Become a fan of Slashdot on Facebook


Forgot your password?
Privacy United States

FBI Has Tor Mail's Entire Email Database 195

An anonymous reader writes "Tor Mail was an anonymized email service run over Tor. It was operated by a company called Freedom Hosting, which was shut down by the FBI last August. The owner was arrested for 'enabling child porn,' and the Tor Mail servers suddenly began hosting FBI malware that attempted to de-anonymize users. Now, Wired reports on a new court filing which indicates that the FBI was also able to grab Tor Mail's entire email database. 'The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "" Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint (PDF) sworn out by U.S. Postal Inspector Eric Malecki.'"
This discussion has been archived. No new comments can be posted.

FBI Has Tor Mail's Entire Email Database

Comments Filter:
  • Wait, WTF? (Score:5, Insightful)

    by Penguinisto ( 415985 ) on Monday January 27, 2014 @02:27PM (#46082953) Journal

    Anyone with an Internet connection is capable of 'enabling child porn'.

    Fuck sakes - is CP now the backdoor to the whole US Constitution (not to mention the means by which anyone, anywhere, can be arrested for any reason?)

    Someone needs to seriously put a curb on this.

    • Re:Wait, WTF? (Score:5, Insightful)

      by Anonymous Coward on Monday January 27, 2014 @02:33PM (#46083023)

      Mentioning "child porn" and "backdoor" is probably a poor choice of words when you're logged in and traceable.

    • Re:Wait, WTF? (Score:5, Insightful)

      by houstonbofh ( 602064 ) on Monday January 27, 2014 @02:36PM (#46083073)

      Is CP now the backdoor to the whole US Constitution (not to mention the means by which anyone, anywhere, can be arrested for any reason?)

      Now? Where have you been for the past 20 years?

      • Re:Wait, WTF? (Score:5, Informative)

        by lgw ( 121541 ) on Monday January 27, 2014 @03:35PM (#46083859) Journal

        When Slashdot was very young, before we had a mode system, the was an article on "the four horsemen of the internet apocalypse": that our rights online were sure to erode in the name of fighting terrorism, CP, hacking, and/or drug dealing. Wow, that was an amazing prediction - if we include "torrenting ripped media" in hacking, that's been right on target. I hadn't been understanding the "drug dealing" part until the Silk Road bust, but sure enough.

        This is why I resist giving the government any special power only to be used in extremes - excuses are so readily available that "extremes" becomes commonplace in a few years. And whatever the real motivation for the various TOR busts, WikiLeaks is effectively dead now as a result, with their TOR service is gone.

        You can certainly see the FBI wanting TOR just strong enough to leak information from the Iranian government safely, but not strong enough to leak information about the US government safely. Sad that it seems to have come to that.

    • Re:Wait, WTF? (Score:5, Interesting)

      by Anonymous Coward on Monday January 27, 2014 @02:38PM (#46083103)

      And don't forget that the range "child porn" materials already includes cartoon drawings, adults who look too young, and images of fully-clothed children. Soon the definition of "child porn" will also be expanded to include pictures of cats and any women who are not wearing full headscarves.

      • Re:Wait, WTF? (Score:4, Interesting)

        by AmiMoJo ( 196126 ) * <mojo@world3.nBLUEet minus berry> on Tuesday January 28, 2014 @09:04AM (#46089911) Homepage Journal

        It's our own fault for giving them such a powerful weapon. Last week I suggested that possession of child pornography should be decriminalized, i.e. they can confiscate it from you but you can't be charged with a crime or otherwise publicly shamed. There have been a lot of cases in the UK where someone was falsely accused, often after the police bungled some other investigation and were trying to cover themselves by saying "oh, but he was a paedo, so at least we got him".

        Of course some idiot immediately accused me of being a paedophile and went on a fairly extensive rant about it. In amongst the raving he made the point that anyone advocating decriminalization for any reason will be subjected to his kind of behaviour by a large proportion of the public, and unfortunately I think he could be right. It's a shame because decriminalization could go a long way to allowing people who do find themselves attracted to children to come forward and get help without fear of public shaming or prosecution, as well as stopping police abuse.

    • by TheCarp ( 96830 )

      > is CP now the backdoor to the whole US Constitution

      The backdoor? Nah, if it was that simple they wouldn't need terrorism or drugs.

    • Fuck sakes - is CP now the backdoor to the whole US Constitution (not to mention the means by which anyone, anywhere, can be arrested for any reason?)

      Cheat code in Democracy for Dictator Mode: Up, Up, Down, Down, Left, Right, Left, Right, B, Child Porn Exists

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Fuck sakes - is CP now the backdoor to the whole US Constitution[...]?)


    • by Anonymous Coward

      Anyone with an Internet connection is capable of 'enabling child porn'.

      True, but the crime isn't being capable of enabling child porn is it?

      The person in question was, knowingly, providing services to child pornographers.

    • Re:Wait, WTF? (Score:5, Insightful)

      by SirGarlon ( 845873 ) on Monday January 27, 2014 @02:53PM (#46083317)
      Well, the Feds needed another backdoor. That Fourth Amendment thing really gets in the way of building up an impressive arrest record and getting promoted. You can't play the terrorism card *all* the time. People might catch on.
    • This seems to be the internet equivalent of SWAT storming into someones house and justifying it by tossing a bag of coke on the floor, claiming they "found" it.
    • Re:Wait, WTF? (Score:5, Insightful)

      by ackthpt ( 218170 ) on Monday January 27, 2014 @03:00PM (#46083417) Homepage Journal

      Spiro Agnew must be cackling in his grave.

      Same for John Edgar Hoover.

      If you're not on their list, it only means they haven't got around to you yet.

      everyone is guilty of something, sooner or later

    • Re:Wait, WTF? (Score:5, Insightful)

      by bill_mcgonigle ( 4333 ) * on Monday January 27, 2014 @03:30PM (#46083789) Homepage Journal

      So, here's the rub:

      When evaluating a hosting company of some flavor, you also have to know if they are hosting anything that could be interpreted as permitting its services to be used for child porn, terrorism, drug talk, insider trading, prostitution, seditious speech, pornography, hate speech, sins against the Father, sins against the President, or campaign finance.

      If so, don't depend on that service for any privacy.

      Basically, if there's a US nexus, you cannot hire a hosting company and expect any privacy.

      The terrorists hate us for our freedoms. Go shopping.

    • My answer:
      Ready, Aim, Fire.
      In short: where's all those guns now that you need 'em?

      • by fatphil ( 181876 )
        Well, we know there are plenty of guns from the sales figures. It's just that the ones with the guns seem to only care about defending the 2nd amendment, and not any other parts of the constitution. Which of course sets up a perfect progression for attacking US citizens' rights with the a classic "when they came for my rights, there was noone else to help me defend them" ending. The 2nd's purpose is to protect the 1st, the 4th, the 5th, and - strangely - all the rest of them right now whilst they're under a
    • by ADRA ( 37398 )

      Yes, and every internet enabled user in the US is legally required to take down illegal material if its been detected (I assume through the confiscation of another users' account information).

      If you don't follow the laws of the land, don't expect to be protected from its freedoms.

    • Considering we already have 2 people (that I know of, probably more) in jail for thoughtcrime*? I think we can safely say the constitution is now a worthless piece of paper. Also more than 174 million Americans live in the constitution free zone [] thanks to PATRIOT they can have any and all rights ignored because they are near a border. Finally according to a friend in the state crime lab because the distribution laws in most states were modeled after the drug distribution laws (you can decide whether by mali

      • by Bob_Who ( 926234 )

        I guess you better not write in your diary about that hot dream you had unless you start it off with "I carded her and she was 21" to keep from going to jail,huh?

        I tried that, but then the Feds said that it was a fake ID !

        They should know - their "stinkin' badges" are fake.

  • by tripleevenfall ( 1990004 ) on Monday January 27, 2014 @02:27PM (#46082963)

    In those zombie movies, no matter how well the humans are barricaded in a place, eventually the slow-witted zombies will always break in. They have all the numbers and time required.

    • by dougmc ( 70836 )

      I'm not sure your analogy really works here.

      If the humans were well baricaded in a place and they remained safe there from the zombies ever after ... it wouldn't be a very entertaining movie.

      • I mean no matter how innovative or cunning the group of humans is in trying to protect themselves, they can at best hope to stay one step ahead of the zombies

        • by geekoid ( 135745 )

          No. People in Zombie movies are stupid, and make non-sensible decisions., It's the only way for Zombies to be a threat. Anyone who thinks for a minute can avoid zombies.

  • by Anonymous Coward

    ..from a gmail address, or what?

    notwithstanding, they doubtless have access to the entire gmail dbase anyway.

    • by MXPS ( 1091249 )
      I'm sure they do, just not legally of course.
      • by Anonymous Coward

        Just get the secret rubberstamp court to retroactively make it legal. Problem solved.

  • by ebno-10db ( 1459097 ) on Monday January 27, 2014 @02:32PM (#46083011)

    I don't know if it was designed for that purpose, but in practice Tor is a honeypot. Encryption too? (though not by design). Maybe it's time to consider steganography more, though it has its limits in terms of bandwidth, and if encryption isn't widely used, steganography certainly won't be.

    • Its based on P2P principles (i.e. users contributing bandwidth) and the result is much less centralized than Tor.

      There is also a DHT (distributed) email system that runs over I2P, although it is not the default I2P email yet. This new email system has no servers to raid; it is all distributed P2P.

    • by AmiMoJo ( 196126 ) *

      No, it's just that people don't understand what Tor does and does not do.

      TorMail was pretty much like any other mail service. The mail was not encrypted, it was sent plaintext over the internet to users of other services. All TorMail did was provide anonymous access to a mailbox, and it was up to the user to make sure they didn't reveal anything that would give clues to their identity. Clearly sending an email to someone is a pretty big clue that you are somehow associated with them, but generally speaking

  • really? (Score:5, Insightful)

    by Connie_Lingus ( 317691 ) on Monday January 27, 2014 @02:34PM (#46083031) Homepage

    i don't understand why people think that the FBI and NSA and CIA are just going to stand by and allow criminal activity when informants (no doubt where law enforcement gets 90% of its info) tell them how and where it's happening.

    technology may slow them down a bit, but people are foolish if you think your VPN and Tor browser is going to protect you for long *if* a three-letter agency really decides to getya.

    • It's like expecting your dog to ignore the roast you left on the counter while you went to work. Sure, it could happen, but there's no reason an intelligent person would expect it to happen.

    • Re:really? (Score:5, Insightful)

      by Charliemopps ( 1157495 ) on Monday January 27, 2014 @04:27PM (#46084529)

      The point of this article is not that the FBI went into a companies email server and collected the emails of some criminals. The point of the article is that the FBI declared the entire email service criminal, collected its entire contents, and kept it for their own and then started advertizing it as a legitimate service. This is clearly, without a doubt, unconstitutional. Not only are they violating all the innocent people who were using the services rights, they are violating the CRIMINALS rights as well! They've jeopardized their own convictions and the only 2 outcomes of this are:

      1. The convictions stand, and the US continues down this totalitarian surveillance state road.
      2. The SCOTUS finally gets off their collective asses and declares this unconstitutional... unwinding decades worth of convictions based on illegal evidence and releasing tens of thousands of some of the worst criminals we have back on the streets.

      Neither on of those options are very palatable and I'd prefer the FBI gets back to investigating rather than spying to do their jobs.

  • by ClayDowling ( 629804 ) on Monday January 27, 2014 @02:34PM (#46083037) Homepage

    When you trust a third party, with whom you have no actual connection, to keep your data private, you are pretty much asking to have it compromised. The best encryption and anonymity schemes in the world are useless in the face of a court order or questionable system administration. Did you really think some anonymous person was willing to go to jail for your privacy? You're both silly and naive if you think so.

    • Wish I had some mod points for you today.
    • by Anonymous Coward on Monday January 27, 2014 @03:04PM (#46083485)

      Lavabit was willing to take the sword and went out of business.

      • by Rich0 ( 548339 )

        Lavabit was willing to take the sword and went out of business.

        Yup, hence suggesting that over the long-term the only viable privacy supporting email servers will be ones that don't actually maintain privacy. Just artificial selection at work...

        • Maintaining privacy with e-mail isn't that hard, you just have to make sure the server never has access to the plaintext or the keys. Just like every other end-to-end encryption system ever. The problem comes when people want the server to hold their keys/plaintext for them, and when server providers pretend they can do that safely.
    • by Dan667 ( 564390 )
      That is another way of saying no one cares about your data as much as you do. And I believe after the money has been made off "the cloud" that a new push for building your own safe servers will come. I see it as a cycle from mainframes to PC and cloud back to private servers, etc.
    • by Burz ( 138833 )

      On the contrary, I2P's DHT-based email uses no servers. Its all P2P-distributed, as is the underlying anonymous network protocol. No single court order or raid can acquire its data since that data only exists on the endpoint email clients.

      • Trust that at your peril. If you think the people who tracked down Osama bin Laden and killed him in his bedroom can't get ahold of your email, I'd like to make sure I'm not near you when the inevitable very bad thing happens. Too often bystanders are considered acceptable casualties.

        • by Burz ( 138833 )

          If hundreds of millions of people switched to I2P to render *easy* mass surveillance impossible (thereby making mass surveillance very expensive), how does your narrative fit into that at all? You might as well claim that people will become drone targets because they own handguns; That's just a teabagger's fantasy.

          The thing you may be missing from the whole privacy discussion is that it is generally considered a detriment to the public when society has been turned into a panopticon... sooner or later even t

          • Now you're not trusting a single third party, you're trusting -every- third party. That's just begging to be compromised. If secrecy is important to you, take steps to make sure nobody realizes you're communicating. Eliminate or reduce the ability of outsiders to figure out who you're communicating with, because that can be just as damning as having them intercept the communication (e.g. the phone meta data that the phone company must maintain in order to do business). Don't use untrusted third parties

  • Presumed guilty (Score:5, Insightful)

    by Dynamoo ( 527749 ) on Monday January 27, 2014 @02:37PM (#46083081) Homepage
    So, are the users of TorMail being presumed guilty because they dared to use a system that the NSA couldn't intercept?
    • by Anonymous Coward
      No they are presumed guilty because their service provider used shared hosting that was also used by CP sites.
    • No, that's not exactly what the article says.

      The article says the FBI seized the Tormail thingie as part of an investigation into the company that was hosting it - which they were investigating because the company in question was providing hosting services to child pornographers.

      This turns out to be a stroke of luck for the FBI, as it means for all subsequent investigations, if something comes up that involves a Tormail email address, they don't need a cooperative ISP to provide them with the contents

      • by Anonymous Coward

        This turns out to be a stroke of luck for the FBI, as it means for all subsequent investigations, if something comes up that involves a Tormail email address, they don't need a cooperative ISP to provide them with the contents of the associated mailbox.

        Not only that, but from the sounds of it the FBI needed a warrant to access/use the information they already held. So they applied for one, and it was granted by a court.
        From what I can tell, it's all according to due process. The traditional kind, not the m

      • by Anonymous Coward on Monday January 27, 2014 @03:25PM (#46083741)

        See, that's the thing. They weren't providing hosting services SPECIFICALLY to child pornographers. They were providing services to ANYONE. Anyone at all. No questions asked.

        Some of those people happened to be child pornographers. The vast majority of them were not.

        You're arguing it's reasonable to presume that any user of a service that is ALSO used by criminals should reasonably be treated as suspect? Oh, child. You don't think there's child pornographers on GMail? Using EC2? With Instagram accounts? What service that's open to all ISN'T "a crime ridden neighborhood" in your example?

        • by PRMan ( 959735 )
          I hear AT&T has been enabling this sort of use for over 100 years! Put them away immediately!
      • Re:Presumed guilty (Score:4, Informative)

        by sjames ( 1099 ) on Monday January 27, 2014 @04:00PM (#46084131) Homepage Journal

        Legally, they should delete all of the tormail data since it wan't relevant to their search.

      • I think it's more like if the FBI was using a mailbox as a hiding place for an undercover officer and you unknowingly put a letter into the mailbox, and now since you gave the letter to the FBI agent in the box, they have the right to open it and see what you wrote in case it's related to a crime.
  • by gmuslera ( 3436 ) on Monday January 27, 2014 @02:41PM (#46083141) Homepage Journal

    If you care about your privacy or want that your data is still yours, don't host it there, even encryption can be surpassed if you can control the hardware that decrypts it. UK, Australia, Israel, and others allies in the intelligence operations should be avoided too. And is not just for privacy paranoids only, companies should be worried too [], and is not limited to just IP, managing data that can get you sued if disclosed will make you liable.

    Wonder what countries with strong citizens privacy laws will require to any company that want to work there.

  • You have to be daft to consider email over the public internet to be private. It never has been and never will be.

    Wrong technology to use in carrying out any kind of sensitive communications of any sort.

  • "the TorMail e-mail server"

    The server. Singular. Did TorMail's creators and users skip class the day they explained how Tor worked?

  • What does all that have to do with national security?

  • by Anonymous Coward

    It's old hat by now that Constitutional protections don't seem to apply to the Internet, because when it's computers, it's somehow different.

    But the FBI's actions here seem to be a step beyond that: this was computers on a different kind of network, and therefore, virgin legal territory.

    It's not that I'm upset that the FBI tried to catch a specific criminal, mind you. But running malware programs and taking all the data they can physically get their hands on? That's not just retrieving evidence for court ca

  • as some of you seem to have noticed,this is just a sympton of the multiple large problems that america appears to have.

...there can be no public or private virtue unless the foundation of action is the practice of truth. - George Jacob Holyoake