Attacking and Defending the Tor Network

← Back to Stories (view on slashdot.org)

Attacking and Defending the Tor Network

Posted by CmdrTaco on Tuesday March 29, 2011 @07:31AM from the takes-a-codpiece-and-a-helmet dept.

Trailrunner7 writes "In a talk at the USENIX LEET workshop Tuesday, Nick Mathewson of the Tor Project discussed the group's recent challenges in responding to suppression efforts by governments in Egypt, China and elsewhere. What the Tor members have learned in these recent incidents is that while governments are becoming more up front about their willingness to shut off Internet access altogether or censor content, users are also becoming more resourceful. Mathewson said that the group is working on methods for alleviating the problems that national-level restrictions cause for Tor users. One method involves moving to a modular transport method in order to get around some of the throttling that ISPs perform on encrypted traffic in order to make Tor usage more difficult. In a separate talk at LEET, Stevens LeBlond of INRIA in France presented research on methods for tracing Tor users back to their IP address. One of the attacks, which LeBlond and his co-authors titled 'Bad Apple,' used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses."

132 comments

Min score:

Reason:

Sort:

Information Is Like Water by WrongSizeGlass · 2011-03-29 07:33 · Score: 2

Information is like water and it will always find a way to get through.
1. Re:Information Is Like Water by bknabe · 2011-03-29 07:41 · Score: 2
  
  Yes, but it would be nice if the source survived the sending.
2. Re:Information Is Like Water by RazzleFrog · 2011-03-29 08:26 · Score: 1
  
  And like water it can get flavored or poisoned as it goes through. Or it can just get completely frozen.
3. Re:Information Is Like Water by gnick · 2011-03-29 08:53 · Score: 2
  
  So... Are you saying "You can't stop the signal"?
  
  --
  He's getting rather old, but he's a good mouse.
4. Re:Information Is Like Water by Anonymous Coward · 2011-03-29 09:53 · Score: 0
  
  Information is like water and it will always find a way to get through.
  Yes. And the identity of the participants is also information, is it not?
I tried Tor.... by joocemann · 2011-03-29 07:37 · Score: 2

... and it was too slow to do anything at all.
meh...
1. Re:I tried Tor.... by GameboyRMH · 2011-03-29 07:45 · Score: 1
  
  I dunno what you were doing wrong. It's fine for web surfing as long as you don't try to run videos through it.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2. Re:I tried Tor.... by Tolkien · 2011-03-29 07:46 · Score: 2
  
  That's because the number of exit nodes isn't very large. If there were more, a corresponding increase in speed would be the result.. If you want to help make Tor faster for other users, set up your own computer as an exit node.
  
  --
  how is babby formed?
3. Re:I tried Tor.... by Kjella · 2011-03-29 07:51 · Score: 1
  
  If you seriously want to deal with everyone accessing everything through your IP address. Be prepared for a world of pain, particularly as a private individual where people will automatically assume you are the guilty one. Honestly, TOR is better off when the system is closed and everything is on .onion sites. There's much less hassle for everyone involved that way.
  
  --
  Live today, because you never know what tomorrow brings
4. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 07:55 · Score: 1
  
  Chalk this up to "This is why we can't have nice things."
  I ran a tor exit node, and I was pretty interested in seeing what was being accessed, so I ran it through squid.
  And now, I don't run a tor exit node because as far as I can tell, unless I just got all the deviant-redirected traffic, it's not being used for much, if any, good. And I was just redirecting http traffic!
  *Now, this only meant I could see what was being accessed. I still couldn't see who/where was accessing what, just looked through the access and store logs, nothing deeper.
5. Re:I tried Tor.... by joocemann · 2011-03-29 07:56 · Score: 2
  
  Really? I found that even using slashdot takes like 30-60 secs just to load the one page I'm trying to look at... I click something to move forward in my surf, and there goes another 30-60 seconds. Without tor its like 1 second. I'm just too busy/impatient/american to wait so long after each click. Anyway, I just go without and tell myself that I'm not as interesting as I might think I am. This has worked so far.... oh wait, there's a knock at the door... brb.
6. Re:I tried Tor.... by SuricouRaven · 2011-03-29 07:56 · Score: 1
  
  If accused, you can probably prove you were not responsible. After the police have siezed every computer and mobile phone you own, the press has dragged your name through the mud, and half the town are at your door with the traditional pitchforks to expell the suspected pedophile. If you're lucky, the police might even give your computers back after a year or so, once they have finished searching it for any other crimes you may have committed they can charge you with to save face.
7. Re:I tried Tor.... by GameboyRMH · 2011-03-29 08:04 · Score: 1
  
  Even when I surf Tor on my PDA via SSH tunnel to one of my Tor nodes, pages generally load in under 10secs...are you going through a caching proxy server (like Polipo) to Tor or directly to Tor? Connecting directly to the Tor proxy itself with your browser is going to be slower and more unreliable.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
8. Re:I tried Tor.... by Moryath · 2011-03-29 08:04 · Score: 1
  
  Secondary problem: the ISPs in the US are actively pursuing policies (Comcrap and AT&T's "monthly bandwidth cap" crap for instance) that make it very painful to use Tor in other senses.
  Make yourself an exit node and watch your traffic skyrocket...
9. Re:I tried Tor.... by Hatta · 2011-03-29 08:06 · Score: 2
  
  If you're going through a proxy server to get to Tor, the proxy server knows your IP and everything you've browsed. This defeats the purpose of using Tor.
  
  --
  Give me Classic Slashdot or give me death!
10. Re:I tried Tor.... by GameboyRMH · 2011-03-29 08:09 · Score: 2
  
  You misunderstand. The proxy server runs on the same box as Tor (Polipo is installed with Tor by default on the 'buntus and Debian). The caching proxy server is used to smooth out Tor's unreliability. If anyone can see what your proxy server is doing you have much bigger problems.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
11. Re:I tried Tor.... by royallthefourth · 2011-03-29 08:20 · Score: 1
  
  If you had looked deeper, you wouldn't found an incredible quantity of passwords being sent in plaintext to login to websites that don't use SSL.
12. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 08:33 · Score: 0
  
  There are countries where you can get away with running ANYTHING through a Tor exit node...it makes me giggle just thinking of it. But it has to be in the sweet butterzone. Not a first-world country where the corporations run wild and the government cares about what you do on the Internet, and not a 3rd-world hellhole where the gestapo will haul you off. I better not name any places specifically, you can understand why.
  Posting anon because I don't want to be a suspected pedo, I just like to do some things that piss of corporations and governments very, very much.
13. Re:I tried Tor.... by Rei · 2011-03-29 08:33 · Score: 1
  
  That's what I2P is for. No exit nodes, purely internal. It has a number of neat architectural differences from Tor to make it harder to attack and to improve performance. Also, for those who care, unlike Tor, I2P doesn't try to block filesharing.
  Downsides: I2P is Java, so it eats more CPU. Also, it has a smaller userbase, meaning it's been less studied and isn't as resistant to takeover-style attacks like Sybil. And, obviously, you don't route to the outside world from I2P.
  
  --
  Did he just go crazy and fall asleep?
14. Re:I tried Tor.... by TheCarp · 2011-03-29 09:40 · Score: 1
  
  I happen to mostly agree but...
  I also ran a tor exit node from my home for a while. Not recommended for a few reasons, but I did. The worst that ever came from it? I found that I couldn't use my IP to post on craigslist anymore. Never heard a peep from my ISP (was comcast at the time), nothing.
  
  --
  "I opened my eyes, and everything went dark again"
15. Re:I tried Tor.... by TheCarp · 2011-03-29 09:42 · Score: 1
  
  How exactly does tor attempt to block file sharing? Aside from recommending against certain things like bittorrent (which is pretty pathological on the tor network for various reasons, the designs just do not play nice with eachother), I am unaware of any such attempt.
  In fact, I believe there are a few file sharing sites in .onion space. I don't use them, but I am pretty sure I have seen them.
  
  --
  "I opened my eyes, and everything went dark again"
16. Re:I tried Tor.... by Hatta · 2011-03-29 09:45 · Score: 1
  
  Oh right. It was privoxy last time I tried Tor, but whatever. Don't see how much that will really help, since the caching proxy can't know what you're going to want to see in the future. The first time you access any resource will be as slow as plain Tor.
  
  --
  Give me Classic Slashdot or give me death!
17. Re:I tried Tor.... by GameboyRMH · 2011-03-29 10:10 · Score: 1
  
  Polipo also works like a download accelerator, which is a big help over Tor.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
18. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 10:11 · Score: 0
  
  I dunno what you were doing wrong. It's fine for web surfing as long as you don't try to run videos through it.
  It's good for text and small pages. It's less good for multimedia. But for the really important stuff, text is the most you need. Beyond that, if an image is really important, it'll at least get through. The really really important stuff ends up either on freenet or wikileaks.
19. Re:I tried Tor.... by Rei · 2011-03-29 10:22 · Score: 1
  
  Default exit policy: Link
  
  --
  Did he just go crazy and fall asleep?
20. Re:I tried Tor.... by Runaway1956 · 2011-03-29 10:25 · Score: 1
  
  I've found Tor to be slower than an unencrypted direct connection made through standard ports. I'll give you that much. But, Tor's usefulness isn't measured in speed. It's measured in anonymity. Think about it - one doesn't buy a 60 horse John Deere tractor for street racing. Why would you "buy" Tor for speed surfing?
  Now, if you care to see something that is really slow, you should look at I2P. It's far more anonymous than Tor - and it's also much slower. Go on, test drive it, for educational purposes. Be warned - it's anonymity level is pretty high, and some really creepy characters use it to find and share child pornography. But, you don't have to see any of that, because you are forewarned. Just use one of the indexing services to find your content, and you'll be safe from that sort of trash.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
21. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 10:26 · Score: 0
  
  This should be emphasized. The parent is correct that other proxy servers must be avoided for the reasons stated. As GameboyRMH states, the Polipo proxy is part of the infrastructure installation for TOR and is there for a better user experience (it protects against browser timeouts).
22. Re:I tried Tor.... by Runaway1956 · 2011-03-29 10:29 · Score: 1
  
  The last time I looked, you could limit how much bandwidth you were willing to share. If your overall bandwidth skyrockets after installing Tor or some similar program, then you've failed to RTFM, and to properly configure the program.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
23. Re:I tried Tor.... by Runaway1956 · 2011-03-29 10:34 · Score: 1
  
  "No exit nodes,"
  You're sure? I'll have to look again, to be sure, but I think that it actually does support exit nodes. The problem is, no one actually creates an exit node.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
24. Re:I tried Tor.... by TheCarp · 2011-03-29 10:38 · Score: 1
  
  From the same FAQ answer:
  "keep in mind that, any port or ports can be opened by the relay operator"
  Of course, by default, p2p services tend to be blocked, but, even looking at the original article mentions that many p2p programs present problems for anonymity, even with tor. Also, these programs tend to open ALOT of connections.... which tends to be a problem.
  They also tend to be services that are more likely to cause problems for exit node operators.
  All that said, like the FAQ says, any operator of an exit node can turn any or all of these on.
  I don't know how many of these have working exit nodes for them, but in any case, its a pretty "soft block".
  Now, if they went around slapping any node that did allow these as a "bad exit", then it would be a different story... but so far.... I have only seen that for some pretty suspect setups that made people really uneasy (specifically there was one that only allowed exits on a bunch of the unencrypted ports for various protocols like imap and pop)
  
  --
  "I opened my eyes, and everything went dark again"
25. Re:I tried Tor.... by TheCarp · 2011-03-29 10:40 · Score: 1
  
  Also....
  Just for one service...this took all of another 10 seconds to find:
  https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
  You think other services don't have similar problems?
  
  --
  "I opened my eyes, and everything went dark again"
26. Re:I tried Tor.... by sticky.pirate · 2011-03-29 11:15 · Score: 1
  
  I saw a presentation by Jacob Appelbaum, where he addressed these kinds of speed concerns. He said (I hope I'm getting the quote right from memory) "we can make it faster, but you have to ask yourself: how fast do you want to die?"
27. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 11:19 · Score: 0
  
  So setup a TOR exit node and contribute! Thats what I did, running off a debian VPS. https://www.torproject.org/docs/debian
28. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 11:46 · Score: 0
  
  Yes, but if a page has frequently updated content surrounded by static images, style sheets, and massive fucking javascript libraries, a significant chunk of the loading time can be removed. (Also use an ad blocker, obviously...)
  Still gonna be dead slow if you, say, RTFA (which is typically on a site you've never loaded), but nobody does that, so it should be tolerable for /.
29. Re:I tried Tor.... by Anonymous Coward · 2011-03-29 15:49 · Score: 1
  
  That is why more and more .onion sites pop up every day and Freenet i2p and others exist. It is allot harder to identify the owner of the server. In these cases Tor exit nodes don't matter. Everything goes through relay nodes. Relay nodes don't really have anything to worry about. To send to a relay node you have to be the one doing the requesting and given the way the service is advertised it is unlikely the police would go after relay node operators. Doing so would be pointless. Stupidity is the main thing which gets Exit nodes owners into trouble. Both by the police (Germany) and by exit node operators. In the German case things didn't become an end all for the node operators. While those exit node operators probably won't continue running exit nodes the situation wasn't that bad for them. Does anybody even know the names of the people who ran the exit nodes and got accused? I'm not even sure they were accused. About the only thing that happened was family and friends who saw the raid started asking question and which while a little traumatic initially should have quickly faded into a non-issue upon the continuation of existence. Someone who continues to walk that isn't in jail clearly didn't commit an offence. Does anybody think a non-wealthy person doesn't crumble even when not guilty? It would seem then that someone who continues to work, live, and play in an area would realise even without having been told that they were not even charged.
30. Re:I tried Tor.... by GameboyRMH · 2011-03-30 00:07 · Score: 1
  
  And here's another good reason why Bittorrent shouldn't be allowed over Tor:
  http://www.chrisbrunner.com/2006/07/09/why-you-shouldnt-run-bittorrent-over-tor/
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
31. Re:I tried Tor.... by Anonymous Coward · 2011-03-30 00:47 · Score: 0
  
  If accused, you can probably prove you were not responsible. After the police have siezed every computer and mobile phone you own, the press has dragged your name through the mud, and half the town are at your door with the traditional pitchforks to expell the suspected pedophile. If you're lucky, the police might even give your computers back after a year or so, once they have finished searching it for any other crimes you may have committed they can charge you with to save face.
  Exactly. And the worst part, is that you most likely will be charged as an accessory to a crime. Good luck trying to get some kind of common carrier exemption, especially since your Residential TOS agreement almost certainly has a restriction against "Running a server" or "for personal use only" or "no relays or proxies", etc.
  And the jury? They'll hear the prosecution tell them you essentially just accepted a package from a stranger in a dark alley without asking questions, and no matter what you say in your defense they will look at you as a willing participant.
  If I had a system that was part of a university, non-profit political or human rights group, or some other "noteworthy and upstanding organization" then I wouldn't really worry about it at all. But doing it from home? You may as well just hang up a big sign that says "Come Fuck with ME!"
32. Re:I tried Tor.... by Windwraith · 2011-03-30 05:28 · Score: 1
  
  ...and have tons of pedophile content routed through his computer? That doesn't sound safe.
  Even if the TOR network is used for more legitimate goals, of which I am aware of, that risk can be too much if your IP happens to be involved in some way.
33. Re:I tried Tor.... by spidr_mnky · 2011-03-31 01:13 · Score: 1
  
  Exactly. They recommended Privoxy in the past, because it worked, but it didn't do any favors for performance. I used it then, and it was indeed terrible. Polipo is not designed with privacy concerns in mind, but focuses on performance. No, it's not going to magically make Tor un-slow, but it will make the most of a low throughput high latency network. I recently tried out Tor with Polipo, and it was impressively better. It could be that the Tor network has improved, but I'm crediting Polipo.
  I read somewhere that the crux of the problem is that Privoxy will keep you waiting for little bits of content in a large page (possibly ads) while Polipo is more aggressive about giving you whatever it's gotten quickly. I don't know that this is the place, but this page mentions it: torproject blog
Never 100% safe by Tigger's+Pet · 2011-03-29 07:37 · Score: 5, Insightful

I guess that the research demonstrated by Stevens LeBlond just goes to prove what most of us have known for a long time - even using TOR (and the same will go for any other type of encryption, IP masking etc) you are not 100% safe if somebody wants to work out who you are. The governments may not care too much if you are just sharing a few pirated movies around, although some companies may, but I can guarantee that those carrying out the real illegal activity, such as sharing child-pr0n, will be tracked down one way or another.
All that TOR does is provides people who aren't really that switched-on with a false sense of security about their activities.
1. Re:Never 100% safe by Anonymous Coward · 2011-03-29 07:54 · Score: 0, Interesting
  
  Torrent is a naturally leaky protocol, it doesn't take much effort to conceal anything about the user. It isn't even surprising that they could find it.
  
  and the same will go for any other type of encryption, IP masking etc
  Equating encryption with IP masking shows that you know nothing about what you are talking about.
  
  I can guarantee that those carrying out the real illegal activity, such as sharing child-pr0n, will be tracked down one way or another.
  I could go download 100000 CP videos over Tor\Freenet right now and never fear being discovered. Got read the news, anyone who was caught was using Limewire, tried to access a honeypot, or bought the sick shit.
  
  All that TOR does is provides people who aren't really that switched-on with a false sense of security about their activities.
  Does the Tor project, the EFF, and the Navy know that the project that they supported at one time or another have no grounding in mathematics and are just snake oil? Who to believe, some asshole on slashdot, or a peer-reviewed project.....
2. Re:Never 100% safe by prakslash · 2011-03-29 07:56 · Score: 1
  
  The problem with anonymity, of course, is that it can be used for good or for bad.
  
  On the one hand, these researchers are (admirably) trying to circumvent censorship put in place by repressive regimes. Of course, these regimes do not even care about Tor as they do not have the resources to attack it. Tor-Schmor, they will just throw a switch and cut off all internet access, period. On the other hand, we have sophisticated western organizations like the CIA and FBI that are hellbent on breaking Tor for the ostensible purpose of rooting out child porn and terrorism.
  
  Who will win is anybody's guess.
3. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:00 · Score: 0
  
  The problem with anonymity, of course, is that it can be used for good or for bad.
  Yes it can. Never follow an AC link to blog.com unless you want to find out.
4. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:03 · Score: 0
  
  Pretty much this.
  The only way anyone could be really sure they were safe is if they used a connection they don't own, such as open wi-fi, cracked, whatever.
  Or VPN's using stolen credentials + Tor, or various free methods.
  Tor can easily be broken through with enough resources put behind it.
  The only real way you can be safe is darknets and / or sneakernets.
  And even that it dependant on the participants. If they are closed off, it is pretty much impossible to get in.
  Levels of Trust are the usual methods of distribution of content, typically used in piracy of movies, sometimes before they are even released.
  One close group get a hold of content. They leak it to other sites. Then those people upload it to other sites, and usually P2P at this tertiary stage.
  One thing I have always wondered is why they don't have camera grids setup in the theatres that can see the whole room, then some patterns that can then be used to triangulate where a recording took place in the room. They can then follow it up.
  This might not be too accurate, but it will narrow it down to at least 9-ish people in a crowded room, if done right.
  100% secure won't work unless well over half the internet was using some sort of layered encrypted routing system so that it makes it too hard to track people using rogue nodes.
  But then it comes to this: no censorship, more secure, more censorship, less secure.
  You will end up coming across some content you won't agree with if you want a censorship free communication system, this is a fact.
  You'll just have to deal with it in the ways you can if it means getting whatever message you want to send or receive.
5. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:03 · Score: 0
  
  how about if your first node (your system) is a tor node - there'd be no way to tell if the traffic is from that system or relayed from another.
6. Re:Never 100% safe by alan_dershowitz · 2011-03-29 08:05 · Score: 4, Informative
  
  The attack relies on the way Bittorrent is used and the fact that it uses UDP for contacting peers (which Tor doesn't route, causing only the tracker connection to be Torified) causing information leak; controlling an exit node to do a MitM); and the fact that Tor multiplexes multiple streams through the same node for performance reasons (meaning you can observe all the traffic that someone is going to through your exit node, once you've established who they are.)
  This attack won't work on you if:
  1. You are only using one app, in particular it won't work on you if all you're using is a browser and TorButton
  2. The same app is not sending data across both Tor and no-Tor
  3. The app in question can detect tampered-with data (SSL cert mismatch, etc.)
  4. As a precautionary measure, you are doing strict firewall egress filtering while using Tor.
  In short, if you are technically knowledgeable and careful, this attack doesn't apply to you. So, it's not the end of the road for Tor and anonymity, although it's a problem for "regular" people using Tor who can't be expected to keep track of all the ways their computer can unmask them.
7. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:07 · Score: 0
  
  Tor can easily be broken through with enough resources put behind it.
  Really? Who are the amazing cryptanalyst who managed that one? Or do you mean that they can just bruteforce it and go from there. Yeah, I'm sure that the evidence will be really useful 200M years after the crime was committed
8. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:09 · Score: 0
  
  Torrent is a naturally leaky protocol, it doesn't take much effort to conceal anything about the user. It isn't even surprising that they could find it.
  Torrent != TOR
  totally different in concept, use, and technology.
  
  I could go download 100000 CP videos over Tor\Freenet right now and never fear being discovered.
  LeBlond showed that it is possible to locate the IP Addresses of some users on TOR. You may not fear it, but that does not make it impossible.
9. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:13 · Score: 0
  
  Read the fucking summary, I'll even bold the important parts:
  
  LeBlond and his co-authors titled "Bad Apple," used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses."
10. Re:Never 100% safe by ThunderBird89 · 2011-03-29 08:13 · Score: 1
  
  Well DUH...
  If they control an exit node, it stands to reason they could follow the data back at the very least one node. This is the same as breaking AES: possible, if you can access the system, and run some custom code on it...
  
  --
  Hyperbole: I use it liberally!
11. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:17 · Score: 0
  
  Eight years later and counting, no CP arrests related to freenet or tor found. I don't know why you'd use bittorrent over tor anyway, no one does. Least not anyone who has something to hide. Top that off with an open/hacked wifi like I do and you're good as gold, 100% safe to download all the CP you want. Reality is that only stupid fucks get caught, we go on and the quality gets better, the bandwidth gets better and the tools get better than the detection. We won, you lost, fuck you (and the little girls). Do I need to troll? No, I'm just telling you the truth no one else dares. Smart people that like child porn don't risk anything, the backbone never dies. Sure, the police catch a few and announce "mission accomplished" but they got less cred than Bush.
  Reality is that you only slow the rate we're winning. Already my CP collection has passed 1TB and growing, millions of pictures and thousands of videos. All the cops want you to do is stick your fingers in the ear and say "LALALALALA we're winning" as loud as you can. You're not. You're losing. Obviously no one speaks for us or less you how many lies you're being fed. Every number you see is lies. They report IP addresses as people, they report any child of someone they arrest a victim. Truth is they catch nothing but cannon fodder, and rarely us. Certainly not enough to make a difference. Except who is going to stand up and tell you that? No one. Nothing but a bunch of liars, all of them. IÂ'd show you proof but that'd ensure this post ends at -1. The truth will still prevail.
12. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:21 · Score: 0
  
  RTFS:
  "used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses"
  It's also in TFA:
  "P2P apps on Tor kill privacy and a significant amount of Tor traffic can be traced with application level attacks," LeBlond said. Mathewson acknowledged in his talk earlier in the day that there are well-known issues with using BitTorrent and other P2P applications over Tor.
13. Re:Never 100% safe by Tigger's+Pet · 2011-03-29 08:25 · Score: 1
  
  My biggest concern with your entire posting is not being referred to as "some asshole on slashdot", it's the fact that you talk about downloading 10000 CP videos and then later on say that those who got caught were the ones who downloaded the 'sick shit'. How the hell do you define that? ANY CP is the 'sick shit'. There's no grading whereby some of it is OK, some of it is dodgy and some of it is bad - it's ALL bad!
14. Re:Never 100% safe by rpresser · 2011-03-29 08:28 · Score: 1
  
  You must have a lot of faith in Slashdot's anonymity. More than I would have.
15. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:33 · Score: 0
  
  I could
  Notice that that does not mean that "I will", "I have", "I do", "I might", or "I want to". It means "I could", that it is possible, or that I have the ability to. I do not like CP, don't be a pretentious cunt and pretend that I did, okay? I said that I had nothing to fear should I download some.
16. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:34 · Score: 0
  
  The problem with anonymity, of course, is that it can be used for good or for bad.
  On the one hand, these researchers are (admirably) trying to circumvent censorship put in place by repressive regimes. Of course, these regimes do not even care about Tor as they do not have the resources to attack it. Tor-Schmor, they will just throw a switch and cut off all internet access, period. On the other hand, we have sophisticated western organizations like the CIA and FBI that are hellbent on breaking Tor for the ostensible purpose of rooting out child porn and terrorism.
  Who will win is anybody's guess.
  Any tool can be used for good or for bad. It is entirely a red herring for governments to claim that they have to defeat anonymity for our own good.
  Information can be used for good or bad. Maybe governments should protect us from having information for our own good. Oh, wait. They do that, don't they.
  The problem is not whether or not a government should do something to it's people, but rather why do we have a separation between government and people? When we have governments that claim to have something to do with democracy, why do we make a distinction between us and them?
  The government shouldn't be allowed to do something for our protection unless we wish it to be so. Now I get the open source governance thing: government is not inherently bad. It is the government-not-of-the-people that is the problem.
17. Re:Never 100% safe by Unordained · 2011-03-29 08:35 · Score: 1
  
  I'm curious: what if someone downloaded 10000 videos of people being shot by their governments? Would that be sick shit? Would it be bad? Would they become responsible for the deaths of thousands? (I'm not talking about Hollywood movie clips, I'm talking about, say, amateur video of street protests being repressed violently.)
18. Re:Never 100% safe by F.Ultra · 2011-03-29 08:35 · Score: 1
  
  I don't that he meant what you meant. He meant that he could safely download it using TOR without fearing to be caught. That is not a statemant that he will do that or that he wants to do that. And then he writes that the ones getting caught probably was buying the sick shit or downloading it from a central location such as limewire.
  Since he wrote "that sick shit" he probably would never dl any of it, how did you fail to get that?
19. Re:Never 100% safe by dgatwood · 2011-03-29 08:42 · Score: 1
  
  You're new here, aren't you? Do you think somebody would post a comment like that if he/she had actual child porn?
  What we have here is a troll. Nothing more.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
20. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:42 · Score: 0
  
  He said "bought" the sick shit. Also, I believe 'sick shit' is meant as a reference to ALL child porn. Saying that he COULD download 100,000 videos without fear of being caught was simply laid out as an example scenario.
  I think you may have had a reading comprehension issue.
21. Re:Never 100% safe by Rei · 2011-03-29 08:46 · Score: 1
  
  1) Tor and other such networks haveseveral *known, unresolved* vulnerabilities. Whenever you hear about something like this, you should read it as "another vulnerability discovered". One of the biggest problems such networks have is Sybil attacks, but they're hardly the only ones.
  2) While it's technically possible to fileshare over Tor, it is discouraged and they do attempt to block it. If you want to do filesharing, you should be on I2P (which is also faster than Tor -- although still nothing you'd call "fast").
  
  --
  Did he just go crazy and fall asleep?
22. Re:Never 100% safe by Anonymous Coward · 2011-03-29 08:55 · Score: -1
  
  I dare you to click this link. NSFW to say the least.
23. Re:Never 100% safe by Urza9814 · 2011-03-29 08:56 · Score: 1
  
  hahahahahahahaha...
  Seriously, you think governments are more concerned with child porn than copyright infringement? Clearly you haven't been paying much attention to what laws have been being passed lately....child porn is something they say they're working on to make people feel good. Copyright infringement is something they actually work on, because the people pushing that have enough money to make sure things actually get done.
24. Re:Never 100% safe by icebraining · 2011-03-29 08:58 · Score: 1
  
  While I'm not AC, I think the difference wasn't between CP and 'sick shit', but between those who download and those who bought. It's obvious that a money trail makes it much easier to follow.
  
  --
  Dilbert RSS feed
25. Re:Never 100% safe by DeadboltX · 2011-03-29 09:02 · Score: 3, Insightful
  
  The problem with anonymity, of course, is that it can be used for good or for bad.
  
  Then the solution is clear! We must only allow things that can only be used for good!
26. Re:Never 100% safe by Rei · 2011-03-29 09:05 · Score: 1
  
  What makes you think you need to break crypto to crack Tor? Have you never bothered to do a google search on Tor's known and unfixed vulnerabilities? Here's a top hit.
  
  --
  Did he just go crazy and fall asleep?
27. Re:Never 100% safe by Anonymous Coward · 2011-03-29 09:16 · Score: 1
  
  Just a warning: that is CP.
  
  ...Child porn on Slashdot.... More original than the Goatse troll, but still nothing new or original. Worse stuff on /b/ all the time.
  
  On a lighter note, Googling "tara child porn arrest" gives http://www.fbi.gov/atlanta/press-releases/2009/at030509.htm which says that he was already busted WOOHOO!
28. Re:Never 100% safe by Rei · 2011-03-29 09:24 · Score: 1
  
  There are just so many ways you can bust people using Tor. Here's just some. Any dedicated professional organization -- the RIAA, MPAA, CIA, China, etc -- can find you if they think it's worth their time and effort. Spending the resources to catch one person obviously would rarely be worth it, but the real concern is whether they feel it's worth it to laydown a blanket exploit to catch as many people as possible so they can filter through the ones they want to expose at their leisure.
  Here's an example of why it's so damned hard to maintain anonymity on these networks. Alice is trying to do something online that Bob doesn't want her to do. So she uses Tor. Bob sees that someone is using Tor to break their rules. Bob starts a DOS against all IPs of potential infiltrators, one at a time, until suddenly, the bad activity stops. They let up on their DOS and it starts again. Bingo -- you've just figured out Alice's IP. It can happen so fast that all Alice experiences is a tiny network hiccup. But it gets easier. If Bob is a government, they don't even *need* to do a DOS; ISPs under their control can periodically probe their users for them. Or Bob can just rely on natural network outages and just correlate the outages with lulls in people doing the Bad Thing(TM).
  This is but one type of attack against anonymity of these sort of networks out of dozens. There's Sybil attacks, where Bob makes a bunch of fake Tor identities, isolating Alice with a bunch of compromised nodes so that what she sends can be known for certainty that it originated with her. There's clock skew attacks, where you look at the user's unique clock skew when doing the bad thing (Tor has only partial immunity to this). There's cookie attacks, javascript attacks, browser property attacks (everything from user agent strings to browser window height), SSL client certificate attacks, and on and on in order to correlate private browsing with hidden browsing. And on and on and on.
  
  --
  Did he just go crazy and fall asleep?
29. Re:Never 100% safe by hairyfeet · 2011-03-29 09:44 · Score: 2
  
  The funny (or sad, depending on how you very tons of tax dollars wasted) is that the whole child porn things is a red herring as well, at least according to a friend that works at the state crime lab in charge of dealing with the child porn busts (he keeps trying to recruit me, but there ain't enough brain bleach to take THAT job) as according to him all they bust on the net are social retards that frankly haven't touched anyone but themselves and are wanking off to the same old shit that has been floating around since the days of BBS.
  So what do the actual child molesters, the sick bastards you really want to catch to actually save and protect kids use? Why its USPS that's right, the fucking mail. They only use the net long enough to set up a few contacts (which according to my friend they have set up the "entrance fee" in a way no cop will be able to pass, like abuse a kid in the manner they describe with an object they tell you to get and you only have X number of days to provide the video) and from them on its encrypted DVDs and mail drops all the way. if they don't receive word from a contact in X number of time they consider that link dead and move on, no trails.
  He said all the cops KNOW about it, thanks to an ex cop they busted that had tons of the stuff unencrypted on his drive. Of course knowing and being able to do shit are two different things, we are talking DVDs with 2048 bit encryption, drives set up with Truecrypt inside Truecrypt, drive wiping on X number of wrong login attempts, pretty slick stuff.
  But he said the only thing they get on the net anymore is the Chris Hansen total morons and a whole shitload of social retards that have literally mountains of DVDs full of Internet porn and have watched so damned much porn they can't even get a hard on to anything but the sickest shit. According to him the feds care about stuff like Tor because they figure your "hillbilly homegrown terrorist type" would probably use it, but figure any seriously hardcore bunch is probably using what the CP guys use.
  Personally I think its a shame so much taxpayer money is wasted on catching the social retards and the Chris Hansen morons instead of trying to set up global networks to track down and bust the ones actually raping kids, but the politicians like seeing big numbers so there you go. I don't see how the guy does it myself, having to sit 8 hours a day and look at that shit? Not enough brain bleach in the world to take that job, and I sure as hell couldn't be all calm and shit when testifying against some guy who had actually raped his 6 year old and filmed it like my friend had to do last year, personally my urge to beat the shit out of him would be too great.
  But if you run a Tor exit node or Freenet on a home connection you're bug fucking nuts, as the cops SOP is to kick down your door, charge you based on the IP logs, haul away ALL your shit, which you may or may not get back three to four years from now when they get around to it, that is if it doesn't get lost, and meanwhile the papers have already run your name as "suspected kiddie fiddler" so everyone thinks your a monster. In this red scare climate when it comes to CP you'd have to be insane to touch that software, at least if you live in the USA. Maybe things are saner in Europe, I don't know.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
30. Re:Never 100% safe by TheCarp · 2011-03-29 09:56 · Score: 1
  
  Depends on your definition of "broken". Tor tries to do more than obscure what you are sending. Anyone who has an exit node can sniff your traffic unencrypted... anyone with enough middle nodes is likely to own a whole circuit of yours eventually.
  Even without enough to get your whole circuit, packet timing on the end server could be enough, if they have your entry node, to tie the whole connection back, even without the middle hops.
  I am sure there are even more clever attacks....none of which involve actually breaking crypto. SSL is enough to keep communications private, tor attempts to defeat traffic analysis too, which is a much harder problem.
  
  --
  "I opened my eyes, and everything went dark again"
31. Re:Never 100% safe by Dishevel · 2011-03-29 10:11 · Score: 0
  
  He did not fail to get it.
  He got it. But not getting it would allow him to attempt defend his complete lack of knowledge or understanding
  of the topic he was posting by just attacking "an evil cp downloader".
  Smart move.
  But still a failure.
  and Tiggers Pet?
  What a cute name.
  Seems to me to be purposefully designed to lure in children for nefarious purposes.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
32. Re:Never 100% safe by Qzukk · 2011-03-29 10:34 · Score: 1
  
  those who got caught were the ones who downloaded the 'sick shit'.
  No, he said bought, as in "with their own credit card".
  It's sick shit either way, it's the people dumb enough to pay for it who get caught.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
33. Re:Never 100% safe by Anonymous Coward · 2011-03-29 10:39 · Score: 0
  
  Actually I'm sure you are more likely to get traced for distributing movies and music than CP, since the MPAA and RIAA lobbies are simply bigger.
34. Re:Never 100% safe by Americium · 2011-03-29 10:39 · Score: 2
  
  Drive around until you find an open Wifi signal. 100% untraceable back to you.
35. Re:Never 100% safe by GameboyRMH · 2011-03-29 11:12 · Score: 1
  
  Careful with that username/post combo :P
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
36. Re:Never 100% safe by alan_dershowitz · 2011-03-29 11:55 · Score: 1
  
  This is mainly effective against a hidden service, not an individual doing single posts or sending messages time-to-time like presumably is happening in Iran or Egypt. Like, sending an email, posting a twitter, checking a website .And running Firefox+Torbutton with Javascript and plugins turned off mitigates many of these problems, except the DOS and Sybil attacks.
37. Re:Never 100% safe by Beetle+B. · 2011-03-29 13:58 · Score: 1
  
  Only if you use a disposable computer. IP addresses are not the only way to identify someone.
  
  --
  Beetle B.
38. Re:Never 100% safe by Americium · 2011-03-29 14:07 · Score: 1
  
  I thought all computers were disposable.
39. Re:Never 100% safe by cbiltcliffe · 2011-03-30 16:57 · Score: 1
  
  And make sure you clear the router DHCP and wireless logs before you leave.
  Or really, make sure you connect with a fake MAC address. Preferably a different one every time.
  Otherwise you could have just been honeypotted.
  Imagine this:
  Someone runs a honeypot open/WEP wireless point, looking for people trying to break in and do illegal shit.
  The WAP logs all connection attempts from unknown MAC addresses. When one pops up, it starts silently monitoring all traffic from that MAC. Analysis of traffic finds terrorist emails, CP, or whatever. So script is set up to run whenever this MAC address connects. This script sets off a warning signal on honeypotter's computer, and they immediately call the cops.
  Cops show up, you're sitting in your car two doors down with a laptop. Busted.
  I've thought about doing something similar to this as a PoC, but I'd need to buy some new wireless hardware to get it to work, which I'm not about to do right now.
  But, there's no reason to assume that an open WiFi signal is untraceable back to you, just because it's open WiFi. Sure, your local cops would have no clue how to trace you, but they're not the ones you'd need to worry about.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
40. Re:Never 100% safe by jc79 · 2011-03-31 00:13 · Score: 1
  
  I suspect, if not a troll, the IP in Slashdot's server logs would correspond to a Tor exit node.
ISPless inter-meshes? by Anonymous Coward · 2011-03-29 07:41 · Score: 0

So where is this peer-to-peer (as in user nodes, not IPS peers) internet people talk about from time to time?
If people have mobile devices, is there a way they can create ad hoc networks that use nothing but the tools at hand? That is, not even the cell towers, but just the mesh of devices?
1. Re:ISPless inter-meshes? by SuricouRaven · 2011-03-29 08:05 · Score: 1
  
  I've been urging that someone more capable than myself look into that. Unfortunatly routing would be a nightmare and latency just as bad - I imagine that it would be unuseable for real-time communcations, certainly so in sparsely populated areas. But it could still function using some sort of shared caching system, similar to Freenet - or even just using Freenet, with adaptations to run on portable devices and with ad-hoc connections between nodes.
2. Re:ISPless inter-meshes? by Anonymous Coward · 2011-03-29 14:02 · Score: 0
  
  Not using mobile frequencies -- they typically can't send/receive on the same frequencies.
  Using Bluetooth, theoretically, but I'm unaware of any implementations.
  Using WiFi, yes. This has been demoed, but it suffers because it's useless until a critical mass of users are using it, and there's no obvious incentive for someone to get it over that hump (i.e. by preinstalling it on phones).
Better not to be a tor exit node.... by slushslash6 · 2011-03-29 07:41 · Score: -1, Troll

Its already happened that one man was charged with felony and lost for defacing a site that was done through his computer that was a tor exit node.
1. Re:Better not to be a tor exit node.... by Anonymous Coward · 2011-03-29 07:46 · Score: 1
  
  Ugh. Goatse. You asshole.
2. Re:Better not to be a tor exit node.... by 0100010001010011 · 2011-03-29 07:47 · Score: 2
  
  hello.jpg EXIT! DO NOT CLICK.
  Hopefully this does more help than a mod down.
3. Re:Better not to be a tor exit node.... by GameboyRMH · 2011-03-29 07:48 · Score: 2
  
  Ohoho, nice try, but you won't goatse me today! ;)
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
4. Re:Better not to be a tor exit node.... by Kjella · 2011-03-29 07:49 · Score: 1
  
  Ugh. Goatse. You asshole.
  UID >2000000 and blog.com. Coincidentally the same problem with anonymous networks, except it's more extreme there. No, goatse is not the worst you can see.
  
  --
  Live today, because you never know what tomorrow brings
5. Re:Better not to be a tor exit node.... by Tolkien · 2011-03-29 07:49 · Score: 1
  
  As far as I understand it, if you want to host a Tor exit node it should be public knowledge that the address serves as a Tor exit node. This means you should advise your ISP that it is, and list the reasons.
  
  --
  how is babby formed?
6. Re:Better not to be a tor exit node.... by Anonymous Coward · 2011-03-29 07:50 · Score: 0
  
  I hope you die in a fire before you are old enough to contaminate the gene pool. Besides, shouldn't you be in school right now, or out playing in traffic?
7. Re:Better not to be a tor exit node.... by Tolkien · 2011-03-29 07:50 · Score: 2
  
  Oh geez. I replied without clicking the link. It's a goatse. Don't go.
  
  --
  how is babby formed?
8. Re:Better not to be a tor exit node.... by Deekin_Scalesinger · 2011-03-29 23:47 · Score: 1
  
  I would be interested in the possible reasons one could come up with that would have your ISP say "oh, OK, that's fine - exit node away" At least in the US, an ISP will be far more concerned with maintaining good relations with the Gov't than with an individual end user...
  
  --
  "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
9. Re:Better not to be a tor exit node.... by cool_arrow · 2011-03-30 03:14 · Score: 1
  
  And why not just host the node at a hosting service and not on your personal machine. I recall reading that it's best to set it up that way but I'm not sure where I read it - perhaps the TOR site. The TOR site has a list of "tor friendly" ISP's.
10. Re:Better not to be a tor exit node.... by Tolkien · 2011-03-30 04:05 · Score: 1
  
  You're using a hosting service and thus are still to be held responsible if used improperly, the hosting service will hold you accountable which they can easily do because you're paying the bills. This is why what I said still applies even if you use a hosting service. It must be public knowledge that your host is a Tor exit node.
  
  --
  how is babby formed?
11. Re:Better not to be a tor exit node.... by cool_arrow · 2011-03-30 04:17 · Score: 1
  
  Right. But I'm assuming that if you hosted at an ISP that you might avoid a visit to your personal residence by the authorities. I'm probably wrong though and some over zealous jackasses will still come and kick your door down.
12. Re:Better not to be a tor exit node.... by Tolkien · 2011-03-30 06:52 · Score: 1
  
  My guess is the authorities would have no problem finding a reason to knock on your door if shady things are done using your hosted exit node.
  
  --
  how is babby formed?
Yay, it's been a while since I last was goatsed by Anonymous Coward · 2011-03-29 07:48 · Score: 0

I just wish I had my webcam recording the look on my face...
1. Re:Yay, it's been a while since I last was goatsed by rpresser · 2011-03-29 08:30 · Score: 1
  
  Rest assured, your webcam WAS recording. Just not to your hard drive.
integrate Tor and Incognito Mode? by Speare · 2011-03-29 07:50 · Score: 2

I'd like to see better integration with Tor and Chrome's Incognito Mode. Normal plain-jane internet route for all my apps, but route all incognito traffic through Tor. Otherwise, I find it a pain in the rear (not to mention more error prone) to keep toggling OSX between "performance mode" and "tinfoil hat mode." Doesn't really matter what I'm viewing in tinfoil hat mode, I just would rather have the same kind of barriers on my local cookie/history storage as I have out in the world.

--
[ .sig file not found ]
1. Re:integrate Tor and Incognito Mode? by Anonymous Coward · 2011-03-29 09:00 · Score: 0
  
  This will work if TOR is packaged with Chrome AND by default your node becomes an exit point. Otherwise the sheer number of new users will overwhelm the current exits, which a known bottleneck.
2. Re:integrate Tor and Incognito Mode? by Anonymous Coward · 2011-03-29 11:58 · Score: 0
  
  incognito mode is for pr0n, not for anonymity
One word by Locke2005 · 2011-03-29 07:52 · Score: 1

Steganography. Make it impossible to determine what traffic is encrypted by embedding the encrypted traffic as noise in, say, a video extolling the virtues of the dictator.

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
1. Re:One word by Anonymous Coward · 2011-03-29 07:57 · Score: 0
  
  Watch Contact recently did we?
2. Re:One word by SuricouRaven · 2011-03-29 07:57 · Score: 4, Interesting
  
  Massive, massive overhead. Also, only any use for private communications where both parties have already exchanged some form of key.
3. Re:One word by Locke2005 · 2011-03-29 08:04 · Score: 4, Interesting
  
  Correct on both counts. But any system that allows new people to join in without being referred by a trusted party invites participation by government infiltrators. Consider key exchange as a form of formal introduction, like a fraternity handshake.
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
4. Re:One word by SuricouRaven · 2011-03-29 08:21 · Score: 2
  
  Depends on your aim. Freenet is one of the more prominant projects in this area, and it's designed for anonymous publication - that is, you don't mind the government seeing it so long as everyone else can, and it can't be traced to the source. Great for spreading videos of government abuse of power, leaked documents, counterpropaganda, surpressed books, etc. Anything you want everyone to see, but can't risk being identified as a distributor for. There is no invite needed, and yet finding the source of a document is very close to impossible baring some form of user error.
  
  Not that user error is hard to induce. It's quite possible to say, send someone a link to a non-existant news article on a government-controlled server. They get the link, follow the link, find nothing there... and then all the attacker need do is grep the logs, because the one person who accessed that particular fake address must be the one it was sent to.
5. Re:One word by Americium · 2011-03-29 10:42 · Score: 1
  
  Incorrect on one account. Quantum cryptography got rid of the need to exchange keys before hand.
6. Re:One word by Actually,+I+do+RTFA · 2011-03-29 12:27 · Score: 1
  
  Quantum cryptography got rid of the need to exchange keys before hand.
  Not if you want to use public keys to confirm identity.
  
  --
  Your ad here. Ask me how!
7. Re:One word by Anonymous Coward · 2011-03-29 19:34 · Score: 0
  
  And, more importantly, because Freenet doesn't really require low latency (unlike Tor and I2P, publication and retrieval of documents is temporally dissociated), it is totally compatible with the use of steganographic transport methods.
  As long as you can transmit a bit hidden on some twitter/facebook post, there is no way to stop the darknet ;)
clandestine exit nodes by circletimessquare · 2011-03-29 08:02 · Score: 0

everywhere
supported by western governments
you would be correct to assert that western officials have their heads up their asses and won't immediately grasp that tor is a friend, not an enemy, and an excellent way to bring down beijing, tehran, havana, and harare cheaply. but they'll warm up to the possibilities

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:clandestine exit nodes by royallthefourth · 2011-03-29 08:35 · Score: 1
  
  an excellent way to bring down beijing, ... havana,
  People in China are generally enjoying a steadily rising quality of life, regardless of how politically repressive the state may be. Revolutions don't happen because some blogger got arrested or a site was blocked. If anything will cause real unrest there, it will be the sort of falling wages that caused Tienanmen.
  People in Cuba are well educated and free from disease and starvation. Unlike China, the internet isn't very prolific and is difficult to use at all. They really can't even use Tor because the USA won't allow Cuba to connect to the fiber, so their only access is satellite (until they finish linking with Venezuela). And, of course, there is no private ownership of computers. Last I heard, there's only about 50 political prisoners in the whole country, hardly the level of police state it is made out to be. Consider Guantanamo; the USA has more political prisoners in Cuba than Cuba does!
  Certainly the USA-created governments in Iraq and Afghanistan cause more terror and provide fewer opportunities for their citizens than Cuba.
  It would take far more than an internet propaganda operation to topple China or Cuba.
2. Re:clandestine exit nodes by circletimessquare · 2011-03-29 08:52 · Score: 0
  
  cuba jails political prisoners. period. do you find that acceptable?
  iraq and afghanistan's governments are obviously orders of magnitude better than the governments they replaced. true or false?
  i really don't have a problem with people who criticize the usa. what drives me nuts are morons who make out the usa's enemies as better than they really are, out of some misguided sense of false equivalency. the usa does plenty wrong in this world. true. but if that observation changes your perception of the usa'ss enemies, you're an idiot. cuba, china: far worse than the usa and vile entities which must have their governments overthrown. no matter what the usa does!
  and yes, china won't revolt until the economy sours. since no economy grows forever, it will happen sooner rather than later. at which time, will you stand with the chinese people? or the chinese government?
  do you stand with the cuban people? or the cuban government? and i'm sorry, but in a nondemocracy, those are two separate entities, and for failing to understand this fact in commenting on these countries, you're a moron
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
3. Re:clandestine exit nodes by Anonymous Coward · 2011-03-29 09:07 · Score: 0
  
  You are assuming Western governments want to bring down Beijing, Tehran, Havana, Harare, etc... Without a persistent 'threat', how can they justify elevated defense budgets? That would be bad for business and entrenched interests. Witness the current Western waivering as supposedly 'evil' dictatorships in the Middle East are falling from within. Their argument: even 'scarier' Islamic Terrorists (TM) may take over.
  Once you understand the simple fact that fear beats reason, you'll grasp everything that happens in politics.
4. Re:clandestine exit nodes by circletimessquare · 2011-03-29 09:14 · Score: 0
  
  thanks for your input, crackpot
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
5. Re:clandestine exit nodes by TheCarp · 2011-03-29 10:07 · Score: 1
  
  Yup. Though, I tend to include the USAs rather broken form of "Democracy" on the "nondemocracy" list.... alot of people don't get.... I ONLY criticize the US (generally). Its not that I think Cuba is great... or that China is wonderful (but truth be told, they seem to be way more open and making a lot more progress towards openness than I ever would have predicted 10 years ago, never mind 20.... not giving them a pass, just, some credit for improvement).
  I always get "Where would you rather live". Nowhere, I think this place is the best there is, but that doesn't mean I think its sufficiently good. There is no such thing, always strive for better.
  That said, I answer your question as no. Its not "acceptable".... but how "Acceptable" is it that the US jails people for growing plants that it doesn't like? Its put people in jail for decades for nothing more than that. How is that acceptable? I see it as just as bad...but the difference.... we also have the highest per capita incarceration rates.
  We have LOTS of what I would term "unacceptable imprisonment" right here.
  
  --
  "I opened my eyes, and everything went dark again"
6. Re:clandestine exit nodes by Billly+Gates · 2011-03-29 10:22 · Score: 1
  
  Reading this I feel the US is going to have some revolts very soon.
  In America we are technically still better but we are falling very very fast. In China the country is much poorer but they rising and getting better. If wages fall people protest and the problems at home are always the issue that drives people first regardless if the government is a democracy or a dictatorship.
  I am not a tea partier or anyone who hates Obama, but how many banks will we keep bailing out, how many more jobs must we outsource, how many more social services do we have to keep cutting. The unemployed and underemployed will have enough sooner or later.
  I feel if the opportunity arouse for people to protest you could bet millions would join.
  
  --
  http://saveie6.com/
7. Re:clandestine exit nodes by Anonymous Coward · 2011-03-29 10:27 · Score: 0
  
  it'll never happen. Western governments are corrupt. Some say, corrupted by design by financiers.
8. Re:clandestine exit nodes by Actually,+I+do+RTFA · 2011-03-29 10:31 · Score: 1
  
  you would be correct to assert that western officials have their heads up their asses and won't immediately grasp that tor is a friend, not an enemy
  Considering TOR was an invention of the US Navy, you'd assume that the military, at least, considers it a boon.
  
  --
  Your ad here. Ask me how!
9. Re:clandestine exit nodes by Anonymous Coward · 2011-03-29 11:19 · Score: 0
  
  Actually Western governments are quite aware of the capabilities of Tor. In fact onion routing, the concept behind the Tor project, is patented by the U.S. Navy. Michael Reed, on of the developers of onion routing has discussed the purposes behind the creation of onion routing on Tor email lists:
  Date: Tue, 22 Mar 2011 16:57:39 -0400
  From: Michael Reed
  To: tor-talk[at]lists.torproject.org
  Subject: Re: [tor-talk] Iran cracks down on web dissident technology
  On 03/22/2011 12:08 PM, Watson Ladd wrote:
  > On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk wrote:
  >> Why would any govt create something their enemies can easily use against
  >> them, then continue funding it once they know it helps the enemy, if a govt
  >> has absolutely no control over it? It's that simple. It would seem a very
  >> bad idea. Stop looking at it from a conspiracy standpoint& consider it as
  >> a common sense question.
  > Because it helps the government as well. An anonymity network that
  > only the US government uses is fairly useless. One that everyone uses
  > is much more useful, and if your enemies use it as well that's very
  > good, because then they can't cut off access without undoing their own
  > work.
  BINGO, we have a winner! The original *QUESTION* posed that led to the
  invention of Onion Routing was, "Can we build a system that allows for
  bi-directional communications over the Internet where the source and
  destination cannot be determined by a mid-point?" The *PURPOSE* was for
  DoD / Intelligence usage (open source intelligence gathering, covering
  of forward deployed assets, whatever). Not helping dissidents in
  repressive countries. Not assisting criminals in covering their
  electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
  prosecution. Not giving a 10 year old a way to bypass an anti-porn
  filter. Of course, we knew those would be other unavoidable uses for
  the technology, but that was immaterial to the problem at hand we were
  trying to solve (and if those uses were going to give us more cover
  traffic to better hide what we wanted to use the network for, all the
  better...I once told a flag officer that much to his chagrin). I should
  know, I was the recipient of that question from David, and Paul was
  brought into the mix a few days later after I had sketched out a basic
  (flawed) design for the original Onion Routing.
  The short answer to your question of "Why would the government do this?"
  is because it is in the best interests of some parts of the government
  to have this capability... Now enough of the conspiracy theories...
  -Michael
  http://cryptome.org/0003/tor-spy.htm
10. Re:clandestine exit nodes by hairyfeet · 2011-03-29 15:12 · Score: 1
  
  I hate to say it, but personally I feel when it gets to the rioting portion of the fall the feds will just quit pretending and accept our fate to be the next "bad guys" on the world's stage. Germany got to go twice, now its our turn. The bitch is a smart leader could probably pull it off with almost ZERO interference. How? Deals baby, deals.
  The Chinese want Africa, its resources would help China a lot...so give it to them. Help yourselves our Chinese friends. Taiwan? Fuck 'em, help yourself. in return you stay our buddy or stay out of the fight, your choice. That leaves our former enemy mother Russia and the Eu, and we could take care of both with one shot. Old Putin is a classic Ruskie, and would just loove the old USSR back...so let him have it. Hey Putin buddy, its ALL yours, help yourself. in return you stay on our side or stay out, you choice again. The Eu will be too busy shitting itself over the return of the USSR to say much of anything. Seriously what are they gonna do? They have what...maybe 4 aircraft carriers put together? We got 11 baby, you lose!
  So what does the USA get, to quell those rioting mobs? Why the whole damned north and south hemispheres of course! We'll tell the Canadians to keep those oil sands pumping if they don't want to say hello to Mr air strike, they'll STFU. And there are a HELL of a lot of resources in South America, more than enough to make the USA fat with wealth and give the poor plenty of "bread and jobs". Cue the patriotic music, wave the flag, stick a fork baby!
  Who would stand against us if China and the USSR are sticking with us? England...ha! They're on an island, wolf packs showed how to shut them down. The French will bitch, who cares, same for Italy. Germany will be too busy trying to control the western EU and worrying about old grudges from the east to deal with us.
  Sad to say that is what I figure we'll end up doing. I can't see those in power going silently into that good night, not with all that killer hardware, and I don't see them being stupid enough to roll the tanks here and start another French revolution. So they'll need resources to quell the masses but quick, and a false flag blaming one of our old enemies (Hi Chavez!) would be just the excuse to rally folks around the flag. Then once the big three have what we want, we can split the middle east and anything left over. Combine the Chinese Army with the USA and USSR? Make the Axis look like third stringers.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
"Security through obscurity." by westlake · 2011-03-29 08:11 · Score: 1

Steganography. Make it impossible to determine what traffic is encrypted by embedding the encrypted traffic as noise in, say, a video extolling the virtues of the dictator.
and when the secret police begin asking the right questions about the source of the video, what then?
Steganography is all about blending into the background.
Not drawing attention to yourself.
One Bad Apple by value_added · 2011-03-29 08:21 · Score: 2

Recently discussed on Bruce Schneier's blog ("Identifying Tor Users Through Insecure Applications"):
http://www.schneier.com/blog/archives/2011/03/identifying_tor.html
oblig. by ilsaloving · 2011-03-29 08:23 · Score: 1

IP over Avian Carrier could bypass the problem entirely! http://www.faqs.org/rfcs/rfc2549.html
1. Re:oblig. by F.Ultra · 2011-03-29 08:39 · Score: 1
  
  No it doesn't, in fact it makes it far easier since you can track the pigeons. Some stupid criminals way back in the 70:s or 80:s in the Swedish town of Ystad tried that trick (tried to receive a kidnap ransom safely by having the senders deliver via postal pigeons, so all the police had to do was to track the birds..).
2. Re:oblig. by ilsaloving · 2011-03-29 09:04 · Score: 2
  
  Only because the criminals didn't protect the pigeon's identity by having them wear masks and spandex tights during their flight.
Touhou by Anonymous Coward · 2011-03-29 08:37 · Score: 0

Is Stevens LeBlond a Touhou fan? Why'd he call it "Bad Apple"?
1. Re:Touhou by Qzukk · 2011-03-29 10:49 · Score: 1
  
  Because "One bad apple spoils the bunch" as the old saying goes.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
TOR needs more intermediate nodes too! by xororand · 2011-03-29 11:42 · Score: 1

I used to think that it's the lack of exit nodes that makes TOR somewhat slow until I tried some internal services, i.e. *.onion. So I proceeded to configure an unthrottled intermediate node on a box with a 100/100 Mb/s connection. After 1-2 weeks of warming up, the node routed over 1 TB of traffic _daily_. As my monthly cap is 5 TB, I had to throttle it, unfortunately.
TL;DR: If you have spare bandwidth and want to help the TOR network without the potential risks of an exit node, please setup an intermediate node.
1. Re:TOR needs more intermediate nodes too! by jc79 · 2011-03-31 00:21 · Score: 1
  
  +1 to this. Running a relay also provides greater anonymity to your own Tor activity, as it is very hard to show whether traffic originated with your node or was just relayed.
it's just noise by Anonymous Coward · 2011-03-29 14:31 · Score: 0

According to Michael Reed, one of TOR's creators, TOR was actually made for US Gov open source intelligence gathering, with the 'public' user base providing cover noise.
Via cryptome:
"The original *QUESTION* posed that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a mid-point?" The *PURPOSE* was for
DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever). Not helping dissidents in
repressive countries. Not assisting criminals in covering their
electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
prosecution. Not giving a 10 year old a way to bypass an anti-porn
filter. Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin)"
events.ccc.de DNS censored? by Anonymous Coward · 2011-03-29 15:04 · Score: 0

Here's just some.
That link didn't work until I appended this line to my hosts file:
85.214.111.134 events.ccc.de
Is this just a United States problem?
Tor is spyware itself by Anonymous Coward · 2011-03-29 18:20 · Score: 0

The only reason Tor still works is because it is useful for intelligence agencies to collect data. If China ran more exit nodes than the Western agencies, they could use them for censorship/impersonation/falsification. Or they could just use them for the same thing, to spy on their citizens. Who knows how many nodes are already under Chinese government control? They certainly have the means.