This sounds fishy. He probably pleaded guilty as part of a plea deal, so law enforcement has a scapegoat and some meaningless "media success" in exchange for him getting a drastically reduced sentencing. They always do that, threaten people with insane penalties if they don't accept so shitty plea deal and if you are not super certain that you can win, you will likely accept that one, just because it seems "safer".
There are a LOT of cases like this, just most of them don't gain this publicity. Actually, 95% of court cases never reach court because of this. Innocent people plead guilty because they don't have the wealth and resources to win in court. USA is a shithole when it comes to law enforcement. Medieval and sad. Land of the free (as long as you are rich, that is).
Promise (YC startup) was also saying that 70% of people in jails are waiting for judgement or are in for a technical violation (ex: did not show up to a hearing). And being in jails they end up losing their job, eventually they lose their house etc.
This is a space with a lot of low hanging fruits. And minor fixes may end up doing a lot of good.
Firstly, because there's needed some way to filter people. If you get 100 applicants, you can't make a detailed consideration. But if only 30 have degrees, it's much easier. So there is a signalling effect.
But secondly, and more importantly, because you need somewhere to have these kids. If there's ten million jobs and ten million two hundred thousand jobs, you'll get problems. This is also why many countries had military service, to further improve on the unemployment figures.
"We didn't raise [the school leaving age] to enable them to learn more! We raised it to keep teenagers off the job market and hold down the unemployment figures."
Prison is just a logical extension of this. If they weren't in prison, they would be unemployed and causing all sorts of trouble.
In major cities like LA, bail for misdemeanors can be $80,000 if someone misses a court date. And the jails are horrific, they force you to be racist especially if you’re Hispanic or black.
There’s so many LAPD/LASD scandals that it’s hard to conceptualize. The FBI spent millions installing videocameras throughout the jails to stop the rampart torture and abuse of inmates by LA County Sheriff Deputies. The longtime Sheriff went to federal prison over it. And this was after a 10-year supervisory role of the DoJ and hundred million+ spent to stop police report. After it!
Good luck surviving that system without a serious bias towards authority.
Then they just go in again until they're either rehabilitated or dead.
It doesn't functionally matter what happens in there, since it's the same thing as with standardized tests: all tests are inherently fair, regardless of how poorly constructed they are.
The assumption that unenmployed causes all sorts of trouble, and thus should rather be in jail... Sure doesn't sound like a country that values freedom.
There is a much simpler way to solve the problem: reduce the weekly working hours. Instead of working 40 hours, require people to work 35 or less. Instead, what governments around the world are doing is using the excuse of technology to increase the working hours, therefore causing hourly pay to go down and increasing poverty. It is a completely destructive social policy, and we're all paying the price in some way.
The problem here, as always, is that all of the routine jobs that require minimal employee knowledge are being automated. The remaining jobs, even in 'blue collar' areas, now involve job-specific knowledge which takes time and money to impart and which goes stale if not used regularly. It's far less effective to have two part-time engineers design a widget than it is to have one full-time engineer design it. It's even worse having two part-time electricians wiring up a machine, because the handover is going to be messier.
No, I was responding to this: "minor fixes may end up doing a lot of good".
They won't, since the purpose is just to have somewhere to store people. The actual crime isn't very interesting, the thing of importance is that they have somewhere to store them.
Something has to be done. It's either the case that they are productive members of society, in which case they are rarely imprisoned, or that they are not, in which case they often are.
Children aren't productive members of society, therefore we store them in schools until they've grown up. Same principle - I'm not dehumanizing kids, for the record.
The reason there are more prisoners in America is because there's a larger underclass who are forced out of employment for structural reasons. As long as these issues persist (and indeed, they will get far worse), we have to keep the unemployment rate down somehow. Prisons are just the end effect of this requirement.
The important thing to remember is that the alleged crime doesn't actually matter. This is also why corrupt Wall Street bankers rarely get harsh prison sentences. Why would they, when they're going to be able to find a job without much trouble anyway?
If you're wondering why a web host, who could potentially be immune to prosecution under CDA 230, was charged with the distribution of child pornography, according to the warrant [1] an admin of one of the pedo sites claimed that Freedom Hosting had "full control" over the websites (well, he had root access to the servers, but so did OVH), was patching the websites, that the pedo site hosting was free, and that he assumed that Marques covered the hosting costs as a service to the "pedo community". Technically the prosecutors might have had to prove that he knew what the sites were hosting, but he did plead guilty. Hopefully the actual operators of the pedo sites are found and prosecuted, and not just this sysadmin.
CDA 230 immunity doesn't apply to federal crimes, only to civil lawsuits and state crimes. This was prosecuted under federal laws against child pornography, so it would not help them anyway.
"but he did plead guilty". Also take that with a grain of salt. Often plea deals create quite an incentive to plead guilt even when innocent. "Go to trial, risk 20 years in prison branded as a child porn purveyor. Or plead guilty, cooperate as a witness, we'll charge you with a lesser crime that will have you out of prison in 3 years"
Running a hosting server for onion services, as was done in this case, is a terrible idea. It greatly increases the risk of deanonymization. The question is less how this hosting service was discovered and more how it ever stayed up long enough to become so notorious. Here's why:
1. Each hidden service chooses a "guard" relay to serve as the first hop for all connections.
2. A server running multiple hidden services has a guard for each of them. Each new guard is another chance to choose a guard run by the adversary.
3. An adversary running a fraction p of the guards (by bandwidth) has a probability p of being chosen by a given hidden service. A hosting service with k hidden services is exposed to k guards and thus has ~kp probability of chosen an adversary's guard. With, say, 50 hidden services, an adversary with only 2% of guards has nearly 100% chance of being chosen by one of those 50 hidden services.
4. The adversary can tell when it is chosen as a guard by connecting to the hidden service as a client and looking for a circuit with the same pattern of communication as observed at the client. Bauer at el. [0] showed a long time ago this worked even using only the circuit construction times.
5. The adversary's guard can observe the hidden service's IP directly.
The risk of deanonymization with onion services in general (i.e. even not using an onion hosting service) is significant against an adversary with some resources and time. Getting 1% of guard bandwidth probably costs <$500/month using IP transit providers (e.g. relay 8ac97a37 currently has 0.3% guard probability with only ~750Mbps [1]). And every month or so a new guard is chosen, yielding another chance to choose an adversarial guard. Not to mention the risk of choosing a guard that isn't inherently malicious but is subject to legal compulsion in a given jurisdiction (discovering the guard of a hidden service has always been and remains quite feasible with little time or money, as demonstrated by Øverlier and Syverson [2]).
[0] "Low-Resource Routing Attacks Against Tor" by Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. In the Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007), Washington, DC, USA, October 2007.
This is some great info for the less technically knowledgeable about Tor (like me!). However, I think your math in #3 is wrong.
Assuming random assignment/selection of the guards, each time one is chosen it has a 98% chance of not being "caught" by choosing an adversary's guard. Going with 50 services as you said would be .98^50=.364, meaning the chance of getting caught is 1-.364=.635 - 63.5%. This is vastly different than being nearly 100%.
Fair enough! I was using as a heuristic the expected number of compromised guards, which would be 0.02*50 = 1. Moreover, things degrade exponentially over time. If half the guards rotate every month, the chance of choosing a bad guard is after 2 months is >86%, after 4 months is >95%, after 6 months is >98%.
There was a posts week or two ago from a person running a legit Tor service that was analyzing all of the attacks he received.
He said something seemed to be dos'ing the guard nodes, causing his service to automatically choose a new guard, in an attempt to get his service to connect to a guard node controlled by the adversary. He said in one case, they found his server's actual IP address and dos'd it.
I assume you refer to [0]. He says "If [the adversary] can knock me off enough guards, my tor daemon will eventually choose one of his guards. Then he can identify my actual network address and directly attack my server. (This happened to me once.)" I question how the author is sure this is what happened to him. But he may be right, and moreover that attack may have been performed against the "dark web tycoon" that is the subject of this post. However, it does seem to be somewhat challenging to perform, as Tor keeps trying to use all recent guards ever contacted, and so you'd have to simultaneously make all chosen guards unresponsive until a malicious guard is selected.
> 5. The adversary's guard can observe the hidden service's IP directly.
So does the guard know that it is a guard and that the traffic comes from a hidden service? I thought Tor worked by jumping from node to node, and that each node didn't know whether the traffic came from the original client/service or from another node in the chain. So each time you make a connection over Tor you're essentially telling a guard node "here's my real IP, send this traffic to this hidden service and return the response please" and you have to trust that they keep it a secret? I feel like I'm missing something here.
The Tor protocol doesn't explicitly signal the guard relay that it is in the guard position. However, the guard relay (call it R) can use several indicators to conclude that the preceding hop (call it S) is indeed the source (e.g. the onion service):
1. S is at an IP address that is not a public Tor relay as listed in the Tor consensus. It's not impossible that S is a bridge (i.e. private Tor relay), but statistically unlikely because using a bridge isn't all that common.
2. During circuit construction, S extends the circuit beyond R two times. I don't see why Tor couldn't easily create dummy circuit extensions to fool R, but it doesn't (probably because there are so many other indicators that this change alone wouldn't solve the problem).
3. R observes what appear to be HTTP-level request-response pairs between it and S at about the same round-trip time (RTT) as the RTT R observes between it and S at the TCP layer, which should only happen if there were no more hops beyond S.
If I recall correctly, Kwon et al. [0] describe several more statistical indicators of being a guard for an onion service.
Also, you are right that a client doesn't tell the guard node the destination (e.g. the onion service) of its traffic. The guard node is not trusted with that because it already directly observes the client, and so giving it the other side would deanonymize the connection.
Tor has made some improvements that would reduce the threat of deanonymizing an onion service, but none affect the above analysis (or rather, the above analysis has taken them into account). The main improvements, in my opinion, have been:
1. The biggest improvement is that (in 2014 or 2015?) they reduced the number of entry guards from 3 to 1 [0], reducing the risk of a malicious guard by a factor of 3.
2. The time until a guard choice expires was increased from 2–3 months to 3–4 [1] (this maybe happened 3 years ago?). This increases by ~40% the expected time an adversary would need to passively wait to have his relay selected as a guard by a victim.
3. The bandwidth threshold to become a guard relay was raised from 250KB/s to 2000KB/s [2] (looks like in 2014). However, 2000KB/s=16Mbit/s is still a very low bar, and, moreover, for an adversary that can run relays above the threshold, this change increases the adversarial guard fraction as there are fewer guards above the threshold to compete with.
4. A new guard-selection algorithm was implemented that prevents a denial-of-service attack from forcing a large number of guards (i.e. > 20) from being selected in a short period of time [3]. I believe this merged in 2017. If an adversary can force guard reselection by an attack, you are still extremely vulnerable, though, as a limit of 20 still provides a 20x risk multiple.
These are well known attacks. In case of Freedom Hosting this maybe was the cause for finding the server. Mitigation exists. Today big illegal darknet websites run lots of Tor servers on their own. You can also manually set trusted guards or other nodes in the chain so no malicious node will ever be part of your path through the network.
Yes, if you manually and wisely choose your own guard nodes, then you can avoid these attacks. You should be sure that those guards can't themselves be linked to you, either.
The page you link describes "vanguards" which apply the guard logic to positions beyond the first hop. They are only available as a plug-in that you must separately download and configure. My understanding is that no plans currently exist to integrate vanguards into Tor due to cost of engineering challenges that appear if everybody were to use them (including especially how they would affect load balancing).
In this case, the main question is how the server was discovered, not how the operator was then deanonymized. As the article describes, after the server was discovered to be in France and run by OVH, authorities used legal treaties ("MLATs") to obtain the subscriber information, leading them to the person that recently plead guilty in court.
This seems incredibly naive. Who would register a VPS hosting different kinds of the most illegal content imaginable using their real name or IP address? Even if they thought hidden services were impenetrable, there are always other possible slip-ups you could make which could disclose the server's real IP, and of course they'd be ignorant to think any security measure is impenetrable, including Tor.
DPR made extremely careless mistakes, too, to the point that even a random amateur investigator could've identified him, using only Google.
It's shocking how many of these people aren't caught sooner when they don't even know OPSEC 101.
Sure, but even if you assumed Tor was perfectly secure, there are still other ways of being exposed (like someone causing your web server to issue a network request to a host they control).
No matter one's assumptions, it makes no sense to me that someone would register a VPS with their own information when it's pretty trivial to do so anonymously. Especially if you're running an illegal content hosting empire.
DPR's mistakes at least made sense to me; they're something anyone could have overlooked, even if they were still very naive mistakes. But I doubt DPR used his personal information when paying for servers. That's well beyond "unrealized mistake" into pure incomprehensibility.
They supposedly caught on to him by connecting an email address associated with DPR to his real-world identity. Wouldn't surprise me if that was an ex post facto lie concocted to conceal the true method, though.
A simple national security letter (NSL) without even needing to get a warrant and BOOM you can tap the server and get all info about the person running it.
Not if the server is paid for anonymously and you only connect to it over tor. That connection isn't through a hidden service and so isn't vulnerable to this attack.
A national security letter can not compel someone to tap a server for the government or allow the government to tap a server. A NSL can only request existing collected records. So for exampe a NSL could request any logs a service provider has regarding who paid for the server or any access logs they retain regarding the server. If they do not have any logs a NSL can't compel them to start collecting them. A NSL which requests actions or information outside of the scope allowed by law can be challenged in court.
He was likely de-anonymized through this technique or similar. The issue was that he trusted the Tor network to keep him anonymous and paid for the servers with his real identity.
I am merely give my opinion, but a service created by the US government/Military is going to have undocumented "issues". I would not trust it one shred.
Yes, it is Open Source of course, by undocumented I refer to vulnerabilities that are not documented or found in the open yet. The best yardstick out there is to say 'would Edward Snowden use/recommend it?'.
Isn't it rather trivial to find who is accessing a website if you can manage to monitor tor nodes? Just do some heuristic, to see when traffic happens, and over time, narrow down users.
If you're the FBI and have the authority to monitor the whole internet, isn't it trivial to catch any tor user?
Tor is still secure, but of course if you are the government and have skilled engineers, time and admin access to the internet infrastructure (by legit or covert means, I'm pretty sure the US can monitor traffic outside his jurisdiction), tor is not safe. But tor is still safe from countries other than the US, unless the US government have a problem with what you're doing.
I would still be curious to see if tor does counter this problem by passively sending traffic to avoid this. Anyway I stand that there are 2 kinds of security: security against small bad actors, and security against competent, resourceful, big actors. The latter is usually impossible to get because it becomes extremely fastidious and complicated.
This would be more NSA jurisdiction and they do. The problem is most people's assumption is that if one part of the government has it, then everyone gets it. This is wildly false. Even within the FBI itself, different departments and cases get different tiers of access.
Even when the case agents get access, policy dictates what evidence is allowed to be taken to a public trial. Otherwise you get repeats of the FBI/4chan/8chan debacle. This is especially true for legal "grey areas" like mass surveillance. This means that agents will often get evidence they won't use in order to guide active surveillance using more legal means in order to collect evidence they feel comfortable admitting in public court.
This is not accurate. The NSA launders evidence that would otherwise violate the 4th amendment through its "special operations division" using "parallel construction".
The central premise of the article is that there is no disclosure regarding the vulnerability used, suggesting the existence of some unknown zero-day exploit..
Various well documented analysis have linked this incident to "EgotisticalGiraffe", a well known -- and since fixed vulnerability.
FUD or lazy journalism? I mean, at least read the subjects Wikipedia page before publishing something..
EgotisticalGiraffe was the JS embedded in Freedom Hosting's web pages, which is mentioned by the article. Are you saying they hacked the site and inserted the JS? I assumed that was inserted after de-anonymizing the server and seizing it.
The article explicitly does mention "EgotisticalGiraffe" (the Firefox TBB exploit). But the point is that the exploit was dropped on all websites that Freedom Hosting was running, which raises the question that the article is really about, "how did they know where the hidden services were?"
This seems like the easiest way to do it, so I would speculate that this is how it was done. All you have to do is put a website up and make the server phone home, revealing the hidden IP address. Some more speculation: the government is hiding this fact in order to deter criminal use of Tor.
Of course, I would still assume that other ways of discovering the location of hidden services have been found. I'm not convinced that onions can be hidden from an adversary with the resources of a US government agency, particularly in light of some of the posts that appeared on Hacker Factor recently.
Ctrl+F Firefox in the article, there are a few paragraphs on that vulnerability and its role in the article. But that exploit, as I understand it, is not responsible for the first unmasking of Freedom Hosting which is the central question here.
Should they? I know of no such law or theory. They have a burden of proof regarding the correctness of evidence and the defence can question the legality of collection methods if the evidence gets used in court. As far as I know, that's about it.
Chain of custody is one tool used to satisfy part of the burden of proof regarding correctness of the evidence. There are others like sworn testimony or corroborating evidence.
This only is meaningful in a courtroom situation, a lot of "evidence" never sees the courtroom and is merely used as information to help the investigation.
I mean, it's not like he's just some TOR user they were after, he ran a huge dark web hosting service. There's so much traffic and data to work with, it was just a matter of time.
It's strange to me that people who make a habit of doing fantastically illegal things on the internet are always so sloppy about it. Even if they don't have the technical ability to break into their neighbor's wifi or set up a long range antenna to connect to an open access point they can still get a burner smartphone and drive to a Starbucks. Back when I used to torrent my TV shows I didn't even let my piracy laptop touch my home network and I never used that machine for anything other than downloading.
We don't actually know for sure that he was doing "illegal things". He was running a hosting company ("Ultra Host") on the public facing web and later launched Freedom Host as a side business, or perhaps better described as a charitable hosting service to contribute to the Tor network. Freedom Host offered FREE hosting to people on the Tor network. What liability does he have if other people use his host for illegal things? From what I understand he was never personally involved in any of these activities.
One can argue that he had to know about it, perhaps so, but the way he's being portrayed by LE and media is as if he was the kingpin of child porn. That's far from the truth. Freedom host served half of the Tor network, including perfectly legitimate services like Tormail, wikis etc.
I think his mistake in not cloaking the identity used to purchase servers can be explained this way: He was never planning to host CP starting out (or do anything else illegal for that matter). He probably thought universally recognized no-liability laws would apply to Freedom Host just as any other hosting business. Perhaps he later went down a darker path, but at that point it was too late.
The fact that he now pleads guilty means absolutely nothing however. Remember, he was extradited from his country to USA, and while he should never have been sent there, he now have to adapt to the way the "justice system" works over there and it works kind of like this: 5000 years in jail or take a plea deal and get away with 15-30 years. Even if he is innocent, you need to realize that when you're facing a kangaroo court and subsequent rotting away in jail for life it might be better to pick the lesser evil.
> Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out the service for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network. In the hearing yesterday, [FBI Agent] Donahue said the service hosted at least 100 child porn sites with thousands of users, and claimed Marques had visited some of the sites himself.
> It's strange to me that people who make a habit of doing fantastically illegal things on the internet are always so sloppy about it.
This is completely the wrong way to think about it. Remember the Defender's Dilemma: to run an illegal business like this, your opsec needs to be perfect: every single possible channel of information leakage (including the "unknown unknowns"), every minute, every hour, every day, forever. You need to be lucky every time, the feds only need to be lucky once.
When you focus on the specific mistakes that people made and thus call them "sloppy", you're missing all the things they did right; you might not have made those mistakes if you were in their position, but you would've made different mistakes.
The internet is designed to send data from point A to point B. Keeping point A and point B truly anonymous means that the internet won't work.
Tools like Tor don't really protect you, it's more like they make it hard enough to figure out who you are that only people with strong incentives will track you down.
>or set up a long range antenna to connect to an open access point
Sure, this works for torrenting TV shows. If you are the number one peddler of child porn on the planet however, this won't help you for very long. The FBI (or whatever national police force is trying to find you) will just go to the access point, realize you're connected remotely and triangulate your position with (essentially) some signal-strength meters in much the same way the FCC tracks down particularly disruptive unlicensed broadcasters.
Upvoted. Another perspective is that if you are smart enough to know, then you're smart enough to know it's an impossible mission against state actors given enough time and would never try it. Downloading a movie at a Starbucks is one thing, running a 24/7 hosting operation without every accidentally leaking a single piece of data is nigh impossible.
If the values of a person are "achieving personal power" in first position and "respect others" in last, that person may be ok to steal.
I hear some people arguing that in business "not breaking the laws" is not the problem unless they get caught and even in that case, it is a problem only if the consequences end up costing more than the gain they receive in doing it.
So a person with those value may end up breaking the law. Are you saying it is ok?
There are numerous unjust laws that infringe on the rights of the individual. Not only is it morally defensible to break such laws, but it is a good for respectable people to do so in order to reclaim behavioral territory and psychological freedom from the police state. This demonstrates to others that being a "criminal" is not a moral status but a legal one.
It is a dangerous ground thought... Who decide what is just or unjust?
Different people have different values and believes in what is just or unjust. I agree that some laws may need to be changed. But should we not have discussions on changing the laws instead of breaking them?
This obviously implies a good democratic system so it may be different is some nations.
Everybody does. Everybody must, because delegating the decision in itself is merely an option of that decision. Whether you obey power, follow your own greed, defer to social norms, or carefully weigh your own values and the consequences of your actions for yourself, all people are moral agents whether or not they realize which path they are following.
You raise a reasonable objection; I'm not advocating murder or wanton lawlessness. But here's a whole category of illegitimate laws that should be disobeyed: prohibitions born out of moral panic. These laws don't restrict actual harm, whether immediate like violence or accreted like pollution. They restrict the mere chance of harm by denying individual agency, out of fear that it could possibly be used for harm by even the tiniest number of people.
That's why simply discussing these laws isn't enough. They originate in fear and blindness that can't be reasoned against. The mere word of the thing evokes a fear response that shuts down thought: "drugs", "guns", "homosexuality", "racial integration". Good people have to be willing to break the law to show the difference between the panic and the actual outcomes.
Societal progress doesn't come from people musing about what they think they'd like to try, if only it were legal. It comes from people who risk everything to say "This forbidden thing is actually good and we know because we've done it, and it's so important that even banning it won't stop us".
You're insane. His site facilitated numerous drug deals for profit. He also paid bitcoin in what he thought was a hit-job (he was duped). This dumbass can rot in prison. Screw him.
There is nothing wrong with facilitating drug deals and there is not a shred of evidence to support the other allegation. An allegation from the US government means absolutely nothing to me.
It's also quite ironic that an organization that has assassinated numerous people are attempting to destroy the reputation of one of their enemies by claiming that he attempted to assassinate somebody.
> It's also quite ironic that an organization that has assassinated numerous people are attempting to destroy the reputation of one of their enemies by claiming that he attempted to assassinate somebody.
The United States Government (USG) enjoys a monopoly of violence (consent of the governed). However, a citizen (or group of them -- org/corp) does not enjoy such rights. Your comparison is invalidated.
Ignoring the fact that many of the people assassinated by the US government where not US citizens and never set foot on anything the US government claimed as territory...
Who exactly is consenting to be governed? I know I'm not consenting but I also know that some other people support the government that purports to govern them. Is it enough for one person to consent or does something magic happen at a particular number or portion?
> Is it enough for one person to consent or does something magic happen at a particular number or portion?
Nah. We have these things called elections (and representational democracy). In general that mechanism decides how society will progress forward from a political perspective.
The US government, acting in accordance with its constitution invades and occupies Canada. Congress creates 13 new states corresponding to the previous provinces and territories and elections are held. Almost all of the elected members from the newly annexed areas are opposed to the annexation and introduce a bill to allow the 13 new states to secede from the US but the bill is overwhelmingly defeated by members of Congress from the other 50 states.
Does the US government in this scenario enjoy the consent of the governed?
If they do, imagine that the original US population was more split on the issue so that the secession bill would have passed with Canada divided into 13 states. However the pre-annexation Congress anticipated this and resolved to make Canada a single state that would consequently not have sufficient representation to pass the bill even with the support of opponents from some of the other 50 states.
Does the US government still enjoy the consent of the governed in the second scenario?
>if these techniques and vulnerabilities were made public[...]
Should the government prove that it followed the law when investigating a criminal?
Did they obtain the proper warrants that people recognize preserve stable law and order?
It's unreasonable to assume that the vulnerability, that brought this case to justice, is the last one that could ever be used. More so, if you assume that most people are good and a healthy society needs privacy, we now know that there is a vulnerability that will affect more good people than bad and we are duty bound to protect good people's privacy.
Checks on the government's power aren't there to let 'bad people' go free, there there because we know if we let the government's power reign free, more good people will be hurt than the few 'bad people' we punish.
>>Should the government prove that it followed the law when investigating a criminal? Did they obtain the proper warrants that people recognize preserve stable law and order?
That is the concern. A lot of people say "you either did it or not" but the Fourth Amendment disagrees...any evidence must be obtained by following the law.
In theory, maybe. As in, I agree with you on principle, but if you do even a cursory read about recent abuses that include parallel construction, PATRIOT act and BSA, you may find that it is no longer the case.
Hell, during my last attended CAMS conference, FBI guy outright said said that if the new lawyer doesn't know how to play ball with those ( informatikn gathered by SARs ), he gets pulled to the side and told whats what.
I'm not saying the authorities would not have to describe its investigative methods to a judge. What I'm saying is making them available to the general public.
> Should the government prove that it followed the law when investigating a criminal?
They do, but only if the defendant requires them to do so.
What’s happening here is that the prosecutors told the defendant “look, we all know you did it, so plead guilty and we’ll recommend a light sentence. You have a right to make us reveal our tor backdoor, but if you do the plea offer is off and we will have the trial, and win, and ask the judge to send you to prison until you die.”
I’m sure the defendant is very interested in learning about the tor backdoor, but the idea of getting out of prison one day seems a little more compelling.
IIRC a year or two ago, weren't some criminals let off the hook because they didn't take a deal, and the law enforcement angency didn't want to reveal how the criminals were caught?
Unfortunately most of the things can be used for good and for bad.
Secret communication is definitely one of them. And since the negative potential is huge, there is always going to be a incredible incentive of those looking for the criminals to inspect any form of communication. I think the potential of misuse by the "bad guys" is a lot higher at the moment compare to "good guys" to be caught.
So for the general public, if you are not doing anything bad you should not worry... Right?
I am a little paranoid. For example that things may shift in a way that today the "good guys" do not expect or undervalue.
What if in the future the good guys become the bad guys? Or what if the bad guys get in control of the systems the "good guys" have?
And of course in some countries the majority may be the "bad guys"... And in other things may not be so black or white.
> OTOH if these techniques and vulnerabilities were made public it would benefit cybercriminals as they could defend themselves better.
That same logic applies to any sort of forensic technique, but it's a basic precept of the US justice system that an accused can see and respond to the evidence against them, including questioning the scientific validity of how that evidence was gathered.
Just because a technique is "cyber" doesn't mean an accused magically doesn't have a right to know the chain of custody, techniques used etc.
I was going to write that the world is moving toward hiding some technologies from the public domain and facts are also hidden. And that requires a very high trust in those that manage these secrets.
In reality I realized that this has always been the case in the last 100 years.
In some regards, we are beyond democracy since the voters do not know what is going on and to be fair even if they knew it, most of them will be unable to know what it means.
If the system is hidden who is making sure that who control remain in the good side?
Is something changing inside the system?
Who is going to make sure the system stay on the good side?
By that logic, the government shouldn't ever have to describe its investigative methods and prove they both comport with the law and accepted science because if their investigative methods are known then criminals benefit.
Law enforcement watches criminals, the judicial system watches law enforcement, the public watches the judicial system. Break one link in the chain and criminals will run free everywhere.
Can you point to any attack that can be attributed to errors in the Tor code, anything where a rewrite or audit would have helped? Most "attacks" seem to be based on well-known drawbacks of the design which are usually discussed prior to specification or implementation (but unavoidable).
Running a hosting service is sure to include far more exploitable surface area than the tor network itself.
Just assume any one of their servers were vulnerable to RCE attacks, they hosted dynamic web sites on conventional web hosting stacks! These things leak deanonymizing information like a sieve.
There is an ongoing "rust"-ification of the codebase. I agree it is easier to audit when the code is clearer, but the majority of deanon attacks seem to concern network or browser techniques.
The military and intelligence needs use of Tor to be functioning and anonymous more than they need hidden services to be functioning and anonymous. The unknown "investigation" technique in this article is about deanonymizing hidden services, not individual Tor users (at least not directly, they used the discovery of the hidden services to send an exploit which has been publicly identified to individual users).
> The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997
> Why would the US Navy develop something to help dissidents in other nations?
From their website: "The [Naval Research Laboratory] works closely with the National Security Agency (NSA), Space and Naval Warfare Systems Command (SPAWAR), Defense Advanced Research Projects Agency (DARPA), and Defense Information Systems Agency (DISA)."
It's also designed for dissidents in countries that are either opponents or rivals of the US: Russia, China, Iran, North Korea, Brazil, and Venezuela. It allowed for pro-US dissidents and agents to stay unidentifiable to these nations while distributing pro-US messages.
I think the confusion here is some of us were talking about Tor as in "the onion router" as a protocol and some were talking about The Tor Project software. Who knows if government agencies use the tor project, or have their own specialized version.
The only reason I asked was because I've heard that government agencies need Tor because it's in their best interest to have channels for anonymity (again, not giving an opinion on whether it's good or bad, just a fact). So if methods for breaking that anonymity arise, I'd imagine it's a concern for them as much as any dissident out there.
Not an expert by any stretch of the imagination. I'm just capable of doing the most basic of research, which is something you probably should have done before commenting.
There are a LOT of cases like this, just most of them don't gain this publicity. Actually, 95% of court cases never reach court because of this. Innocent people plead guilty because they don't have the wealth and resources to win in court. USA is a shithole when it comes to law enforcement. Medieval and sad. Land of the free (as long as you are rich, that is).