My favorite theory is that the US, China, NK, Russia, Israel, et al. are all running a large number of malicious servers, all of which adds up to a secure Tor network, since they'll never cooperate
I wish! But there most be some return on investment or they wouldn't be doing it. Tor is so much faster than it used to be so I think it is likely there is well resourced person who is up to something on Tor .
If nation-states stop running servers, then the last one standing gets control of the network. The ROI is defensive (denying your adversary a resource), rather than offensive (dominating that resource yourself).
> [...] it’s certainly possible that the NSA did the surveillance and passed the information to the FBI.
We already know that the FBI passes information to local law enforcement agencies and tell them to do parallel construction when the information was obtained illegally, so why not the NSA too? It's probably easy to deanonymize Tor traffic when you see everyone's Internet traffic (they don't even need to setup exit nodes).
I would not be surprised given that Tor was specifically created to anonymize the traffic of US spies. It was released to the public to give plausible deniability to the spies. A new protocol that ONLY spies used would be obvious to track down, no matter how much encryption it had. But if everyone is using it for different purposes then you have to actually have to break the encryption to know if someone's using Tor to check in with the CIA or if they're just so paranoid that they insist on surfing Wikipedia with it.
After reading Edward Snowden's autobiography (Permanent Record, great read), I feel like Tor, end-to-end encryption and similar solutions/products are basically a dagger through the heart of intelligence services. As such, I find it hard to believe that they knowingly gave the public such tools. And if they did, it sure as hell backfired on them.
It is not a "dagger to the heart", it is something they have to take into account.
What makes things harder for them makes it harder for the enemy, and vice-versa.
If anything, maybe it will help intelligence services realize that gathering intelligence is only half of the job, keeping secrets is the other half. Well, maybe they already realized it and we are not aware of that (it means it worked). But at the time of Snowden's leaks they failed big time. While most people focused on the content of the leaks and arguing about whether Snowden is a hero or a traitor, what I mostly saw is a guy who managed to break the security of the NSA. If a single guy can do that, what about trained spies backed by world power gouvernements? I guess countries like Russia and China already knew everything there was to know about the NSA. I could go for some "master plan" conspiracy theory, but my guess is just that the NSA is incompetent, or at least it was at the time of Snowden. Maybe that "dagger to the heart" is more like a wake up call, I hope for them.
Tor was developed by the US Navy. The military understands how crucial encrypted messaging is, and doesn't particularly care whether or not it's a dagger through the heart of other TLAs. In a bureaucratic battle between the military and domestic intelligence agencies, the military wins.
And additionally funded by the US State Department to provide anonymity for users seeking political expression in countries where that expression may be dangerous.
For very obvious reasons you don't need to run any nodes, craft any malware, or scrutinize a target's layer 3+ OPSEC, in order to break Tor. You simply go to tier 1 ISPs and buy up IP datagram headers going to/from entry nodes and you win. The only solution is a constant rate of fake traffic to the guard node.
Why? Snowden said they do traffic anaylsis on everyone, including phone calls. They find you via other means if you are not extremely careful like Snowden himself.
Discussion about these issues has been stifled since critics like Assange and Applebaum have been smeared (but not prosecuted) with sex charges and Greenwald is being depicted as a conspiracy theorist.
> After reading Edward Snowden's autobiography (Permanent Record, great read), I feel like Tor, end-to-end encryption and similar solutions/products are basically a dagger through the heart of intelligence services. As such, I find it hard to believe that they knowingly gave the public such tools. And if they did, it sure as hell backfired on them.
I have heard it somewhere but using Tor or end-to-end is like using armoured car to transport money between park bench and cardboard box. If someone wants you compromised, you will get compromised, it only matters how many resources they are willing to throw at you. And for average person, it's not a lot. So best way is to blend in. And using Tor, end-to-end, VPN(full of people with something to hide, it would be stupid not to infiltrate or honeypot) will make you stand out, you might even peek someone's curiosity. Not a very healthy way to operate on the Internet...
> If someone wants you compromised, you will get compromised, it only matters how many resources they are willing to throw at you.
Wants who compromised? What are they going to do against people who use no pseudonym and never originate from the same machine or the same physical location?
E2E and onion routing are potentially problematic -- if they aren't compromised by the government. When controlled by the government, they can lull the targets of government surveillance into a false sense of security. For instance, the government-run Anom[0] network that was completely compromised, but claimed E2E encryption. I wouldn't exactly call it a dagger through the heart of government sigint activity.
BBC which is run by BritishIntel Services, one of the very first things that they did when the war in Ukraine exploded was to set up many new TOR nodes
But yeah, TOR is certainly a double edged sword, but I am led to believe that they assess that it's offensive capabilities to pierce against Anglo-Oligarchy enemies offsets the drawbacks it produces on how they themselves deal with homefront dissidents
My take is that, well, yeah, that's one of the benefits of having overwhelming power and capabilities, that they can afford to take one or two punches in the nose, if that means that they will beat the ever living shit out of their actual enemies
> The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm
Based on what little I know of SSL, this suggests the server was compromised too? Or does tor do a bad job of certificate pinning?
Edit: Or the clients are/were compromised. Or the suspect’s computer was compromised. Or they can somehow decrypt traffic between client and server.
> Based on what little I know of SSL, this suggests the server was compromised too?
Not necessarily.
If a passive snooper knows I used Tor Browser to make an SSL request to en.wikipedia.org and received 987,654 bytes then immediately made a SSL request to upload.wikimedia.org and received 1,234,567 bytes that might be enough information to work out I visited https://en.wikipedia.org/wiki/National_Security_Agency.
That size-inference side channel leak has been patched for years, random padding is added between hops to mitigate this.
It is large files / DDoS going over the network that is still hard to obfuscate.
Which is why TOR is intentionally slow, especially when requesting larger files. If it wasn't, you could watch the lump of data traverse across the pipe.
Unless I'm missing some info, I don't see anything that points at them finding all this info through Tor or the server. They identified the user AND 'also found what specific pages Al-Azhari visited'. That could've happened from his PC after they arrested him. Language like this is always ambiguous in order to give out as little information as possible while still providing some.
To catch every random person visiting a site you do need to control most of the Tor nodes which is probably affordable for the three letter agencies.
To catch one specific guy doing one action one time that he might do hundreds of times without getting caught but he only needs to get caught once to get punished, if you only need to succeed 0.1% of the time you only need to own 0.1% of the nodes, as a simplification.
There's also the incredibly valuable chilling effect that he's being found guilty in public opinion of having read the wrong website once. If millions of people read the "wrong" website a dozen times a day for decades, you only need one bust in a couple billion accesses to generate massive propaganda that reading uncensored badthink is and should be punishable.
I'm not sure, it's been known for a while that javascript can be used to deanonymize Tor users and unfortunately most websites need JS to even begin to function so there's an incentive to leave it on. If criminals were more tech savvy maybe needing JS would become a red flag for any criminal sites, but you'd still need the discipline to not visit any other sites.
I don't think that is how timing analisis works. User can say to "entrance node" that it is also a node and that is how it can deny that it is originator. "Entrance node" doesn't know its position in a chain. Only Exit node knows its position.
I don't think that's totally true. At least, it's maybe superficially true but not in a real world sense. The entry node can see your IP by virtue of the incoming TCP connection and it's not hard to figure out if an IP is a Tor relay or not. The list of known relays is a list that you can just go and get. If it's not a relay, then it's a client, and you're the entry node.
No, this is not the timing attack I was thinking of. Your version of timing attack comes from inside tor network and that is solved by Entry Guards.
And besides you can also be Tor relay and a client.
This attacks are just bugs that are fixed.
The real timing attack that is not fixed and will not be (it is not in threat model), is when your ISP works with police (that has warrant) and gives them data. And police also controls server or exit node.
Possibly you replied to the wrong post; I don't know anything about timing attacks. My post was about whether the entry node knows that it's the entry node.
"The Tor Project suggests the perpetrator compromised the network via a "traffic confirmation attack".
This involves the attacker controlling both the first part of the circuit of nodes involved - known as the "entry relay" - as well as the exit relay.
By matching the volumes and timings of the data sent at one end of the circuit to those received at the other end, it becomes possible to reveal the Tor user's identity because the computer used as an entry relay will have logged their internet protocol (IP) address."
See my reply above, this are just bugs that are fixable.
"Timing attack" that will not be fixed is when police has warrant for your ISP, and police has ISP logs and destination server logs. (so it can compare the two)
