Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy The Almighty Buck

Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services 106

apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
This discussion has been archived. No new comments can be posted.

Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services

Comments Filter:
  • by Anonymous Coward on Monday November 17, 2014 @04:38PM (#48405813)

    To our contributors, even though we don't know who you are *wink wink*

  • by DumbSwede ( 521261 ) <slashdotbin@hotmail.com> on Monday November 17, 2014 @04:39PM (#48405829) Homepage Journal

    ..than to have the FBI wondering why I'm contributing money to this cause. I applaud the goal, but I'll let someone more altruistic than me step up to bat.

    Save me the "When Good Men Do Nothing," I have family and other considerations outside Slashdot idealism.

    • by Anonymous Coward

      As a Swede, presumably living in Sweden, why would you be afraid of the FBI? Is the FBI something people should be afraid of? And, is anonymity a crime all of a sudden?

    • by Anonymous Coward

      ..than to have the FBI wondering why I'm contributing money to this cause.

      Does it even matter anymore? They've already declared you to be an enemy and a terrorist in their eyes. Why else would they see you as guilty until proven innocent?

      Make no mistake, the police state is here. Sitting idly by and thinking it would blow over didn't work for the Germans, and it won't work here.

    • Im no braver than you, and will not get anywhere near this for the same reasons.

      But that is the actual point of "when good men do nothing"... its when people WITH families and other considerations (something to lose) are NOT brave enough to act on what may very well be dangerous, its when they dont act evil is allowed to thrive.

      What rational white person from the 50's in the dixey south with a family and kids, a small business and the protection of the community would brave the wrath of their neighbors and

    • by burni2 ( 1643061 )

      I think you are on the best way to find out about the meaning of "freedom of choice" you exercised your right to "freedom of speech" because good men did many things.

      But the best solution if you have nothing to say.

      Just shut up and ignore it.

      But you would make the headlines:

      "Father of two daughters indicted for giving funding to U.S. government backed anti censor operation. - President Obama faces impeachment over funding of pro american value anti censor ship program."

      He was soo pro american and all over t

    • by N1AK ( 864906 )

      Save me the "When Good Men Do Nothing," I have family and other considerations outside Slashdot idealism.

      It's a shame you don't see the irony in that statement. If anyone can afford to throw some money at Tor it is the people who don't do anything overly contentious, it's a shame that your cowardice is stopping you from doing relatively safe things now that could protect your freedoms later, at which point doing something about it would be far more dangerous.

    • Save me the "When Good Men Do Nothing," I have family and other considerations outside Slashdot idealism.

      The problem isn't "When good men do nothing". It's your tinfoil chapeau and paranoia. If you seriously care about your family, seek professional help as soon as possible.

    • by AmiMoJo ( 196126 ) *

      You should stand up to your oppressors and not let chilling effects stop you promoting and protecting freedom. If people give up due to chilling effects, let alone specific threats, we lose.

  • If tor has 3 hops from source to hidden service, and perhaps there are 10,000 nodes, how hard is it for a government to have 25% of those nodes under its control? and if you own all the hops, you know where the hidden server is.
    • DoS the hidden site, see where the traffic ends up. Rinse, repeat.

    • Hidden services actually use 7 hops. The hidden service picks several relays at random and makes them the "introduction points" and pushes this along with the hidden service descriptor. These introduction points are at the end of a normal Tor circuit (ie 3 hops). When a client wants to access the site, it connects to the introduction point also over a Tor circuit. The client and hidden service then randomly pick a relay as a rendezvous point, because you don't want the introduction points overloaded.

      At that

  • It's not a secret (Score:2, Insightful)

    by Anonymous Coward

    The government connects to the kiddy porn site and downloads a 500mb video, they have PRISM tell them the computer that transferred 500mb of data to their computer, the computer that transferred 500mb of data to that computer, and so on. It's metadata all the way back to the actual hidden service where the 500mb file came from. As a bonus, they can have PRISM tell them everyone else that connected to a computer that connected to a computer that connected to a computer that connected to the kiddy porn site

  • A good idea (Score:4, Insightful)

    by Kevin Fishburne ( 1296859 ) on Monday November 17, 2014 @04:51PM (#48405929) Homepage
    Finally the world has a way to give their respective government a mighty middle finger after all the bullshit that's been going on lately. I hope they get millions from every corner of Earth.
    • by Nutria ( 679911 )

      Bwahahahahahahahahahahahaha!

      The FBI, GCHQ, BND, etc are going to tear apart the finances of every person that donates to this project.

      • The FBI, GCHQ, BND, etc are going to tear apart the finances of every person that donates to this project.

        Under what pretense? Funding terrorism? Tor, Ter, not too much a stretch I guess. Seriously, they can't do a thing to stop Tor funding without resorting to breaking or seriously misapplying their own laws. I don't think they'll go that far.

        • Not very long ago a website called Wikileaks had quite some trouble receiving funds because Paypal, Visa and Mastercard refused to cooperate.

        • by Nutria ( 679911 )

          Under what pretense?

          A high-enough percentage of Tor users are there for drugs and child porn that a clever FBI attorney could convince a friendly judge that donating to Tor is Probable Cause. GCHQ probably doesn't even clever word smithing to investigate them.

  • by Anonymous Coward

    Traffic analysis and other techniques make you trivially de-anonymized by the NSA.

    TOR is NOT anonymous, and anyone who thinks it is deserves what they get. But what it IS good for is hiding from non-5-eyes countries. Say you are in the middle east and your third world government doesn't like you reading pr0n. No problem, the NSA isn't gonna hang your ass out to dry for that, and they certainly wont compromise their capabilities for stupid political shit. So TOR away all you want, to keep yourself safe f

  • ...Because now they'll need a few good tax attorneys.
  • The feds had no problem ferreting out the Silk Road operators, but it seems they're completely unable to do anything against the cryptolocker extortionists. Despite the damage being by some margin bigger.

    One really has to wonder where the priorities are...

    • by Anonymous Coward

      Feds protect the NY criminals. The cryptolocker guys know which kind of thing goes unpunished, very much like the NY banksters know. You can massively mess with people's lifes by means of finance fraud, put PLEASE dont use drugs for that end.

      We know that drugs do nasty things while the NY banksters only made folks like Hitler and Mussolini happen. See the rationality ?

    • The Cryptlocker guys, unfortunately, did a near perfect job implementing their ransom-ware and command/control net. Both the US Justice Dept and Interpol did go after them, and ultimately took down the Zeus botnet controlling the malware, even getting back all the keys for the encrypted files. Don't think for a second that the Justice Dept wouldn't have loved to catch those guys and splash it all over the front page if they could have, though.

      I don't buy the conspiracy theories. You can bet the feds are

  • These were US agencies that have funded creation of TOR; CIA and NSA, you name it.

    Obviously, the decision has been made that if encryption and anonymity cannot be controlled, then it needs to be led, and there are many ways to stay on top:
    a) controlled nodes b) code flaws

  • Rule #1 that should be enforced: contrary to all popular docs, the hidden service should never, ever, be on the same logical machine as the tor daemon. The latter needs connectivity to arbitrary IPs, which means as soon as any part of the service is pwned -- or just sports a data leak -- the bad guys can learn who you are. If the hidden service machine doesn't know its IP nor other kinds of data that can be used to identify it, it can't leak that.

    This won't avoid traffic analysis, but (most likely) the ma

    • agree with that.

      hidden service operators should be running a separate "last mile" service.

      Something like sticking it on a I2P network with no internet access and routing out through tor on another section of the network.

  • by Anonymous Coward

    In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed.

    Could it have been the Fed's control of the whole network? Or perhaps it was an analysis of router traffic flow records, which supposedly reveals 81% of tor users [thestack.com], according to researchers [columbia.edu]...

    • More likely they were all running on webservers with standard internet access.

      Pretty straight forward to get a webserver or other service to identify itself if the machine it is on can resolve a standard url.

      plain jane simple post shellshock bug.

  • Secure (Score:4, Interesting)

    by darkain ( 749283 ) on Monday November 17, 2014 @05:18PM (#48406189) Homepage

    No matter how much effort goes into securing the transport layer, it means absolutely nothing if the end nodes themselves are insecure. Something as simple as a SQL injection or remote code execution could easily deanonymize an end node. With how quickly many of those sites sprung up, one of the current theories is lack of security on the end-points themselves is what was attacked, not the Tor network itself.

    • I was thinking the same thing but in addition, how are you supposed to give money to common hidden services? They're hidden. What are they going to do, ask nicely for them to give a paypal e-mail address? I don't think so. They could go the bitcoin route but seriously, throwing money at better servers doesn't mean there's a smarter person running it. You "zoom out" to just reserach and development on better Tor protocols and it still leaves it wide open to stupid people. You can't just throw money at
    • by Anonymous Coward

      You can almost guarantee the safety of your protocol, but you'll never guarantee the safety of someone's personal PC. Almost all attacks on Tor users that we know about have been through shit like malware and 'unsecure' things being on Tor that are easy to track.

      You can make a car that's immune to mechanical failure, but you'll never be able to guarantee the driver isn't dumb and that other people aren't looking to run into them for insurance scams or that other people's cars won't have mechanical failures

    • by Anonymous Coward

      Yet nobody seems to be considering the possibility that TOR simply isn't providing the anonymity that it claims, or that, being a US-government funded project, it isn't just a means of tempting people into using it for their "secure" *nudge nudge wink wink* communications. There was an article on Slashdot or Arstechnica, I'm almost positive, where some researchers demonstrated that by using Cisco's "Netflow" package they were able to successfully identify about 81% of the TOR users at the other end...100% i

      • Yet nobody seems to be considering the possibility that TOR simply isn't providing the anonymity that it claims

        Well, yeah, because:
        http://www.dailydot.com/politi... [dailydot.com]

        However, upon further examination, no one could quite figure out where all supposedly seized hidden services were. After all, the biggest Dark Net markets are still in operation. The biggest child pornography sites are still running. In fact, the seized websites represent less than a third of Dark Net commerce.

        Update Nov. 8, 8:31am: Far fr

  • by Anonymous Coward

    Will they accept Flooz?

You know you've landed gear-up when it takes full power to taxi.

Working...