Slashdot Mirror

← Back to Stories (view on slashdot.org)

Developer Of Anonymous Tor Software Dodges FBI, Leaves US (cnn.com)

Posted by BeauHD on from the u-can't-touch-this dept.

An anonymous reader quotes a report from CNN: FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned. But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying. That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany. "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening," she said in an exclusive interview with CNNMoney. Earlier in the month, Tech Dirt reported the Department of Homeland Security wants to subpoena the site over the identity of a hyperbolic commenter.

28 of 323 comments (clear)

  1. Power corrupts... by boa · · Score: 4, Insightful

    "Unlimited power is apt to corrupt the minds of those who possess it"
    -- William Pitt the Elder, 1770

  2. Re:Hyperbolic by clemdoc · · Score: 4, Funny

    They're lucky they're not trying to meet a parallel commenter.

  3. undermining the Tor system by Anonymous Coward · · Score: 5, Insightful

    If she is "one of Tor's core software developers" and she thinks she alone could "undermine the Tor system -- and expose Tor users around the world to potential spying", what does that tell us about Tor.

    Is she saying nobody checks code-submissions she makes?

    What exactly is she saying here.

    1. Re:undermining the Tor system by houstonbofh · · Score: 5, Insightful

      No, what she is saying is the FBI may believe she can which puts her in a very bad position. If she is successful she "undermine(s) the Tor system -- and expose(s) Tor users around the world to potential spying" and if she is not she is imprisoned for contempt of court. I can see why she left. I can also see why so many security professionals keep their passport current. Way to keep the USA in the forefront of security; scare them to Germany.

    2. Re:undermining the Tor system by wonkey_monkey · · Score: 4, Insightful

      No, but they know more about it than most people, and thus are in a better position to break it. That, or the FBI may want to utilise her standing in the community to push through unfavourable code without too much scrutiny.

      --
      systemd is Roko's Basilisk.
    3. Re:undermining the Tor system by Anonymous Coward · · Score: 3, Insightful

      Okay, sure, we get it, a brick is secure. Anything more complex is not. Can we move on now?

      Of course Tor can be compromised more easily by a developer. Do you regularly download new copies, compile from source, verify that the binaries match the source, and verify that the changelogs posted match the changes that you downloaded? No? Geez, it's like you don't want to check whether things are secure or not!

    4. Re:undermining the Tor system by TheGratefulNet · · Score: 3, Insightful

      no system is secure. why do you keep parroting that same thing over and over?

      (fingered, mate. fwiw)

      --

      --
      "It is now safe to switch off your computer."
    5. Re:undermining the Tor system by mrchaotica · · Score: 4, Interesting

      Do you regularly download new copies, compile from source, verify that the binaries match the source, and verify that the changelogs posted match the changes that you downloaded? No? Geez, it's like you don't want to check whether things are secure or not!

      And then cross-compile again on several heterogeneous architectures (including at least one very old one) and verify that all the output matches, in order to avoid the Ken Thompson hack? And did you do all this for every single piece of code running on the machine, including things like the hard drive firmware and CPU microcode?

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    6. Re:undermining the Tor system by tom229 · · Score: 3, Interesting

      I decided to verify some of this speculation with information easy to obtain.. It turns out she's a very minor contributor. 3 commits, ever. To suggest her code contributions wouldn't be reviewed by the plethora of more active maintainers is pretty wild. Tor is open source, the FBI can make "clever" contributions on their own. They don't need the secret help of a very minor contributor. Furthermore, exit nodes are a much better avenue for compromise.

      Something fishy is going on here. If she's running and offering this bad of an excuse ("I don't want people to get hurt") it sounds like she's got something more I important to hide. Don't be surprised when more of this unravels and she turns out to be complicit in some illegal activities on that network.

      --
      If it ain't broke, don't fix it.
    7. Re:undermining the Tor system by vel-ex-tech · · Score: 5, Insightful

      Yeah, keep following those etymologies like you found the true meaning of this or that magickal term, as if citing the true etymology of the word gives you some magickal power over those who would destroy liberty. Sir James George Frazer called. He wanted to ask you more about your system of magick for an updated edition of The Golden Bough.

      My memory isn't what it used to be, but wasn't it a subpoena that Apple fought for weeks and weeks not so long ago? A subpoena that attempted to coerce Apple into spending time and resources writing custom firmware?

      Maybe Lovecruft here didn't think she would be able to mount the same quality defense against such a subpoena as an international megacorp known for having a veritable money bin of wealth sitting around.

      I don't give a shit if it's called a subpoena or whatever the fuck that means in your system of magick. It's clear what the government is doing.

    8. Re:undermining the Tor system by myowntrueself · · Score: 4, Funny

      Oh. Then the system isn't very secure, is it? I don't know "Isis Agora Lovecruft". Should I trust her code?

      Wait WHAT? Her *name* is Isis!?!?!? How the fuck wasn't she on the no-fly list!

      Sheesh, there go your TSA and Homeland security dollars right there! Those guys really dropped the ball on this one!

      --
      In the free world the media isn't government run; the government is media run.
    9. Re:undermining the Tor system by Anonymous Coward · · Score: 4, Informative

      You are clearly not looking hard enough. She is the lead developer of BridgeDB and has been working on OONI:
      https://www.torproject.org/about/corepeople.html.en
      Looking at the checkins on BridgeDB shows that she at least has been very active:
      https://gitweb.torproject.org/bridgedb.git

    10. Re:undermining the Tor system by c · · Score: 3, Insightful

      This might be relevant. Not a contributor to the core code base, but somewhat in the loop.

      Given the competence and professionalism shown by the FBI on this, I imagine their method for choosing a target was less about how important they are to the project and more about how accessible and vulnerable they are to law enforcement threats.

      --
      Log in or piss off.
    11. Re: undermining the Tor system by vux984 · · Score: 4, Insightful

      I was speaking in general to the notion that counting commits means anything; I don't know anything about her. And I certainly wouldn't get all pedantic about the term 'developer' as used in an article on the web; where everyone from a system architect, to the person who edits the content on the company intranet via CMS is routinely called a 'developer'.

      But fine, you've made me look... happy?

      https://www.torproject.org/abo...

      "Isis: Lead maintainer and developer on BridgeDB. Used to work on OONI."

      So where does that take us:
      https://bridges.torproject.org...

      "When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can know that you are using Tor."

      "This may be an issue if you are in a country where the following applies:
      1. Using Tor is blocked by censorship [...]
      2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. [...]

      "Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor."

      isislovecruft #1: 1,619 commits, 130,599++ / 82,789--
      https://github.com/isislovecru...

      and
      https://ooni.torproject.org/

      "A free software, global observation network for detecting censorship, surveillance and traffic manipulation on the internet"

      isislovecruft #2 with 271 commits, 31,590++, 23,581 --
      https://github.com/TheTorProje...

      She removed ONE line of code (a double free). That is it. That isn't a core developer.

      That burning feeling in your cheeks... that's the shame. Assuming you are a decent human.

    12. Re:undermining the Tor system by geekgirlandrea · · Score: 4, Informative

      This is false; Isis does a lot of valuable work on Tor and on some related projects like bridgedb, but she does not have commit rights on the Tor daemon itself. The people who do are me (Andrea Shepard), Nick Mathewson and Roger Dingledine. All patches are reviewed by at least one committer other than the patch author.

  4. Why did she go to Germany? by DatbeDank · · Score: 4, Informative

    She should be heading to a country that doesn't have an extradition treaty with the US.

  5. You know... by MitchDev · · Score: 4, Insightful

    ..there was a time when people would think it was ridiculous to fear that the US would "I was worried they'd ask me to do something that hurts innocent people -- and prevent me from telling people it's happening,"...Shows how far America has fallen...

    1. Re:You know... by boa · · Score: 4, Informative

      AFAICT: You're quoting Reagan out of context. He was speaking about farming and government subsidies. This is what Reagan actually said:

      "When I first started traveling abroad as President, especially to our annual economic summits, I suggested that the best foreign aid or development program the United States could give the world was a crash study in free enterprise. And this idea was, to say the least, greeted with skepticism. But when America's economic miracle took over and as we created during the past 67 months 17 million new jobs, I noticed that the idea of fostering growth through encouraging the entrepreneur began to take hold -- even to the point where the emphasis on agricultural subsidies, once so sacrosanct in other nations, is giving way at these summits to ideas on how to develop more free enterprise. There seems to be an increasing awareness of something we Americans have known for some time: that the 10 most dangerous words in the English language are, ``Hi, I'm from the Government, and I'm here to help.'' [Laughter]

      Well, of course, sometimes government can help and should help -- natural disasters like the drought, for example -- but we need to look to a future where there's less, not more, government in our daily lives. It's that philosophy that brought us the prosperity and growth that we see today. That's why we've proposed nothing less than a total phaseout by the year 2000 of all policies that distort trade in agriculture, and I'm speaking of worldwide. This proposal reflects one of my abiding beliefs -- I think it's a belief that you share: The solution to the world agricultural problem is to get government out of the way and let farmers compete."
      https://reaganlibrary.archives...

    2. Re:You know... by boa · · Score: 3

      "Looking at U.S. economic growth rates since 1947 [stlouisfed.org] shows that the net rate of economic growth has declined since the start of the Reagan era."

      Not sure what your point is, besides being a distraction. The graph you link to, shows growth deltas, not absolute growth rates. IOW, it doesn't show that the growth has declined, just that the GDP is less volatile.

  6. What do they expect? by serviscope_minor · · Score: 5, Insightful

    If they act like untrustworthy douchebags, then surprise surprise people don't trust them even when they're working on a legitimate investigation. Naturally because they insist on acting like untrustworthy douchebags, no one even has any idea if it is legitimate.

    Well done, FBI, you're your own worst enemy.

    --
    SJW n. One who posts facts.
  7. Re:Only one thing to do with traitors by houstonbofh · · Score: 4, Funny

    Hang them by the nuts until they are dead.

    Nowhere to run baby and nowhere to hide.

    But hanging all of congress and most of the justice department will take a while.

  8. Unit tests, read by 1-3 others (not iine-by-line) by raymorris · · Score: 4, Insightful

    I don't work on Tor specifically. In the important / well organized open source software I've been involved with, submissions are typically read by 1-3 other people, and there are unit tests and/or regression tests.

    When I say the code is "read", I mean the same way you might read this post. You aren't looking at individual letters and words, you're reading sentences and paragraphs. You could easily overlook typos (but you might catch some typos too).

    Often the unit tests aren't 100% thorough. Especially, they tend to cover the expected/correct case. If the code is supposed to send an MMS message, it is tested that entering a phone number and a message causes the message to be sent. often untested is what happens if instead of a phone number some injection code is entered. What happens if the message is millions of characters long? If the disk is full or the network is unavailable what happens?

    > Is inserting code the only way someone on the inside can undermine TOR?

    There are several other ways. In systems intended to be secure, flaws in the design create problems just like flaws in the implementation can. Someone could undermine Tor by suggesting a feature that seems useful and good.

    Policy decisions matter for security - when you download the tor client, how do you know you're not getting a trojaned copy? That's based on how the Tor project operates, separate from any code submitted.

    Somebody has the tor.org TLS key. If a sophisticated attacker had the tor.org key, they could impersonate tor.org and cause a target to download a trojaned copy of the tor client. Even if the target checked the hash of the download, they would probably get the hash from tor.org, which is really the attacker. If I thought about for more than 60 seconds, I could probably think of some more ideas.

  9. Re:Game over, the Land of the Free by dcollins117 · · Score: 5, Insightful

    People around here think the words "the land of the free and the home of the brave" signify some deeply held core American values, but they are really just lyrics to a song. The phrase first appeared in a poem written in 1814 by Francis Scott Key which was later set to a British tune called "To Anacreon in Heaven" and renamed "The Star-Spangled Banner" which as you know was eventually adopted as the national Anthem.

    My point is that they are just song lyrics, and while pleasing and patriotic they are really no more meaningful or insightful as Frank Zappa's "Watch out where the huskies go, and don't you eat that yellow snow."

  10. Re:There is no Subpoena by PPH · · Score: 4, Insightful

    same thing as a judicial subpoena.

    It's worse. You have no legal recourse. Once the FBI 'talks' to you, they can include a gag order and you can't discuss the particulars of the conversation with anyone. Just like an NSL.

    --
    Have gnu, will travel.
  11. What CNN didn't say by Qzukk · · Score: 5, Informative

    The FBI agents refused to deal with her lawyer, and intimated that they would pick her up off the street to interrogate her without a lawyer present.

    https://www.techdirt.com/artic...

    I don't think their actions are the actions of people who are operating within the rules of law. Their actions are the actions of people who are afraid of being caught violating the supreme law of the land.

    Another fact that the CNN article didn't make clear : the developer was already in the process of moving to Germany.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  12. Re: Game over, the Land of the Free by Anonymous Coward · · Score: 4, Insightful

    I forgot that songs and poems don't mean anything... We aren't talking about "Shake it off" here, the song may just be a song but it is written based on events and principles that are values that Americans used to believe in. To say that lyrics are meaningless devalues the whole art of music.

  13. Re:Game over, the Land of the Free by Anonymous Coward · · Score: 4, Insightful

    People around here think the words "the land of the free and the home of the brave" signify some deeply held core American values, but they are really just lyrics to a song.

    People around here think the Constitution signifies some deeply held core American values, but its just words on a piece of parchment for the CIA to wipe its ass with.

    That's not really the question. The question is whether this state is the best we should aim for. Laws, declarations and anthems, while just being words or sequences of glyphs and phonemes, are tools for projecting and promoting a vision for improvement and coexistence.

    So you say that the American People have given up on ideals as anything meaningful. That's certainly a plausible view of the evidence.

  14. Re:signs of a guilty conscience by geekgirlandrea · · Score: 3, Insightful

    Her actions are the actions of someone who quite rationally fears 'just talking' to people who might return armed and bearing a warrant if rebuffed. In a world where the POTUS bombs wedding parties with flying robots and cracks jokes about it, if you aren't a criminal you aren't doing enough.