>Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?
The word "eventually" is doing a lot of heavy lifting here. Let's say you actually manage to add 1000 servers to the tor network somehow without getting detected. The network currently sits at just under 8000 nodes. For simplicity, lets also ignore that there are different types of nodes and geographical considerations and instead just ask what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%. If that someone decided to use 4 nodes to be extra-safe, that number goes down to 0.015%. And it decreases exponentially for every additional relay he adds. Combine this with the fact that tor nodes are actively monitored and regularly vetted for malicious behaviour[1], and these attacks become increasingly difficult. Could someone like the NSA with limitless resources do it? Quite probably, sure. But could you or any other random guy do it? Almost certainly not.
Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
> Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
Maybe someone, somewhere, has decided that allowing petty criminals to get away with their crimes is worth maintaining the illusion that Tor is truly private.
It's also worth noting that it's significantly easier to find the mistakes someone has made that could lead to their identity if you already know their identity.
> It provides a channel for operatives to exfiltrate data out of non-NATO countries very easily.
I'm not convinced this is the case. For example China's gfw has been very effective at blocking TOR traffic, and any TOR connection in other countries is like announcing to the government that you are suspicious.
It’s a little silly to say “for example” and then intentionally pick what is widely known as the most sophisticated and pervasive system for controlling Internet traffic ever created.
The parent said “non-NATO countries”… there are 162 of those that are not China.
(It’s also a little silly to specify “non-NATO” since U.S. intelligence services have to exfiltrate data from NATO countries too…)
To get data out of China, the U.S. undoubtedly has special systems, which are worth the special investment because it’s China.
If you can find TOR nodes, so can the Chinese government. They can then just block these addresses.
Furthermore, the great firewall is quite advanced, they use machine learning techniques to detect patterns, so even if it is TLS on port 443, they may be able to detect it after they have gathered enough traffic. There are workarounds of course, but it is not as simple as just using a TLS tunnel.
Tor was made for spies. But you know what's really bad for spies? If accessing a certain IP/protocol/behavior reliably reveal your spy status.
For Tor to be effective for hiding spies it has to be used by the public. Even if it's only nefarious actors (say spies + drug dealers + terrorists) it adds noise that the adversary needs to sort through.
What I fucking hate about many of these conspiracies is how silly it is once you ever work with or for any government entities. You can't get two police agencies in neighboring cities to communicate with one another. The bureaucrats are fucking slow as shit and egotistical as fuck.
It's important to remember that the government and even a single agency (like the NSA) is just as chaotic, disconnected, and full of competing entities as any big tech company has (if not worse). Yeah, most of the NSA is focused offense, but there's groups working on defense. Those groups are 100% at odds. This is true for the 18 intelligence agencies. They have different objectives and many times they are at odds with one another and you bet each one wants to be getting credit for anything.
The US involvement should warrant suspicion and with any technology like Tor you should always be paranoid. But it's not proof. Because guess what, the US wants people in other countries to use high levels of encryption to hide from their authoritarian governments while the US can promote democracy movements and help put a friendly leader into a position of power. AT THE SAME TIME they also want to spy on their own people (and there are plenty of people in the gov that don't want this). Inconsistency is the default because it's a bunch of different people with different objectives. So the US gov both wants Tor to be secure and broken at the same time.
> It's important to remember that the government and even a single agency (like the NSA) is just as chaotic, disconnected, and full of competing entities as any big tech company has (if not worse).
And yet even as early as 2003 they were taking a copy of every single bit that ran over the AT&T backbone (https://en.wikipedia.org/wiki/Room_641A). It's amazing how effective these "chaotic, disconnected, and full of competing entities" can be. We're entirely dependent on whistleblowers willing to risk their lives and freedom to learn about what they're doing to us.
Yes, they can be very effective. There's no denying that. The proof is in the pudding as they say, since we have governments and businesses. But that's tangential to the point I was making.
...You must be working for a different government than I've experienced. Government orgs will initially suffer from siloing problems, but once a synergy is uncovered it tends to get leveraged hard after a while. Remember: when it comes down to it, the difference between government reach, and everyone else, is really just who you can communicate with smoothly.
Now things like SCI are things; but there are ways to handle that too. It's more a slowing force than a stopper.
I dont see how TOR is better than just spinning up a server on the public cloud for each asset. Since each asset would have a different IP they couldnt use one assets knowledge to catch the others. Non-NATO countries tend to monitor internet traffic and so would know if you access TOR.
Each server is only used by a single operative though, how do you even find which IP to analyze? The story with Tor and espionage is that if an asset connected to cia website the gov which monitors internet access would know they went to the site. Even if its not a public site they just need to have one operative defect and tell them the site and they can catch all the other operatives who use it. But if everyone connects to a different IP I dont see how traffic analysis helps you discover you is connecting with the cia.
> But if everyone connects to a different IP I dont see how traffic analysis helps you discover you is connecting with the cia.
I assume that they're connecting multiple times with the CIA - it's not just a one and done drop. That's trivial to look at - if you see someone connecting repeatedly to an IP address that doesn't associate with any known website/service and you see them do it consistently then that's suspicious.
Maybe if the IP addresses rotated it wouldn't be as noticeable, but if you're going over the clearnet then you can't disguise the IP address you're connecting to (short of proxies but then you're giving up the IP address of the proxies).
The original purpose of TOR was to provide agents and handlers with a means of secure communication, allowing them to organize subversive or espionage activities. It was created by the Department of Defense to propagate their interests and spread democracy around the world using these secure capabilities. Given this context, it's not unreasonable to assume that TOR is still being used in a similar manner today.
Because of its origins, access to the identities of users on the TOR network—even if they could be de-anonymized—would likely be extremely restricted, compartmentalized, and classified. This would make it much more difficult for such information to be used in law enforcement proceedings. Perhaps that, rather than a technical limitation, is the reason most high-profile arrests related to TOR involve criminals making some other mistake, rather than the security of the network itself being compromised.
Additionally, it’s interesting to speculate that some of the secure private defense and intelligence networks—parallel or classified world internets—could themselves be implemented as possibly enhanced forms of TOR. It would make sense that nation-states, through shell companies and other disguises, might run and control many seemingly innocuous machines acting as secure relays in these parallel networks. While I have no data to back this up, it seems logical, given that TOR was originally created by the DoD and then open-sourced.
Why wouldn’t they keep something that works, build on it, and enhance it as a means to secure their own global communications?
Yes, I boldly inserted that deliberately aware of its potential provocative effect. So I am truly glad you derive some enjoyment from it. I did too! Comrades in arms? Or at least in Internet nodding hahaha! :)
Indeed old timer commies of HN might get irritated by that phrase, but in this corner of the world we love Democracy. This summer would pretty dry in my region because of global warming, but thanks to Democracy we had plenty of precipitation in the form of MK-84s. I wonder which neighboring country is going to get her share next year, it's a gift that never stopped giving since some 20 years.
We even have a presidential candidate that spouts similar propaganda that she is going to “Save Democracy”! Yeah right, save it by subverting it at every possible point. First she was appointed into the VP role, then her party skipped holding a primary election, then she was installed into the candidacy. None of those 3 easy steps to power even vaguely resembles a Democracy.
If those 3 succinct points aren’t enough, here’s a few more succinctly in one sentence: Members of her party have tried to deplatform her opposition, cancel her opposition, remove her opposition from the ballot, expropriate over $450 million dollars from her opposition (NY Kleptocracy), jail her opposition, and even assassinate her opposition twice! In all cases to deny and deprive the ability of voters to have a choice in the upcoming election. If her opposition is so bad as her party propaganda wants you to think, won’t that show in the general election? Why does half of America vote the other way? What have they seen that you haven’t?
intentional pause
There could be unlimited reasons why one of our candidates is not about “Saving Democracy” or how that slogan is just propaganda. I’ll give 4 more numbered reasons why:
1) She represents a party that is opposed to Voter ID requirements at polls, which would keep people from voting twice, pretty much like a Bitcoin double-spend attack. Her party’s establishment claims voter ID laws are a problem because they think their voting base is so stupid they couldn’t pass a drivers license test on any number of attempts; let alone figure out how to obtain another form of photo ID. Many in her voting base find that stance pretty offensive and rightfully so. Opponents will assert they couldn’t win a fair and free election if they tried to. Both sides aside, How are voter ID laws a partisan issue? They are just common sense!
There’s a reason their party tries to “get out the vote” every year: low-information-voters are their bread and butter. How many people actually have the time to think critically about these issues? I think America would be a better place if less low-information voter chose to vote and if more voters knew that it’s okay to leave choices on the ballot blank.
2) One of her long standing border policies has been keeping the borders open so that illegals can flood the cities and further dilute the voting power of the constituency base. This leads to more apportionment in the House of Representatives because under the current law, illegals are counted too. This perverse incentive dilutes the vote of the American people and the constituency.
3) Flooding American with illegals is very unpopular with the vast majority of America. If that was put to a vote with the American people, it simply wouldn’t continue. Most people are in support of legal immigration not illegal and unvetted immigration because we want the good talent and beautiful women to cross the border, not whomever can find a gap in the fence. I said beautiful women for your benefit. You’re welcome :)
4) Her third claim to fame is she won’t be going around to very many of the 3-letter agencies (if any) and saying “You’re fired!”. A bureaucracy’s favorite leader is a puppet. They get to control her rather than her getting to control them. When left unchecked, we have power-creep. When we have a bunch of bureaucrats running the government, it subverts the will of the people because we voted for the president, not the unelected bureaucrats who tell her and the current president what to say. Some people joke that the vast number of 3-letter agencies are the 4th branch of government. Some people want all of the power but are afraid of public speaking and don’t want to stand up in front of a podium to explain their case to the American People and appear online. Some simply can’t make a reasonable argument for one point or another... I can and I’m doing that now.
Spreading Democracy is possibly becoming a euphemism for spreading Bureaucracy. Bureaucracy is like taking the DMV and scaling it all the way up to the size of government. Thankfully due to the Chevron doctrine court case, the power of the bureaucracy has been reduced and we can appreciate the effect checks and balances have to save our system of government, which most scholars agree is a Democratic Republic.
Instead of the word Bureaucracy, her presidential opponent uses a more specific term to describe it. He popularized the term “Deep State” from fringe usage to mainstream usage. The term Deep State usually refers to a subset of the 3-letter agencies known as the intelligence community or the intelligence agencies. One of many possible citations is the Joe Rogan podcast episode #2138 with Tucker Carlson, which, although long, is jam packed full of secrets.
Both men talking in that episode have interviewed and have had public (and presumably private) conversations with an enormous and significant quantity and variety of people. They’re also among the best in the world at “active listening” which some people just simply can’t do. That causes interviewees to open up and spill the beans, which is where real journalism & interviewing is.
My most memorable takeaway from that episode is:
“The second point that’s obviously true is that weak people, which is a synonym for bad people, come together for strength and safety. They act as one. The hive mind is specific to a certain group of people: bad people. And that good people don't tend to come together, but they're coming together now.” and “It’s weak men and weak women who are instruments of evil. The weaker, the more evil that leader will be.” I’ll paraphrase: “Men and women without a backbone or spine are the most dangerous because they’re the most corruptible to do what’s wrong against what’s right. Sometimes we take it for granted that strong people wouldn’t do bad things because it compromised their morals or ethics. Like bad sportsmanship.”
I say all this at the risk of potentially not being able to leave Canada or the UK for 18 years if one of my layover flights ever stopped there, despite being a USA citizen in the USA.
I also potentially risk being added to the target list of the next virus or bioweapon that leaks out of a lab like the Wuhan institute of Virology. We only found out what was happening there because the orange man wanted to cut all free money to China and someone reviewing the spending line items found we were funding the Wuhan Institute of Virology. Apparently we still are and it’s been allegedly upgraded from BSL 2 to BSL 4 lab. It’s just one of many labs. Like nukes, bioweapons produce plenty of collateral damage. Unlike nukes, they’re deniable assets. Bioweapons are freaking scary. You get to learn how easy it is to wipe essentially all human life off the face of the earth in the popular educational simulation game Plague Inc with various plagues.
In 1969, Bioweapons labs in Fort Detrick and Plum Island boasted to the President that they had the capacity to kill every American in America for 29 cents per life. That year President Richard Nixon surprised everyone and did one of the greatest things of his career, which is he went to Fort Detrick, then he announced the closure and termination of the U.S. Bioweapons programs. He saw that bioweapons were a poor man’s nuclear bomb. Then the Patriot Act was signed which according to Robert F Kennedy Jr had a hidden charter that while not retracting Nixon’s charter to close bioweapons progress, gave immunity to any federal official that violates those laws and who develops bioweapons and researches them. As you know, vaccine research and Gain of Function research are on a similar track so you can say you’re doing vaccine research when actually doing Gain of Function studies for bioweapons like most later evidence for COVID-19 shows. That information was suppressed because they didn’t want everyone to get all up in arms with China. Unfortunately, Gain of Function research is still continuing and being funded by tax payer dollars, no less.
I know what I’m saying is risky but the freedom of speech in my country is a right, not a privilege.
Last, my summary and disclaimer:
Vote for who you think is right based on the knowledge you know. I have a large appetite for knowledge but I don’t know everything. You may know something I don’t. I believe we all have a good head on our shoulders and can make good decisions with sufficient truthful information to make those decisions. If that information is sequestered, kept hidden, or censored, then democracy is subverted. Is that politician here to “Save Democracy” as some of her low-information potential voters say or are those just words of propaganda? Above I gave 4 more numbered points in support of why that’s just more propaganda but my motive is to inform, not to persuade.
That's a Helldivers 2 reference, and it doesn't reflect well for your case. I for one, am glad the work of satire exists so we can once and for all have a real talk around how phrases like "Spreading Democracy" can over time completely lose the plot about what the U.S. as a country was about. It isn't about structures of government. It's about Liberty and the preservation thereof against enemies foreign (other countries) and domestic (the Government itself). Whether Democracy or Republic, a government by it's nature is a tool to curtail or preserve some Liberty for some people to the exclusion of others (currently and in the recent past drawn along nation state or polity lines). In the work of art in question, galactically, and cross-species polity, with Managed Democracy having as one of it's tenets be the mandate to, through violence, instate itself as the "One True Governmental System" everywhere it currently isn't, no questions asked; in fact asking such questions is an act of High Treason.
The lesson here being; if you forget the point of keeping your government around (for the U S., preserving Liberties, and asserting the supremacy of those rights over the legitimacy of any act of Government trying to curtail them), and conflate the government with the end itself, you create and perpetuate an inhuman monster capable of manufacturing the conditions for manifesting atrocity on scales that would make the despots of the past blush for how unambitious they ultimately were in comparison. For there is literally no stopping something once you've managed to elide the meaning of our most sacred values across generational boundaries from meaning one thing, to something completely different. As an example, from the work of Art in question: Freedom being taken to mean "you are Free to decide how you support the regime", but not whether you should be supporting the regime at all.
I assure you, if winning takes you in that direction, you're barking entirely up the wrong tree.
> Perhaps that, rather than a technical limitation, is the reason most high-profile arrests related to TOR involve criminals making some other mistake, rather than the security of the network itself being compromised.
I have no doubt that the government doesn't want to demonstrate how weak Tor is to the public, but it's also got to be dead simple to find those kinds of "other mistakes" they can use when they've identified the person they're looking for and can monitor whatever they do.
What you’re claiming is not necessarily correct, but it’s an avenue of interesting speculation. Nevertheless, let’s clarify a few of your possible misunderstandings or points of confusion:
I’m not saying TOR is weak, nor that the reason for its concealment is to project a false sense of government strength.
What I am saying—and what you seem to have misunderstood—is that the TOR network is most likely used, precisely because of its strength, for highly sensitive clandestine operations. This results in blanket classification of all involved identities, making them inaccessible to law enforcement. Law enforcement likely understands this, which is why they don’t pursue it—knowing it’s a dead end. Instead, they rely on side-channel effects or mistakes made by criminals.
To my mind, this explains the public information we see.
> What I am saying—and what you seem to have misunderstood—is that the TOR network is most likely used, precisely because of its strength, for highly sensitive clandestine operations.
Tor seems to be a poster child of the "Nobody But Us"[1] principle the NSA likes so much: it's strong when used by American spooks, but weak when used against them. If a country developed body armor that's impervious to all rounds except their own special alloy rounds, their use and promotion of that armor is not evidence of its utter robustness.
I don't doubt a lot of darknet busts involve a lot of parallel construction - the intelligence community doesn't have to give detailed logs; summaries are enough (IP addresses, dates and times). This is before considering that the FBI is involved in both (counter) intelligence and law environment.
I guess i don't necessarily disagree with your NOBUS assessment of TOR strength, it's hard to say without confirmed facts tho. Funny I always think of crypto algorithms as the examples of NOBUS: the NIST ones, etc. Again, no confirmed facts but that would be a source and method you really wouldn't want to confirm and burn.
What do you mean by parallel constructions? Is that where LE discovers evidence through extralegal means, then needs to rebuild the narrative through a legally valid chain? Could be, but then again there's probably a lot of TOR identities that are completely out of reach for LE, leaving them with only legal construction. Wouldn't you say?
I sometimes wonder about something, too: you know those "small" cases with huge human cost, like missing child, or murder in a backwoods area? I always imagine that classified capabilities could be used to solve them. The fact they are not, is painful, and I think must be "moral trauma" for LE/IC people involved. Even more so that they can't talk to anyone about it except their organizational therapists if then.
> The original purpose of TOR was to provide agents and handlers with a means of secure communication, allowing them to organize subversive or espionage activities. It was created by the Department of Defense to propagate their interests and spread democracy around the world using these secure capabilities.
Do you think the EFF was in on it, duped, or just thought multiple competing interests could be served?
Well, I could be wrong historically here, but I think you need to recall a previous age where the interests of the state department pushing noble American values into disintegrating but strategically valuable locales might actually have been something that the EFF felt highly aligned with and wanted to support through its electronic and advocacy Capacities. For instance, why would they not support Internet and communicative freedom under a repressive regime?
I haven’t looked closely and I wasn’t there at the time so it makes it hard to say for sure but let’s speculate. I think the people involved in EFF are most likely slightly cynical, savvypolitical maneuverers themselve who, like you said realize the utility of multiple not necessarily overlapping objectives, where all involved parties could derive some benefits.
Certainly not an implausible situation that you lay out
> Maybe someone, somewhere, has decided that allowing petty criminals to get away with their crimes is worth maintaining the illusion that Tor is truly private.
This is what I believe. If they do have a way to track people, it wouldn't be worth blowing their cover for small stuff that wasn't a ridiculously huge national security threat that they could afford to throw away 20+ years of work for.
In fact there have been court cases that were thrown out because the government refused to reveal how their information was obtained... I think that usually means they're hiding it on purpose for a bigger cause. I also wouldn't be surprised if multiple SSL CAs are secretly compromised for the same reason.
TOR as it exists now is a honeypot simple as. Same as that documentary called "Benedict Cumberbniamnatch's Great Work" where they cracked the radio signals of the Frenchmen but they had to let the submarine sink so that they knew that the other guy doesn't know that they knew.
NSA uses ROT which is TOR-inspired but takes the techniques and incognito aspects 7 or 8 steps ahead.
I'm assuming the "documentary" was the movie The Imitation Game staring Benedict Cumberbatch. If that's an intentional mistake, I'd guess by "French" they meant Austrian (as Hitler was born in Austria).
This entirely ignores the fact that traffic to and from onion sites never leaves the Tor network, never utilizes an exit node. It doesn’t matter if a bad actor has control of every exit node if your communications are within the network unless the underlying encryption protocols have been compromised.
> what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%.
You calculated the probability that a specific person randomly chooses three nodes of the 1,000.
But that's not the scenario you're responding to.
>> I can't target a specific person, but eventually I can find someone who has all three bounces through tor nodes I control
Tor estimates that 2.5 million people use the network per day.
Let's assume that in a month, 10 million people use it.
Let's also assume that 80% of monthly users are not committing crimes, while the 20% who are criminals make an average of four Tor connections per month.
With those assumptions we could expect a malicious operator who controls 1,000 nodes could capture the sessions of 10,940 criminals in a given month.
Spending less than fifty cents per suspect is less than trivial.
An autocratic regime of a large nation locks up its critics and other undesirables in camps.
100,000 activists who haven't been caught yet switch to Tor for anonymity.
For $60,000, the regime monitors Tor for a year, identifies 6,500 activists, and marches them off to the camps.
And by discrediting Tor the regime pushes the other 93,500 activists even farther underground, constraining their ability to recruit, limiting their ability to coordinate with each other, and reducing what they can publish about what's happening to their country.
> reducing what they can publish about what's happening to their country.
To what audience? It isn't quite what you're getting at in your post but this is worth saying: graffiti, zines, contact with journalists, radio operations like pirate radio, all of it is much more established and less uncertain in risk profile than being online. Crucially it may also be more effective.
What does that mean? The way I understand it you would be getting traffic correlations -- which means an IP that requested traffic from another IP and got that traffic back in a certain time period. What does that tell you, exactly, about the criminal? If you aren't looking for a specific person, how would you even know they are doing crimes?
Activists fighting an autocratic regime use a large social media site to recruit, coordinate and publish so they can reach the broadest number of people possible.
The billionaire owner of the site supports the strongman leader and provides IP addresses for those who post wrongthink on his platform.
Now the regime can link social media activity of anonymous activists to their real IP addresses, devices and locations.
> Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
During WW2, the British cracked the German codes. They would create pretexts for "discovering" where German ships would be, so that the Germans wouldn't suspect that they cracked their codes.
It's impossible for us to know if the US government have cracked Tor, because the world would look identical to us whether they had or hadn't. If the only evidence they have is via Tor, and the individual is a small fry, they will prefer they get away with it rather than let people know that Tor has been cracked.
I just assume the NSA are spending their budgets on something, although maybe it is stuff like side channel attacks.
These pretexts for "discovering" are a "bedrock principle" in law enforcement called parallel construction.
The NSA sharing data with the DEA becomes a "routine traffic stop" that finds the drugs. The court would not allow the NSA evidence or anything found as a result, but through parallel construction, the officer lies in court that it was a "routine stop", and judicial review never occurs.
> these people always made other mistakes that led authorities to them.
Says who? The intelligent community entity that busted them? If they're using a tool to discover X or Y they're not to let anyone know that.
For example, I live in the NYC area. A couple of times per year there's a drug bust on the New Jersey Turnpike of a car headed to NYC. The story is always a "random" police stop ends up in a drug bust.
Random? My arse. Of the thousands of cars on the NJTP the cops just happened to pick the one loaded with drugs? A couple times a year? I don't buy it. But what are they going to say? They have someone on the inside that tipped them off? That's not going to happen.
The intelligence community doesn't deal in truth and facts. It deals in misinformation and that the ends justify the means. What they're doing and what they say they're doing are unlikely the same.
You know what's easier than waiting around to get really lucky?
Using those same network-health dashboards as DDoS target lists, to temporarily degrade/shut down the whole network except for your own nodes.
Also, big nodes route more Tor circuits each. Costs more to run them, and they intentionally don't function as exit nodes (to avoid the "obvious" attack) — but just having a bunch of these big nodes in the network handling only middle hops, biases the rest of the network away from handling middle hops, toward handling end hops. Which means that if you then run a ton of tiny nodes...
>Yes, this is obviously the sort of adversary we would be discussing.
OP explicitly asked about himself, not some government organisation.
>causing your number to be an underestimate
Not necessarily. It might even be an overestimate if the attacker fails to supply enough nodes of the right kind.
>So almost certainly thousands of people
We're talking about a targeted attack. Of course the statistics game works better when you don't target specific people and just fish randomly. But there are probably more cost effective methods as well.
If someone would do the thing-to-be-detected (e.g. accessing CSAM) every day, then that 0.14% probability of detection turns out to be 40% for a single year (0.9986^365) or 64% over two years, so even that would deanonymize the majority of such people over time.
That assumes you could run thousands of malicious tor nodes for several years without being detected. Unless you have vast resources and time, this is unlikely.
My point is that it doesn't require "vast resources". A VPS is $5 a month. A thousand of them would be in the disposable income budget of a single FAANG engineer never mind a nation state.
Pay people on Fiverr to set them up for you at different ISPs so that all the setup information is different. You can use crypto to pay if you want anonimity (this is actually the main reason I used to use bitcoin - I'd pay ISPs in Iceland to run TOR exit nodes for me without linking them to my identity).
This isn't a difficult problem. A single individual with a good job could do it.
And sure, each connection only has a very small chance of being found, but aggregate it over a year or two and you could catch half of the users of a site if they connected with a new circuit one time per day.
I honestly can't see why a nation state or two hasn't already done this.
What detection? A malicious node is only different from a non-malicious node because all the traffic is being logged. If that's our definition of a malicious node in this case then there is no way to detect one.
The attack Germany is thought to have actually used was to flood the network with middle nodes and wait until the victim connects to their middle node. Then, it knows the guard node's IP. Then, it went to an ISP and got logs for everyone who connected to that IP.
technicly this is the only comment in this chain that is relevant to the featured article, but it's technicly so incomplete that it's almost wrong, I can tell from having read the thread and knowing next to nothing else about how TOR works.
They don't have plausible evidence to subpoena the guard node if a middle node only sees encrypted traffic. They would also need to control the exit nodes which communicate with the target's host or they simply control the host as a honeypot.
Because the victim was an onion server, they could make it generate new connections at will. They used timing correlation to determine their node was the middle node for their connection.
assuming the guard node connects to the host when the host communicates with the client, this makes a little more sense. If I understand correctly you are saying that they did not seize a boat load of unrelated nodes and have rather fluxcompensated it with "timing correlation" and infinite funds.
Ad hominem: your username spells out MIB, Men in Black, surely you are joking.
The server connects to the guard node and tells it to connect to the middle node and tells the middle node to connect to the final node and tells the final node to connect to the rendezvous point, which already has a connection in the other direction from the client and splices them together at this point.
All Tor hosts use a small set of "guard" nodes as their first hops, because it's considered that directly connecting to a compromised node immediately reveals your IP address, in most cases. Using a small set of first hops reduces the probability that at least one of them is compromised. In older versions of Tor, the middle node is completely random, which means sometimes it is compromised. The German government is thought to have used statistical methods to identify when their compromised node was the middle node, and log the address of the node before it - the guard node. Then, they used legal methods to sniff the traffic on the guard node to find the server's IP address.
In newer versions of Tor, this is more difficult because onion servers use two layers of guard nodes - they use a small infrequently-rotated set of entry guard nodes, and a larger more-frequently-rotated set of middle guard nodes, and the third is still random.
> Could someone like the NSA with limitless resources do it? Quite probably, sure.
If you're not worried about a fairly well-resourced government agency uncovering whatever network activity you believe needs to be anonymized, why would you be using Tor at all?
Respectfully, a large number of people rightfully fear for their lives, safety, and freedom due to being stalked or abused by a current or former partner. I have personally known several.
Using victims' devices and communications in order to locate, and then harass, trap, or attack them, is commonplace for stalkers.
If you can use victim's device, then Tor or any network level protection will not help you. If you can use their network, then just about everything uses https these days... and you still need to know their location to snoop in the first place. GP raised a good point of Tor not helping in those two cases.
Those are situations that people deal with, but suggesting they use Tor is not going to help them. (Apart from some very specific situations)
How many of these people are justified (by evidence, not merely paranoia) in thinking that Tor would circumvent whatever communications interception may or may not have been put in place?
And of those people, how many people have ever even heard of Tor, let alone know how to use it?
What fraction of domestic violence shelter occupants are paranoid rather than reasonably fearful? What fraction are paranoid, vs. those who are reasonably afraid of being spied on in general? Probably some, but I believe many have well founded reasons to want to be anonymous and in hiding.
I concede that tor is probably not a useful tool in general for these people. I meant to point out only that one needn't be paranoid to fear one's spouse.
Not to make too much light of a morbid topic but the idea of someone having a murderous yet tech-savvy ex who has methodically installed all sorts of elaborate digital surveillance measures in their former spouse's personal tech stack in service of premeditated homicide, sitting in a dark room somewhere, howling in anger upon realizing his murder plan has (somehow...?) been thwarted by said former spouse unexpectedly using Tor is pretty funny (because of how outlandish it is). "I almost got away with it too, if it weren't for you kids and that onion routing software!"
You are lucky to have not experienced stalking. It's not like some big nefarious plan, it's a relentless obsessed hunter who will use whatever the lowest-hanging fruit is to get to you. If they have IT savvy they will use that. If they are charming they will use that. If they are brutal they will use that. They don't need to be murderous obviously, just obsessed with you.
Knowing that there's one thing they can't get to you on is huge peace of mind. Not needing to think about your stalker, because there's no way for them to hunt you there.
Stop thinking about cloak and dagger shit and start thinking about things ordinary people could do if they had a psychotic obsession, and nothing better to do with 120 hours a week of their time.
Stalkers want to make it impossible to live a normal life. They try to make it impossible to go to work or school, to use phones, email, messaging services, etc. Already knew my contact info, and got new ones by asking mutual friends. Called the the landline and cell and work phone and hung up or heavy-breathed into the phone hundreds of times a day. Telco won't help with this or admit who's doing it w/o a subpoena, which I couldn't realistically get. They tried to get various online accounts, including employer provided, to be flooded/brigaded/spamed/banned.
You don't have to be a leet haxor to do social engineering, sim swapping, and other crying on the phone to customer service type of attacks on other people's accounts. You just have to be pissed off and risk tolerant.
Not saying tor is a good-fit solution to these problems, just saying that "Because your ex-spouse wants to murder you", and also you have a day-to-day practical necessity to find a secure, hard to block way to communicate on, or access, the internet is not actually an exotic problem.
tor-browser comes with other privacy-boosting features, beyond its method of talking to the network. That might make a difference too, if someone is likely to look at your browser history etc.
The second to last point is laughable since it's long been authorized in executive order that if the NSA stumbles upon information relating to criminal activity while searching for other stuff that they can report that info to the FBI.
Heck - FBI is allowed to do the same damn thing with the data they're given by the NSA. Y'know, the whole "backdoor search loophole" which amounts to laundering authorities across agencies to get access to data they wouldn't otherwise be permitted to have.
Depends on what you’re doing. The NSA isn’t going to expose themselves by tipping off law enforcement about small time drug deals. If you’re sharing CSAM or planning terrorist attacks, it might be different.
> If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
Assuming tor always was or became broken and is exploitable by law enforcement, authorities would try to maintain a false believe of tor's integrity so as to crack high profile cases for as long as possible.
Within this scenario, it is plausible to assume that authorities can decipher and discover information that can be used as the official pretextual charge / minor reason ("they made the mistake to use their public email address on the dark net forum") in order to not spill the beans on the actual means (here, tor being broken).
What you say is reasonable and I agree and hold that position.
> Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service.
If I were an intelligence agency that had "cracked" tor -- I'd probably make sure nobody would notice I had access, so I could keep eavesdropping. Not do anything that could expose my access.
It certainly could be happening. Nothing is 100%. Nothing. Just a fact. Tor is probably pretty good at what it does.
(and keep in mind, for what we're talking about in this kind of attack, all I get access to is network contacts, not the actual messages, right?)
> given enough time (in theory) parallel construction is eventually exposed.
Parallel construction has existed for decades. It's even in "The Wire". It has never been tested in court, probably because it is nearly impossible to discover outside of being the agents that implement it.
The police used self-powered GPS devices[1] to track criminals. These devices are used in various situations, such as when someone violates parole. The police don’t need to report the violation immediately. Instead, they wait for the person to re-enter their jurisdiction, then catch and arrest them.
Parallel construction wasn't tested, but the means of them catching criminals this way was tested in court.
1/ tor-browser by default sticks to the same circuit for one origin for the session, so that'd have to be 10,000 separate sites or 10,000 separate sessions.
If it was effective, would there have been a down tick in arrests at some point?
Or if the arrest rate stayed the same, would that suggest it never “worked” to begin with?
It’s like the movie trope of the detective who finds out the truth via some questionable means which isn’t admissible in court. When you know the truth you can push harder and call every bluff until you get admissible evidence.
You don’t need all the middle nodes. Just the entry and exit, and enough data to do packet timing analysis to correlate them. It’s in fact shockingly easy for a well provisioned actor to trace tor traffic, and this is something the TOR project openly admits.
If the server is on the Tor network, an onion server, then it is encrypted end to end and no traffic or identity is exposed to either the onion server or any intermediary.
That is to say, if I started an onion server on one side of the world, then connected to it from somewhere else, my connection to it would be anonymous and encrypted to any external entity.
Uses a dataset created from aggregation of logs from all nodes in a simulated Tor environment to train a model that can identify the onion server's IP based on fingerprints created from that model.
>We ran the modified Tor software in the Shadow simulation environment to obtain a large amount of circuits for analysis. Shadow is a discrete-event network simulator developed specifically for Tor network simulation experiments and can run Tor software directly. Therefore, Shadow follows all logic related to Tor circuits. In the simulation environment provided by Shadow, we can build servers, clients, directory authorities, onion services and relays, and can control all nodes. Therefore, we can get circuit data in Shadow without the real Tor network.
This is:
a) Not a real world example
b) Not an example of interception of unencrypted traffic between a client and an onion site
c) Not de-anonymization of a client
Ok so you admit we can identify onion services, and it’s common knowledge that the NSA knows your personal traffic patterns. If you think they can’t correlate the two, I have a bridge to sell you.
Tor does have padding defenses to protect against that.
Also, according to their latest blog post on their finances, while it is true they have money from the US Government, that was only ~50% of their income (I think that was 2023). For the FUD part of that comment, see the "U.S. Government Support" section of https://blog.torproject.org/transparency-openness-and-our-20...
>Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.
Yeah, the stated reason is always something else. But this just reminds me of "parallel construction" - what if they were found in on way and then (to hide the source) the claim was that they were found in another way?
Is this per circuit? So if someone switches circuits every X hours, the chance of being caught after a year is actually quite high?
And even catching 0.14% of pedophiles would probably be worth it to the FBI or whatever, nevermind Iran catching dissidents or whatever.
My point is that is seems very cheap to do this (I as a random staff engineer could do it myself) and catch some people. A nation state could easily catch a much higher percentage if they increased the number of logging nodes slowly and carefully and deliberately did things like use many isps and update the servers gradually etc.
The happy equilibrium is that if you have enough adversary nation-state intelligence services doing this and not sharing information, they'll cancel each other out and provide free node hosting.
You're misusing probability and ignoring critical information.
There's 1000 red marbles added to a jar with 8000 blue marbles (9000 total).
Take three marbles from the jar randomly, one at a time.
The odds of getting three red marbles is ~0.14%. That's all.
Tor nodes are not randomly picked marbles.
The Tor network is not a jar.
The word "eventually" is doing a lot of heavy lifting here. Let's say you actually manage to add 1000 servers to the tor network somehow without getting detected. The network currently sits at just under 8000 nodes. For simplicity, lets also ignore that there are different types of nodes and geographical considerations and instead just ask what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%. If that someone decided to use 4 nodes to be extra-safe, that number goes down to 0.015%. And it decreases exponentially for every additional relay he adds. Combine this with the fact that tor nodes are actively monitored and regularly vetted for malicious behaviour[1], and these attacks become increasingly difficult. Could someone like the NSA with limitless resources do it? Quite probably, sure. But could you or any other random guy do it? Almost certainly not.
[1] https://gitlab.torproject.org/tpo/network-health/team/-/wiki...
Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.