But that's half the point. If someone has an intention to undergo some illegal activities with full intention not to be caught, only 100% "safe" solution works for them. Normally we talk about risk tolerance, but this particular use case is a bit special.
There are no "100% safe" solutions. There will always be weaknesses and vulnerabilities in any system. The sort of criminal who requires or expects 100% safety is quickly going to be caught due to being a dullard. Knowing you're never truly "safe" is what good criminals are keenly aware of at all times: you can plan and prepare for certain eventualities. Once you think you're "safe", it's the beginning of the end.
You don't do something, once, and then are good to go forever. Banks don't just put cash in a safe and forget about it; they have audits, security guards, cameras, threat intelligence profiling criminal gangs, etc.
As someone who's actually used Tor for illegal activities(buying drugs) this is completely missing the point. Criminals generally are not thinking about doing something completely risk free. The dumb ones don't consider risk at all, because they're desperate/addicted, and just hope/assume they won't get caught. More clever ones assume they'll be caught and try to make conviction less likely.
For instance, for buying drugs, the ordering isn't the risky bit. Receiving it in the mail is. Even if tor was magically "100% safe" the crime overall wouldn't be. The point of using tor is not to eliminate all risk, it's just to decouple payment from reception. I had my drugs intercepted by customs once, but they couldn't prove I ordered them, so they dropped the case. I'm sure it might've been possible for them to prove it if they spent a lot of resources trying to trace crypto transfers and so on, but police only do that if the fish is big enough because they're resource constrained.
Tor is just another tool criminals can use to reduce risk. It's not perfect, but for most things it's the best thing available.
Well no, there are loads of precautions criminals can use to avoid being caught already, and they just don't do them - most criminals are just not that smart.
The only 100% safe method is to not do the illegal activity at all. There's always a risk/rewards analysis to be performed when committing any act that could have negative consequences whether you're playing the stock market or doing credit card fraud. For any major criminal that gets caught, you can usually read the arrest affidavit which offers a pretty interesting look into how the criminal was caught despite the careful measures they took. The one for DPR is interesting to read and shows how despite taking careful measures, DPR left a trail of breadcrumbs that investigators used to track him down. His use of Tor was pretty solid (assuming the whole affidavit isn't complete parallel construction fiction) but it was everything else he did outside of it that got him in the end. There's another story of a university student that sent threats to his school to get out of an exam or something through anonymous emails over Tor. They only caught him because he was the only person using Tor on the school network at the time the email was sent. If he was off campus, he may have remained anonymous.
An analog crime I think about is the murders in Moscow, Idaho. The criminal did take some careful measures like wearing gloves but he left a knife sheath behind that contained DNA evidence. Everything else they had on him was circumstantial, he owned a similar car to what police thought they saw on people's doorbell cameras and his phone went offline during the time of the murders and also pinged a tower close to the crime scene hours afterwards. Police found a partial genealogy match to his DNA which I'm sure they compared to similar car owners and cell tower records. If he hadn't left the sheath behind, wore something like a Tyvek suit, and simply left his phone at home, the suspect pool would have likely been too large. His careful measures (turning off his phone, making multiple passes in his car) likely contributed to police focusing on him once the DNA proved a link.
> The only 100% safe method is to not do the illegal activity at all.
Nope. Not even that is 100% safe because you can be falsely convicted of a crime you never even committed. Many privacy tools reduce that risk as well, because you're less likely to be convicted by e.g. a lazy prosecutor willing to take things out of context if you provide them with less source material to trawl through.
On the other hand "he was using the dark-web Tor browser beloved of criminals and widely used amongst drug sellers" is probably pretty convincing to jurors.
What jury? Only 2% of criminal cases go to trial. The goal is to give them nothing they can use to bring you up on (false) charges. Using Tor isn't a chargeable offense in free countries.
I think the point was that you aren't being "charged" with using Tor, you are being charged with buying drugs online. You have Tor installed and unfortunately a very small percentage of people have Tor installed. That might be enough to convince a jury, or be enough pressure for you to plead down to a lower crime to reduce that risk.
There first has to be some actual evidence that you were buying drugs online. If the cops search you and find drugs, it isn't going to matter a lot one way or the other whether you have Tor installed.
If you weren't actually buying drugs online then there shouldn't be any evidence that you were (or the cops planted it and then we're back to it not really mattering whether you have Tor installed). And then what are they charging you with that would even make it to a jury instead of being dismissed by the judge for lack of evidence?
Drugs are sent to you and intercepted. You claim, though your lawyer, someone was just using your house as a drop and you have no idea who ordered them. They get your computer, you have Tor installed. Prosecutor argues Tor is only used for CP and drugs. Is that enough to convict? Maybe.
If Tor was ubiquitous obviously not, but its very niche, and looking at a chart of use, its pretty much only used for drugs and CP. There are privacy use cases, but just like using crypto as a currency and not a speculative gambling investment, its in the small minority of uses.
The trouble is that the alternative is worse. They come to your house, you don't have Tor installed and then, because you haven't been using Tor, they pull your search history and trawl through it looking for things to take out of context.
Why did you do multiple searches for std::vector? Are you worried about sharing needles? You also read an article about caffeine, which is often used as a cutting agent. You've been participating in internet discussions about using Tor, which the prosecutor argues is only used for CP and drugs.
> If Tor was ubiquitous obviously not, but its very niche, and looking at a chart of use, its pretty much only used for drugs and CP.
Nobody really knows what Tor is used for, by design. But the media likes to rile people up, and "Tor used by privacy activists to read Facebook" isn't a headline that does that.
It's all too easy to lie with statistics. For example, some people have looked at which hidden services are most often looked up. That's not going to tell you about real usage, because bots do lookups at a much faster rate than real people, and government agencies run automated crawlers. Then you get statistics that say a significant percentage of the lookups are for CP and drugs, but not what percentage of those lookups were made by law enforcement running crawlers 24/7 specifically looking for CP and drugs.
> "In countries coded as 'free', the percentage of users visiting Onion/Hidden Services as a proportion of total daily Tor use is nearly twice as much or ~7.8 percent."
> In other words, people living in liberal democracies are more likely to exploit the dark web for malicious purposes, whereas users living under repressive regimes in non-democratic countries might be more likely to use Tor to circumvent local censorship restrictions and access free information on the internet.
Tor is used to bypass censorship. This use case happens more often in countries where there is censorship, and less often in countries where there isn't, because obviously. Reaching from there to "people living in liberal democracies are more likely to exploit the dark web for malicious purposes" is ridiculous. A higher ratio of B to A because of a smaller need for A does not imply a greater occurrence of B.
Yes, all good. My point was that you aren't being charged with having Tor in the scenario that was described. The existence of Tor on your computer might work as connecting the user to a drug sale.
And what I'm getting at is that in that circumstance, not using Tor is worse, because at that point they have a weak case but are now searching your residence to backfill their case with whatever circumstantial innuendo they can dredge up from a fishing expedition. If you've actually been using Tor then they get less of your browser history and are deprived of material to take out of context. Instead they're left with only the rhetorical argument you propose, which is still weak.
