Slashdot Mirror
User Error Is the Primary Weak Point In Tor
blottsie (3618811) writes with a link to the Daily Dot's "comprehensive analysis of hundreds of police raids and arrests made involving Tor users in the last eight years," which explains that "the software's biggest weakness is and always has been the same single thing: It's you." A small slice: In almost all the cases we know about, it’s trivial mistakes that tend to unintentionally expose Tor users.
Several top Silk Road administrators were arrested because they gave proof of identity to Dread Pirate Roberts, data that was owned by the police when Ulbricht was arrested. Giving your identity away, even to a trusted confidant, is always huge mistake.
A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay.
Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor.
"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the Wall Street Journal.
It is really easy to miss this, but all security is about people. Good security software guides users into the most secure behavior. Bad security software just sets up a bunch of rules that the user must memorize and follow without error. Users will always be the weakest link, but you can make it easy for them to make good decisions and hard for them to do the wrong thing.
The average person that ends up in jail is dumber than the average person who doesn't. The average criminal among those that doesn't get caught is a lot smarter than that.
> I imagine the average criminal as dumber than the population.
Nah, that's just the average caught criminal. It is a common error to make.
If people who have serious security preoccupations (drug dealers, pedophiles, etc...) are dumb enough to get caught due to human error (and probably not doing their homework), why exactly do the NSA, FBI, CIA, MI6, GCHQ, DGSE, FSB, BND, etc... etc... have to trace everything we do or say online?
In other words, what, on earth, is the purpose of these gigantic spying programs for, if all that is needed is good old fashioned gumshoe work? You know, like, waiting for the bank robbers to brag of their exploits to a police informants, painstakingly tracing money flows from dodgy businesses, or gathering evidence and finger prints on a crime scene?
Sure, security is hard, everyone makes a mistake once in a while, yadda yadda yadda, but what about the rights of the innocent average citizen? We are all being spied on, while police forces are perfectly able to catch the criminals, even if they use Tor! There is simply no justification, none whatsoever, for these agencies to spy on everyone. Think about that for a second.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
User Error is the Primary Weak Point In Software.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Incorrect. Your average criminal may be less moral BUT to lead a successful criminal life requires a level of intelligence the law abiding citizen does not require. It's easy to follow the rules laid out before you. Society has created a reality for you in which you choose to reside unaltered. The perpetual criminal chooses to reject that reality and so must not only create the one they choose to live in but constantly maintain the battlements between theirs and the rest of society's in order to not find themselves in a small locked room. An intelligent person may even be more likely to become a criminal to some degree in the respect that they see better than most the gray-scale of the world. Right and Wrong as taught to us as children is never so black and white in the harsh reality of adult life. Refining a complex moral code of your own creation and then holding yourself to it while living aside others is not for the simple minded.
As an aside, your presumption may be that the average criminal gets caught (ergo unsuccessful) but I'm afraid that is most likely an incorrect assumption. People break the law on a daily basis probably more than they think they do. The ones who knowingly do this would be your "criminal" but to assume they are well represented by the news-worthy ones being dragged off on TV is a bad assumption. Entire swaths of this society live their entire lives breaking law after law after law and dying peacefully in their old age comfortable that they lived their life the way they chose to.
er no fucktard, because violating the security rights of a huge number of people, with the justification that you find a few criminals is exactly the fucked up logic The Man uses to increasingly erode our rights until we get to a point where we have none. If the man had allocated all their resources they've put into illegal and immoral monitoring of the general populace and put it to actual investigation of crimes I daresay they would have solved a fuckton more shit than they actually have. But busting privacy online and in general our individual rights has actually got FUCK ALL TO DO with busting a few crims, so wake the fuck up and stop falling for the whole "think of the children" bullshit principle