We can't ignore the potential collateral damage. Even the attempt, due to its inherently indiscriminate nature, is a violation of citizens' fourth amendment rights.
By your reasoning we should expect that they can kick in every door in a city looking for a suspect, then blame the doors for being too weak.
Can you be more specific about the collateral damage you're referring to? I don't understand the argument you're making. Perturbing Tor routing isn't in any way equivalent to kicking down doors. It seems that by your logic, even a title 3 wiretap "kicks down doors", since modern wiretaps happen on packet switched networks and involve filtering out other people's traffic.
If the collateral damage you're referring to is loss of trust in Tor, that's not damage: that's new information.
> According to a Tor blog post, someone during that period was infiltrating the network by offering new relays, then altering the traffic subtly so as to weaken Tor's anonymity protections. By attacking the system from within, they were able to trace traffic across the network, effectively following the server traffic back to their home IP.
This is network-wide. They did not and could not target just Silk Road 2 and its users, they sabotaged the anonymity of every user and service on Tor.
A title 3 wiretap requires trust in both the government and network operator, which users of Tor may be avoiding for entirely legitimate reasons.
I'm not seeing the moral distinction between title 3 wiretaps and Tor infiltration. It can't simply be that people on Tor have expressed an unwillingness to be tapped. Every rational actor has that preference in both scenarios.
Wiretaps conducted by the FBI apply to installations in the US. Let's say I'm a dissident in my own (not the USA) country. An FBI wiretap does not compromise me wrt. my own government. Tampering with Tor on a large scale, however, has very much the potential to do so.
Every rational actor has that preference, but not that expectation. I'm well aware that my ISP can eavesdrop on everything that happens over their network, and can extend that ability to any party they choose.
I agree that there is no moral distinction between a title 3 wiretap and Tor infiltration, however a title 3 wiretap is a passive listener while this Tor infiltration is not. The nature of the Tor infiltration caused anonymity to be stripped and readable by anyone aware of the flaw. They used resources unavailable to others to expose that information not only for themselves but to everyone.
The equivalent would be streaming a title 3 wiretap sans filter to everyone on the internet.
If you go through the exercise of building a mental model of exactly what a title 3 wiretap facility on a packet-switched telephony network looks like, and then carefully study the covert channel traffic confirmation attack the Tor team disclosed and everyone presumes the FBI is using, you'll see that the technical differences are not that great. It's certainly not as black-and-white as "passive" versus "active".
I'm not sure I follow the point about how the FBI could have done grave damage to everyone's privacy. It's (hypothetically, assuming this is how the FBI did it) the relay-early traffic confirmation vulnerability that did that. The FBI didn't create that vulnerability.
I'm not sure if this is what Zykes is referring to. But this particular attack on Tor is different from a wiretap because it made traffic readable by the whole network, not only by the attackers.
In what I think you mean by a perturbation attack, the attacker would deanonymize traffic by influence timing of packets on one end and observing the other end. Only the attacker learns anything. But in this attack, the hidden service directories found a clever way of broadcasting the name of the requested service, in plaintext, to the rest of the circuit. The attackers could read the message, but so could anyone else running a Tor relay.
Given that the message could have been trivially encrypted, that does seem like pointless collateral damage.
Global = can view all network traffic.
Partial = can view some portion of network traffic, but not all.
Active = willing/able to modify data as it transits the network.
Passive = unable/unwilling to modify data as it transits the network.
The gold standard here would be breaking a specific user's anonymity without modifying the data, i.e. a passive attack by a partial adversary. The smaller the percentage of overall traffic that the system needs to observe, the better.
I feel like "global passive adversary" is kind of like a True Scotsman. There doesn't seem to be a fixed definition; rather we work backwards from random attacks and determine whether we think they were global adversary worthy or not, and if so then that makes the perpetrator a global adversary.
Could Lizard Squad have executed this attack? (I assume anybody with a botnet could start new Tor relays, so yes.) Is Lizard Squad a global adversary?
A global passive adversary is anyone who can execute a Sybil attack, basically. So the required size scales with the size of the network. A global passive adversary for a network with only ten nodes would only have to have five nodes itself.
The "global" adjective is just used, I think, because cryptographers presume a production deployment of the cryptosystems they discuss would be something like the Web: large enough (millions of nodes) to require globe-spanning resources (millions of other nodes owned by a single group) to execute the attack successfully.
Seen under that lens, neither Tor nor Bitcoin nor any other modern cryptosystem needs a "global" passive adversary to break it. Just a regular "passive adversary."
That's really interesting. So if there were multiple "global passive adversaries" then the network would become stronger and stronger? At least until one gives up and removes all their nodes at once.
Imagine if China (used for population reasons) managed to send 300 million spies to the US to socially-engineer their way into all US citizens' personal lives. Now imagine India (again, for population reasons) simultaneously trying the same thing: now, one half of the time, the Chinese are just spying on "American citizens" who are really Indian spies, the Indians are just spying on Chinese spies, and one half of Americans go unmonitored.
It's sort of the same game-theoretic advantage you get from participating in a battle royale competition over participating in a 1v1 competition: for each new adversary you face, that adversary is also dragged down by all the other adversaries and becomes that much easier to deal with.
This really only applies specifically to Sybil attacks, though.
It didn't teach us anything we didn't already know about the FBI, but it also does not excuse their actions any more than if we were to attack any of their networks.
This doesn't make sense either. LEOs routinely force entry into buildings to execute search warrants. It is not hypocrisy that you'd be prosecuted for doing the same thing without the legal authority.
As I understand this, the CMU team allegedly deanonymized SR2 in the course of their research, and then shared the information with the FBI. Once they had done that, they were allegedly forced to withdraw their Black Hat presentation. There's also the issue that the CMU team had NSA funding. I haven't seen any claims that the CMU team was initially focusing on SR2 and other "illegal" sites. But I wouldn't be surprised by that.
If that's what happened, it wasn't a wiretap. It was a tip.
The association of SR2 deanonymization with CMU's withdrawn Black Hat presentation is indeed speculative. But there's arguably more to it than innuendo. Time will tell.
It's well known that the DoD has funded Tor from the start. But it's at least decent of them to independently fund CMU to compromise it ;)
I'm thinking mainly of EFF, Bamford's books, and the Snowden releases. Are you claiming that parallel construction isn't SOP? Reaching way back, why do you think that the Weathermen got a pass in Chicago?
What about the citizens that dont have 'fourth amendment rights' just because they're not US citizens? As far as I know, Tor is not something that 'belongs' to US, nor 'exists' in US soil so it is very interesting what about the rest of the world.
By your reasoning we should expect that they can kick in every door in a city looking for a suspect, then blame the doors for being too weak.