DOJ Official Tells 100 Federal Judges To Use Tor

The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers, remembers judge Robert J. Bryan. An anonymous reader quotes a report from Vice: While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges...

"I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor...one FBI agent was also an advocate of Tor.

FBI approved eggshells

[turkeydance]

for your honor's consideration

Re:FBI approved eggshells

[PRMan]

Tor kept the Silk Road online for 2 years where without it they would have shut him down immediately. And they found him with old fashioned police work, not Tor hacking.

They have become better at finding IP leaks to exploit, but to say that they can go through Tor like eggshells is overstating it quite a bit.

Re:FBI approved eggshells

[lgw]

TOR seems really good at preventing mass harvesting of data by the government. Everything we've seen requires them to make a special effort to hack someone they're interested in, so maybe it's not so useful for high-profile criminal activity. But for doing things today which may be made illegal one day in the future, and your browsing history used against you, it seems to work fine.

Re:

[GLMDesigns]

No you dope your government created TOR!

Therefore what?

That the concept of TOR is flawed? Or that sufficient nodes are covertly run by agencies that it makes the whole process null and void?

It's possible but ... I don't think so.

Re:

[lgw]

No you dope your government created TOR!

And why do you imagine they did so? Can you not think of a government purpose that could be served by allowing someone to "VPN" into a US government server without another government being able to tell that that connection had been made?

Re:

[AmiMoJo]

If you use it perfectly it will keep you safe. Use the Tails live CD, ideally through public wifi some distance from where you live. Never, ever enable Javascript. Never make your browser window maximised or full screen. And of course, never reveal any identifying information yourself.

Makes running a criminal empire difficult, but that's not the design goal. It's great for people looking for uncensored web access, journalists trying to get stories out, whistleblowers leaking information etc. It kept Snowden

Re:

[Keybounce]

*DO* make your browser window full sized.

The size of the window can be determined by the web site, and used to track people. If your window size is the same as most users, you're just a blip. But if your window size is unique, you stand out as an individual.

Re:

[AmiMoJo]

Maximizing the window reveals monitor resolution and toolbar sizes (by inference from the available rendering area). The Tor browser by default picks a window size that is common, and if you check with fingerprinting tools it's actually less unique than when maximized.

I tried it a while back. With the default size I got about 1 in 4000 with panopticlick. Maximized that fell to 1 in about 2,000,000, much worse.

Re:

[Keybounce]

Wow.

Thank you for that. I had assumed that maximum size would be limited only by screen resolution (1024 wide), and common to anyone else with the same monitor size.

Re:

[Falos]

This. There's a (frequently understated) distinction between mass automated logging and targeted, active monitoring. Very diligent use of TOR and associated tools/behavior can resist or even outright beat the latter, but most of us are just trying to beat the former, not the latter's scrutiny.

It's pretty easy (tinfoil check: probably) to get "on a list" but I'm confident (mostly) that getting put under a microscope is very rare and only happens to people involved with large amounts of money, influence (i

Re:

[TroII]

Tor kept the Silk Road online for 2 years where without it they would have shut him down immediately.

If they'd shut him down immediately he'd probably already be out of prison. They let it go as long as they did so they could pile on more and more charges.

Parallel Construction

[Anonymous Coward]

DEA has already admitted it routinely receives spook information, it routinely covers up the source of that information with a parallel fake set of evidence.

DEA was the lead agency against Silk Road. You claim 'IP' leaks, others have made vague 'informant' claims, but in reality none of that has been claimed or shown to a court. What was shown to the court was remarkably light on challengable information. Which is a strong indicator that it was a false Parallel Construction case:

https://www.wired.com/2014/0

Re:

[GLMDesigns]

Where is the evidence that he was killed. I'm as interested as anyone else but ... the more damning the claim the more evidence you need to be able to promote it.

What is the evidence he was killed?

What motive was there for his death?

And why use the police (in uniform) to do it as opposed to another random killing by who-knows-who?

One branch of DOJ ...

[PPH]

... warns its members to protect itself from another branch of the DOJ. That shadow government we've been warning you about is here. Fuck the rule of law, judicial warrants and the Constitution. The FBI is a rogue operation that doesn't obey it's chain of command anymore.

Re:

[Razed By TV]

Christ, no. The judge remarked that Tor was not good for protecting data because he thinks the FBI can easily break it and identify users on it.

The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers

The director suggested they all use it.
Judge Bryan disagreed with the usefulness of it because the FBI could possibly compromise it.

Three card monte

[BlackSabbath]

"Our helpful DoJ tech will install Tor on your laptop your honour."

OPSEC

[tacarat]

The military should be using it too. I imagine a judge's personal computer habits are wonderful places to score data regarding blackmail material, pending judgements for buying and shorting stocks, etc.

Re:

[Frosty Piss]

I imagine a judge's personal computer habits are wonderful places to score data regarding blackmail material, pending judgements for buying and shorting stocks, etc.

Many in the Judicial refuse to use the Intertubes at all.

Re:

[h33t l4x0r]

The military should *not* be using Tor. Look, unless you're doing some shady dark web stuff, your Tor traffic eventually has to pass through a random exit node which you do not control. It can be controlled by some Russian hacker. Why would you think the military should be ok with that?

Re: OPSEC

[tacarat]

You think their internet connections aren't monitored by foreign interests already? Not just the installations, but the home connections? Maybe it's less of a concern for state side bases, but the ones overseas are a different issue. Besides, you're assuming they couldn't use a private version with known and trusted exits.

Re:

[No Longer an AC]

How many of us really have anything blackmail-worthy that would be revealed by our internet usage?

The worst they could get on me would be some kinky, but legal, porn searches. I wouldn't want everyone in the world to know about that, but if I were a judge I wouldn't let someone blackmail me over it either.

If the information came out and I had to even address it, I'd simply say "Yeah, I have viewed porn on the internet. So what?"

Maybe it would be more typical for someone to casually "pirate" movies or TV

Re: OPSEC

[tacarat]

Nothing to hide is different than something to share. Enjoy your burner phone.

too late

[Anonymous Coward]

im 14 years ahead of this warning LOL
and the idiots at torrent freak swore it was safe.....i knew better and ill never tell how i found out..oh and i even once sold a mug inside the usa that had root code of the fbi webserver a year after they illegally attacked my server cause i did not want a war game and give me compensation for businesses i was looking after.

OH and all they cold do was the same knda DDoS that lolsec was famous for a tip that told me and my brothers and sisters to lay off and away from t

Why would judges need to use TOR?

[BitterOak]

I could understand recommending some sort of full disk encryption product to protect confidential information on their computers, but Tor was designed for something different: anonymous browsing. Why would judges need that as part of their professional duties?

Re:

[BitterOak]

They need TOR for when they are watching kiddie porn, in between cases.

Yeah, that's why we all use TOR, but that isn't part of their professional duties. Since a DOJ official is recommending TOR to a room full of judges, I assume it is somehow tied to their work and I'm just curious why judges would need that.

Re:

[bluefoxlucid]

It's probably the usual information decay. "TOR is for privacy and anonymity" becomes "TOR protects your privacy" becomes "TOR protects your data" becomes "TOR keeps hackers from looking at your secret data and using it to blackmail you and take over your computer" becomes "TOR is secure! You must have secure! Computers are so fucking dangerous hackers everywhere OMG we must all secure! We must all TOR!"

It's like the Barack Obama thing where someone went asking random folks if Barack Obama was still

TOR is more secure than most IT departments

[Joseph Doeden]

Most business are hacked by hackers, not the government. They want to mitigate the risk they have, not a risk you made up to suite your own parnaioa. Until business see damages from Intelligence Agencies, it's not a point compared to hackers. Elon Musk is not protecting his networks primarily from the FBI. He is protecting it from prolific armies of Chinese hackers. China is not like the US, it's prioritizing science, technology and efficiency. To some degree their population forces those kinds of smarter

Re:

[raind]

True but let's not forget the rest of the national actors (Amerika and her allies) Our education rate (?) Rigged like it's elections.

Those 100 judges under investigation?

[fustakrakich]

What could be more convenient than to have them funnel all their work to the FBI through Tor?

Use Tor to protect your computers

[khz6955]

"The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers"

TOR will disguise the IP address of your computer. But there are a number of ways from compromised nodes to malicious dark sites that can be used to reveal your location, especially if you use the latest iteration of Microsoft Windows.