olsen cited appear to refer to alleged events which occurred months or years previously.

Director Olsen also warned that IS members are "reading the newspapers and seeing what we can do”. Well, duh. Unfortunately, the lesson some politicians are likely to draw from this is that because IS members can read the news, governments should prevent any "unauthorized" reading of the news.

It is a truism that "the first enemy of war is truth". We must act quickly to counter the lies which are being spread by the servants of authoritarianism in our society. The tech community must respond robustly to those who would whistleblowers, privacy advocates, and the Tor Project for events such as the 13 Nov attacks.

November 16, 2015


There is good and bad in every environment. So is it rational thought to place blame on the environment or is the corrupt and nefarious that dwell it. Always remember there are no rules to be followed until the game falls under scrutiny.

November 16, 2015


University of Michigan school of engineering has been found to be engaged in suspicious activity that could be used to probing for a running proxy such as Tor.

November 17, 2015


criminals exist with TOR or without so here its not TOR the problem for sure ... but the FBI have to respect the privacy of innocent people but of course they do what they want .

November 17, 2015


I am a free and secular and atheist bloger from iran.
I am using tor every day for anonimity.
more thanks for tor project developers
but I am sorry.
because I live in a religious totalitarism country(Iran)
and I can not donate or pay money for tor.
Iran is a big prison.
vivia freedom
viva freedom
viva tor project
we are on your side.
more thanks.

November 17, 2015


So continuing with this logic, now university students can be used to listen to wiretaps en masse in the hopes of uncovering something illegal.

November 19, 2015


CMU is claiming they helped FBI per subpoena and were not paid anything for this

The important thing is that TOR is less vulnerable as a result of all this, its just too bad that CMU couldnt disclose this to the project before announcing to the FBI

November 19, 2015


Petition CMU to release details of it's findings. Appeal to insiders, whistleblowers, etc etc

> Is Tor safe no more?

Tor, if used wisely, has never been stronger!

The Internet is a very dangerous place, yet everyone needs to use it to survive. Tor is the best tool currently available to protect ordinary people against some of the worst dangers.

Think of the Internet like Oxygen. We need it to live, but Oxygen is rather dangerous (explosive, fire hazard). As more and more people adopt Tor, it can function like the Nitrogen which helps keep the atmosphere from exploding every time some idiot strikes a match.

November 22, 2015


Sounds like someone used a nice payday as an excuse to dispose of their own morals...que pena! Oldest story in the book: if you can't figure out your own dirty-work, pay someone else a handsome sum to make them forget their own moral compass and do your dirty-work for you!

What's really f***ed up is that this is *law enforcement* that did this, not criminals (or are they really? It begs the question, doesn't it? Is the FBI really just nothing more than a gang of criminals, or not?). Ethics were just thrown right out the window!

November 22, 2015


Oh wow. Look the government breaking the laws to "protect us". When they get bored of their main goal to kill brown people overseas with laser guided bombs and advanced scoped rifles this is what they do.

> Oh wow. Look the government breaking the laws to "protect us". When they get bored of their main goal to kill brown people overseas with laser guided bombs and advanced scoped rifles this is what they do.

Brother, the USG is also killing brown-skinned people in the US just as fast the their semi-automatic police pistols will shoot. That's what the Black Lives Matter movement is all about.

Totally agree that the signature drone strikes and US military's habit of actively targeting fully functionally trauma centers (at least three MSF hospitals so far have been targeted) is a war crime and the people who order such strikes must be brought to justice in the ICC.

I too wish more Americans were doing more to try to persuade their government to stop carrying out war crimes. But that said, some of the most eloquent voices speaking out against war crimes being committed by the USG have been Americans such as Glenn Greenwald and Chris Hedges, so at least *some* Americans understand that they are ruled by a criminal regime.

November 23, 2015


Tor network needs a better encryption for example a 8000 bytes key using Aes or RC4 on the entry + exit node

November 24, 2015


CMU might not have been the first university with an internationally known and respected computer science studies program that certain agencies have approached for assistance. CMU happened to be the one discovered doing the assisting. Maybe CMU was being trolled for possible future agency computer analysts. Give them a problem and see what solutions they find. "You did great!" "Come work with us!"

November 24, 2015


@ arma, ailanthus:

You made major statements just before the Friday 13 attacks then fell silent, which worries me.

Is the Tor Project being threatened by US federal agencies? Censored by its USG "letterman" sponsors? Does your "no backdoors" pledge still hold? Is Tor Project aware of any vulnerabilities which USG/HMG wont allow your devs to fix?

November 24, 2015


> Maybe CMU was being trolled for possible future agency computer analysts. Give them a problem and see what solutions they find. "You did great!" "Come work with us!"

CIA agents are openly stationed in "think tanks" in key US university campuses. DARPA and NSA fund a startling proportion of math/CS research in these same universities. These facts are not secret, but few students seem to be aware of the situation. I urge Tor Project to try to help privacy advocates organize boycotts of these agencies and funding sources on US campuses.

This proposal is fully consistent with Tor Project urging universities to construct IRBs for CS research on the data of real people such as Facebook users and (more ominously given the potentially life-or-death stakes) Tor users.

November 25, 2015


Is the Human Species experiment a dismal failure? Will we destroy each other with our self serving behavior? Must we change our ways to prevent the extinction of the Species? Look into a mirror (deep into your own eyes), and ask yourself these questions.

November 25, 2015


The sooner you learn that SECRETS are govt number 1 priority,the sooner you will accept that LAW does NOT apply to the lawmakers/enforcers .No, its not fair.US govt does not need to pay universities but they will...Why?Cause they are 50yrs ahead of main stream.These relationship tentacles are to make sure any new TECH RE-INVENTED is shut down and to constantly test new talent. Measure THE EXTENT OF SPYING, US spies on UK,Shares the info with UK. UK spies on US gives the info to US. No law is broken.Govt fears that of which it does not know..It will be a constant battle and Tor will lose every fight.The above poster is 100% right.

November 26, 2015


I comment here fairly often. It seems like my comments often don't appear, but all sorts of crazy things do. Is what I have to say really of lower quality?

November 27, 2015


To recapitulate: the attack by the CMU "researchers" on live Tor traffic of real people apparently ran from Jan 2014 to July 2014.

The researchers submitted an abstract to Black Hat in Feb 2014 but this was apparently not immediately published. Later that spring Tor Project apparently heard about the attack and asked the researchers for details, but got nothing back. Then Tor people discovered that the CMU attack was still ongoing, so on 4 Jul 2014, arma posted an advisory about the "relay early" attack:

Tor security advisory: "relay early" traffic confirmation attack
30 Jul 2014

The next day (apparently), the abstract was finally published and it was rather boastful:

You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget
Alexander Volynkin & Michael McCord

> The Tor network has been providing a reasonable degree of anonymity to individuals and organizations worldwide. It has also been used for distribution of child pornography, illegal drugs, and malware. Anyone with minimal skills and resources can participate on the Tor network. Anyone can become a part of the network. As a participant of the Tor network, you can choose to use it to communicate anonymously or contribute your resources for others to use. There is very little to limit your actions on the Tor network. There is nothing that prevents you from using your resources to de-anonymize the network's users instead by exploiting fundamental flaws in Tor design and implementation. And you don't need the NSA budget to do so. Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild...
> In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity. In our analysis, we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months. The total investment cost? Just under $3,000. During this talk, we will quickly cover the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places. The presentation will conclude with lessons learned and our thoughts on the future of security of distributed anonymity networks.

On 21 Jul 2015, Black Hat announced the cancellation of the talk, without explanation. Smart reporters were quick to notice the possible implications:

Carnegie Mellon Kills Black Hat Talk About Identifying Tor Users -- Perhaps Because It Broke Wiretapping Laws
Mike Masnick
21 Jul 2014

Active attack on Tor network tried to decloak users for five months
Attack targeted "Tor hidden services" used to protect IDs of website operators.
Dan Goodin
30 Jul 2014

On 30 Jul, the vulnerability believed to have been exploited by the CMU attackers was fixed by the Tor Project.

In Jan 2015, increased aerial surveillance and operational "Stingrays" were observed, consistent with a major urban operation by one or more US agencies. Soon thereafter, one or more people were apparently arrested using information "developed" by FBI from the CMU data of unmasked IPs. The arrests were trumpeted by FBI as a major takedown of the "darknet" and were widely covered by the US and international media.

A week later the first hints of the connection between the CMU attack and the court cases emerged:

Did feds mount a sustained attack on Tor to decloak crime suspects?
Court doc suggests investigators spent six months last year exploiting anonymity bug.
Dan Goodin
21 Jan 2015

Then earlier this month, Vice Motherboard published court documents revealing that a "university" had provided FBI with key information used to develop evidence against one or more suspects. These revelations and arma's post accusing CMU of taking a payoff were widely covered over the next two days:

Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users
Andy Greenberg
11 Nov 2015

Did Carnegie Mellon Attack Tor for the FBI?
Bruce Schneier
Nov 2015

The Tor project alleged that the FBI paid Carnegie Mellon University researchers to attack Tor hidden services last year.
Robert Abel
12 Nov 2015

Report Claims FBI Paid Carnegie Mellon University $1M to Attack Tor
Jamie Condliffe
12 Nov 2015

Academics 'Livid,' 'Concerned' Over Allegations that CMU Helped FBI Attack Tor
Joseph Cox
12 Nov 2015

Carnegie Mellon may have ratted out Tor users to the FBI
Steve Dent
12 Nov 2015

FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”
Revelation raises more questions than it answers, Carnegie Mellon still silent.
Cyrus Farivar
13 Nov 2015

Then the Friday 13th attacks in Paris happened, and the story hasn't been heard from since.

The Project needs to change that. Right now the last word in these articles is from FBI denying that they "paid CMU". Some reporters say FBI told them, additionally, that CMU had been hit with a "subpoena". (Accompanied by a gag order? Why did CMU not fight it?)

It is known that USG agencies fund the CERT with which the two researchers apparently have dual affiliation. FBI appears to be leveraging the complicated and confusing nature of public/private/university partnerships to confuse the issue of who paid how much to whom, and for what purpose. Pressure should be brought to bear on CMU to be much more forthcoming about exactly what happened.

The nicest possible version which may be consistent with the known facts seems to be this: the two researchers did some very dangerous and possibly illegal "research" targeting millions of Tor users around the world, and when FBI learned about their alleged "achievement"*, they rushed to slap CMU with a secret "subpoena"--- or possibly an NSL letter, which comes with a gag order and is generally written by a supervisory FBI agent, not by a judge. If it was an NSL letter, CMU lawyers might well have concluded that if the researchers gave their talk they could be charged with violating the gag order. If the FBI's aim in misuing an NSL was to prevent Tor Project from quickly fixing the vulnerability, they only gained about a weeks "grace period" (since the bug was fixed a week after the talk was cancelled).

Because of the vexed nature of who owns/operates the CERT, and what facilities and affiliations the researchers used when performing the attack, the hypothesis sketched above is not incompatible with the claim that in some sense FBI paid CMU more than one million dollars for "research". Slapping the "researchers" with an NSL may have just been a way to hush up the mysterious payments. That someone or something was paid a huge amount for some "research" or data seems clear, and FBI certainly seems to be in no hurry to clarify exactly what happened.

(* Just how many users the CMU researchers really unmasked, and whether they really unmasked web surfers as well as visitors to hidden service websites, remains mysterious, but until further evidence is provided, it seems wise to assume the percentage was far smaller than "all Tor users".)

November 30, 2015


> So the take away aside from all the CMU fiasco is that it would be wiser to visit non-onion sites?

My gosh no, not at all. The take away is that the world needs *more* hidden services, and as the project continues to make it easier to set up hidden service sites, we all need to use them in novel and creative ways!

For example, members of groups allied to

o Occupy movement
o Black Lives Matter movement
o anti-fracking and anti-coal movements
o anti-trade-treaty activism
o socialist alternative movement
o human rights issues
o animal rights issues
o anti-corruption activism (for example, in Kenya or Nigeria)
o union activism (for example, on US college campuses)

are intensely spied on by various OSI-as-a-service companies as well as by a hundred or so US federal, state and local intelligence agencies (including OSI analysts working in Fusion Centers), and legions of similar agencies hailing from places as diverse as the Czech Republic and Nigeria. (These days, an activist in New York can very easily come under surveillance or even attack from someone working for the current Syrian government.) It can increase the effectiveness of such groups if they have safer places to discuss ideas, by allowing them to in effect give advance notice to local spooks and cops of planned sit-ins (for example), without divulging their internal discussions of ideas and plans for mobilizing the public.

I hear that some people involved in the grass-roots effort to bring to justice at the ICC the US leaders who order "signature drone strikes", the Syrian leaders who order artillery barrages, gas attacks, and the dropping of "barrel bombs", CIA "dirty wars" assassins, etc, etc, are using hidden services to share information and coordinate their research.

I could go on:

o civilian cryptography researchers
o climate scientists
o engineers working for telecoms
o etc.

The beneficial uses of hidden services are limited only by your imagination.

Hidden services are for everyone. That comes with a cost, but the benefits for The People very obviously far outweigh the costs.

None of us could possibly be happy with everything someone else might use a hidden service for. For example, they are ideal for oil/mineral resource exploitation explorers who need to stay in touch with colleagues in a secure fashion, just as human rights workers traveling in dangerous locations need safe ways to exchange information and ideas.

But consider this: in the early days of the automobile, there were quite serious calls from police chiefs to forbid cars on the grounds that some early adopters were using cars as getaway vehicles from bank robberies. It might have been better for the climate if they had gotten their way, but imagine how different the world would be in other ways if those misguided officials had managed to outlaw the Model T.

November 30, 2015


Hidden services could offer a more secure way to anonymously report bugs without immediately revealing to the ever-listening spooks working for often mutually hostile governments around the world the unpatched security vulnerabilities of your personal LAN.

We know from the Snowden leaks that NSA exploits such information to attack people like you and me, and no doubt other spooks are actively doing the same thing.

Its all of them against all of us.

December 01, 2015


Julia Angwin's book Dragnet Nation (Henry Holt, 2014) opens with a terrific example of the kind of bulletin board which should be

o nonprofit

o hosted as a hidden service to protect the anonymity of posters

She describes the experience of two posters at PatientLikeMe.com, and her account (and the entire book) are well worth reading.

The book focuses on the dangers posed to us all by corporate databases full of dangerous and detailed personal information, and it's important not to forget that misuse of such information by private interests can be almost as devastating, in some cases, as misuse of Big Data trawls by governments.

Some related applications for which VOIP plus HS would be perfect:

o anonymous suicide hotlines

o anonymous mental health or substance abuse counseling lines

Currently such services are typically

o tied in to local emergency response services

o completely unencrypted, inviting routine monitoring by LEAs

Bulletin boards set up by activist groups, law firms, medical practices, etc, should also be hosted as HS.

Many governments sponsor organizations which offer information to people possibly suffering from sensitive medical conditions or substance abuse issues. Their websites should instruct visitors how to obtain Tor in order to visit their HS, so that it will be difficult for government agencies to track which persons think they or a family member may have a particular STD or drug abuse problem. Because people should have a chance to address such issues themselves, before the government starts intruding into their lives.

December 01, 2015


One possible application for which HS+TM would be perfect is highly ironical: if entities like DHS were really serious about preserving anonymity in its "See Something, Say Something" tip lines, they would provide these as TM accessible hidden services. Needless to say, the only good thing which civil libertarians have to say about this kind of application is that they seem to waste a lot of the FBI's time.

December 01, 2015


I would love to see more activist groups such as climate-change activists adopt TM and use HS to set up bulletin boards which might be more resistant to OSI surveillance (and more secure against intrusions into insecure software such as VB) than current boards.

The French activists currently under house arrest by the French "authorities" might use their confinement (hopefully temporary) to learn how to do this.

Technology is politically neutral. HS boards would also seem to be ideal for disreputable political intelligence activities such as this:

The Koch intelligence agency
As the billionaires’ network works to reshape U.S. politics, it keeps a close eye on the left.
Kenneth P. Vogel

> The political network helmed by Charles and David Koch has quietly built a secretive operation that conducts surveillance and intelligence gathering on its liberal opponents, viewing it as a key strategic tool in its efforts to reshape American public life.

Take home lesson: the far right is already using technology to spy on "leftists", so leftists would be wise to adopt technology which can counter the efforts of people like the Koch brothers.

December 01, 2015


Who could benefit from Tor Browser, Tor Messenger, and Hidden Services? Whistleblowers like Gerry Gallacher:

Snooping Scottish plod to be taken to tribunal by spied-on detective
Talking about a bungled murder inquiry? You'll be targeted under terror powers
Alexander J Martin
30 Nov 2015

> A former detective for Police Scotland who raised concerns regarding a bungled murder inquiry, and was subsequently targeted by anti-terrorism powers, has stated he will follow his complaint through to the Investigatory Powers Tribunal.
> According to the Scottish Sunday Mail, which had pursued the initial story, Gerry Gallacher was among those targeted under RIPA without the force having attempted to obtain a judicial warrant.
> ...
> Gallacher had raised concerns about the investigation of a murdered woman, Emma Caldwell. The Sunday Mail had reported that Police Scotland had ignored a significant suspect in the inquiry, instead wrongly focusing their two-year investigation on Turkish suspects. Charges against those suspects were eventually dropped, and nobody has yet been brought to justice for the murder.

So why are the producers of "real-crime" tell-all shows not championing TM and HS?

December 01, 2015


UN agencies whose activities might not always be favorably viewed by host governments should consider using text messages sent by TM and perhaps also bulletin boards hosted as HS (so they can check their recollection of data while traveling in a dangerous location).

Many human rights investigators already use Tor for such purposes.

For much the same reason, FBI investigators working on a terrorism investigation in a county such as Kenya would be wise to use TM and other strongly end-to-end encrypted anonymity-preserving tools.

December 01, 2015


Internal bulletin boards set up by law firms would also be suitable candidates for being set up as HS in order to make it harder for adversaries to track who lawyers are talking to.

It is known from several independent leaks over the past few years that both GCHQ and FBI do specifically target at least some law firms.

Doctors and nurses frustrated by hard-to-use systems set up by hospitals and clinics for sharing the personal medical information of patients with other medical providers often bypass them by emailing or texting unencrypted messages. This practice horrifies both privacy advocates and hospital administrators who are cognizant of the enormous potential cost (often in the tens of millions USD) of breaches of medical information. While there are legitimate reasons to worry about people sharing sensitive information evading the system their employers have told them to use, if they really feel they have to do this, there is a case to be made that TM+HS would be a much better modality. Especially once TM can send files such as medical imagery and other diagnostic results.

Further, conversations between private citizens and

o their doctor
o their lawyer
o their spouse
o their political representatives

should always be properly encrypted end to end and difficult to track by potential adversaries (and these days, no person is too innocent, no target is too small to receive attention from one or more intelligence agencies), and tunneling these through HS might help.

As an example, some concerned citizens in the US and UK may try to communicate to their political representatives their concerns about the very real potential for accidental (or malicious) partial or complete detonation of the W-88 warheads carried in the Trident II missiles on board the ballistic missile submarines based in Scotland and the US. There is good reason to think that NSA and GCHQ try very hard to monitor such communications. FBI in particular appears to assume that everyone trying to "lobby" a legislature on any issue connected with nuclear weapons must be a "foreign agent" acting on behalf of Israel or some other nation with skin in the game. See for example:

Spookception: US spied on Israel spying on US-Iran nuke talks
25 Mar 2015
John Leyden

> Israel spied on the recent US-Iran nuclear talks, alleges America. And the US knows enough about it to say it publicly because the NSA is spying on Israel, along with everyone else. The Wall Street Journal reports that Israel handed over confidential information from the negotiations to friendly members of the US Congress in a bid to derail any deal.

I acknowledge that FBI has a legitimate need to investigate possible public corruption by judges or legislators, or--- if they have probable cause and obtain a freaking search warrant from a judge--- suspected unregistered agents of foreign powers, but they certainly shouldn't routinely monitor communications between anti-nuclear activists and their legislators.

In the absence of meaningful restraints upon such warrantless full-content collection of communications between private citizens and their political representatives, there is a case to be made that legislators should also offer end-to-end encrypted communications tunneled through HS.

Concerns about warrantless surveillance extend far beyond "national security" issues to such controversies as citizens demanding municipal broadband, or organizing employees of Walmart:

Walmart spied on workers' Tweets, blogs before protests
Defence contractor Lockheed Martin provided intelligence services before Black Friday
30 Nov 2015

> Walmart has recruited aerospace, defence and security concern Lockheed Martin to comb open source intelligence in the lead up to Black Friday union protests, Bloomberg reports. The super-colossal retailer has a difficult history with unions and engaged the defence contractor to keep tabs on its employees in the run up to the national fire sale.

One recalls also the apparent involvement of the US Chamber of Commerce in a campaign to discredit Wikileaks and reporter Glenn Greenwald, which apparently enlisted the services of HB Gary Federal, a now defunct subsidiary of HB Gary, a (previously reputable) cybersecurity contractor:


Aaron Barr would have been wise to use TM and HS rather than a poorly protected unencrypted email server to make it harder for cyberactivists to target his now defunct company.

(Spell check humor: a software tool helpfully inquires whether by "HBGary" one means "Buggery". Well yes, in a way one does.)

We can't prevent the bad guys from misusing Tor. But we can and must not let this possibility, or government intimidation, prevent us from helping the Project to make Tor, TB, TM, and HS software freely available, and from using these powerful tools for good purposes.

Power to the People!

December 01, 2015


> If you *really* want to be safe from The State online, don't go online.

Says the Thought Police.

The governments, the corporations, the point oh oh something per cent are afraid of the People. Terribly afraid. They desperately want the general population to be intimidate, cowed, afraid to take risks to speak out, to organize, to resist.

The proposition that citizens have no remaining avenues of effective resistance is simply not true. But even if it were, consider how contemporary writers treat people living as slaves in pre-Civil-War America. Do we honor the memory of the compliant slaves who bowed their heads in obedience to the shackle and the whip? Or do we honor those slaves who took every opportunity to make the slave-holding economy less sustainable, who engaged in "unauthorized recreation", who visited in secret relatives at neighboring plantations, who attempted to escape at the very real risk of summary extralegal execution?

Rough Crossings,
Simon Schama
Harper-Collins, 2006

Rhys Isaac,
Landon Carter's Uneasy Kingdom,
Oxford U Press, 2004

Consider how we remember the people slaughtered in the Holocaust. Do we admire most the ones who allowed themselves to become so terrorized that they never uttered a murmur of protest as they were herded into the gas chambers? Or the few youthful rebels who organized "hopeless" physical resistance to their genocidal captors?

Do we kindly remember those German citizens who failed to speak out against Hitler, in the early years when he could have been stopped? Or do we honor the memory of Rosa Luxemburg?


Many people who have listened to the rantings of a number of current candidates for President of the USA are seriously concerned by their unapologetic embrace of fascistic notions. Those of us who have attempted to warn for years that America could very possibly become a fascist nation, if moderates do not join us in sounding the alarm, take no comfort in our "paranoid" fears being vindicated. Because we have also warned for years that America too can commit genocide.

And we know this is true for the worst of reasons. We know it is true because Americans have committed past genocides. Against the native Americans, and then again against the Filipinos (the conflict which gave birth to the torture technique now called waterboarding). And then again, in Vietnam. Some of us suspect that the drone strikes are coming close to constituting a new genocide. And we take note when the USG time and again pointedly declines to rule out drone strikes against American citizens *inside the US*.

If you are an American, you should be very worried about the path down which your country is hurtling, because the destination is totalitarian genocide.

Did the FBI Pay a University to Attack Tor Users?

if you are writing and reading the others with good faith and sincerely ; you should better make a donations than to pray at the top of the blue mountain waiting the end of the star wars ( us go home ).

December 01, 2015


> but I am sorry. because I live in a religious totalitarism country(Iran) and I can not donate or pay money for tor...we are on your side.

Understood. Even if you can't send money, saying that you are with us helps more than you might think.

Increasingly, the US, UK, and EU appear to be moving toward the status of prison-states where journalists are imprisoned for doing journalism, where citizens cannot speak out against governmental policies or try to expose corruption.

For many decades, the US was a place to which you could try to escape, if you had the misfortune to be living in the USSR while Jewish. Now it is a place which rejects you, if you have the misfortune to be living in Syria, full stop. Or even a nation which (come 2016) may try to kick you out, should you have the misfortune to be living in the US while Muslim.

It's terribly sad, but it's always possible that a grass-roots popular movement might even yet reverse these trends.

December 01, 2015


> Tor should not have written flawed software. Not cool, Tor.

Don't be absurd. The devs try to discover and fix flaws before each release (what did you think those testing release announcements are for, anyway?), but inevitably some get through. Sometimes dangerous flaws get through. But when the Project learns of them, they fix them, and a lot faster than any company would.

And the security situation appears to be rapidly improving. Tor doesn't exist in a vacuum. TB builds on Iceweasel, the Debian version of Mozilla's Firefox. TM builds on other open source software. Tails is a security-hardened amnesiac version of Debian. And after years of neglect (in the opinion of some loyal Debian users), Debian Project has seen the light and is developing important projects like reproducible builds. Thanks to Snowden, the entire software community is working towards more rigorous security audits of critical security/anonymity software. Assuming the FBI does not succeed in making research illegal, in making encryption illegal, in making cybersecurity itself illegal, things will get better for us all.

December 02, 2015


Everyone who has followed this story will want to read this:

The attack that broke the Dark Web—and how Tor plans to fix it
Kashmir Hill
30 Nov 2015

See also

Tor Devs Say They've Learned Lessons From Carnegie Mellon Attack, But Worries Remain That They're Outgunned And Outmanned
Karl Bode
1 Dec 2015

These stories are good references to cite when GCHQ shills post claims that "Tor is broken" [sic] or "Tor cannot be trusted" [sic].

Yes, even one mistake can be devastating, but clearly Tor Project has learned many valuable lessons from this one incident. And it still seems possible that FBI actually got much less abusable information for their million dollars than we fear.

Thanks for all your hard work continuing to debug and improve Tor, TB, TM, your advisory role for ACLU, EFF, etc., your advocacy of projects like Reproducible Builds, etc!

December 04, 2015


Who might want to set up an anonymous blog using hidden services (HS)?

Many publicity-aware celebrities maintain some kind of carefully controlled media presence, in which every attributable post is pre-vetted by a publicist. But sometimes they are thoughtful people who might want to express a political or social viewpoint which is not easily tied to their real life identity. A HS blog would be ideal for such activity.

Chinese government officials cannot safely criticize official policies, but it would be a mistake to assume that no Chinese government official has a thoughtful view on any subject which differs in some respect from official government policy.

For example, the Chinese government officially acknowledges that during the next decade, advances in AI and robotics will lead to massive job losses, as society transitions from the adult default being "employed" to the default being "unemployable". (The USG and most EU governments refuse to even discuss this issue.) But the official Chinese position is that it is not the role of the government to address this transition. Rather, they insist that the People must figure out a solution. I suspect that some Chinese government officials who have thought hard about this issue would like to (anonymously, safely) publish a contrary viewpoint. Others might have something thoughtful to say about the possible dangers lurking in the government's plan to adopt "citizenship scores" by 2020.

And some Chinese government officials might want to publish family-oriented non-political blog posts not easily tied to their real identities, in which they simply gush over how amazingly cute their grandkids are when they read aloud their Berestain Bears books.

There are so many reasons why all kinds of people might want to use HS for reasons which almost never have anything remotely resembling "criminal intent" or "terrorism-enabling".

Tough decisions await China's pollution battle
Some coal-fired power stations face closure as country slowly begins to wean itself off its addiction to fossil fuels.
Adrian Brown
12 Dec 2015

> [China] is a heavy polluter but is also probably spending more on efforts to combat pollution than any other country... Beijing authorities were forced to issue their first red alert due to the smog levels earlier this month... For much of the past two weeks, the city has been blanketed by a poisonous pall that has closed schools and disrupted life for the millions that live there. But China's government has been unusually open about the problem and has been encouraging public awareness.

I sense another opportunity here for Tor to post an explainer for Chinese government officials who might want to anonymously speak their mind on an issue which is, perhaps, adversely affecting the health of their own family.

So how do you set up an anonymous blog as a HS if you are a non-computer-expert living in China?

December 04, 2015


The CMU attack has focused attention on the critical role played by entry nodes in ensuring the user's anonymity.

@ tor devs:

Does current Tor provide good protection against mandatory root certificates installed to enable dragnet style state-sponsored MITM/DPI?

Is Kazakhstan about to man-in-the-middle diddle all of its internet traffic with dodgy root certs?
Come on, guys. Don't go giving the Russians any ideas
Shaun Nichols
3 Dec 2015

> Kazakhstan may be about to intercept and decrypt its citizens' internet traffic – by ordering them to install rogue security certificates.
> On Monday, the nation's dominant telco Kazakhtelecom JSC said it and other operators are "obliged" by law to crack open people's HTTPS connections, and that this surveillance will begin from January 1.
> This spying will be made possible by insisting everyone installs a "national security certificate" on their computers and mobile gadgets – most likely a root CA certificate just like the ones found in Lenovo's Superfish and Dell's Superfish 2.0 scandals.

A notable point here is that superfish began as a corporate-sponsored MITM to enable dragnet style adware campaigns, which is being adopted by at least some governments as a key element of technologically-enabled population-control schemes.

Regarding the critical role of entry nodes, be sure you've read
because it's exactly the same topic.

Tor does not have any silver bullets for policy-mandated insecurity. If they ("they") tell you that you must install some spyware, or else, then we don't have a magic fix for that. I think that means it's wisest to solve the problem before it gets to that point. Hopefully they will recognize that mandating the spyware also involves mandating certain OSes, configurations, etc, and that's crazy-talk at a national scale.

December 10, 2015

In reply to arma


Following your comment below about the SSL certs, if core Tor uses its own PKI, wouldn't that be totally incompatible with mandatory MITM certificates? Even if the cert itself was compatible, it would be nontrivial for a regular user to insert it into Tor, not to mention pointless to even use Tor at that point.

Without knowing the details, I'm assuming the ISP would block any connection that's not HTTP, or HTTPS with the MITM cert. Even so, it might still be possible to tunnel Tor inside of a MITM SSL connection, for example via a pluggable transport. The old but good talk "How Governments Have Tried to Block Tor" is probably relevant.

December 06, 2015


> The Tor community might be up in arms about this but there are also victims every day getting doxed, getting their sexual abuse shared, getting their money stolen, and this sort of thing [dragnet surveillance? state-sponsored cyberintrusions, bugs and burglaries?] is sometimes the only way to get justice for the victims.

Assuming I correctly understood what you were trying to say, I think you have entirely missed the point.

Doxing, breaches of medical information, cybertheft are all enabled by the poor cybersecurity (in particular, poor encryption) which was for decades actively fostered by NSA in order to ensure that they could spy on everyone's private lives. While the cybersecurity mess we all face is not *entirely* NSA's fault, all the experts appear to agree that there is no organization more to blame. Even former NSA officials who remain generally supportive of dragnet surveillance appear to now acknowledge this.

Something else for you to think about: if I see a man standing outside my living room window peering in at my family, sneering as he records us peacefully living our private lives using his video camera, would I not ask him to move along? If he doesn't respond, would I not draw the blinds? Or call the cops? And if he is wearing a government uniform, would I not be justified in asking him what the heck he thinks he is doing? And if he refuses to explain his actions, if he does not present a valid search warrant, would I not be justified in drawing the blinds, even though the mysterious snoop is wearing a government uniform?

Spying on people is immoral. A government which spies on all of the People all of the time "for the duration" of an endless and unwinnable war on Who Knows Whom doesn't sound like government for the People, does it?

These thoughts may explain why so many citizens think the USG has gone off the rails. The question now is what to do about that.

> Doxing, breaches of medical information, cybertheft are all enabled by the poor cybersecurity (in particular, poor encryption) which was for decades actively fostered by NSA in order to ensure that they could spy on everyone's private lives.

CISA-omnibus, the dragnet surveillance bill disguised as a cybersecurity bill folded into a must-pass spending bill, makes all this much worse.

At ProPublica, Charles Ornstein has been explaining how ordinary citizens are being hit the hardest by breaches of their personal medical records:

Farrah Fawcett Was Right: We Have Little Medical Privacy
Charles Ornstein
30 Dec 2015

New Jersey Psychology Practice Revealed Patients’ Mental Disorders in Debt Lawsuits
Charles Ornstein
23 Dec 2015

Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Charles Ornstein
10 Dec 2015

The next big story in this field: HIPAA has been neutered by a lethal combination of

o EHRs copied to HIEs (better known to cyberspies as "watering hole" sites) became mandatory under the "Administrative Simplification" of the HIPAA Privacy Rule some years ago,

o the 21st Century Cures Act, which was enacted just a few months ago, mandates that medical providers release personal medical records to "researchers"--- the law says "researchers", not "medical researchers", in an apparent attempt to encourage FBI/NCTC/DEA and state and local LEAs to run amok among the personal medical records of all Americans.

o the phrase "notwithstanding other provisions of law" also appears in the 21st Century Cures Act, in the section putting into law incentives for medical providers to sell personal medical records of their patients to Big Pharma and other industries; this language appears to be intended to repeal the Privacy Rule entirely.

US persons are left with not even the illusion of Doctor-Patient confidentiality. The entirely predictable consequence: Americans are starting to avoid medical care entirely, just when other legislation promises to ensure they can afford to seek care should they choose to accept the privacy risks.

December 06, 2015


> My daughter just told me she read the news and that she's leaving her PhD work at CMU for another university because of it. She's some kind of computer designer.

She has my thanks, and my best wishes for her future career (maybe designing dragnet-resistant gear for the ordinary citizen?).

I hope Tor Project will reach out to its academic friends and to civil liberties groups like ACLU and EFF, seeking to organize academic boycotts of irresponsible "research", CIA "think tanks" on American campuses, etc.

December 07, 2015


Thanks for replying. If I misunderstand I plead exhaustion.

> because it's exactly the same topic.

Great overview of four major issues in the problem of choosing Entry guards (how many, how often), but no discussion of the potential danger posed by nation-mandated root trusted certs allowing easy MITM, agreed?

> Tor does not have any silver bullets for policy-mandated insecurity. If they ("they") tell you that you must install some spyware, or else, then we don't have a magic fix for that.

If I understand what you are saying, Tor users in Kazakhstan are gravely endangered right now. And the rest of us tomorrow?

How can we search our trusted cert cache (in Tails version of Tor browser, say) to ensure that no rogue certs are there? If I see certs from various governments, does that mean any of them can MITM my connection to any Entry node?

Ah. Tor (the program called "tor") does not care about your certs or your cert store. The bad guys can't give you a cert that will mitm your connection to your entry guard. That's because Tor uses its own public key infrastructure, completely independent of the Certificate Authority mafia.

Now, all of that said, there is another program, called Tor Browser, which is based on Firefox and *does* rely on the certificate authority mafia for deciding for example whether https websites are legit.

If somebody forced you to change your Tor Browser so it would believe bad CAs, then it would believe the bad CAs, and then somebody on the Internet in between the Tor network and Facebook could pretend to be https://facebook.com/ and your modified Tor Browser would believe it.

The fix of course is to not let people force you to run the wrong software.

December 09, 2015

In reply to arma


> If somebody forced you to change your Tor Browser so it would believe bad CAs, then it would believe the bad CAs, and then somebody on the Internet in between the Tor network and Facebook could pretend to be https://facebook.com/ and your modified Tor Browser would believe it.

Please bear with me, I still don't understand.

Here are the parts I think I *do* understand:

1. I am in some country possibly subject to state-sponsored breakage of PKI, and my tor client builds a Tor circuit which looks a bit like this:

tor-client <==> entry-node <==> relay <==> exit-node <==> https-website

where all connections are encrypted since I am surfing to an https website.

2. DNS lookup and OCSP lookup is done by the exit-node, which is in some country and possibly subject to state-sponsored breakage of PKI.

3. Also running on my computer: TBB, which is based on Firefox, and which contains a store of "trusted" certs used to "verify" that an https site is genuine.

4. The actual connection to an imposter website would be made by the exit node.

I think you might be saying that the initial hop from my tor client to the entry node is not easily MITM'd by a government mandated rogue cert. I think you might be saying that Kazakhstan or McCaulistan might try to insert a rogue cert into the store trusted by my Tor Browser (how?). I think you are saying that the false claim that some IP is facebook.com is tunneled back down through the Tor circuit, where it is incorrectly trusted by my TB (even if the exit node knows better?). Am I getting warm?

Would the bad cert be (overtly? covertly?) inserted into the tarball? Or could it be covertly inserted into a running genuine previously-unmunged TB? And then covertly re-inserted each time I start a new TB process?

And what if I am using Tails booted from a read-only DVD, not TBB running under some too-trusting OS?

Assume I have made every effort to verify all cryptographic signatures of latest edition of TBB or Tails, but have no idea how to try to use Verifiable Builds.

December 07, 2015


> The memo explicitly stated that an "untoward event" could be exploited to push through hasty laws mandating back doors. Such an event has just been provided by that other notable Enemy of the People, ISIS/L. (IS claims to a government, and is in fact functioning as the government ruling most of Syria, so the People should regard it as an established government, however barbaric, not as an underground terror group.)

The Isis papers: leaked documents show how Isis is building its state
Shiv Malik
7 Dec 2015

> A leaked internal Islamic State manual shows how the terrorist group has set about building a state in Iraq and Syria complete with government departments, a treasury and an economic programme for self-sufficiency, the Guardian can reveal.
> The 24-page document, obtained by the Guardian, sets out a blueprint for establishing foreign relations, a fully fledged propaganda operation, and centralised control over oil, gas and the other vital parts of the economy...[The memo] builds up a picture of a group that, although sworn to a founding principle of brutal violence, is equally set on more mundane matters such as health, education, commerce, communications and jobs. In short, it is building a state.


They are not all three working in concert, but the effect is the same.

It's all of them against all of us.

December 09, 2015


It's called the USA Patriot Act.. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

Read it and weep. Carte blanche for FBI.

it was 15 years ago and it was a response in front of a real hostility coming from eu / israel / france .
usa forgive easily their enemies as soon as they have benefits.
2016 : turkey(3 000 000000 $ from eu) vs russia and what about tor ?

Not sure whether the "forgiven enemy" you have in mind is Russia or Turkey. Both of those countries are regarded as enemies of press freedom and as nations which freely abuse the civil rights of their citizens, unfortunately.

January 05, 2016


You must be an irresponsible terrorist-enabler if...

... you keep your eyes fixed on your smart phone while going about your tiny life.

So says the former chief of the (UK) Joint Intelligence Committee:

Former UK Bureaucrat Whines About People Happily Looking At Mobile Phones Rather Than Fearfully Spying On Everyone Else
Mike Ma snick
5 Jan 2015

> Pauline Neville-Jones [claims] that all these people looking at their mobile phones or listening to music/pod casts in public are a public nuisance, because they're not watching out for terrorists. Really.

Further evidence that all the world's governments are in the grip of paranoid psychosis.

It's all them us-fearing paranoids against all of us them-fearing paranoids. How nice of FVEY to force us all to endure such an uncomfortable existence.