Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

alphadogg writes A presentation on a low-budget method to unmask users of a popular online privacy tool Tor will no longer go ahead at the Black Hat security conference early next month. The talk was nixed by the legal counsel with Carnegie Mellon's Software Engineering Institute after a finding that materials from researcher Alexander Volynkin were not approved for public release, according to a notice on the conference's website. Tor project leader Roger Dingledine said, "I think I have a handle on what they did, and how to fix it. ... Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world." Tor's developers were "informally" shown materials about the bug, but never saw any details about what would be presented in the talk.

Re:What?

[dunkindave]

Put your tin foil away. People at institutions like Carnegie Mellon's Software Engineering Institute typically work on grants and funding that come with conditions, such as the funder owns the material or can dictate its dissemination. It sounds like the researchers discovered something they thought interesting, looked around and decided BlackHat would be a good place to present, then the lawyers pointed out that they hadn't yet received the required permissions per the funding agreement/grant so they have backed off for now.

An NSL is a directive to disclose info that may include the requirement not to reveal the disclosure occurred. An NSL is not a way to simply order someone to be quiet.

Re:TOR is actually sponsored by Uncle Sam

[AHuxley]

Follow the funding back in the day (Office of Naval Research and DARPA), understand the funding for the huge costly, fast exit nodes in the US early on.
The origins where for open source intelligence gathering by the US mil and the US gov support of "freedom fighters" spreading democracy.
The main issue early on was any user of the tech would be seen as a tool of the US gov. Not good if emerging human intelligence stands out on any telco system.
How was this set back to be fixed? By flooding the network with diverse users globally and offering free bandwidth, better speed and pushing the an open source grassroots technology front.
The press, dissidents and whistleblowers, all kinds of sites started to spread news about wanting to help people the in repressive countries.
ie a large group of users had to be created allow gov users to hide and help with the node/relay.
Carefully crafted news dropped the military and intelligence origins and pushed the press, First Amendment, dissidents, protected speech side.
Follow the early grants back ie "Pass-Through" funding.
Terms like '“Basic and Applied Research and Development in Areas Relating to the Navy Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance.”" seems to be floating around.
Finally we got to Snowden and the Stinks page. "Critical mass" - the users are all on the same network, and we are back to the fast exit relays question.
Follow the few law enforcement stories, if you have all data moving out of a network, around the world a few times and then back into the same network?
Its simple to find the in ip, back from the message sent. We also now know that the "internet" in some countries is a known network Tempora https://en.wikipedia.org/wiki/... [wikipedia.org] and XKeyscore http://daserste.ndr.de/panoram... [daserste.ndr.de]