Half of Tor Sites Compromised, Including TORMail

First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."

We are living in interesting times

[Cynops]

Looks very much like the three letter agencies decided it's time now to start playing hardball.

Re:We are living in interesting times

If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'

Re:We are living in interesting times

[plover]

If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'

Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.

Re:We are living in interesting times

[Jane+Q.+Public]

Looks more to me like the 3-letter agencies have decided to BREAK THE LAW.

Unconstitutional surveillance is bad enough. But they don't have any more right to commit "unauthorized access to a computer system" than anybody else. (That is to say, their javascript hack of site visitors who may be innocent.) They can't break the law in order to enforce the law, unless they want to face criminal charges themselves. Aaron Schwartz faced 30 years in prison for far less. I say, let's see the FBI face the same thing.

And yes, it may well be enforceable. Look up 18 USC 242, "Deprivation of Civil Rights Under Color of Law". The civil rights in question here might be, just for example, the privacy of your own computer system, which legally requires a warrant or subpoena to access. Just my opinion, but I don't see how simply visiting a website could constitute probable cause, much less justify intrusion in the form of a "hack".

18 USC 242 IS fairly frequently prosecuted, and last I checked it has a conviction rate of about 98%, which is awesome for any law. And it specifically targets government agents and agencies. The President is not immune.

(P.S. After reading that law, many folks have been prone to conclude that it only applies to racial and other discrimination. That is because of the awkward wording [e.g., there is a strategically placed comma that makes a big difference]. In fact it applies to ANY Constitutional right. However, my mention of it here is not meant to imply that the law does apply here. Only that it might. IANAL and I don't pretend to be one, but I have researched this law and its application.)

Re:We are living in interesting times

[Arker]

"Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means."

But regardless of whether or not the judge decides to admit the evidence, we wont see any of these agents arrested and sent to prison for what they did.

Re:We are living in interesting times

[JaredOfEuropa]

Seriously, you think this is about pedophiles? Whenever some politician or law enforcement officer tells you he's after kiddie porn, he is really saying "I can and will do whatever the hell I want to you, your family and your dog, because I have a great excuse to do so". It's also a great way to attack and discredit political opponents or undesirables, as has happened a few times here in Europe: "Well, we couldn't find any offence to pin on him after we arrested him, except for the kiddie porn we found on his computer".

Our rights and freedoms are getting reamed so badly in the name of fighting child pornography, that I sometimes think that legalizing transmission and posession of kiddie porn would be the lesser evil. Think about that for a moment.

Re:We are living in interesting times

[Will.Woodhull]

This is all handled under one of the new secret courts, where the new secret laws are applied.

So don't expect to see any due process.

The laws and Constitution of the USA have been thoroughly corrupted by the worst enemies of the country: the faceless professional patriots who run the Federal Agencies and Bureaus. As Pogo said during the Vietnam peace-keeping thing we did once: "We have met the enemy, and he is us".

Re:We are living in interesting times

[citizenr]

Judge? what judge? You are funny. There will be no judge, only terror charges, or 2 years in prison while DOJ pretends to do discovery while lives are being destroyed and property stolen.

Re:We are living in interesting times

[davydagger]

the issue isn't the FBI attacking pedophiles(which I agree, good riddance to bad rubbish).

Its also things like TORMail, and other non-pedophile sites.

This is good in a way because it proves a good PoC that

"But again, there are legal issues here. Why did the FBI have the right to infiltrate TORmail? They are using general warrants here, just like the NSA does. Because one person may be using TORmail for illicit purposes, the FBI feels that it can install tracking and search software on every user."

because American law enforcement works on the principle of "arrest everyone and sort it all out later". Given the notion that everyone using TOR who's not NSA, is automaticly a criminal of SOME kind, they can just arrest everyone and make them try and prove their innocence, by co-operating somehow with the FBI. They will then use this co-operation as a wedge to keep out dissedents, and create a pool of informants by default, by charging people with crimes they were if only vaugely associated with, with excessive jail times until they give useful informaiton or become informations.

Its also funny that the malware specificlly targets TORBrowser.

I think I called it. When the NSA, CIA, FBI, looses intrest, or no longer needs TOR, they will simply arrest everyone publicly involved with it for pedophilia or whatever other activities go on. They can play stupid to technophile judges, and juries, and know they'll get away with it.

Re:We are living in interesting times

[buswolley]

I care. I'll get voted down on this, but the internet is a marketplace for all sorts of products, and when the product is the ruination of children's lives and welfare, I care very very deeply that that market is extinguished. Period.

Nevertheless, the legal questions in this case are important for legal speech also, so it must be carefully weighed.

Re:We are living in interesting times

[Joce640k]

Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.

You're forgetting something: They said 'pedophile' in the press release.

Re:We are living in interesting times

[Will.Woodhull]

It is a legal arena defined by the new secret laws whose application is subject only to the new secret courts.

Congress is not going to do anything about this. Hell, they cannot even decide which hand they should use to wipe their collective ass. The Obama Administration might be complicit in this, or it might have its hands tied. Because the secret courts have the authority to issue secret injunctions against any organization, including other parts of the Federal government, it is possible that Obama has no effective oversight on what they are doing. They seem to report to the Judicial Branch, not the Executive Branch. And the Judicial Branch was not constituted to manage this kind of execution of law.

We are now beginning to see how a rogue element has managed to gain control of significant Federal powers while remaining outside of any of the constitutional checks and balances.

This is not going to end well.

Re:We are living in interesting times

[Seumas]

I don't know that what a judge finds matters. We have seen that the executive branch and all of the three-letter-agencies do whatever the hell they want. There is nothing that will change that. Not legislation, not public outcry. Not even presidential decree. Nothing. Will you drive them back into secrecy? Yes. And that is where they will continue to do what they want.

Re:We are living in interesting times

[jamstar7]

Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.

You're forgetting something: They said 'pedophile' in the press release.

An old Soviet trick to remove a recalcitrant politician or bureaucrat who just wouldn't step down when asked nicely then threatened was to label them a pedophile or a rapist, then 'disappear' them. That's how they got rid of Beria rather than let him take over the whole Soviet Union after Stalin.

Re:We are living in interesting times

[Pino+Grigio]

Speaking of the Soviets, I happen to be reading Hayek's, The Road to Serfdom at the moment. The conflict between Freedom and Security is covered in some detail. I highly recommend slashdotters read it too.

Re:We are living in interesting times

[slashmon]

Pedophile means that the person has a condition called "pedophilia". It does not mean they break the law. It's not illegal to be attracted to children. Most people with pedophilia live their lives legally and deal with their attractions to children (which they cannot change) legally, also. Pedophile does not equal child molester. Just as someone who just thinks about robbing a bank is not a bank robber. This short article tells the real deal about pedophiles: http://www.commonatheist.com/ped.htm

Re:We are living in interesting times

[tnk1]

Although I should point out, Beria actually was a sick fuck. They didn't have to make up half that shit about him. It's just that no one actually could or would do anything about it while Stalin was alive and Beria was still the top flunky.

Re:We are living in interesting times

[tnk1]

Well... that's not entirely true. Yes, no one is making any more money off of traded images, but having a whole section of the Internet to their own allows for the existence of a nice safe place for trade of this stuff, and the desire to "show off" by making new stuff. "New stuff" being further acts.

These people show off the kids they abuse like they are their boyfriend/girlfriends. The real threat is that allowing them to be comfortable anywhere reinforces that abuse. Money is not the only reason kids get abused, although it certainly adds an industrial element to it.

That's one reason that I stay well away from TOR even though I understand the more benign uses it has. There are useful things you can do with it, but the fact that it is ground zero for drug sales and pedophilia makes it a very, very uncomfortable "neighborhood" to be in. Not to mention that even though this action is recent, the fact that you actually use TOR or connect to entry nodes is easily determined and obvious. Even if they don't know where you are going or what you are getting, they know you're up to *something* and that something has a much higher chance of being illicit. Nothing like increasing your NSA threat level for no reason.

Re:We are living in interesting times

[noh8rz10]

said the AC...

Re:We are living in interesting times

[icebike]

Only a moron would believe that.

Check your facts:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History
https://www.usenix.org/legacy/events/sec04/tech/full_papers/dingledine/dingledine_html/index.html

Why do you think almost 2/3rds of all TOR sited portal to the net in Virginia?

Re:We are living in interesting times

[cervesaebraciator]

I rather agree with Hayek's views on central planning. But central planning is not the only road to servitude and even the path of classical liberalism can lead to such an end, as Hilaire Belloc warns in The Servile State (it may be found here free, here in paper, and here for free on audio). I sometimes find it interesting, in spite of my libertarian leanings, to consider third ways, apart from the old collectivist/individualist dichotomy.

Re:We are living in interesting times

[slashmon]

It shouldn't be illegal, anymore than stuff on sites like rotten.com is illegal. Information should be free. It's distasteful, yes. But that's why most people wouldn't want to look at it. Anymore than most people would want to look at rotten.com or beheading videos or a video of an adult getting raped. It's creepy stuff. Go after the people that actually hurt the children. All this emphasis on bad pictures gives the government endless opportunities to erode freedoms.

Re:We are living in interesting times

[Linsaran]

I would respectfully argue that pictures distributed after the fact are still harmful to the original victims. Nothing makes it harder to move past some unpleasant event in the past than the constant reminder that it happened. Imagine for a moment that you were victimized in some way (not even necessarily sexually), now imagine that the event was recorded on camera. Now imagine that 10 years after the fact people are still leering at the pictures of your victimization. How would that make you feel? The damage of child pornography doesn't necessarily end when the abuse stops.

Re:We are living in interesting times

[meta-monkey]

Regardless, they are after those who are in possession of child pornography, which is a crime. You may not think it should be, but that is completely beside the point. In order to find those who MIGHT be in possession of this material, the FBI gained unauthorized access to the computers of nearly EVERYONE who visited sites on Freedom Hosting, whether they were visiting a site that trafficked in this material. There are other sites on Freedom Hosting that do not host or distribute child pornography, and yet their users were exposed, as well.

This is akin to police discovering that a booth at a flea market is selling stolen merchandise. A reasonable course of action would be to obtain a warrant to search the property of the booth's operator. It would also be reasonable to conduct a stakeout of the booth to see who else visits the booth to knowingly buy or sell stolen goods, and then, after observing such activity, search the vehicles of these associates. That's all fine. But here, they basically came in and rummaged through the cars of everyone who came to the flea market, regardless of whether they visited the stolen goods booth or even knew of its existence.

That shit is fucked up, yo.

Re:We are living in interesting times

[BlueStrat]

Sorry, but the Soviets didn't invent that trick. If anything they copied it from the Nazis, but then the Nazis didn't originate it either. Perhaps they copied it from the Inquisition, or from any of many other prior "practitioners of the art". It's so old that one can't even say how old it is. It *probably* didn't predate language.

The amazing thing is that it still works.

Actually, if you count it as a subset of propaganda, then you need to go back to Edward Bernays and the Wilson administration's implementation of the first government propaganda agency, the Committee on Public Information.

http://en.wikipedia.org/wiki/Edward_Bernays
----
Bernays's public relations efforts helped to popularize Freud's theories in the United States. Bernays also pioneered the PR industry's use of psychology and other social sciences to design its public persuasion campaigns:

      " If we understand the mechanism and motives of the group mind, is it not possible to control and regiment the masses according to our will without their knowing about it? The recent practice of propaganda has proved that it is possible, at least up to a certain point and within certain limits."

He called this scientific technique of opinion-molding the 'engineering of consent'.

Bernays began his career as press agent in 1913, counseling to theaters, concerts and the ballet. In 1917, US President Woodrow Wilson engaged George Creel and realizing one of his ideas, he founded the Committee on Public Information. Bernays, Carl Byoir and John Price Jones worked together to influence public opinion towards supporting American participation in World War I.
----

Goebbels owned a copy of Bernays's book on the subject IIRC, and acknowledged Bernays's and Wilson's achievements with the use of propaganda domestically and utilized many of their techniques and principals in Nazi propaganda programs. I believe Stalin is reported to have taken many propaganda ideas and concepts from Bernays's work as well..

Wilson was a real racist/segregationist, political/policy-opposition-arresting piece of work all on his own. People should read about the actions taken and policies enacted by Wilson domestically. In a lot of ways, like the Executive Branch/DoJ running wild, it resembles our current situation with a DoJ exceeding it's powers and deliberately inflicting illegal, un-Constitutional, and criminal injustice for political reasons.

Strat

Re:We are living in interesting times

[SeaFox]

Seriously, you think this is about pedophiles?

Yes, and clearly. This is the largest pedophile bust in history.

Says who? None of these people have been given their due process. At this point they are, at the very most, alleged child pornography traffickers.

Also, isn't your source of information the very government agency that was using a JavaScript exploit in a potentially illegal fashion to catch these perpetrators? Not exactly an unbiased source of information as to the legitimacy of their actions, huh?

Re:We are living in interesting times

[SuricouRaven]

The original idea was that banning the pictures would greatly reduce demand for them, thus eliminating the economic inventive towards the child abuse required for their production.

That's the excuse, anyway. It doesn't explain why many countries then expanded the definition to include photoshopped images where no abuse actually took place ('pesudo-photographs' is the term in UK law), artistic depictions, artistic depictions of non-human characters that have some characteristics of human children (Yes, the UK even thought of that one!) and even completly fictional stories.

The real reason is much simpler. A collective desire: 'This stuff makes me feel icky and I hate the people who like it, so it should be illegal.'

Re:We are living in interesting times

[oztiks]

We certainly are living in interesting times and considering that you're 200,000 UIDs older than me, you have to consider what Slashdot was like years ago.

I remember when people started taking shots at Slashdot for the type of articles it posted, flamed it for being too mainstream, Apple-centric, or because it's become a popular wannabe geek pissing ground. Though all these things may be true or not, it doesn't really matter.

What's important to know is that Slashdot is about IT/Geek news and if you look at the IT segment alone it has become massively political. The shit fights between Netscape and Microsoft pale in comparison to the crap we're subjected too today. The Obama administration is now getting involved in the Smartphone wars for example ... who would'a thought? The EU slapping Microsoft over antitrust, so what? The US is now posturing against Russia because of leaked data that has been spilled out on the internet. We're talking about "news for geeks" hosting stories about stuff that wars are made from!

You say hardball? you say interesting times? I say how much more interesting is it gonna get?

Re:We are living in interesting times

[Archangel+Michael]

"Tyranny is defined as that which is legal for the government but illegal for the citizenry."

Tips for Tor

[Meditato]

Put your Tor client in a Secure Linux VM, so none of your hardware information can be exposed. Go to https://check.torproject.org/ to check if Tor is working, and make sure NoScript or something similar is enabled.

Re:Tips for Tor

[Cynops]

Or use Tails, a Linux distro specifically designed for paranoia. You burn it on a CD (or USB stick) and boot from it into a Linux desktop environment specially crafted for privacy and security. All internet traffic is routed through Tor (sic), so after rebooting you should be fine.

No defcon?

Should have invited the feds to defcon after all. Seems they got bored this weekend.

This has to be illegal

[coder111]

I wonder about the legality of FBI's action here. Ok, I guess they have some kind of search order/wiretap order for "investigating pedophiles" against one specific site, but what about collateral damage? I mean they shut down an email service used by normal people as well. They did track and spy on activities on normal law abiding citizens. Did they effectively break into a big number of law abiding citizen's machines against whom no search or writetap orders were issued?

Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.

Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...

--Coder

Cybercrime: Legal, but only if you're The Law

[girlintraining]

So basically, if you're legally accessing a website while browsing with Tor, making use of legal services in a legal fashion... the FBI will install a wiretap on your computer, without a warrant, in order to monitor all your activities, on the off chance that you might be up to no good. This is rather like walking out into rush hour traffic, pointing at random cars, and saying "Search that car! We know terrorists use cars, so let's start searching them all."

Dear FBI,

Fuck you. That's a terrorist's mentality. You're worse than the lowly pieces of shit you hunt, because we expected you to uphold principles of integrity, honor, and those other words you got plastered on your slimy logo that used to mean something. You are, in fact, worse than a terrorist: You're a corrupt law enforcement organization with a bigger budget than any terrorist organization out there, and you are doing more harm to this country than catching a hundred Bin Ladens could accomplish.

-_- The internet is a global and international community and you need to show some restraint, otherwise you're going to create large amounts of resentment and anger throughout the world. No wait: You already have created this. You are endangering the infrastructure and the people you are oath-bound to protect with your actions. I don't give a flying fuck through a rolling doughnut what authority or law you think gives you the right to act in this fashion... you're a public menace. You're just giving everyone who doesn't like this country piles of ammunition and sympathy from the general public that can be used to attack MY country.

Knock it the fuck off. Now.

Re:Cybercrime: Legal, but only if you're The Law

[girlintraining]

I'm not saying this to disagree with OP's rant, just to point out an easily-correctable issue.

I'll give you that. I was really angry when I wrote that. Still am, actually. Tor was originally designed by the US Navy. To my knowledge, several organizations within the military still recommend its use, or variant technology, in order to obscure source IP addresses that could identify the person browsing as being part of the US military. Needless to say, installing malware onto a computer that belongs to someone with a high security clearance is a security problem in and of itself. But it gets even worse; Tor is also widely used by political activists in countries like Iran, China, North Korea (okay, maybe not as much, since their internet is next to non-existant...), etc. These people depend on this technology so that they can advocate democracy in their country and provide intelligence that we actually use in this country... like, for example, reporting someone who might be planning a terrorist attack, and who for obvious reasons wants to submit such a report anonymously. But all of that is topped by the fact that now people know where the vulnerability is, and that it can't be easily fixed... we've just handed a large number of criminals carte a loaded gun, all so we can go after a small number of criminals, most of whom aren't a threat to anyone but themselves (drug users).

The FBI's little war on drugs and pedophilia here will cause considerable collateral damage, and in fact poses a clear and present danger to actual national security. Any gains they could have made by catching a few druggies and kid-fuckers is and will be completely buried by the damage. Cyberwarfare should be the domain of the military, not a civilian law enforcement agency. And that's what this is: This isn't just surveillance, this is a military attack against sovereign interests both domestic and foreign, as defined by our own recently enacted laws on cyberwarfare and terrorism... and while I disagree with a lot of the language of those laws, I do agree that when we're talking about anything not tightly bracketed and targetted to domestic activities alone, authority should remain with the military.

The FBI has so completely screwed the pooch here I am giving serious consideration to printing this out, writing down some notes, and driving downtown to meet with my representatives. I really, truly feel that what the FBI is doing is harmful to national security, foreign relations, and is also overstepping its judicial boundaries severely. Anyone who has given serious thought to what the rules of engagement might or should be regarding cyberwarfare would recognize this is a cluster fuck; Not only because they're publicly admitting it, but because even if they didn't, they're endangering the lives of foreign nationals who may in fact be intelligence assets, if not cultural, abroad. Political activists fighting for democracy could be killed because of this -- this is a very real threat. Those people should have our country's support, not suspicion and derision.

This is weapons grade stupidity. Normally I give law enforcement the benefit of the doubt -- a lot of what I read (for example, an article just two days ago on slashdot about the FBI interviewing someone over their browser history), has a grey area, or is missing key facts. I try very hard not to judge people until all the data is in. But this time... there's ample evidence that this was deliberate and it was done with a complete disregard for not just civil liberties, but national security. I mean, it doesn't really matter which side of the debate you're on here: They fucked all of it up.

Re:Computer Intrusion

[RoknrolZombie]

Computer Intrusion is illegal, and the FBI knows that.

Yup...people have been clamoring for more transparency...perhaps this is that?

So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.

Agreed - the legislation that's in place has granted them far too much power, far more than most of us feel comfortable with.

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

That'd be nice, but I doubt it'll happen. It won't happen any faster than voting decency into office will :-/

The US has gotten way too fucking big for it's britches.

I agree - we need to get these douchebags outta office and get someone in office that does their f'ing job!

I used to think maybe there was justification for the anti-terrorism attitude that the US has.

I'm sure that at least some of the people involved believe that they're doing the right thing. Their belief doesn't make it "right" however...they need to stay the f out of my life. If I'm not breaking the law, they've got no business knowing a goddamned thing about me.

I've changed my mind.

My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.

YES! We need to protest, rise up as one mind, with one purpose, to effect change in our Government! Occupy Wall Street was only the beginning!

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

slavery and death by a thousand cuts

[Kevin+Fishburne]

I'm starting to wish governments would just get it over with and declare a permanent state of emergency. A different arm band for each person's assessed threat level, embedded RFID with skin tattoo for redundancy and mandatory iris, DNA and fingerprint sampling for all citizens. Upgrade traffic cameras with RFID readers and facial recognition software, require RFID and cellular GPS transponders on all automobiles and motorcycles and perform mandatory searches of persons and vehicles for any traffic stop. Nationalizing all ISPs, search engines, telco providers and banks would also be a smart move. Frankly I'm disappointed the government is taking this long. Guess that's democracy for ya.

Re:I kind of want to be angry but..

[cheekyjohnson]

The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out

You're part of the problem. Have fun getting groped at airports.

Re:Computer Intrusion

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

I am not that guy, and while I really don't believe Al Queda are good guys or a group to support, I kinda feel like I should support them in some things. For example they recently said they want to break guantanamo. And hey, I fully support them in that. It seems like the right thing to do, pretty extreme but if the government wanted a less extreme option they had plenty of time for it.
The government is really going to make extremist groups be way easier to relate to.

Be smarter

First of all, use Whonix to access Tor, never the same browser you use for any other purpose.
 
Second, use Firefox with a JonDoFox profile which is not included in Whonix Workstation by default.
 
Third, go to ip-check.info and run the test on your browser. Everything should be green or yellow at the worst. If you see anything in red, fix it before you go to any questionable site. Finally, make sure you don't have any DNS Leaks in your host OS by running this test also from your regular host browser. Don't use or trust DNS from your ISP.
 
If you want to be extra-cautious, run the Whonix Gateway after you establish a VPN connection. Choose an offshore provider that has multi-hop technology to avoid traffic analysis. I'm using iVPN who is located in Malta.

Re:Did I read that right?

[Skuto]

You should had to be running Firefox 17 on windows afaik (that was the version included by the Tor Bundle).

You had be running the specific, modified Firefox version that's shipped with Tor.

Mozilla's Firefox 17 (ESR) has been patched for this vulnerability. (i.e. it's not a real 0-day)

Re:Computer Intrusion

[msobkow]

Look, the bottom line is the US is out of control on a global scale, and has caused most of it's own problems and performed actions that resulted in the hatred of so many nations and societies against them.

Al Queda was trained and supported during the cold war, but as soon as it was no longer of interest to the US, they were abandoned to their fate at the hands of the Russian army. Add in the civilian casualties in Afghanistan, and it's no wonder they hate the US.

The US anti-drug war has literally cost hundreds of thousands of people their lives in Mexico, Columbia, and throughout south america.

You spy on the entire world as if it were perfectly acceptable, ignoring diplomatic ties, diplomatic relations, and even fundamental human rights that are enshrined in your own constitution, so long as it's not an american being targetted.

You produce an obscene amount of the carbon footprint of the planet, polluting the whole globe and doing a great deal to rush us all to oblivion.

You shove your laws down everyone's throats, even over trivial industries like entertainment (SOPA.)

Right now you whine like petty children because Russia won't return Snowden to your menacing clutches.

You bomb women and children with little regard using remote drones, and don't even have the decency to put your own lives at risk while doing so.

Your country is bankrupt, both financially and morally. Your cities are cesspools of crime, corruption, and gun/drug violence. Detroit is but the first of many who will be declaring bankruptcy thanks to years of mismanagement and abuse for the sake of short term votes.

You threaten the entire globe with a nuclear arsenal that dwarfs anyone else's save Russia's, who haven't threatened an invasion of anybody in a couple of decades.

You support the abuse of the Palestinians by your Israeli "allies", turning a blind eye to decades of human and civil rights abuses and blatant flouting of international law.

I'm sick of the US on the global stage.

I swear, you deserve to have your asses handed to you by a conglomeration of the nations you've abused and mistreated these many years.

And don't give me that "Well, I didn't vote for them" bullshit. You know as well as I do that it's the left and right heads of the same two-headed hydra in power down there. Where are the protests in the street? Where are all the so-called second amendment gun nuts when it matters? Where's the revolution that is so badly needed?

But no, you've got your TV pap and your shitty beer and something that claims to be a hamburger in your hand, so you sit idly by and watch it all unfold without saying a word except on slashdot and facebook.

Hell, even your so-called "justice" system condoned the murder of a 17 year old kid because some gun-toting putz started a fight and ended up losing.

Only sort of offtopic

[wjcofkc]

Yesterday I made a posting on CNN regarding the story about the heightened terrorist threat alert. While it covers a different subject, I could re-write it to fit this situation, but I think the slashdot crowd will get my drift, here is a direct copy\paste:

I do not know who to trust or what to think anymore. If this threat is real or not, I imagine we are intended to suppose that it was the US governments blanket surveillance of the world, including domestic spying that tipped them off. On the other hand, the timing is such (Snowden/Manning) that for all I know they made the whole thing up to better justify government wrongdoing in the eyes of the people. Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel. I don't know who to trust or what to think anymore, with the exception that I know I don't trust my own government. They have proven themselves manipulative liars.

Re:I kind of want to be angry but..

[achbed]

I love hearing cases where the law makes no sense. A 16-year-old and his 16-year-old girlfriend have sex. Statutory rape charges are brought against the boyfriend, but are dismissed because the laws state that you have to be 18 to be charged. The girlfriend records it on her phone, and send a copy to the boyfriend. She gets charged with production of child porn, and he gets charged with having it. Welcome to the new world order.

What does this have to do with Bitcoin?

[Agent+ME]

I don't see how this affects Bitcoin at all. It's not an exploit of Bitcoin. Bitcoin isn't dependent on any onion sites, "Freedom Hosting", or Tor. The Silk Road are not the only users of Bitcoin.

EFF

[mill3d]

EFF in the White house, ASAP please.

I understand there's a legitimate need to conduct surveillance when justified. But having people from the EFF and/or ACLU running, or at least supervising things will likely act as a filter to prevent further abuses and level the playing field.

Re:Computer Intrusion

[Arker]

Al Qaeda are a bunch of murderous thugs. They get and should get no sympathy whatsoever. But it's the US governments own responses which gives them grounds to curry sympathy. This is why they wanted us in Afghanistan, in Iraq, and beyond. Our government had its own reasons to want to do this, but in the end the result is the same.

So when you draw lines on your mental map and you are thinking about enemy of my enemy, keep in mind that Al Qaeda and the Feds may be better seen as allies, for the moment at least, rather than enemies. Oh, they dont like each other. But they have been strengthening each others hands and playing together to common goals for a long time. In Afghanistan during the soviet period, in the balkans, and right now in Syria. Al Qaeda, contentless US Press releases to the contrary, was weak and nearly powerless in 2002, and today it has a presence in countries from Mali to Indonesia, and can even field an army (by all accounts the strongest and most successful in the entire opposition) to contend in the Syrian Civil War.

And the US is backing them, there, much as we did in the Balkans not so very long ago. What's really going on here?

Re:We all have instances where we fall back...

[Opportunist]

Isn't it interesting how easily people are manipulated? For some it's terrorism, for some child porn. I wonder what it would be for me that I'd consider more important than my freedom.

Still taking suggestions.

FBI director reports to Clapper, Obama

[raymorris]

It's the freaking FBI. That's not exactly a secret rogue agency. FBI director Mueller briefs Obama directly. Technically, Clapper is Mulleur's boss, and Obama is Clapper's boss. That's ONE GUY in the chain of command between Obama and the FBI.

Re:FBI director reports to Clapper, Obama

[Will.Woodhull]

It is elements of the FBI charged with executing the secret laws that came into existence more than 6 years ago and are administered by the Judicial Branch through secret courts that were set up for that purpose. Those courts have the authority to issue secret writs that include penalties for even saying that you have received one or are bound by one to act in certain ways.

Mueller may be operating under Judicial constraints that prevent him from saying anything to Obama, or Clapper, or any elected official or appointee of an elected official. There is no way to know. That's part of the secrecy.

There are strong Constitutional walls that prevent the Executive Branch from interfering with the operations of the Judicial Branch. The Judicial Branch has no mechanisms for executing laws on its own. But in this situation, the Judicial has been granted direct control over portions of Executive agencies, and those portions of the affected agencies appear to be legally constrained from reporting to their superiors-on-record about their activities. We have heads of agencies that can commit perjury before Congressional committees with impunity-- apparently because the perjury has been approved by some branch of the Judiciary, either directly or under some umbrella order.

Several years ago, probably for very patriotic reasons to protect everyone from another 9/11, a bunch of lawmakers corrupted the US Constitution with this deadly foolishness. There has been time enough for that corruption to grow the roots it needs-- acquire the secretarial pools, dedicated agents, middle managers, and perhaps even gung-ho janitors-- and now like a corpse flower the thing is coming into bloom.

There are times when getting out the tinfoil hat is appropriate, such as the 1960s in the USA wrt LBJ's "Guns and Butter" Great Society. We are living in another of those times. No matter how dangerous the world becomes, the USA will certainly lose its core values of liberty and justice for anyone if secret laws and secret courts are not terminated.

Re:Computer Intrusion

Everybody has a tipping point. I think for US it's going to be the Big Brother issues.

I'm from Turkey and for us the tipping point was a park.

For years, we had been suffering the same politics of fear that I see in US. The government was practically putting anyone (particularly people speaking against them) under surveillance, making journalists wait in custody for years before even having their trials, suing people in a corrupt justice system just for speaking their minds using something equivalent of the Patriot Act. The freedom of speech was no where to be seen.

During all this time, what stopped people from acting was the feeling of being alone and powerless. And that's what happens when all the media is corrupt and distorting and hiding what's really going on. But people were no fools. Thanks to the internet, there were ways of knowing what's really been going on and people have been getting the news.

So one day, police attacked hundreds of people who were having a sit-in for saving a park and the trees in it with. Anger overwhelmed fear and in a few hours millions were on the street, protesting. I had seen nothing like this. People coming out of Yoga classes were throwing tear gas grenades back to the police. Mothers were preparing solutions to use against the effect of pepper spray. Nobody was afraid of being against the police anymore. The whole story is really interesting, from using google maps to track and distribute police movements to a whole series of sub-culture graffiti on the walls of Istanbul. If you want to learn more, visit this, this and this link.

This lasted for two weeks. For the first five days there was *nothing* on TV or newspapers about this. This was an eye opener for the people who have seen what wasn't being reported. It was what they needed for reverse-engineering the mass-media and bypassing it with social media.

Now everything is calmer, at least in appearance. But the change that people have gone through is an irreversible process. And I think it is, or will be, of a much important consequence than over-throwing an oppressive government. Because the problem doesn't reside within a single government. It's this whole inhumane, ecologically unmaintainable, unjust system and it is all around the world. We all need to open our eyes and do something about it.

Re:FISA secret courts

Actually, these secret courts started in 1978

Re:citation needed

[Mashiki]

Considering that they've been approving 100% of all warrants? Yeah, pretty sure there's a problem. Reminds me of the kangeroo courts...I mean human rights councils here in Canada. Which had a 100% conviction rate.

Nobody mentioned the exploit?

[Harik]

There's a pretty good unwrapping of the payload here, and it's a pretty creative exploit of the javascript interpreter to execute shellcode. Just from a glance at the shellcode, I see a hand-crafted HTTP header so at minimum they're using the OS network stack directly to give the tor-level UUID a public IP coorelation. Beyond that, they could be doing anything since they're already through the sandbox.

Re:Nobody mentioned the exploit?

[AHuxley]

http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114 hinted
"custom software to monitor peer-to-peer networks"
http://news.cnet.com/8301-10784_3-9920665-7.html from 2008
"unique serial numbers" from the person's computer and keeps a tally.."

Why doesn't Tor block scripts?

[Urza9814]

OK, so why the hell doesn't someone take the five minutes to add some code to Tor that would strip out client-side scripting? It's not that hard; plenty of other secure networks do it (ex. Freenet) so why the hell doesn't Tor? I mean yeah, I get it, they give you ample warnings before you download, but is there any legitimate reason they don't do this or have they just decided they don't want to try to stop this kind of attack?

FISA: Where nothing could possibly go worng

[Eternal+Vigilance]

No no no, you don't understand. That 100% rate just proves how good and trustworthy the whole secret system is!

Re:FISA: Where nothing could possibly go worng

[3247]

No no no, you don't understand. That 100% rate just proves how good and trustworthy the whole secret system is!

There is actually some truth in that statement.

A 100% (or near 100%) rate can have two reasons:

• The court is just rubber-stamping the warrant requests.
• The requestors are very cautious and only submit warrant requests in clear cases.

The dangers of Big Data crime enforcement

[aNonnyMouseCowered]

We're now in the age of Big Data crime enforcement, where to be abnormal, in the sense of deviating too far from the median/norm is all it takes to be flagged as a suspect. The danger I see in the future is that, in order to avoid being caught in the net of the federal surveillance agencies people will deliberately start acting within the "norm", like visiting the sites online, Facebook/Twitter/G-something for your communication needs, or CNN/Fox/BBC for your "news", or whatever local site is "popular" in your area. To have an opinion will be to choose from an approved list, much like a multiple-choice exam or, worse, like the presidential election.

The exploit phones home, IP address 65.222.202.54

[Alsee]

The exploit transmits your identifying information to IP address 65.222.202.54. The information includes a unique tracking number generated by the exploit server, your computer's MAC address, your computer's host name, and any other IP addresses and host names visible on your local network.

This IP address traces back to a Verizon business account just outside Washington D.C., not far from FBI and CIA headquarters. You can see the IP location trace here, complete with a zoomable Google map. However note that the location trace is probably just an approximate location. Zooming all the way in shows a local shopping center, but that's probably just the location randomly landing at the "center" of a town or other service area.

-

Two-party system, three-party system

[SLi]

I think there is a practical difference between a 2-party system and a n-party system where n > 2. It's not what you think, though, and I'm not sure which one is really better in practice.

At least from my observations, a two-party system produces heavy polarization. Nowhere have I seen such a polarization as the one in US between Democrats and Republicans. Everyone is sure that their POV is the good one and cannot comprehend how someone can possibly support the other party. As you say, you can choose your flavor of police state.

A system of three roughly equally big parties, however, seems to emphasize consensus. As none of the three parties can hope to form a government alone, they will need to secure the cooperation of at least one of the two other. None of them can afford to become the lone different party, because that would just result always in the other two parties forming a government (unless the winning party manages to persuade enough smaller parties to join a coalition government with the two other parties left out). The result is that you have three basically identical parties that are more or less only differentiated by how they market themselves. Of course there are politicians in the parties that would like to be different, but in order to secure a government with another of the parties, you will need to make concessions, which usually excludes the points of view that are unique to one party.

So, the end result is that you can choose from three flavors which are not really that different. Not that consensus policymaking would necessarily be bad - it's not.

In my country a fourth big party has recently emerged. It will be interesting to see how this affects the dynamics as we've only seen something like two elections where this was the case.

Of course it also depends on the system used in elections. I think the US-style "winner takes it all" system basically forces only two big parties to emerge.

Still, as someone who lives in a country with more than two big parties, I don't think I'd ever want to see a government effectively controlled by only a single party, not for any period of time.

Re:citation needed

[Quila]

They approve all applications because: First, the same few FBI lawyers make the applications and have a pretty good idea of what will get approved and what won't. Second, the FISA court clerks know what their bosses will and won't approve, so reject or send back for modification almost all deficient applications before they even hit the judges where they can be counted in this approval rate.

The rate of applications modified or rejected by the clerks is the real approval rate, but that's not tracked.