Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services 106
apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
Special Thanks (Score:3, Funny)
To our contributors, even though we don't know who you are *wink wink*
Re: (Score:2, Interesting)
Tor is centered on one single tech: onion routing.
They seem to refuse to consider adding or adopting other techs, like using chaff in the network and trivial delay/random queues to at least defeat some timing and observation attacks.
It's like they're hooked and stuck on their unilateral approach.
And when people bring up alternatives they point to anonbib and disclaim them.
Well yeah, nothing's a total solution, but what some people voice is helpful.
They're also way too quiet about their position whether pers
Re: (Score:1)
As I understand it Tor is between you and some other place on the public internet. I2P is not made to go out to the internet. It's more like Tor without exit and only hidden sites, like a secret internet on top of the public internet.
Re: (Score:2)
Why are people over looking the money?I thought silk road went down because Roberts wasn't careful where his money went.
Re: I need Bennet Haselton to analyze this (Score:1)
Bennett Hasselton was once bitten by a snake. After 3 hours of excruciating pain, the snake died.
Re: I need Bennet Haselton to analyze this (Score:1)
I'm sure we all are thinking the exact same thing at this moment.
Spare a second and join us.
Nothing I'd like better... (Score:5, Insightful)
..than to have the FBI wondering why I'm contributing money to this cause. I applaud the goal, but I'll let someone more altruistic than me step up to bat.
Save me the "When Good Men Do Nothing," I have family and other considerations outside Slashdot idealism.
Re: (Score:1)
As a Swede, presumably living in Sweden, why would you be afraid of the FBI? Is the FBI something people should be afraid of? And, is anonymity a crime all of a sudden?
Re: (Score:1)
"Is the FBI something people should be afraid of?"
Yes.
"And, is anonymity a crime all of a sudden?"
Not all of a sudden.
http://en.wikipedia.org/wiki/Boiling_frog#Cultural_usage [wikipedia.org]
Re: (Score:2)
As a Swede, presumably living in Sweden
There are 8 metric ass-loads of people of Swedish descent living is the US.
Re: (Score:2)
4.6 fucktonnes
Re: (Score:2)
Being of Swedish descent doesn't automatically make you a Swede.
Re: (Score:1)
..than to have the FBI wondering why I'm contributing money to this cause.
Does it even matter anymore? They've already declared you to be an enemy and a terrorist in their eyes. Why else would they see you as guilty until proven innocent?
Make no mistake, the police state is here. Sitting idly by and thinking it would blow over didn't work for the Germans, and it won't work here.
Re: (Score:2)
Im no braver than you, and will not get anywhere near this for the same reasons.
But that is the actual point of "when good men do nothing"... its when people WITH families and other considerations (something to lose) are NOT brave enough to act on what may very well be dangerous, its when they dont act evil is allowed to thrive.
What rational white person from the 50's in the dixey south with a family and kids, a small business and the protection of the community would brave the wrath of their neighbors and
Re: (Score:2)
I think you are on the best way to find out about the meaning of "freedom of choice" you exercised your right to "freedom of speech" because good men did many things.
But the best solution if you have nothing to say.
Just shut up and ignore it.
But you would make the headlines:
"Father of two daughters indicted for giving funding to U.S. government backed anti censor operation. - President Obama faces impeachment over funding of pro american value anti censor ship program."
He was soo pro american and all over t
Re: (Score:2)
Recall "The NSA Is Targeting Users of Privacy Services, Leaked Code Shows" (07.03.14)
http://www.wired.com/2014/07/n... [wired.com]
"The rules indicate that the NSA tracks any IP address that connects to the Tor web site or any IP address that contacts a server that is used for an anonymous email service..."
"The NSA is also tracking anyone who visits the popular online Linux publication,
Re: (Score:2)
It's a shame you don't see the irony in that statement. If anyone can afford to throw some money at Tor it is the people who don't do anything overly contentious, it's a shame that your cowardice is stopping you from doing relatively safe things now that could protect your freedoms later, at which point doing something about it would be far more dangerous.
Re: (Score:2)
The problem isn't "When good men do nothing". It's your tinfoil chapeau and paranoia. If you seriously care about your family, seek professional help as soon as possible.
Re: (Score:2)
Its easy to forget, especially when many of us talk so much about large policy issues, that the US government is NOT a single org but a very large umbrella collection of many interdependent orgs, each with their own agenda.
Sometimes these agendas align, sometimes, they diverge and work at cross purposes.
The NSA has no operational need for tor, they are likely 100% focused on breaking it. Likewise the DEA, and FBI similarly. However, you start getting to DARPA, and parts of the State Department, and a strong
Re: (Score:2)
You should stand up to your oppressors and not let chilling effects stop you promoting and protecting freedom. If people give up due to chilling effects, let alone specific threats, we lose.
3 hops? (Score:2)
Re: (Score:2)
DoS the hidden site, see where the traffic ends up. Rinse, repeat.
Re: (Score:2)
Re: (Score:2)
Hidden services actually use 7 hops. The hidden service picks several relays at random and makes them the "introduction points" and pushes this along with the hidden service descriptor. These introduction points are at the end of a normal Tor circuit (ie 3 hops). When a client wants to access the site, it connects to the introduction point also over a Tor circuit. The client and hidden service then randomly pick a relay as a rendezvous point, because you don't want the introduction points overloaded.
At that
It's not a secret (Score:2, Insightful)
The government connects to the kiddy porn site and downloads a 500mb video, they have PRISM tell them the computer that transferred 500mb of data to their computer, the computer that transferred 500mb of data to that computer, and so on. It's metadata all the way back to the actual hidden service where the 500mb file came from. As a bonus, they can have PRISM tell them everyone else that connected to a computer that connected to a computer that connected to a computer that connected to the kiddy porn site
A good idea (Score:4, Insightful)
Re: (Score:2)
Bwahahahahahahahahahahahaha!
The FBI, GCHQ, BND, etc are going to tear apart the finances of every person that donates to this project.
Re: (Score:2)
The FBI, GCHQ, BND, etc are going to tear apart the finances of every person that donates to this project.
Under what pretense? Funding terrorism? Tor, Ter, not too much a stretch I guess. Seriously, they can't do a thing to stop Tor funding without resorting to breaking or seriously misapplying their own laws. I don't think they'll go that far.
Re: (Score:1)
Not very long ago a website called Wikileaks had quite some trouble receiving funds because Paypal, Visa and Mastercard refused to cooperate.
Re: (Score:2)
Under what pretense?
A high-enough percentage of Tor users are there for drugs and child porn that a clever FBI attorney could convince a friendly judge that donating to Tor is Probable Cause. GCHQ probably doesn't even clever word smithing to investigate them.
confusion about what TOR is for (Score:2, Informative)
Traffic analysis and other techniques make you trivially de-anonymized by the NSA.
TOR is NOT anonymous, and anyone who thinks it is deserves what they get. But what it IS good for is hiding from non-5-eyes countries. Say you are in the middle east and your third world government doesn't like you reading pr0n. No problem, the NSA isn't gonna hang your ass out to dry for that, and they certainly wont compromise their capabilities for stupid political shit. So TOR away all you want, to keep yourself safe f
Its a good thing they are lawyers (Score:2)
One has to wonder (Score:2)
The feds had no problem ferreting out the Silk Road operators, but it seems they're completely unable to do anything against the cryptolocker extortionists. Despite the damage being by some margin bigger.
One really has to wonder where the priorities are...
Re: (Score:1)
Feds protect the NY criminals. The cryptolocker guys know which kind of thing goes unpunished, very much like the NY banksters know. You can massively mess with people's lifes by means of finance fraud, put PLEASE dont use drugs for that end.
We know that drugs do nasty things while the NY banksters only made folks like Hitler and Mussolini happen. See the rationality ?
Re: (Score:2)
The Cryptlocker guys, unfortunately, did a near perfect job implementing their ransom-ware and command/control net. Both the US Justice Dept and Interpol did go after them, and ultimately took down the Zeus botnet controlling the malware, even getting back all the keys for the encrypted files. Don't think for a second that the Justice Dept wouldn't have loved to catch those guys and splash it all over the front page if they could have, though.
I don't buy the conspiracy theories. You can bet the feds are
People have short memory (Score:2)
These were US agencies that have funded creation of TOR; CIA and NSA, you name it.
Obviously, the decision has been made that if encryption and anonymity cannot be controlled, then it needs to be led, and there are many ways to stay on top:
a) controlled nodes b) code flaws
Re: (Score:2)
Separate the hidden service from the tor daemon (Score:2)
Rule #1 that should be enforced: contrary to all popular docs, the hidden service should never, ever, be on the same logical machine as the tor daemon. The latter needs connectivity to arbitrary IPs, which means as soon as any part of the service is pwned -- or just sports a data leak -- the bad guys can learn who you are. If the hidden service machine doesn't know its IP nor other kinds of data that can be used to identify it, it can't leak that.
This won't avoid traffic analysis, but (most likely) the ma
Re: (Score:1)
agree with that.
hidden service operators should be running a separate "last mile" service.
Something like sticking it on a I2P network with no internet access and routing out through tor on another section of the network.
To be revealed... (Score:1)
In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed.
Could it have been the Fed's control of the whole network? Or perhaps it was an analysis of router traffic flow records, which supposedly reveals 81% of tor users [thestack.com], according to researchers [columbia.edu]...
Re: (Score:1)
More likely they were all running on webservers with standard internet access.
Pretty straight forward to get a webserver or other service to identify itself if the machine it is on can resolve a standard url.
plain jane simple post shellshock bug.
Secure (Score:4, Interesting)
No matter how much effort goes into securing the transport layer, it means absolutely nothing if the end nodes themselves are insecure. Something as simple as a SQL injection or remote code execution could easily deanonymize an end node. With how quickly many of those sites sprung up, one of the current theories is lack of security on the end-points themselves is what was attacked, not the Tor network itself.
Re: (Score:1)
Re: (Score:1)
You can almost guarantee the safety of your protocol, but you'll never guarantee the safety of someone's personal PC. Almost all attacks on Tor users that we know about have been through shit like malware and 'unsecure' things being on Tor that are easy to track.
You can make a car that's immune to mechanical failure, but you'll never be able to guarantee the driver isn't dumb and that other people aren't looking to run into them for insurance scams or that other people's cars won't have mechanical failures
Re: (Score:1)
Yet nobody seems to be considering the possibility that TOR simply isn't providing the anonymity that it claims, or that, being a US-government funded project, it isn't just a means of tempting people into using it for their "secure" *nudge nudge wink wink* communications. There was an article on Slashdot or Arstechnica, I'm almost positive, where some researchers demonstrated that by using Cisco's "Netflow" package they were able to successfully identify about 81% of the TOR users at the other end...100% i
Re: (Score:1)
Well, yeah, because:
http://www.dailydot.com/politi... [dailydot.com]
Re: (Score:1)
If it has access to the wider internet other than through tor, the IP address of the host network.
A lot of those taken down seem to be on VPS hosts, which provide virtually zero opsec for the actual server being identified. Since you don't need to get the IP address of the server, just the name of the VPS service provider (e.g. from a 404 page)
Payment Options (Score:1)
Will they accept Flooz?