Slashdot Mirror
Developer Of Anonymous Tor Software Dodges FBI, Leaves US (cnn.com)
An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying. That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening," she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter.
"Unlimited power is apt to corrupt the minds of those who possess it"
-- William Pitt the Elder, 1770
Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter.
What a bunch of NAZIs!
I mean, here's some poor bastard who wants to talk about geometry, calculus and math, and those fucking NAZIs at the DHS want him?!
Talk about an anti-science society!
and the Home of the Brave.
If she is "one of Tor's core software developers" and she thinks she alone could "undermine the Tor system -- and expose Tor users around the world to potential spying", what does that tell us about Tor.
Is she saying nobody checks code-submissions she makes?
What exactly is she saying here.
Hang them by the nuts until they are dead.
Nowhere to run baby and nowhere to hide.
Germany belongs to NATO. BTW, she was planning that trip way before FBI wanted to talk to her so it's just a "personal brand" PR stunt.
She should be heading to a country that doesn't have an extradition treaty with the US.
..there was a time when people would think it was ridiculous to fear that the US would "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening,"...Shows how far America has fallen...
If I were writing software, I wouldn't be in the US, either.
All of the top software companies are spying on you.
Google, Facebook, Amazon, Microsoft, etc. All of this is ********SPYWARE********. What don't you understand about this???
You should run a *BSD, because it respect you, and won't spy on you.
A secure system isn't secure if a single developer can subvert it.
If they act like untrustworthy douchebags, then surprise surprise people don't trust them even when they're working on a legitimate investigation. Naturally because they insist on acting like untrustworthy douchebags, no one even has any idea if it is legitimate.
Well done, FBI, you're your own worst enemy.
SJW n. One who posts facts.
Unless leaving a business card with a note that says "please call" on her door is the same thing as a judicial subpoena.
This is a case of "panic and run" if I ever saw one.
Her first name is Isis. What are the chances?
Her reason for fleeing doesn't even make sense. The FBI doesn't need her to write compromising code, Tor is open source. If Tor is in a state where she's the linchpin for all code submissions, then that's a pretty gaping security problem with that software anyways. Furthermore, Tor has never really been as secure from law enforcement as its users like to think. There's only a handful of exit nodes, and law enforcement could do a lot by simply compromising one, code intact. .
I wouldn't be surprised if we find out later that she's running for very different reasons.
If it ain't broke, don't fix it.
How many thousands of people gave their lives in World War 2 so that we could have the freedom to escape the U.S. government and fleet to Germany? I'm surprised we haven't felt the earthquake from all the bodies rolling in their graves. :(
Yes, all those jews that fled from Germany in the 1930's were cowards too who had done nothing wrong.
Words spoken by a true patriot
Jesus, CNN is a fucking government stooge what a complete and utter bitch.
I don't work on Tor specifically. In the important / well organized open source software I've been involved with, submissions are typically read by 1-3 other people, and there are unit tests and/or regression tests.
When I say the code is "read", I mean the same way you might read this post. You aren't looking at individual letters and words, you're reading sentences and paragraphs. You could easily overlook typos (but you might catch some typos too).
Often the unit tests aren't 100% thorough. Especially, they tend to cover the expected/correct case. If the code is supposed to send an MMS message, it is tested that entering a phone number and a message causes the message to be sent. often untested is what happens if instead of a phone number some injection code is entered. What happens if the message is millions of characters long? If the disk is full or the network is unavailable what happens?
> Is inserting code the only way someone on the inside can undermine TOR?
There are several other ways. In systems intended to be secure, flaws in the design create problems just like flaws in the implementation can. Someone could undermine Tor by suggesting a feature that seems useful and good.
Policy decisions matter for security - when you download the tor client, how do you know you're not getting a trojaned copy? That's based on how the Tor project operates, separate from any code submitted.
Somebody has the tor.org TLS key. If a sophisticated attacker had the tor.org key, they could impersonate tor.org and cause a target to download a trojaned copy of the tor client. Even if the target checked the hash of the download, they would probably get the hash from tor.org, which is really the attacker. If I thought about for more than 60 seconds, I could probably think of some more ideas.
The government openly views the ToR network as a tool used for one purpose - to obstruct justice. Obstruction of justice and conspiracy to commit same are both serious crimes in the US. Being involved in any way with ToR makes you a co-conspirator in every obstruction crime committed on the network.
I'm not complaining, but why are we seeing this post now rather than sooner? Is the point of the post not necessarily her fleeing but more that the recent even of the subpoena lends some credibility to her fears that may have seemed paranoid before?
The government has succeeded in shooting its self in the foot. Rather than work with the people it is supposed to represent, it uses secret courts and gag orders to keep the population in the dark...
And yet people still sing "land of the free, home of the brave"?
simple solution to fixing our problems:
NO MORE SECRETS IN GOVERNMENT! there is literally no argument for them that cant be countered with an open government.
Honestly our police forces are acting more and more like the KGB every day. We already imprison people for minor offenses if they are poor, the rich never see the inside of a jail cell for smoking pot.
We also make sure we have enough laws to make everyone in the country a criminal no matter what. Yes all of you are currently breaking a law in one way or another, and if we cant nail you on that, Disorderly conduct is a GREAT catch all.
Also dont forget to turn in your neighbor or friends if you suspect any TERRORISM! (Terrorism is the new "anti patriotic" persecution angle)
You have to be a fucking fool to do anything in this country without doing everything in your power to hide your tracks, basically act like a foreign spy in the USA and view all as your enemy.
Isn't TOR supported by NSA and CIA? always i read the same, that the TOR networks is backed by gobernment money? can someone explain that to me?
She just wants the Snowden affect
If that is what she wants, she should go to Russia in stead of Germany.
The FBI agents refused to deal with her lawyer, and intimated that they would pick her up off the street to interrogate her without a lawyer present.
https://www.techdirt.com/artic...
I don't think their actions are the actions of people who are operating within the rules of law. Their actions are the actions of people who are afraid of being caught violating the supreme law of the land.
Another fact that the CNN article didn't make clear : the developer was already in the process of moving to Germany.
If I have been able to see further than others, it is because I bought a pair of binoculars.
One a scale of 1(fictitiously idealized America) to 10(Trumps America) this makes me about a 3.5 or 4 in uneasiness. Not nearly enough to head for Canada but enough to maybe read up on them.
of the brave and free, if they ever were such, is going down the drain. Things are turning to shit so fast in the greatest surveilance nation in the world.
I think the concern here is more about a National Security Letter than say a court subpoena.
https://en.wikipedia.org/wiki/National_security_letter
And this person has posted an NSL canary
>government openly views the ToR network as a tool used for one purpose - to obstruct justice.
And yet...
https://www.theguardian.com/technology/2014/jul/29/us-government-funding-tor-18m-onion-router
Tor, the internet anonymiser, received more than $1.8m in funding from the US government in 2013, even while the NSA was reportedly trying to destroy the network.
According to the Tor Project's latest annual financial statements, the organisation received $1,822,907 from the US government in 2013. The bulk of that came in the form of "pass-through" grants, money which ultimately comes from the US government distributed through some independent third-party. ...
The two largest single grantors of federal money were SRI international, a non-profit research and development centre that aims to bridge the gap between abstract research and industry, and Internews Network, an international non-profit that funds programmes supporting democracy and human rights. The latter gave $555,413 in funding originally from the US Department of State, while the former gave $830,269 in funding ultimately stemming from the US Department of Defense.
The Tor Project also received direct funding from the National Science Foundation and the US Department of State, totalling $100,325 and $256,900 respectively.
Who can just "move to Germany"? You can't get a job there, so the only reason would be if you have family money and a sense of entitlement.
Last I checked they don't just hand out residency permits, and tourist visas for Americans expire after 90 days, at which point she has to leave Germany.
How did she do it?
This Sig does not Exist.
And your words are the words of a spineless bootlicker.
As if visiting the family wasn't stressful enough.
Well, I believe she's trying to avoid being questioned for criminal wrongdoing and using her reputation as a "hacktivist" to get others like the EFF to politicize her situation and obstruct the FBI from investigating her activities. Posting an NSL canary would be a logical move to try and convince people that she's being sought for her hacktivism rather than for any criminal actions.
Agora:
"I was worried they'd ask me to do something that hurts innocent people..."
Apparently she has no idea, or simply does not care, that islamo-fascists use her software to perpetrate horrible, evil crimes against humanity. I suppose she might be thinking if the public does not have knowledge of that fact then she can have a clear conscience, hang out at Oktoberfest and pretend her reality does not include goat fuck-ing islamo-fascists using Tor to kill innocent people she allegedly has an interest in protect.
Fail, fail, fail.
Now we just need to get more American's to stand behind it.
I don't think her actions are the actions of someone who conscientiously wants to avoid aiding the government in violating people's privacy. Her actions are the actions of someone who is afraid of being caught for doing something she knows she could get in trouble for. Her actions are the actions of a criminal.
Yes, something criminal like helping people hide their data from the US government.
In the free world the media isn't government run; the government is media run.
Words spoken by a true patriot
#MAGA !! High Energy! TEN FEET TALLER!
Trump 2016
Yes, all those jews that fled from Germany in the 1930's were cowards too who had done nothing wrong.
And then those Jews who stayed in Italy and supported Mussolini. Things didn't work out too well for them actually.
In the free world the media isn't government run; the government is media run.
If that were the case, then the FBI would be going after all of the Tor developers which they are not. She's not the only one, nor even the most key developer working on Tor.
She's saying that the FBI will force her to put in a backdoor into TOR and then threaten to throw her in jail forever if she reveals the backdoor.
or the FBI have already cracked the current version of Tor and want to spread some FUD around to slow down any updates and/or convince people that newer versions of Tor are unsafe and they should keep using the current version. Don't underestimate the level of douchebaggery you're dealing with here.
Support Right To Repair Legislation.
Agent Smith would like to have a word with you. In person.
Heimat der Gestapo, Stasi und Bundesverfassungsschutz.
When you hauling in Hillary Clinton for questioning. Seems like you're dragging your feet on that investigation, sorry, security review.
Because, hey, if you can't control 'em, break their toys. Or, at least, threaten to.
Yes because, you know, all legislation is just and righteous.
In deed, a wise choiceeeeee - heimerdinger
Germany has good privacy laws, and a real justice system.
As an EU member nation an extradition order could be appealed to the European Court of Human Rights.
Not that Germany will extradite her for no good reason. Particularly there is requirements as to the severity of the crime, etc.
These things are hard to prove, if you have no case. Also spy agencies aren't very popular in Germany.
Particularly not the US agencies, which have been caught spying on Germans; and it weren't that long ago CIA was murdering people in Germany.
After all, she doesn't need escape civilization, just the reach of secret courts, show trials and unconstitutional laws.
I would rather be in prison a martyr for my cause than a coward
Ya okay buddy, get back to us when that happens and you have been Big Bubba's chunk of pleasure meat for the past fifteen years.
The wicked flee when no man pursueth; But the righteous are bold as a lion. - Proverbs 28:1
Lovecruft refused to leave her San Francisco apartment for a week.
"There was this feeling the air had changed, and that I couldn't breathe," she said. "I'd look at my bike and think, I'm not supposed to go outside. Maybe some agents will pick me up off the street if I ride my bike. I'm just going to stay here, and not respond to anyone when they knock."
And now she's left the country in order to avoid being served a subpoena. This will only make things worse for her if the DOJ declares her a material witness and issues a warrant for her arrest, which going to Germany may or may not protect her from.
I don't think her actions are the actions of someone who conscientiously wants to avoid aiding the government in violating people's privacy. Her actions are the actions of someone who is afraid of being caught for doing something she knows she could get in trouble for. Her actions are the actions of a criminal.
Comparing her to the plight of the Jewish community is ridiculous, and doesn't even make sense. This isn't a life or death scenario. She ran, fight or flight kicked in and go figure she flew, no courage whatsoever just fear. She's weak, she could have stayed to fight but she got backed into a corner and ran.
Run you clever girl run.
Lets be frank
TOR was developed by the US Navy, and still gets most of its funding by the US Government.
Its developers for the most part co-operate with US authorities.
For those who don't get the joke. The Godess Isis of the Ancient Egyptian religion was "worshipped as the ideal mother and wife as well as the patroness of nature and magic. She was the friend of slaves, sinners, artisans and the downtrodden, but she also listened to the prayers of the wealthy, maidens, aristocrats and rulers."
The objective of this is fairly clear - Tor still seems to be a sound service, and attacking it at a technology level seems to have failed.
However, if developers contributing to it are too afraid to be involved, then maybe with enough time the can find a compromise.
The FBI has engineered a nice bit of publicity to shake the tree, so they may actually succeed. Surely there is an appropriate XKCD strip for this ?
What "hash"? Indeed, a simple "SHA256SUMS" file doesn't provide any benefit that HTTPS doesn't, which is why torproject.org doesn't publish such files. They do, however, publish PGP signatures of every package they release. To verify such a signature, you need to have the public key in your keyring, which means going to a keyserver to get it. Thus, if anybody ever tried to spoof the signature, they'd have to publish their key to the keyservers as well, which other people would notice and raise the alarm (all of which has actually happened, at least once, in the case of the Tor Browser Bundle.)
Obviously this system can never be foolproof, but people who care about security have actually thought about the issue.
Thank you for that excellent example of "Policy decisions matter for security - when you download the tor client, how do you know you're not getting a trojaned copy? " Many projects only publish a hash with which to verify that your copy is unaltered. The Tor project could have done the same. As you point out, that creates only the APPEARANCE of security, especially if TLS is already in use. By making a policy decision to use GPG signatures, Tor security was improved.
An established developer could well weigh in on such discussions either arguing that GPG/PGP improves security, or that it's a hassle that virtually nobody will actually use anyway. In that way, they can influence the security of the project apart from making any changes to the source code.
I wouldn't exactly call Germany a safe place to operate from. It's pretty clear from past court cases that the United States can't order someone to insert backdoors. As bad as the United States is chances are your safer operating from the US than many other countries. Look at the Apple case. It wasn't precedent, because we already had clear precedent saying you can't make someone develop something to assist in a law enforcement investigation. There are also organizations like the EFF which are *highly likely* to take up your legal case should the government attempt to force you to do this sort of thing. The EFF isn't perfect and won't take every case, but something like this is definitely going to get there attention [and clearly has].
Compare this to Germany where the courts have ordered developers to backdoor anonymity software in the past (and it was done too, with a persecuted individual getting arrested in 2003):
http://www.securityfocus.com/news/6779
I do think that there should be an effort to increase funding for Tor and decentralize everything including developers locations. When people operate out of a variety of different locations and particularly ones in jurisdictions that tend not to cooperate with each other the better off we're all likely to be. Yea- so maybe one person in Russia, one person in China, one person in Brazil, one person in Ice Land, one person in Sweden, one person in Canada, one person in Belize, one person in Ecuador, one person in Venezuela, one person in Cuba, etc. With enough developers reviewing each path combined with more decentralization the harder it will be for even the most powerful of governments to force a backdoor.
That's true. I think this is an issue that a lot of projects are going to have to solve in the near future, and while the current system is better than nothing, it can still use a lot of improvement (e.g., requiring signatures from multiple parties.) Certainly the developers have to be part of that decision process.
The US can make it a very big, royal PITA no matter what her status is in Germany.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
N/T.
Her actions are the actions of someone who quite rationally fears 'just talking' to people who might return armed and bearing a warrant if rebuffed. In a world where the POTUS bombs wedding parties with flying robots and cracks jokes about it, if you aren't a criminal you aren't doing enough.
Sadly
In the final week of November 2015, a Special Agent from the Federal Bureau of Investigation, Mr. Mark Burnett, knocked on the door of my family's home and left his card, with an additional phone number penciled in. All my family members residing in America had planned a week-long vacation and were all on a remote island. When the FBI receives DHS flight records as if they're the morning paper, I must admit that whatever reasons for why the Bureau didn't know that I or my family were absent escape me entirely.
Read the rest: https://blog.patternsinthevoid...