Tor and the Silk Road takedown

We've had several requests by the press and others to talk about the Silk Road situation today. We only know what's going on by reading the same news sources everyone else is reading.

In this case we've been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network). The FBI says that their suspect made mistakes in operational security, and was found through actual detective work. Remember: Tor does not anonymize individuals when they use their legal name on a public forum, use a VPN with logs that are subject to a subpoena, or provide personal information to other services. See also the list of warnings linked from the Tor download page.

Also, while we've seen no evidence that this case involved breaking into the webserver behind the hidden service, we should take this opportunity to emphasize that Tor's hidden service feature (a way to publish and access content anonymously) won't keep someone anonymous when paired with unsafe software or unsafe behavior. It is up to the publisher to choose and configure server software that is resistant to attacks. Mistakes in configuring or maintaining a hidden service website can compromise the publisher's anonymity independent of Tor.

And finally, Tor's design goals include preventing even The Tor Project from tracking users; hidden services are no different. We don't have any special access to or information about this hidden service or any other. Because Tor is open-source and it comes with detailed design documents and research papers, independent researchers can verify its security.

Here are some helpful links to more information on these subjects:

Technical details of hidden services:
https://www.torproject.org/docs/hidden-services

Our abuse FAQ:
https://www.torproject.org/docs/faq-abuse

For those curious about our interactions with law enforcement:
https://blog.torproject.org/category/tags/law-enforcement
https://www.torproject.org/docs/faq#Backdoor

Using Tor hidden services for good:
https://blog.torproject.org/blog/using-tor-good

Regarding the Freedom Hosting incident in August 2013, which is unrelated
as far as we can tell:
https://blog.torproject.org/blog/hidden-services-current-events-and-fre…

Some general hints on staying anonymous:
https://www.torproject.org/about/overview#stayinganonymous

The Tor Project is a nonprofit 501(c)(3) organization dedicated to providing tools to help people manage their privacy on the Internet. Our focus continues to be in helping ordinary citizens, victims of abuse, individuals in dangerous parts of the world, and others stay aware and educated about how to keep themselves secure online.

The global Tor team remains committed to building technology solutions to help keep the doors to freedom of expression open. We will continue to watch as the details of this situation unfold and respond when it is appropriate and useful.

For further press related questions please contact us at execdir@torproject.org.

Anonymous

October 04, 2013

Permalink

Thanks for the update. I'd like to know what your (i.e. the tor developer's) stance is on the paper "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" (which can be found under http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf).

They conclude that Tor's design of hidden service might require a redesign. To quote: "We believe that the problems
we have shown are grave enough to warrant a careful
redesign of Tor’s hidden services."

What do you think about this?

Anonymous

October 04, 2013

Permalink

#BEWARE [1] : Orbot (Android) leaks *ALL* dns traffic while using the "Select Apps" option, it totally *screws* anonymity
#BEWARE [2] : If used with Firefox in "Selected Apps" it doesnt work. It *should* redirect Firefox traffic via Tor but it still uses your ISP instead!

Hi,
as i pointed here:
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

there are some serious bugs in the discontinued (?) Orbot for Android.

Today i've found another one:
DNS traffic fails in the "Select Apps" option of Orbot.
I tried using Vlc as a selected app and the vlc traffic was supposed to be *entirely* routed through Tor (Orbot)
but i've noticed that the DNS traffic isnt redirected to port 5400 and it arrives to my home router and then to my ISP.

So Orbot is used for data traffic but the DNS resolving is done using *my* ISP thus revealing very important details, *zeroing*
my anonymity.

As a "fix" i had to do this:
1)as root: "iptables -A OUTPUT -o wlan0 -p udp -m udp --dport 53 -j DROP" #(and optionally "-p tcp ...." )
2)on the terminal: "tor-resolve the.host-idlike-to-connect.to"
3)go on vlc and change the links substituting the host with the ip address (obviously some time this will not work. Ie. in case of
multiple names associated to that server)

Another problem i noticed is that Orbot (or Android or whatever) completely *ignores* the "Select Apps" setting regarding Firefox.
It means that if i select Firefox in the Orbot configuration *nothing* changes and firefox still continues to directly use my ISP
instead of getting its traffic routed via Tor.

is there a way to fix these issues? is there a way to get and updated Orbot version ? (i'm using the one that comes with F-Droid)

NOTE:
when i use "tor-resolve" on the debian chroot i made on the phone, the dns query works well and gooes via Tor
(my router detected no dns traffic in this case)

Which version of Orbot are you using?

If you are using Firefox, why not try this configuration: https://guardianproject.info/apps/proxymob/

Orbot is hardle disabled. Please get the latest release from here:
https://guardianproject.info/releases/orbot-latest.apk

or via F-Droid repo:
https://guardianproject.info/repo

or Google Play or Amazon App Store, if you trust those sources.

I'm using Orweb, *NOT* Firefox. (firefox doesnt work with Orbot)

I get Orbot from the guardianproject repositories it is the "last" version
the last update was ~ 2 month ago, but the date is still "2012" ( ?!?!?! )

if you tell me that the Orbot from the F-Droid repo is the working one i'll try to get it from there.
I suspected the guardian repo wasnt good. Indeed the dont even have put repo key fingerprint on their site.

So i think: " what the **** i installed ?" i cant be sure i have a "real Orbot", since the guardianproject doesnt allow the user to verify the download.
AGAIN: *NO* fingerprint on that website, last time i checked.

And, no, i dont trust Google play/amazon ecc

firefox works fine with orbot, you just need proxy mobb installed. in fact, orweb was declared unsafe by the Guardian Project themselves because of a major vulnerability in flash videos.

really? have you tried using tcpdump to see if something (like DNS queries) leaks out or are you basing your assumption on the fact that "the webpages load well" ?

i think you should just try to put something like vlc/firefox in the "Select Apps" menu and then while using them try to see via tcpdump if *all* that traffic pass through Tor.

Arma can you comment on the following article that describes a number of FRAME and JS attacks the NSA can perform when using Tor for clearnet purposes?

http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-onli…

Will your organization finally put a stop to this by disabling scripting by default and blocking all embeddings? If not your funding, than this policy more than ever make us question your motives.

Great question. Keep pushing, I'd say.

The fundamental problem is that too much of the web relies on Javascript. Our first 1000 users were smart and would understand the issues, but the next 500000 users are just normal Internet users.

I guess I'll turn the question around: how come Firefox, Chrome, IE, etc all ship with JavaScript enabled? And how come you're not pushing them to turn it off?

I guess the answer is "well they're just for normal web users, and Tor is supposed to keep people safe from everything". But if people means everybody, there's the tension.

Given that the Tor project is understaffed and underfunded I can't really see why you bog yourselves down with trying to make Tor "transparent". You took a wrong turn somewhere.
Take TBB for example. Many - me included - were extremely puzzled by your reasoning behind having JS enabled by default. Tor should *never, ever* put user friendliness ahead of security. The same goes for the apparent vulnerabilities of Hidden Services. As soon as these were known the Tor project should have raised an alarm, however damaging to the project it may have been. Instead you did nothing, causing far more damage.
Hidden services need much more than a "bit of love". If they are unsafe then what's the point? A redesign is needed (and you should avoid the complexities of seamlessly migrating any standard website with its myriad of protocols to Tor). Bare bones is fine as long as its safe.

Agree completely.

The users can always *enable* whatever scripts they want if they wish to lean more towards usablility end of the trade-off. What's the point in making them vulnerable *by default* if you know they are noobs and unlikely to turn the scripts off?

The "if people don't find tor easy to use they won't use it and so would be less secure" argument doesn't cut with me. Given that we *know* now that these agencies are *specifically* targeting tor uses with such exploits, at least make the agenies use their more valuable tricks. At least make them play better to win.

If an adversary controls enough nodes, or enough of the networks on which the nodes exist, said adversary can then deanonymize the traffic. This is a published weakness in Tor.

For instance, the Flordia tech company that was profiled some years back. They were building a very large network, costing millions, and elluded that they would flood the tor network with nodes such that they would control the entry, transit, and exit nodes. Thus, there would be no real anonymity.

Cisco has been caught installing back doors into their routers to give the USG Spooks the ability to track all data transmissions in China; but who says this hasn't been done elsewhere? Or everywhere? Once again, no anonymity.

The NSA is already exposed for their extensive monitoring of US internet traffic. Likewise, if they are monitoring enough of the traffic they can follow the packets through using timing attacks and other known weaknesses in tor.

So then why is everyone so surprised that tor has been compromised? Even if the media story is dubious, especially with how quickly they reported on the investigative techniques used (how many stories have a detailed investigative strategy reported so soon after the arrest?).

This story is necessary to quell any suspicion. Probably, the tor operators know these weaknesses are being exploited. Possibly, they have instituted a means to salt the packet data to permit it to be more easily tracked across the tor nodes. In any case, unless Snowden released information showing this is the case, we will never know for certain.

You're right, all you have to go on is the source code, the detailed design documents, all of our public conference talks, and the hundreds of academic research papers.

What was the Florida tech company?

It wasnt a tech company, it was some rich guy who wanted to infiltrate Tor a few years ago to catch pedos. I think he committed a million or two to the project and gave up.

Wow. This is the first I've heard of it. Cite?

Seems to me that if the kids are suspected of doing anything that Uncle Sam, Mother Russia, Cousin Blighty, Principle China, or any of the other big bad grownups can't monitor or control, their only way of dealing with it is to slap wrists, secretly listen in on our den meetings or ban us from listening to the music we want to hear... ha. so.. the matrix is alive and kicking.. :(

Anyway, I for one don't think Tor is the problem here, I don't think it's 100% safe, but everybody should know that - it's made blatantly clear when you visit the download/install section that there are known security issues, but, that with care, you will be granted a certain anonymity provided reasonable precautions are taken care of by you at your laptop or desktop end..

The silkroad situation is always going to be a conspiracy theorists dream.. but... he did (reportedly) make a lot of silly mistakes, the least of which imho was getting involved in hit man contracts and ordering fake id's from his own site to his own address.. (allegedly)

Nobody knows for sure, and probably we, the community will simply have to work harder at being more aware that the walls can sometimes hear, and careless talk costs lives etc..

For what its worth, in my humble opinion, this guy was running a site that kept logs (wouldn't a security minded admin clear everything more than a week old that's past it's relevancy..?), a site that had so much traffic and so many users it was inevitable that there'd be stings set up by multiple interested gov agencies, and above all, a site that was near top of the 10 most wanted.. wiki-leaks and the pirate bay are small fry to a guy who's helped shift a billion (reportedly) dollars worth of drugs and illicit goods isn't it..

Enough though, I'll end by saying I think Tor is still worthwhile, and believe the information within it's network remains secure, just make sure your ip or email isn't in anything coming out of an exit. I believe bit-coin will stabilize and there's a lot of propaganda and false speculation floating around (probably originally of government origin somewhere, but because they used tor when they wrote the articles, we'll never know for sure.....:) that's trying to harm both.

governments can't read whats IN tor (or if they can, the odd email or small site selling weed should be of little importance..), and they don't like bit-coin.

scare, break, lie, smash.. it's the grownups way :(

Finally SR goes down.What a loser, DPR HAAAHAAAHAAA . Gave up? CP and Dope markets are a embarrassment to the network, peddle your SHIT somewhere else or join SR.

If NSA operated a large number of TOR servers, how hard would it be for them to triangulate users and data? How do we know NSA doesn't operate a large number of TOR servers?

Anyone simply tried "heavy" or how about "Risky" experiments to see whats going on?

How about using 'secure' email et al to "threaten" well..use your imagination..what sort of threat should normally in 'transparent' systems pretty much guarantee a 'door knock/kick'?

Anyone?

Or is is literally..and I do mean Literally..ALL "..Mere Smoke Of Opinion"? (H.D.Thoreau)

Frankly the REALITY is very simple whether one wishes (tech fanatic closeted fascists this means you..("I think steve jobs is a hero and I cannot wait for 'smart clothing' and 'driverless cars' and 'fine grain presence monitors in my smart home'..gall!" aka Total Surveillance Whether The Rest Of Us Like It Or Not) to 'poo-poo' it or not; POWER! This is an "Example" being made of someone who literally..no figure of speech..read the forbes article..Literally stated basically his TORsite was 'about' sticking it to the man.

So the Federal BI even stated this is their OVERTLY Fascist/Totalitarian statement re. 'No One Can Resist The FBI'...well..EXCEPT of course whomever is killing (what is it now 400 plus?) HUNDREDS of Women in Juarez..or gosh..just oh I dunno The ENTIRE Drug "War"..or the 40,000 odd "Missing People" annually..fact..FACT is American "Law Enforcement" is increasingly "About" fascist and totalitarian "Mass Surveillance, Control and Coercion, Via The Necessities Of Life!". Using RFIDS in your cars "Fast Track" set up to trace EVERYTHING you do for control and coercion not "law Enforcement"..but simply.."Revenue Streams" etc..sad endless etc..

Crime and Criminals are THRIVING or hadn't anyone noticed?

Crime..Including HOMICIDE..is in fact..UP globally and Nationally.

So I hereby BEG you Freedom loving techies out there to create ANOTHER "Silk Road" but this time make it "Perfect"..and you might want to "Incorporate" because make enough bread and guess what? Your "Corporate Citizen Rights" are the ONLY "Rights" the FBI RECOGNIZES and furthermore Protects..and if that's not enough? PAY OFF your "Regional Corporate Fascist Representatives" aka your local senator or congressman/woman to inact a legislative "Silk Road 2 Protection Act" and SHAZAM! Safety from coercive federal maggots.

> How about using 'secure' email et al to "threaten"

Not really a smart idea over Tor -- they'll track your threatening email back to the Tor exit relay and then hassle them to shut down. For a concrete example, a research group at Georgia Tech ran a Tor exit relay, but then somebody sent a bomb threat through it and the administrators told them to quit running it.

So doing things that make Tor exits less sustainable hurts the network.

cant nsa.usa fabricate such messages to turn off exit relays?

Yes.

I have a bomb in my shorts and I will bring down a plane to Florida.....or...ionia... or skyrim
This is a test and only a test.
Sheesh........
how stupid

Would using a pc firewall to block all traffic except the ones coming from tor.exe eliminate the treat from known and unknown failures in Firefox?

Nope

"Sorry, your query failed or an unexpected response was received.
A temporary service outage prevents us from determining if your source IP address is a Tor node." - is it only me?

The more I think about this...the more it seems the safest way to operate a Tor Hidden Service would be:

Whonix -> Open Public WiFi (or compromised, non-public WiFi) -> offshore anonymous VPS in a country unlikely to cooperate with US authorities (Russia?)...paid for with anonymous Bitcoins.

The server could also use some distributed storage like Tahoe-LAFS (with most storage nodes hosted on different anonymous VPSs or some pubic grid and NOT the VPS running the web server) or Freenet for it's root directory.

Everytime you connect via Whonix to your Anon VPS...

0. connect Whonix-Gateway to open wifi
1. create snapsot of Whonix-Workstation
2. connect to Anon VPS and do what you need to do
3. disconnect
4. revert Whonix-Workstation to previous snapshot...leaving no? forensic evidence of the administration session that just took place

Of course, keeping this disipline up for years on end would be the hardest part.

One might also worry about their Anonymous VPS being compromised (by authorities or criminals). I wonder if i2p eepsites or Freenet might be a more secure option than Tor hidden services if the NSA, FBI, etc. is part of your threat model?

ok SR is down, we don't know yet (if we ever will) how they found that server..i'm just average internet user and i found out about tor like 6months ago. Digging soon i learned about SR and it's a damn shame it's down. I feel sorry for DPR too. Dunno what are his other crimes besides SR and i think we should write a petition to free him out. lol I'm sure that he just got overwhelmed with stuff going on in his life and he probably did some mistake(s). I have this feeling that he is just a good guy. I hope he doesn't get big conviction. This is great movie story. Also i read that he had some partner. Why? Is SR that complicated to run? And major question is why someone else doesn't do SR again. (i loved that green camel) Does one really have to be a mastermind to make SR same as it was? But maybe somewhere in Europe this time? USA sucks.

I heard they claim DPR hired a hitman to kill an ex-employee... It all sounds very suspicious though...

Tor developers:

Please make Bitmessage (the only truly anonymous email service left) available on Tails.

Thanks

What does Tor Project have to say about the newly leaked NSA reports on their attempts to compromise Tor?

http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-…

If an adversary can monitor a significant fraction of the exit traffic, finding the IP address of a hidden service appears trivial.

Run a bot that accesses the hidden service at known random intervals.

Cross correlate the exit traffic timing with the random interval sequence.

The length of time required depends on the proportion of the total exit traffic the adversary can monitor. and the volume of traffic.

Am I missing something? I can't think of any way such an attack can be defeated other than using a large number of servers which introduces a serious set of logistical problems with an associated risk of other errors.

In short, I think the idea of SR is delusional. Once a well resourced adversary knows it exists, it's only a matter of time.

suppose you have non tor sefvice on the same ip address. It will raise noise-to-signal ratio and can potentially prevent disclosure.

Would not hold up in court. (Correlation data)

Also, the NSA has no interest in anyone on this thread. That is, unless you believe you are a defense threat. They don't care about your porn, weed, etc...

As for the FBI, they do not have access to that level of monitoring. They monitor at local ISP's, usually without a need for a warrant. That is not enough for correlation attacks in most cases.

I'm a Canadian living in the states and I'm in my 60's so have the " big bro" complex. I want to browse the net, and even order things at times that are not anyone's business by mine and the person at the other end. I'm also Irish and have been a bit political in the past. I would never hurt anyone but do have a view point the US government most likely wouldn't like. I just found out about THOR and this sort of site and am interested................good for all of you !
Peace out !
Myrna

People are stupid

arma, how can you sleep at night, knowing that the only reason Tor exists is for criminals to have a safe haven for illegal activity and the fact that you intentionally make these illegal sites easy to find.

I'm glad the FBI is taking steps to stop this madness. But it seems 99% of tor users are disappointed.

lol i don't understand this post at all..
tor doesn't exist for criminals only. Not all ppl who wanna be invisible are criminals. I understand that logic why would you wanna be hidden if you don't have nothing to hide but i don't support it. Citizens of USA are monitored so even if you say "wrong word" and u draw attention monitoring is starting in bigger way. The question is who is monitoring and what are his intentions. If they can monitor some hacker can use that way too. (I can use Tor to be invisible for bad guys). Maybe the agent who monitors is in big problems cause he doesn't have enough money to support his medical treatment for kid so he starts selling information he collects..etc..lot's of examples for misuse..same as for Tor. So my point is that Tor is not meant for abuse but there will always be ppl who will use it for that.
And by this I conclude that you believe that all politicians and/or cops are straight and legal just because they are law.
And by the way if human society is directed to be same for everybody everywhere there wouldn't be good and bad guys. At least not in this proportions today.

You're so right!

Also, with the rampant increase in knife crime globally i've been petitioning cutlery manufacturers to only produce soft latex spoons, as metal knives can be used to stab people.

/facepalm

I see you did not read anything on Tor Project page (https://www.torproject.org/) take a while and read a little bit.

The Tor Project is there to provide anonymity tools to normal people.
Some of that "normal people" do things against the law, they are the criminals.
As you can see, criminals go to jail.

You have to blame the criminals. Not the tools or their developers.