Comment by throwaway37821

Comment by throwaway37821 a day ago

43 replies

View on Hacker News

75% [0] of all Tor nodes are hosted within 14 Eyes [1] countries, so it would actually be quite trivial for the NSA to de-anonymize a Tor user.

It baffles me that Tor Browser doesn't provide an easy way to blacklist relays in those countries.

[0] Here, you can do the math yourself: https://metrics.torproject.org/rs.html#aggregate/all

[1] https://en.wikipedia.org/wiki/Five_Eyes#Fourteen_Eyes

> Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.

Maybe someone, somewhere, has decided that allowing petty criminals to get away with their crimes is worth maintaining the illusion that Tor is truly private.

It's also worth noting that it's significantly easier to find the mistakes someone has made that could lead to their identity if you already know their identity.

majorchord 12 hours ago

> Maybe someone, somewhere, has decided that allowing petty criminals to get away with their crimes is worth maintaining the illusion that Tor is truly private.

This is what I believe. If they do have a way to track people, it wouldn't be worth blowing their cover for small stuff that wasn't a ridiculously huge national security threat that they could afford to throw away 20+ years of work for.

In fact there have been court cases that were thrown out because the government refused to reveal how their information was obtained... I think that usually means they're hiding it on purpose for a bigger cause. I also wouldn't be surprised if multiple SSL CAs are secretly compromised for the same reason.

Reply View 0 replies
keepamovin 19 hours ago

The original purpose of TOR was to provide agents and handlers with a means of secure communication, allowing them to organize subversive or espionage activities. It was created by the Department of Defense to propagate their interests and spread democracy around the world using these secure capabilities. Given this context, it's not unreasonable to assume that TOR is still being used in a similar manner today.

Because of its origins, access to the identities of users on the TOR network—even if they could be de-anonymized—would likely be extremely restricted, compartmentalized, and classified. This would make it much more difficult for such information to be used in law enforcement proceedings. Perhaps that, rather than a technical limitation, is the reason most high-profile arrests related to TOR involve criminals making some other mistake, rather than the security of the network itself being compromised.

Additionally, it’s interesting to speculate that some of the secure private defense and intelligence networks—parallel or classified world internets—could themselves be implemented as possibly enhanced forms of TOR. It would make sense that nation-states, through shell companies and other disguises, might run and control many seemingly innocuous machines acting as secure relays in these parallel networks. While I have no data to back this up, it seems logical, given that TOR was originally created by the DoD and then open-sourced.

Why wouldn’t they keep something that works, build on it, and enhance it as a means to secure their own global communications?

Reply View 13 replies
  • Xelbair 16 hours ago

    >spread democracy

    i have to say that i love that phrase, it is peak propaganda that just works.

    Reply View 2 replies
    • keepamovin 12 hours ago

      Yes, I boldly inserted that deliberately aware of its potential provocative effect. So I am truly glad you derive some enjoyment from it. I did too! Comrades in arms? Or at least in Internet nodding hahaha! :)

      Reply View 1 reply
      • Aerbil313 10 hours ago

        Indeed old timer commies of HN might get irritated by that phrase, but in this corner of the world we love Democracy. This summer would pretty dry in my region because of global warming, but thanks to Democracy we had plenty of precipitation in the form of MK-84s. I wonder which neighboring country is going to get her share next year, it's a gift that never stopped giving since some 20 years.

        https://en.wikipedia.org/wiki/War_on_terror

        Reply View 0 replies
  • autoexec 12 hours ago

    > Perhaps that, rather than a technical limitation, is the reason most high-profile arrests related to TOR involve criminals making some other mistake, rather than the security of the network itself being compromised.

    I have no doubt that the government doesn't want to demonstrate how weak Tor is to the public, but it's also got to be dead simple to find those kinds of "other mistakes" they can use when they've identified the person they're looking for and can monitor whatever they do.

    Reply View 3 replies
    • keepamovin 12 hours ago

      What you’re claiming is not necessarily correct, but it’s an avenue of interesting speculation. Nevertheless, let’s clarify a few of your possible misunderstandings or points of confusion:

      I’m not saying TOR is weak, nor that the reason for its concealment is to project a false sense of government strength.

      What I am saying—and what you seem to have misunderstood—is that the TOR network is most likely used, precisely because of its strength, for highly sensitive clandestine operations. This results in blanket classification of all involved identities, making them inaccessible to law enforcement. Law enforcement likely understands this, which is why they don’t pursue it—knowing it’s a dead end. Instead, they rely on side-channel effects or mistakes made by criminals.

      To my mind, this explains the public information we see.

      Now that I’ve clarified, what do you think?

      Reply View 2 replies
      • sangnoir 11 hours ago

        > What I am saying—and what you seem to have misunderstood—is that the TOR network is most likely used, precisely because of its strength, for highly sensitive clandestine operations.

        Tor seems to be a poster child of the "Nobody But Us"[1] principle the NSA likes so much: it's strong when used by American spooks, but weak when used against them. If a country developed body armor that's impervious to all rounds except their own special alloy rounds, their use and promotion of that armor is not evidence of its utter robustness.

        I don't doubt a lot of darknet busts involve a lot of parallel construction - the intelligence community doesn't have to give detailed logs; summaries are enough (IP addresses, dates and times). This is before considering that the FBI is involved in both (counter) intelligence and law environment.

        1. https://en.wikipedia.org/wiki/NOBUS

        Reply View 1 reply
        • keepamovin 30 minutes ago

          I guess i don't necessarily disagree with your NOBUS assessment of TOR strength, it's hard to say without confirmed facts tho. Funny I always think of crypto algorithms as the examples of NOBUS: the NIST ones, etc. Again, no confirmed facts but that would be a source and method you really wouldn't want to confirm and burn.

          What do you mean by parallel constructions? Is that where LE discovers evidence through extralegal means, then needs to rebuild the narrative through a legally valid chain? Could be, but then again there's probably a lot of TOR identities that are completely out of reach for LE, leaving them with only legal construction. Wouldn't you say?

          I sometimes wonder about something, too: you know those "small" cases with huge human cost, like missing child, or murder in a backwoods area? I always imagine that classified capabilities could be used to solve them. The fact they are not, is painful, and I think must be "moral trauma" for LE/IC people involved. Even more so that they can't talk to anyone about it except their organizational therapists if then.

          Reply View 0 replies
  • jrochkind1 14 hours ago

    > The original purpose of TOR was to provide agents and handlers with a means of secure communication, allowing them to organize subversive or espionage activities. It was created by the Department of Defense to propagate their interests and spread democracy around the world using these secure capabilities.

    Do you think the EFF was in on it, duped, or just thought multiple competing interests could be served?

    Reply View 1 reply
    • keepamovin 12 hours ago

      Well, I could be wrong historically here, but I think you need to recall a previous age where the interests of the state department pushing noble American values into disintegrating but strategically valuable locales might actually have been something that the EFF felt highly aligned with and wanted to support through its electronic and advocacy Capacities. For instance, why would they not support Internet and communicative freedom under a repressive regime?

      I haven’t looked closely and I wasn’t there at the time so it makes it hard to say for sure but let’s speculate. I think the people involved in EFF are most likely slightly cynical, savvypolitical maneuverers themselve who, like you said realize the utility of multiple not necessarily overlapping objectives, where all involved parties could derive some benefits.

      Certainly not an implausible situation that you lay out

      Reply View 0 replies
  • DrillShopper 15 hours ago

    After talking to my Democracy Officer I have to say I love managed democracy!

    Reply View 1 reply
  • headsupernova 16 hours ago

    Ah yes, 'spread democracy around the world'

    Reply View 1 reply
    • keepamovin 12 hours ago

      I appreciate your appreciation of that statement. Thank you. :)

      Reply View 0 replies
DabbyDabberson a day ago

Its important to realize that TOR is primarily funded and controlled by the US Navy. The US benefits from the TOR being private.

It provides a channel for operatives to exfiltrate data out of non-NATO countries very easily.

Reply View 16 replies
  • firen777 a day ago

    > It provides a channel for operatives to exfiltrate data out of non-NATO countries very easily.

    I'm not convinced this is the case. For example China's gfw has been very effective at blocking TOR traffic, and any TOR connection in other countries is like announcing to the government that you are suspicious.

    Reply View 4 replies
    • snowwrestler a day ago

      It’s a little silly to say “for example” and then intentionally pick what is widely known as the most sophisticated and pervasive system for controlling Internet traffic ever created.

      The parent said “non-NATO countries”… there are 162 of those that are not China.

      (It’s also a little silly to specify “non-NATO” since U.S. intelligence services have to exfiltrate data from NATO countries too…)

      To get data out of China, the U.S. undoubtedly has special systems, which are worth the special investment because it’s China.

      Reply View 1 reply
      • rvba 14 hours ago

        If weight it by population and importance then China is probably in the top though.

        I bet western spies spend more time on China than some micro island in the middle of the ocean. Same for Chinese spies probably focus on USA first.

        Also realistically probably everyone spies everyone and they spy on those micro islands too. But priorities are clear...

        Reply View 0 replies
    • literallycancer a day ago

      How do they see TOR traffic in a TLS tunnel?

      Reply View 1 reply
      • GuB-42 a day ago

        If you can find TOR nodes, so can the Chinese government. They can then just block these addresses.

        Furthermore, the great firewall is quite advanced, they use machine learning techniques to detect patterns, so even if it is TLS on port 443, they may be able to detect it after they have gathered enough traffic. There are workarounds of course, but it is not as simple as just using a TLS tunnel.

        Reply View 0 replies
  • try_the_bass a day ago

    > The US benefits from the TOR being private.

    Slight correction: The US benefits from TOR being private to _everyone but the US_

    Reply View 2 replies
    • wheelerwj a day ago

      I’m glad I didn’t have to scroll too far to see your comment.

      In fact, A major power wins by creating a mote just big enough that only they can cross.

      Reply View 1 reply
      • fuzztester a day ago

        everybody does such shenanigans, bro.

        you don't have to be a major power to do such stunts.

        everybody and their uncle are already doing it. look into your life to see the truth of this.

        Reply View 0 replies
  • godelski a day ago

      > the US Navy
    Tor was made for spies. But you know what's really bad for spies? If accessing a certain IP/protocol/behavior reliably reveal your spy status.

    For Tor to be effective for hiding spies it has to be used by the public. Even if it's only nefarious actors (say spies + drug dealers + terrorists) it adds noise that the adversary needs to sort through.

    What I fucking hate about many of these conspiracies is how silly it is once you ever work with or for any government entities. You can't get two police agencies in neighboring cities to communicate with one another. The bureaucrats are fucking slow as shit and egotistical as fuck.

    It's important to remember that the government and even a single agency (like the NSA) is just as chaotic, disconnected, and full of competing entities as any big tech company has (if not worse). Yeah, most of the NSA is focused offense, but there's groups working on defense. Those groups are 100% at odds. This is true for the 18 intelligence agencies. They have different objectives and many times they are at odds with one another and you bet each one wants to be getting credit for anything.

    The US involvement should warrant suspicion and with any technology like Tor you should always be paranoid. But it's not proof. Because guess what, the US wants people in other countries to use high levels of encryption to hide from their authoritarian governments while the US can promote democracy movements and help put a friendly leader into a position of power. AT THE SAME TIME they also want to spy on their own people (and there are plenty of people in the gov that don't want this). Inconsistency is the default because it's a bunch of different people with different objectives. So the US gov both wants Tor to be secure and broken at the same time.

    Reply View 2 replies
    • autoexec 12 hours ago

      > It's important to remember that the government and even a single agency (like the NSA) is just as chaotic, disconnected, and full of competing entities as any big tech company has (if not worse).

      And yet even as early as 2003 they were taking a copy of every single bit that ran over the AT&T backbone (https://en.wikipedia.org/wiki/Room_641A). It's amazing how effective these "chaotic, disconnected, and full of competing entities" can be. We're entirely dependent on whistleblowers willing to risk their lives and freedom to learn about what they're doing to us.

      Reply View 1 reply
      • godelski 9 hours ago

        Yes, they can be very effective. There's no denying that. The proof is in the pudding as they say, since we have governments and businesses. But that's tangential to the point I was making.

        Reply View 0 replies
  • majorchord 12 hours ago

    You know what else was funded by the US government? Computers, the Internet and GPS. Also Signal (via OTF funded by Congress).

    Reply View 0 replies
  • HDThoreaun a day ago

    I dont see how TOR is better than just spinning up a server on the public cloud for each asset. Since each asset would have a different IP they couldnt use one assets knowledge to catch the others. Non-NATO countries tend to monitor internet traffic and so would know if you access TOR.

    Reply View 3 replies
    • DrillShopper 15 hours ago

      Servers in the public cloud are a lot easier to do traffic analysis on.

      Reply View 2 replies
      • HDThoreaun 5 hours ago

        Each server is only used by a single operative though, how do you even find which IP to analyze? The story with Tor and espionage is that if an asset connected to cia website the gov which monitors internet access would know they went to the site. Even if its not a public site they just need to have one operative defect and tell them the site and they can catch all the other operatives who use it. But if everyone connects to a different IP I dont see how traffic analysis helps you discover you is connecting with the cia.

        Reply View 0 replies
      • [removed] 11 hours ago
        [deleted]
        Reply View 0 replies
amy-petrik-214 a day ago

TOR as it exists now is a honeypot simple as. Same as that documentary called "Benedict Cumberbniamnatch's Great Work" where they cracked the radio signals of the Frenchmen but they had to let the submarine sink so that they knew that the other guy doesn't know that they knew. NSA uses ROT which is TOR-inspired but takes the techniques and incognito aspects 7 or 8 steps ahead.

Reply View 4 replies
  • Imustaskforhelp a day ago

    What? Tor is a honeypot? I don't think so. What do you instead expect me to use instead of tor?

    Reply View 1 reply
  • widforss 21 hours ago

    You do know Hitler was the German Reichskanzler, not French?

    Reply View 1 reply
    • hnbad 19 hours ago

      I'm assuming the "documentary" was the movie The Imitation Game staring Benedict Cumberbatch. If that's an intentional mistake, I'd guess by "French" they meant Austrian (as Hitler was born in Austria).

      Reply View 0 replies
alphan0n a day ago

This entirely ignores the fact that traffic to and from onion sites never leaves the Tor network, never utilizes an exit node. It doesn’t matter if a bad actor has control of every exit node if your communications are within the network unless the underlying encryption protocols have been compromised.

Reply View 2 replies
  • dunghill 17 hours ago

    But not all traffic goes to onion sites.

    Reply View 1 reply
    • alphan0n 4 hours ago

      Right, you shouldn't expect traffic that goes outside the onion network to be secure and anonymous. That's the entire point of onion sites.

      Reply View 0 replies
[removed] a day ago
[deleted]
Reply View 0 replies
ClumsyPilot a day ago

> petty criminals to get away with their crimes

Like human rights activists, journalists and dissidents in totalitarian countries.

Reply View 0 replies