Slashdot Mirror

← Back to Stories (view on slashdot.org)

User Error Is the Primary Weak Point In Tor

Posted by timothy on from the setting-aside-whether-you-like-particular-users dept.

blottsie (3618811) writes with a link to the Daily Dot's "comprehensive analysis of hundreds of police raids and arrests made involving Tor users in the last eight years," which explains that "the software's biggest weakness is and always has been the same single thing: It's you." A small slice: In almost all the cases we know about, it’s trivial mistakes that tend to unintentionally expose Tor users. Several top Silk Road administrators were arrested because they gave proof of identity to Dread Pirate Roberts, data that was owned by the police when Ulbricht was arrested. Giving your identity away, even to a trusted confidant, is always huge mistake. A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay. Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor. "There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the Wall Street Journal.

70 comments

  1. Summary: by Tablizer · · Score: 1

    GIGO

    --
    Table-ized A.I.
    1. Re:Summary: by Anonymous Coward · · Score: 0

      SAISD

    2. Re:Summary: by Forbo · · Score: 1

      What does that mean? I can't find an explanation anywhere.

    3. Re:Summary: by Anonymous Coward · · Score: 1

      It's probably a typo for SIASD, "stupid is as stupid does".

    4. Re:Summary: by Anonymous Coward · · Score: 0

      Garbage In
      Garbage Out

    5. Re:Summary: by Impy+the+Impiuos+Imp · · Score: 1

      No, it means (go) suck an Imperial star destroyer.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  2. Good Security by Anonymous Coward · · Score: 4, Insightful

    It is really easy to miss this, but all security is about people. Good security software guides users into the most secure behavior. Bad security software just sets up a bunch of rules that the user must memorize and follow without error. Users will always be the weakest link, but you can make it easy for them to make good decisions and hard for them to do the wrong thing.

    1. Re:Good Security by Lennie · · Score: 1

      That is why the Tor-browser-bundle includes a browser with lots of indentifying information removed.

      --
      New things are always on the horizon
    2. Re:Good Security by Anonymous Coward · · Score: 0

      That is why the Tor-browser-bundle includes a browser with lots of indentifying information removed.

      Well, other than a period of time spanning a few months when the distributors of the browser bundle turned JavaScript "on" by default. Right about the same time that the NSA was in control of the Freedom Hosting servers, planting malicious scripts on a variety of webpages which would phone-home information to IP address ranges which trace to government facilities in Langley, VA.

  3. Security is too hard by mveloso · · Score: 3, Interesting

    If security is too hard for criminals to use, it's too hard for normal people to use.

    1. Re:Security is too hard by mythosaz · · Score: 1

      It might just be me who thinks this, but I imagine the average criminal as dumber than the population.

    2. Re:Security is too hard by Anonymous Coward · · Score: 4, Insightful

      The average person that ends up in jail is dumber than the average person who doesn't. The average criminal among those that doesn't get caught is a lot smarter than that.

    3. Re:Security is too hard by Anonymous Coward · · Score: 4, Insightful

      > I imagine the average criminal as dumber than the population.

      Nah, that's just the average caught criminal. It is a common error to make.

    4. Re:Security is too hard by EnempE · · Score: 3, Informative

      It is not just you that thinks this. But I think it is a convenient thought not a considered one.
      I don't think there is anything in terms of research to support the 'criminal subclass' idea (i.e. a group too stupid to succeed without breaking the rules), it is just a rationalization that outlived phrenology.
      Even if the measure of criminal intelligence was not being caught, it assumes that the entire criminal justice system is composed of exactly average people with the same resources as the criminals. That is clearly not the case, as their 'situational awareness' tools are what motivates those without criminal intentions to consider these technologies.
      Regarding the use of TOR, when imagining the criminal 'eptitude', you have to balance the fact that the risk would motivate them to expend additional effort in using the system. These things are more about discipline than intelligence. You might be more disciplined in your approach to paid work than a hobby, it would be reasonable to expect that criminals would similarly be more disciplined with the use of TOR than a hobbyist.
      TLDR
      I think mveloso's heuristic for measuring a security tool is still valid.

    5. Re:Security is too hard by Matheus · · Score: 4, Insightful

      Incorrect. Your average criminal may be less moral BUT to lead a successful criminal life requires a level of intelligence the law abiding citizen does not require. It's easy to follow the rules laid out before you. Society has created a reality for you in which you choose to reside unaltered. The perpetual criminal chooses to reject that reality and so must not only create the one they choose to live in but constantly maintain the battlements between theirs and the rest of society's in order to not find themselves in a small locked room. An intelligent person may even be more likely to become a criminal to some degree in the respect that they see better than most the gray-scale of the world. Right and Wrong as taught to us as children is never so black and white in the harsh reality of adult life. Refining a complex moral code of your own creation and then holding yourself to it while living aside others is not for the simple minded.

      As an aside, your presumption may be that the average criminal gets caught (ergo unsuccessful) but I'm afraid that is most likely an incorrect assumption. People break the law on a daily basis probably more than they think they do. The ones who knowingly do this would be your "criminal" but to assume they are well represented by the news-worthy ones being dragged off on TV is a bad assumption. Entire swaths of this society live their entire lives breaking law after law after law and dying peacefully in their old age comfortable that they lived their life the way they chose to.

    6. Re:Security is too hard by HornWumpus · · Score: 1

      Law abiders live pathetic lives, constantly afraid.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    7. Re:Security is too hard by tehcyder · · Score: 1
      Getting caught is part of being a career criminal.

      The idea that there are evil criminal geniuses behind the scenes is just another conspiracy theory, dating back to Victorian/Edwardian times and fictional figures like Professor Moriarty or Fu Manchu.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    8. Re:Security is too hard by tehcyder · · Score: 1

      That's pretty well written for a thirteen year old. B++

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    9. Re:Security is too hard by tehcyder · · Score: 1

      Yeah, the true heroes are the drug-addled muggers and teenagers hitting old ladies over the head with bricks.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    10. Re: Security is too hard by Anonymous Coward · · Score: 1

      Yea the real criminals are the ones in congress.

    11. Re:Security is too hard by HornWumpus · · Score: 1

      Because those are the only two options? Fuckwit!

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  4. Two Words by stoploss · · Score: 2

    Parallel Construction.

    1. Re:Two Words by mythosaz · · Score: 1

      The post below yours expounds a bit, but he's an AC, fuck him :)

      I'm not the biggest fan of parallel construction, at least not as its used. The idea that you have to protect a confidential informant from getting shot in the head is certainly a real issue, but nowadays it seems PC gets used to hide the results of mass wiretapping or other not-so-rosy snooping.

      I still question if Tor is genuinely broken, if the NSA (or whomever) has a sufficient number of exit nodes and compromised carrier's routers plus the raw computing horsepower to do much more than get a clue or two at best. I suspect compromising hosts is probably a much more valuable tool, as is human intel. It's easy to coerce a junior sysadmin at SR than it is to break Tor.

    2. Re:Two Words by CaptainDork · · Score: 1

      The weakness of Tor is proper implementation. Those who think they know how to do it right are a;most always wrong.

      --
      It little behooves the best of us to comment on the rest of us.
    3. Re:Two Words by Mister+Liberty · · Score: 1

      You can take parallel contruction to the adversary. Think about it.

    4. Re:Two Words by Anonymous Coward · · Score: 0

      Two possibilities:

      1. they have an exploit for tor itself that allows them access to any given tor router's contents and routing table. This could include seeing your unencrypted data as you put it into the tor network.
      2. PRISM metadata collection covers enough internet that they can execute packet timing attacks and observe your packets as they wind their way through the onion and back. They wouldn't be able to get the content, but they'd probably just assume that if you're sending a lot of data to silk road servers you must be doing something there.

    5. Re:Two Words by SuricouRaven · · Score: 1

      Even if the NSA had some way to break Tor, they'd have to use it sparingly - if they use it for every drug dealer, so many people would have to know it would be sure to leak. So I imagine it'd be reserved for the most vital of cases, like DPR and other such kingpins. Not your regular rogue doctor selling a few pills or teen looking to score some pot.

    6. Re:Two Words by Anonymous Coward · · Score: 0

      I seriously think that when the NSA can all monitor entry and exit points the TOR network, and break TLS somehow, they can indeed get TOR user's identities. Imagine this TOR session: First you search something on google (80 kb), 8 seconds after that you visit wikipedia (800 kb due to images), after you've spent 2 minutes on that page, you visit slashdot, find out that /. doesnt like TOR, google for the soylent darknet hostname, and visit them. From the tracker-cookies (and google's redirection for seatch results) the NSA can distinguish the different users on the exit node quite well, with a margin of "ok this visit to slashdot may be there or may be not". Then they can combine that info with the entry node traffic, and compare the time-bandwidth function of the entry and exit points. The hard part is in distinguishing different users on the exit node. I don't know how many users are on one major exit node, but as there aren't much large exit nodes (256), the NSA has a hard job with them. But resourceful agencies like NSA can easily afford hiring people that create the google redirection and tracker cookie code.

      I don't want to help NSA but they need to be really dumb people (with tons of money but dumb) if they haven't thought of this arlready.

  5. Parallel Construction by Anonymous Coward · · Score: 4, Interesting

    It is virtually certain TOR is compromised by the NSA by listening at all entry and exit points at a minimum. However, the only cases that come to trial are those where they can estabish an alternative ( parallel ) path to the evidence.

    1. Re:Parallel Construction by Triklyn · · Score: 1

      evidence of this would be significantly more contrived constructions. all the examples that the summary seems to describe seem like " yeah, ok that's plausible." if they require plausibility to guard their deniability, then don't let their be plausibility. the good security practices still work in so much that they won't be able to come after you with something incredibly contrived and still guard their secret. Evidence that isn't actionable really isn't evidence.

    2. Re:Parallel Construction by Anonymous Coward · · Score: 0

      significantly more contrived constructions

      You mean like captchas containing the server's real IP, or a dude getting a box of fake IDs mailed to his home address internationally (through customs)? OK, the second one fits under "could be THAT dumb".

    3. Re:Parallel Construction by Anonymous Coward · · Score: 0

      This is the most relevant comment here. These stories about how difficult it is to find Tor users are false and misleading, and their only purpose is to make users believe that Tor is safe. Tor is not safe anymore. Timing analysis and packet fingerprinting has shown to be effective in identifying users. If you hear yes, its no. If you hear no, its yes.

    4. Re:Parallel Construction by Anonymous Coward · · Score: 0

      You can't listen to all entry points; the entry point to the Tor network is the Tor app on your PC. They could maybe watch for when you connect ro Tor and try and catch the data to the first hop on the network, and maybe try and match it with data leaving an exit node, but the data is already encrypted before it leaves your PC. They'd need to match the cyphertext leaving your PC with the plaintext leaving the exit node.
       
      This is all for browsing the WWW, though. If you stay on .onion sites, tracking data within Tor is not possible. It's sent across the network via different routes to the destination, hence the poor latency.

    5. Re:Parallel Construction by Anonymous Coward · · Score: 0

      Parallel construction does not have to be contrived. It is easy. Instead of "illegal wiretapping lead us to the meth lab" it will be: "An anonymous tip led us to the meth lab. Seems like somebody had a grudge against that particular drug lord...". It will pass, for it is plausible. Drug lords aren't nice employers.

      Instead of "an illegal search uncovered...", the officer heard a panic scream. While investigating, he noticed...

    6. Re:Parallel Construction by JRV31 · · Score: 1

      I've noticed articles like this one http://yro.slashdot.org/story/... sugggesting that TOR is safe. Remember, the best place to hide the truth is in a pack of lies.

  6. primary weak point by Anonymous Coward · · Score: 1

    If there is a primary weak point its that anyone can make an exit node or a routing node, the government has the resources and expertise to make as many as they want, if they owned enough of the nodes there is a high probability that what you send will go through every node that they own, and they have a map right to you. it shouldn't even be hard to find out who hosts hidden services if they probe the system enough.

    information can never be hidden, cast off your delusions of privacy and freedom.

  7. ITS A TRAP by Anonymous Coward · · Score: 0

    Seriously this has to be a trap, TORs secure keep going we have no secret tricks seriously.. not a trap trust me

  8. Human nature by s.petry · · Score: 2

    I don't agree that it's hard, just that human nature will always try and take the path of least resistance. Most security is actually pretty easy for users, just follow these X steps and you will be safe. Users read the first and last step because it's easy. Other users may perform all the steps a few times, and jump to using step 1 and finish because the don't remember the point in performing all the steps. There are others that believe the propaganda fed to them by media and government and consider all security a waste of time.

    To back my point, go back and reread all of the examples they give. Every single one of them was a result of someone missing a step, not because a step was hard.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  9. And, by the way... by Noryungi · · Score: 5, Insightful

    If people who have serious security preoccupations (drug dealers, pedophiles, etc...) are dumb enough to get caught due to human error (and probably not doing their homework), why exactly do the NSA, FBI, CIA, MI6, GCHQ, DGSE, FSB, BND, etc... etc... have to trace everything we do or say online?

    In other words, what, on earth, is the purpose of these gigantic spying programs for, if all that is needed is good old fashioned gumshoe work? You know, like, waiting for the bank robbers to brag of their exploits to a police informants, painstakingly tracing money flows from dodgy businesses, or gathering evidence and finger prints on a crime scene?

    Sure, security is hard, everyone makes a mistake once in a while, yadda yadda yadda, but what about the rights of the innocent average citizen? We are all being spied on, while police forces are perfectly able to catch the criminals, even if they use Tor! There is simply no justification, none whatsoever, for these agencies to spy on everyone. Think about that for a second.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:And, by the way... by Anonymous Coward · · Score: 0

      Sounds like a good goal, but the ends don't justify the means.

    2. Re:And, by the way... by blahplusplus · · Score: 2

      "Why exactly do the NSA, FBI, CIA, MI6, GCHQ, DGSE, FSB, BND, etc... etc... have to trace everything we do or say online?"

      This (mass surveillance) is just more part and parcel of state suppression of dissent against corporate interests. They're worried that the more people are going to wake up and corporate centers like the US and canada may be among those who also awaken. See this vid with Zbigniew Brzezinski, former United States National Security Advisor.

      https://www.youtube.com/watch?...

      Look at the following graphs:

      http://www2.ucsc.edu/whorulesa...
      http://www2.ucsc.edu/whorulesa...
      http://www2.ucsc.edu/whorulesa...

      And then...

      WIKILEAKS: U.S. Fought To Lower Minimum Wage In Haiti So Hanes And Levis Would Stay Cheap

      http://www.businessinsider.com...

      https://www.youtube.com/watch?...

      Free markets?

      https://www.youtube.com/watch?...

      http://www.amazon.com/Empire-I...

      "We now live in two Americas. One—now the minority—functions in a print-based, literate world that can cope with complexity and can separate illusion from truth. The other—the majority—is retreating from a reality-based world into one of false certainty and magic. To this majority—which crosses social class lines, though the poor are overwhelmingly affected—presidential debate and political rhetoric is pitched at a sixth-grade reading level. In this “other America,” serious film and theater, as well as newspapers and books, are being pushed to the margins of society.

      In the tradition of Christopher Lasch’s The Culture of Narcissism and Neil Postman’s Amusing Ourselves to Death, Pulitzer Prize-winner Chris Hedges navigates this culture—attending WWF contests, the Adult Video News Awards in Las Vegas, and Ivy League graduation ceremonies—to expose an age of terrifying decline and heightened self-delusion."

    3. Re: And, by the way... by Anonymous Coward · · Score: 0

      Yes, it does. We in Europe prefer good security over the "freedom" of being constantly in danger.

    4. Re:And, by the way... by Anonymous Coward · · Score: 0

      Ironic how, at the bottom of the description on the Amazon web page, there's a little link which says, " ^ Read less".

    5. Re:And, by the way... by tehcyder · · Score: 1

      If people who have serious security preoccupations (drug dealers, pedophiles, etc...) are dumb enough to get caught due to human error (and probably not doing their homework), why exactly do the NSA, FBI, CIA, MI6, GCHQ, DGSE, FSB, BND, etc... etc... have to trace everything we do or say online?

      At the risk of stating the obvious, you can't rely on all of the narco-terrorists and ISIL-supporting pedophiles being equally careless.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    6. Re:And, by the way... by tehcyder · · Score: 1
      The only behaviour you have to "censor" is the actual commission of crime.

      If you consider something not to be a crime, then you should go about finding enough people to support you in changing the law.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  10. Wrong argument! by s.petry · · Score: 1

    The argument should not be whether or not data can be hidden from the Government, but rather that the Government should not be attacking it's own citizens all of the time. I'm not claiming that the Government of the USA is currently acting within their Constitutional limits. Any 3rd grader that can read the Constitution should be able to tell you that they are not currently within their legal limits. Yes, searching all of your data all of the time is attacking your Constitutional rights. Whether they take action on what they find is similarly the wrong argument.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  11. Please allow me to correct the title. by sconeu · · Score: 5, Insightful

    User Error is the Primary Weak Point In Software.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:Please allow me to correct the title. by Anonymous Coward · · Score: 0

      This!

    2. Re:Please allow me to correct the title. by Anonymous Coward · · Score: 1

      Allow me to correct your title...

      User Error is the Primary Weak Point in Life.

    3. Re:Please allow me to correct the title. by TuringTest · · Score: 2

      User Error is the Primary Weak Point In Software.

      Corollary: designing software that fails to work well under user error is the primary engineering mistake.

      --
      Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
  12. And, by the way... by Anonymous Coward · · Score: 0

    Because if you know you are being watched you will control you behavior and self-censor not only what you say online, but thoughts in your own head.

    The Government can control people without any effort.

  13. Tor spooks by Anonymous Coward · · Score: 1

    The premise of this is wrong. It was never meant to be secure, or for public use.

    Built for spooks, by spooks. Public use is just a way to hide the spooky within the child porn.

    http://pando.com/2014/07/16/to...

  14. Re: Hoover's dossiers are alive and well. by Anonymous Coward · · Score: 0

    They're digital now.

    Of course, the mass spying exists to detect and develop information for extortion and blackmail. If you run for office, become a popular figure, or become a threat to certain entrenched interests - let's use the military-industrial-surveillance complex as a catch all phrase - you can be neutralized.

    Further, if the NSA.CIA/whatever says you are a commie, pedophile, adulterer, drug dealer, etc., how can you answer that accusation? These are plenty of press outlets more than happy to publish anonymous leaks of salacious material about a public figure and many "reporters" who act as stenographers for government agencies. And you, do you have all the records, all the emails, all the posts to rebut this? Do you have all you need that you can use to prove the accusations are false and the emails, photos, etc., are bogus or manufactured? We all know the government has it all, so you must be guilty.

    Oh well, you can take solace in the fact that if you've done noting wrong, then you have nothing to fear.

  15. User not always weak link by manu0601 · · Score: 5, Informative

    In a related story from Brian Krebs, Silk Road was not outed by a badly configured CAPTCHA, as the FBI said. They seem to have another way to peek in TOR: http://krebsonsecurity.com/201...

  16. Not all user error is equal? by cstec · · Score: 1

    A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay. Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor.

    I'm a Tor fan, and think it serves a real need. But seriously .. am I the only one on Slashdot that is ok with busting the meth dealer, the OBGYN dealer and the pedophile?

    Generally speaking, it's been the other way. It's the fake fanning of the flames of a -potential- drug dealer or pedophile that law enforcement brutally abuses to make everyone guilty until proven innocent and collect power unto themselves. But here, here we are are with actual bad people, doing actual bad things that got caught, and the /. response is to fix Tor.

    It's true, Tor should be fixed. But can't we cheer a little that some bad guys went down?

    1. Re:Not all user error is equal? by Anonymous Coward · · Score: 2, Insightful

      er no fucktard, because violating the security rights of a huge number of people, with the justification that you find a few criminals is exactly the fucked up logic The Man uses to increasingly erode our rights until we get to a point where we have none. If the man had allocated all their resources they've put into illegal and immoral monitoring of the general populace and put it to actual investigation of crimes I daresay they would have solved a fuckton more shit than they actually have. But busting privacy online and in general our individual rights has actually got FUCK ALL TO DO with busting a few crims, so wake the fuck up and stop falling for the whole "think of the children" bullshit principle

    2. Re:Not all user error is equal? by Anonymous Coward · · Score: 1

      It's true, my house was completely destroyed by a fire during a police raid with no search warrant.
      But can't I cheer a little that now I don't have to wash those 3 dirty dishes which were in my sink?

      I guess you can, if it makes you feel better. But it seems to be kind of missing the point and the big picture.

    3. Re:Not all user error is equal? by Anonymous Coward · · Score: 0

      Generally speaking, it's been the other way. It's the fake fanning of the flames of a -potential- drug dealer or pedophile that law enforcement brutally abuses to make everyone guilty until proven innocent and collect power unto themselves. But here, here we are are with actual bad people, doing actual bad things that got caught, and the /. response is to fix Tor.

      If we don't stomp our feet and yell (it's easier than voting in primaries!) when law enforcement attempts to neuter the Fourth, who will? Certainly not the helicopter parent / soccer mom crowd.

      In the case of DPR, if they did with with good old-fashioned police work, more power to 'em! But now that some holes are being poked into that story (re: CAPTCHA server behind the firewall, so how'd the feds know to look at that IP?), maybe it wasn't good old-fashioned police work.

      My generation fought the Cold War over things like this. It wasn't just about the fact that Cadillacs and Corvettes were more fun to drive than Trabants and Yugos. "Papers Please," was something uttered by jackbooted thugs in trenchcoats (sometimes witha German accent, sometimes with a Russian accent). The abuses of the KGB/STASI surveillance states were held up as examples of why the Western tradition - regardless of its economic policy - was morally superior to that adopted by the other superpowers.

      There are about 320 million people in the United States. I'm glad DPR is out of business whether he goes to jail or walks free. If he goes free, that's a small price to pay in exchange for upholding the Fourth Amendment rights of the other 319,999,999 of us.

    4. Re:Not all user error is equal? by Carnildo · · Score: 1

      But can't we cheer a little that some bad guys went down?

      How much collateral damage was there?

      When Freedom Hosting was busted, they took down a bunch of child-porn sites and de-anonymized some of the users. But in the process, they also took down TorMail, a legal anonymous email provider, and de-anonymized some of its users.

      Sure, punishing guilty people is fine, but not if you punish innocent people in the process.

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  17. Looks more like SR accidentally published their IP by UpnAtom · · Score: 1

    https://www.reddit.com/r/SilkR...

  18. Well by Anonymous Coward · · Score: 0

    If you don't want to be unmasked you should probably not download sexy-chick-oh-no-she-di'nt.exe.

  19. Re:Looks more like SR accidentally published their by manu0601 · · Score: 1

    Please read Brian Krebs' paper. The SR machine was behind a firewall and could not communicate directly with the outer world, it had to go through TOR.

  20. Submit by Anonymous Coward · · Score: 0

    Submit this as a slashdot story.

  21. Re:Looks more like SR accidentally published their by UpnAtom · · Score: 1

    Doesn't matter. If the host of the software firewall could be traced, maybe that could be traced back to DPR.

  22. Re: Hoover's dossiers are alive and well. by tehcyder · · Score: 1

    Further, if the NSA.CIA/whatever says you are a commie, pedophile, adulterer, drug dealer, etc., how can you answer that accusation?

    With the truth, via the criminal justice system.

    If you actually are a pedophile/drug-dealer (not sure that being a commie or adulterer is illegal any more) and the government have actual evidence against you, tough, you have broken the law.

    --
    To have a right to do a thing is not at all the same as to be right in doing it
  23. Not just Tor by Aaden42 · · Score: 1

    s/Tor/Security Technology/g

    Tor, encryption, any kind of tunneling... Basically any kind of security or privacy enhancing technology is one wrong move away from breaking. Check your Facebook on the Tor connection? Oops... Type your disk encryption key into the wrong window? Oops... Etc.

  24. I don't think that's quite right by tacokill · · Score: 1

    If "they" are listening to the entry and exit points they would not be able to deduce what hidden service and what hidden sites a user is accessing. All they would know is that the user is using Tor through entry point X but they would not be able to trace the traffic after that. However, if the user is using Tor to go to a standard website on the publicly available internet, then -yes- the NSA would be able to connect the dots and follow the trail back.

  25. Pollyanna by Anonymous Coward · · Score: 0

    And the sun will come up in the morning.

    The truth will protect you.

    The courts are not a corrupt arm of the government.

    Everyone in Guantanamo is guilty.

    Moron

  26. Garbage in, garbage out by zapyon · · Score: 1

    Nothing to see here, move along. I had to put something here by demand of the CMS, sorry.

    --
    I like my spaghetti with source.
  27. Oops by zapyon · · Score: 1

    this should have been the reply to the "What does that mean?" post below. By the way: https://en.wikipedia.org/wiki/...

    --
    I like my spaghetti with source.