Law Enforcement Undermines Tor
52 comments
·October 25, 2024cedws
mdhb
The public tends to have a very strange idea as to a lot of things on this topic while forgetting that TOR itself was actually a department of defence project or NSW I forget originally.
If you’re interested in seeing what the next generation of this stuff looks like (although AFAIK is not really known outside of defence contracting circles) take a look at this https://github.com/tst-race/race-docs/blob/main/what-is-race...
Jerrrrrrry
Ukraine's main export after corn and before mail-order brides/SIM cards is Tor traffic.
j-bos
One advantage of imperfect privacy solutions like Tor is they force authorities to invest if they want to snoop. In the before times if soneone wanted to read your mail they'd need to at least convince a judge and then spend manpower interecepting the envelopes, today they can just ping google for a bcc.
Cthulhu_
Is that true? IIRC they still need to do the legal paperwork to get an email from google et al (FISA request?).
c0wb0yc0d3r
Yes paper work is required. I think OP is pointing out that that it doesn’t require the same amount of work it used to. Especially from law enforcement.
null
rustcleaner
The dark network of the future will be an onion-routed Hyphanet/Freenet, with monthly "bandwidth quotas" that make links communicate uniformly at X GB/hr regardless of traffic (padding when there is none) until the monthly quota is hit right at the end of the month. If internodal links don't vary in externally measurable ways when utilized, netflow is diminished.
Jerrrrrrry
I2P with more steps and crypto-enforced minimum quotes to deter timing/correlative attacks.
Minimally-enforced "random" timeouts to prevent DDoS->outage correlation.
Also mirrors. Lots of mirrors.
Have mirrors tied to reputation tied to invites.
Then the border to entry is time + money + reputation(which is time + money)
Throw in some 0-KPz, and you are 100% chillin in Belize or 100% in Colorado-ADX
(in minecraft, hypothetically, to sell beets, i ♥ us)
orbisvicis
Doesn't i2p also use this model?
immibis
i2p is a bit harder because the circuits aren't end-to-end. Your traffic goes through typically 3 relays, then an all-to-all mixing where it goes directly to the start of the recipient's relay chain, then 3 of their chosen relays. A new connection is NOT set up through the whole network for each overlay connection - it uses your same outgoing relay chain, and your last relay sends the packet to the first relay in the recipient's incoming relay chain.
It also uses a separate chain in each direction which makes any attack based on observing timing both ways more difficult.
It's also not Sybil resistant at all.
ementally
Are there any projects that generates random traffic? Like a website where you have it open it keeps sending random traffic. It will make traffic analysis very hard.
mdhb
As I mentioned elsewhere in this thread if you’re looking for proper state of the art it’s coming out of DARPA projects and you can see what I mean here https://github.com/tst-race/race-docs/blob/main/what-is-race...
Cthulhu_
It probably doesn't; think about it, most websites already have a load of random stuff, plus all users combined is also heaps of randomness. No self-respecting analyist would go through logs manually, it's all fed into search / analysis software, filtering through noise.
bananamango
Connecting through multiple EntryGuards should help in this situation, Tor should split data transfer to many smaller ones travelling through different paths (Entry+Midddle) and then get it reconstructed to one stream at ExitNode.
bananamango
Split EntryGuard should help, means you connect to multiple of them instead of one, and your data is split between them then it gets to Exit through multiple paths (Middle Nodes) and there it is reconstructed to one data stream. How about that?
jagged-chisel
Is there something new here? I’m under the impression that we knew this kind of thing was possible with enough resources.
noirscape
Nothing new, and I'm pretty sure these sorts of attacks have been possible and used ever since it's founding.
TOR ultimately works like any old relay system; if you control enough nodes, you can effectively decloak people if they happen to connect to only your nodes. Nodes are assigned for connection based on a trust value so all a Nation state would have to do is host enough nodes (relay+exit) and they'd be able to decloak a connection. This kinda inherently gives TOR decloaking abilities to entities with the most infrastructure, which at that scale basically will only be nation states.
TOR works well enough for privacy when your adversaries aren't well-funded state actors. (ie. It's probably enough to mask your traffic if you use TOR to access resources to get out of an abusive relationship or need to circumvent cult-level inspection of your personal interests by religious schools. Most dictatorships also don't really have the resources to mount this sort of attack - it's probably just the US and some European countries.) That rule kinda also goes for VPNs in general however.
null
immibis
I think the surprising element is that the German government actually deployed enough resources.
rmarq10
The articled confirms that the authorities are conducting a dragnet operation. Everyone who connected to a certain entry relay was tracked and reported.
Does the tor daemon connect automatically? If so, even people who installed tor for fun and forget about may be on the list.
Did the lucky ones have the "Bundestrojaner" (gov surveillance app) installed on their machines?
potato3732842
>If so, even people who installed tor for fun and forget about may be on the list.
Good. That reduces the quality of the list.
immibis
They selected that relay after they determined it was the one used by the person they were trying to go after. That isn't a dragnet.
There probably is a dragnet too.
SamuelAdams
Plenty of people still believe that using a VPN + Tor means they are “private”. What we need to teach others is that this is no longer the case - privacy is not a one size fits all solution. You may be private from other users on your network, but not nation state actors.
upofadown
VPN/Tor provide something else anyway: anonymity. Privacy is a different thing. You can lead an entirely private life in an environment where everyone knows who you are and who you interact with. They just don't know how you are interacting with those people.
Most people don't need anonymity most of the time...
sandworm101
Time for nodes to inject some random traffic. It sounds like if even 0.1% was random fluff they would not be able to track packets between nodes.
Jerrrrrrry
That time happened 10 years ago.
.1% fluff? May as well call em up yourself.
ryandv
HTTPS everywhere and strong encryption were a mistake. These are technologies that are only used by the vilest criminals and those with something to hide; the Internet should move back to a trust-based model where everyone is assumed to be acting in good faith and all communications are sent in plaintext for easy inspection by law enforcement and those who protect us from criminal activity.
Communitivity
"everyone is assumed to be acting in good faith". Right. I think that when it comes to network service security the old adage told to my father by an Irish Catholic priest applies: "Bill, once you understand that most people are just no damn good, then you'll be fine".
Or, in the words of the NSA, "Trust, but verify".
I agree that HTTPS is bad though, as it is used. We only do one-sided TLS, not mutual. Most people don't verify the server's cert by looking at it. Most apps don't encrypt messages before they go over TLS. In a more secure world a proxy with stateful packet inspection would not be possible.
As is often the case, the problem isn't technical (or at least not mainly technical). Employers, governments, and ISPs want proxies that inspect traffic, either for CYA or to increase budgets by increasing situational awareness. For governments, situational awareness increases wins by enabling them to catch people they deem bad actors. For employers and governments, increased SA means a decreased chance of leaks and people not doing what they're supposed to do with their time. For ISPs, it means they can monitor the traffic and restrict certain things (like video streaming, or running a server from home) to increase profit.
I can think of at least one potential solution. Still, it requires a technically savvy public, a patient public, and money: Open Source phones in everyone's hands, circles of trust, distributed freenet with data passed E2E encrypted via gossip protocol when two phones get near enough for Bluetooth data transmission (figure 50m roughly) where both phones are within some N degrees of separation via circles of trust. However, this mean's getting/sending data is asynchronous with long delays and no guarantees.
viraptor
I guess you weren't around for the fun when https://en.wikipedia.org/wiki/Firesheep was popular.
ryandv
I have seen the Wall of Sheep in person when HTTPS everywhere was just getting started, and you would still see wireless networks secured with WEP. This is pre-Snowden.
viraptor
So you're aware of those cases and just going with "yeah, let's ignore those account takeovers, impersonations, data theft, etc. across any service from social media to banking and payment" because just bad people need encryption? Walk me through the process of a non-vile person using banking securely from a cafe/hotel in your scenario.
GrantMoyer
Agreed. An added benefit is then ISPs could monitor traffic and sell the data to AD or insurance companies, who could use it to drive more sales or cancel risky insurance policies, increasing the efficiency of the economy.
jeffhuys
Yeah that's all fun, I don't have anything to hide either. But what if I actually WILL in the future, retroactively? I've said a few things here and there, what if certain types of speech end up getting banned and if you don't remove it on time (or lost access), you risk jail-time?
Seems far away, but it's literally happening in England.
Please watch out with this kind of thinking - it's dangerous to everyone.
ryandv
> what if certain types of speech end up getting banned and if you don't remove it on time (or lost access), you risk jail-time?
So racism, homophobia, and transphobia? Why would you support technologies that promote and support the dissemination of hate speech and misinformation?
immibis
In Germany (which also happens to be the country that successfully attacked Tor) it is currently illegal to support Palestine. Is there anything in your private messages that you wouldn't want the government to know?
potato3732842
>So racism, homophobia, and transphobia? Why would you support technologies that promote and support the dissemination of hate speech and misinformation?
Historical content ought not to be censored at the behest of the morals of the present. There is great value in being able to access the content of the past in it's primary source form. If that makes me some sort of "ist" so be it.
luma
You imply that the only bad actors one needs to protect themselves against are the police. The vilest criminals can also use my data against me.
gmuslera
Schools should ban the teaching of math so future criminals won’t be able to use encryption for their evil deeds.
It is not a thin line the one you are crossing.
null
fguerraz
Technology is never a solution to your democracy problems.
notpushkin
In 2024 I can't tell if this is sarcasm or not.
amiga386
It's your lucky day! I have trained an LLM that reliably detects sarcasm. It was trained on only the finest sarcasm, dramatic irony, situational irony, ridicule and tomfoolery. As an amazing side effect it can even detect whether statements were made in bad faith or good faith with 100% reliability. You need never guess someone's intentions again! The machine will tell you.
I intend to launch it soon, don't miss this investment opportunity!
ryandv
Feel free to debate the statement on its merits, at face value.
WillAdams
The problem is, just the mere fact of communication is sufficient to determine relationships, which can make any sort of organized action simple to identify, root out and quash:
https://kieranhealy.org/blog/archives/2013/06/09/using-metad...
>The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
If the 2nd Amendment applies to a modern firearm (and it should), then the 4th amendment has to apply to e-mails and text messages.
amiga386
Your proposal is too modest. Why should only law enforcement see our messages? All messages should be treated like the banns of marriage and read aloud by the local priest or posted on the church walls, so that all interested parties can learn their contents and raise any relevant legal objection.
I have suspected Tor has been busted for quite a long time. LE is only using this power selectively for now - the last thing that they want is to scare users away lest they go and build something more secure.
The Nym mixnet[0] seems promising but it's still new and unproven.
I had an idea a while back to make traffic analysis more difficult by building circuits distributed across adversarial countries. Would like to hear thoughts on it.[1]
[0]: https://nymtech.net/about/mixnet
[1]: https://cedwards.xyz/adversarial-routing/