BTW, this visit isn't a special or unique thing. The Feds periodically stop by, asking about traffic that came through Noisetor. There's even a procedure in place for handling the situation:
>I tensed up as he began to tell me that the Chinese have been utilizing the Noisebridge TOR exit node. He made it seem as if it was a very real threat
>“There are times when they slip back into Cold War thinking and Cold War mentality,” Obama said on air Tuesday evening. “What I continually say to them and to President Putin, that’s the past.”
I wonder if you get more interesting government contacts for running a Tor exit node vs. a mixmaster mail anonymizer now.
I certainly got a lot of interesting contacts when running a remailer. It was awesome being able to talk to them as a relative peer (since I was doing defense contracting), and explain calmly why remailers are good, what level of monitoring is possible, what security assumptions the whole network operates under, how you would defeat it, and why it wouldn't be worth the effort.
As I often tell my Mom in phone conversations: The things I'm saying probably have gotten me reviewed by some government agent.
The good news is that if they listen, they'll realize I'm not a terrorist and put me in their "Just a Patriotic American, no problem here" file with 100,000 other people.
If somebody extremely dastardly gets elected who might use that file for harm, I'll just have to flee.
Oh, you missed the statements be the ex-head of the NSA just a couple days ago I take it. He said that government transparency groups are 'the next terrorists.'
Besides, it's not a human you have to fear. It's their automated systems. They'll set up a system to analyze and profile communications, and it will just spit out names. They'll declare those people terrorists and round them up and not charge them with anything. And as long as no individual NSA agent actually reads your communications, everyone will apparently be happy. Well, except for the people getting waterboarded by CIA agents who just KNOW you MUST have done something terrible, because the information they got about you is called "intelligence" and therefore can not be incorrect.
I think they are pretty open, now, if you are a US citizen (I am). Although there is a federal police force "guarding" them, so they could be closed instantly. If it looks like that might happen, I'll have to leave, or risk staying. Right now, that doesn't seem likely to happen in the immediate future.
DHS just got another budget increase for you...revolutionaries and secessionists are major concerns of every government and are classified as terrorists. Check it out.
If you want to go back to the beginning of where we are today, you probably want to read something like Secret Armies by John Adams. Special forces were spawned to wage low-intensity conflict/warfare and attack or respond to unconventional threats.
The terrorology field has blossomed post-2001 and there are more definitions, but everything still files nicely: state/non-state and religious, political, cultural. If you ask me, they're all the same.
Regardless of what the lawyers--politicians--add to the body of definitions, definitions of terrorism are very gray unlike conventional war.
Low-intensity conflict is how wars are waged today and the definitions aren't as black and white as conventional war.
It's not public in the sense that applies to law enforcement. By that I mean, Noisebridge is a private community that happens to be rather open in terms of membership. "Public space" is more like the sidewalk or a government building.
Note: I'm not a lawyer, but that's my understanding
By similar logic then, you're saying that what Weev did should be punished under CFAA. The AT&T site was "open" in terms of access but it was "private" because AT&T said it was. Picking and choosing what you think is "public" or "private" on an unsecured, open access server/network is a slippery slope...See Weev's prosecution.
Running a Tor node means you're running a public service. Full stop.
Didn't Weev have a legitimate AT&T account? Isn't that how he discovered the vulnerability in the first place? Seems to me that would make him part of the "AT&T community" to whom the site was open to.
But ignoring all that, the definition of what is open to the general citizenry and what is open to the people representing the government are two distinct things.
This is a very recent example where the law is pretty explicit about what the cops can do versus what the public at large can do:
I did not read anything about an invasion of privacy. Did I miss it? I am not sure what is worse: ignoring the privacy debate or being the chicken little of privacy.
Given my understanding of how Tor operates (please correct me if I'm wrong, I've never actually used Tor, though the recent government hardon against it has me tempted), it would not be possible to block specific people from using your exit node. Or are you referring to, say, blocking all people coming from that exit node from connecting to some site on the regular Internet? I suppose that should be possible, though justifying it would be hard and the traffic should just route through a different exit node, right?
I'd want to know what makes the FBI think they've identified someone coming through the Tor network. And how.
I may be completely wrong here, but I thought TOR doesn't work in China. Something about them blocking the relays or their traffic only supporting TCP and no UDP...
> I tensed up as he began to tell me that the Chinese have been utilizing the Noisebridge TOR exit node
I don't know if there is anything sneaky going on in China to justify FBI interest, but I HAVE seen some pretty weird traffic from China. I wonder if anyone else here has noticed anything similar. Here's what I've been seeing.
The products we sell where I work that are available for download are only sold to US and European markets (we have nothing against the rest of the world--we just don't have the resources to support more regions or to handle payments from other regions). The product is not very useful if you do not have a subscription to the accompanying service.
The product is also not very well known (I doubt we are even in the top 100 in our market), and there aren't many links out their pointing to our download page.
So, when I check the logs of downloads, what I expect to see is mostly US addresses, and a few European addresses (most of our customers are in the US).
For downloads that complete in one HTTP requests, what I see is 69% from the US, 12% from China, 14% from the rest of the world, and 5% unknown. So already China is higher than I would expect.
It gets even weirder when I look at partial downloads. First of all, 3 times as many IP addresses hit our site in a given time period and do partial downloads than do complete downloads.
Of the IP addresses doing partial downloads, 85% are from China, 7% from the US, 6% from the rest of the world (and most of those are Asian countries), and 2% unknown. 92% of those Chinese IP addresses doing partial downloads do not download enough total data from all the requests from that IP address to have received the full download.
Overall, if I don't distinguish between partial and full downloads, and count an IP address has having downloaded if it has received a total number of bytes large enough to contain our file, what I have is this: 59% of the IP addresses are Chinese addresses that do not download enough, 20% are US that do download enough, 8% are Chinese that do download enough, 5% are from the rest of the world and download enough.
None of these things identify themselves as bots. They all identify as a normal looking mix of Windows and Mac browsers.
I've looked at a few of the Chinese addresses to see what is nearby, and many seem to be in class C blocks that belong to hosting providers, not end user ISPs, and when I've been able to find some host names mapping to those blocks, they have tended to be things like allshemales.net or dirtyracialporn.com (not sure I remembered the exact names--the general idea is right).
In contrast, when I do the same for a few randomly chosen US downloaders, I get blocks that seem to clearly be consumer ISP ranges they use for their customers.
Some of the access patterns are interesting. I saw one that would come, do two concurrent requests, get 60 KB, and go away for exactly 3600 seconds. It did this until it grabbed the whole download (or at least enough data for it to have the whole download). I might guess some kind of download manager, but I've never seen one that is so slow.
So, what the devil is going on? I can't even come up with a plausible sounding theory that would explain this much Chinese activity on our site, let along explain why so much of it is just partial downloads, and why it seems to be coming from sites at data centers (which I assume indicates some kind of commercial source). Anyone else seeing this kind of thing?
I have no reason to suspect anything sinister is going on. I just can't figure out any reason at ALL for this to be going on.
I hope I am wrong, but could it be that one of your download host has been compromised and it is been used for some sort of command-and-control server of a small botnet?
https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI