Yes, Federal Agents Can Identify Anonymous Tor Users, Because Most People Don't Know How To Be Anonymous
from the well,-duh dept
For many, many years now, we keep hearing law enforcement whine about the "threats" of anonymity and how people would be able to get away with all sorts of criminal activity if they weren't given the ability to track, monitor and tap pretty much every communications technology that has come along. A decade ago the fear was that free and open WiFi was going to be a major boon to criminals who could use it "with no trace." As we pointed out, however, nothing about using an anonymous connection like that means you won't get caught, because criminals have to do a lot of things, many of which will expose them in other ways, without having to tap and track every technological interaction. What's known as good old-fashioned detective work can often track down criminals who used tools to be anonymous -- and for years, we've pointed out many, many, many examples of this.More recently, law enforcement's concern has been about Tor (which is slightly ironic, given that Tor was created and funded by the US government). The Snowden revelations have shown that, try as they might, the NSA has not had much luck in compromising Tor, and Snowden himself has noted that properly used encryption mostly works.
A recent Wall Street Journal article notes that law enforcement is slowly realizing that perhaps Tor isn't a parade of horribles that must be encumbered with backdoors for wiretapping... after realizing that most criminals more or less reveal themselves by doing something stupid along the way anyway.
But officials are becoming more confident that Tor's shield of anonymity isn't impenetrable.This is a good thing. We should want law enforcement to be able to track down criminals -- and it's good to see that they're figuring out ways to do so. But it's important that they should need to do so via basic detective work, rather than by compromising important technology, creating security flaws and opening up all sorts of dangerous unintended consequences.
"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," said James Kilpatrick, one of the HSI agents who is part of Operation Round Table, a continuing investigation into a Tor-based child-pornography site that has so far resulted in 25 arrests and the identification of more than 250 victims, all children.
As with all kinds of new technologies, anonymizing technologies seem to create something of a moral panic among law enforcement types, who then insist those technologies need to be "broken" and backdoored or else criminals could somehow get away with everything. But that's silly. Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc.
One hopes that as this realization becomes more widespread, law enforcement and intelligence agencies will finally pull back from constantly trying to expand wiretapping laws that will break important innovations and technologies, but perhaps that's being too optimistic.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymity, criminals, detective work, tor
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Same applies to auto-blacklisting of people in the UK, under our disgusting mass surveillance laws. Designed to keep the oppressed in their place, NOT to prevent terrorism. Since Omagh at the very least, they've allowed certain atrocities to take place every so often, in order to fan the flames of fear. So they can take people's rights. They might even set-up the terrorism themselves from scratch, or at least encourage patsies, useful idiots and fanatics. Fast-forward to 2017 and the security services KNEW about the London Bridge stabber terrorists well in advance. Now it might be unfair to blame them due to (as they would claim) lack of manpower to pay attention to just another person on their list... but two factors show the mass surveillance justification to be a lie: One - the intel was gathered through HUMINT (Human Intelligence - the guy was a fanatic and a member of the community snitched on him as such but in terms of being ready to act on it, not just a big mouth, pretty basic stuff). Two: even WITH the help of that HUMINT, their massive surveillance powers did not (whether by accident or cynics might say WILFUL ignorance) prevent the London Bridge terror attacks.
Incidentally, there was controversy as to why Paramedics didn't approach victims they could have saved, and who ended-up dead as a result of waiting HOURS for first aid. They claim to have been following procotol, but what if protocol can be tweaked on occasion to allow for greater headline loss of life? It sure would look just like this phenomenon. If your job (and passion) is helping people, AND the attackers are not putting dangerous chemicals around, thus the danger is SMALL, THEN you rush in and keep people alive, by ANY means necessary, even risking yourself, that's the proper version of the job. Of course, if you employ WOMEN, that kind of bravery is considerably less likely (with all due respect to the courage of both sexes in many tough situations in that job where it obviously DOES happen).
Oh and the comment re: Breaking Bad's plot - put #spoiler next time, but yes, you're BANG on point about idiot-brained cops, who can be intelligent in a technical sense, brave and virtuous - but so brainwashed it's disgusting.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Still wont change anything...
If you are innocent you have nothing to hide, right?
[ link to this | view in chronology ]
Re: Still wont change anything...
That's obviously not how it should be. I'm glad we have a more powerful piece of paper than the Bill Of Rights in Canada, the Charter On Human Freedoms is a much more recent document.
Too bad the CONservative Harperians are doing everything they can to corrupt it. A recent example is them trying to make criticism of Israel, antisemitism, which is illegal in Canada.
Yep, that's the part where I say, we might be less fucked up, but we don't have any first amendment.
[ link to this | view in chronology ]
Re: Re: Still wont change anything...
But he was just a confused good person, because he views Walt as a betrayer of the law of family...the opposite is true, it's Walt who after looking at Hank alone in his hospital bed who kind of inadvertently offered to pay the bills for Hank when asking Marie if they (he and Skyler) can do anything at all. Then Skyler picks up with her gambling lie.
Somehow I don't see Hank in Walt's position care enough to shell out some money because he does/did something he didn't like. Walt didn't like the ways of the DEA but still volunteered to save Hank and totally lost what was left of him when he was shot in front of him. The jingoistic culture he was raised in through the DEA makes him unable to count somebody as a human being when they're not the way he thinks they should be. It's a common trait of narcissists, yet Hank after getting shot changed for the better until Walt had that idiotic drunken rant about how Gale isn't a genius and his guy is still out there. That made him want to chase cockroaches again...what LEO's mostly think of their fellow human beings who aren't part of the "good side", which is pretty much the legal gangsters which are called cops.
[ link to this | view in chronology ]
Re: Re: Re: Still wont change anything...
Ironic that PTSD is what many people use illegal drugs for in the first place, yet it's the state's business that causes so many of these brave people to be hurt like this. Let alone the child abuse caused by the Banking System's bullying/abuse travelling downhill with kids, the sick and disabled, and old people at the bottom. A pyramid scheme by any other name...
[ link to this | view in chronology ]
Re: Still wont change anything...
Do you let people watch you shower naked? Why not? Because you feel watched and it invades your right to privacy regardless if you’re doing anything wrong nobody like being constantly watched.
As people we are entitled to our right to privacy, just because you don’t value your liberties and prefer a borderline communist government doesn’t mean everyone else thinks the same. You don’t have to be a bad person to value your privacy, the only reason you wouldn’t want someone to have privacy is because you’re spying on them.
[ link to this | view in chronology ]
So the question is, how many children have to be exploited, how many people killed, how many terrorist attacks have to happen before we get around to the sooner or later?
[ link to this | view in chronology ]
Re:
Sounds like you are willing to give up your rights so no bad things happen to anyone ever again.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Got my point? Are you really willing to sacrifice an entire nation for one or two children that can't get saved because due process is followed, investigative efforts are properly made and privacy is respected? Is that one children worth the risk of another possible Holocaust setting or some bloody dictatorship? I don't think so.
[ link to this | view in chronology ]
Re:
How many innocent people need to have their lives ruined, privacy destroyed, etc.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
But not enough to outweigh some freedoms (ie being spied on 24/7 and having that be used politically against people trying to fix the system).
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
So the question is, how many children have to be exploited
27. But its the same one's over and over.
Say, how's that Franklin Scandal investigation going?
how many terrorist attacks have to happen before we get around to the sooner or later?
3. Unless the "terrorists" are blowers of whistles
Now that you know 27 and a conditional 3 as answers you can move on.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
So, instead of traditional solitary confinement, we'll just put everybody in nice, safe, cocoons.
And sedate them, so they won't get bored.
Yes, no measure is too much to ensure total safety!
[ link to this | view in chronology ]
Re: Re: Re:
* At least until the descendants of raccoons develop self-awareness.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Oh, wait, they tried something like that already.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Wish everyone can be identified
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
How many children have to die due to neglect before we take all children away from their parents and give them to the State?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
User Skill
[ link to this | view in chronology ]
Re: User Skill
Also, any photo taken needs to have the GPS info stripped. If you forget even once, you're going down. Etc, etc, etc.
Way too many things to think about to get it perfectly right every single time. But that's what it takes to stay anonymous.
[ link to this | view in chronology ]
Re: Re: User Skill
When you have multiple connections from your computer simultaneously with TOR, it begins to be the needle in a haystack.
It is also irrelevant when it comes to being tracked by the feds.
In fact it is quite easy to hide from them if you know how.
It is the dumb ones who are complacent with their internet use are the ones at risk,
The biggest problem is th government itself.
It literally has no right to make laws affecting personal behavior.
If you want to see a naked baby picture, then you have that right despite any illegal laws the government passes. If you want to see a naked girl say 17 years, 11 months and 29 days old there is no problem but for the government tyranny against it.
If you want to look at dead bodies, you again have that right.
Jefferson said "I would rather live in dangerous freedom than in peaceful slavery"
Want to be a ghost?
You do not need tor to do it.
Just a used laptop, and a few precautions...
[ link to this | view in chronology ]
Finally someone gets this right
Tor offers a lot of anonymity but it's critical that you understand how Tor anonymity works. Your traffic is routed through three random hops that strip your info and the weak link in the equation has always been from the last relay to your target site. If you use https everywhere (a great extension from EFF) then you pretty much have all the anonymity you can ask for. Now for some landmines.... You need to be careful about leaving breadcrumb trails. The busting of the Silk Road founder was a failure of the human and not the technology. It's probably best to never do any kind of authentication if you can, or use user names that are similar on Tor and non Tor networks. Also be wary of the browser bundle from Tor. This bundle is the subject of special interest by FBI and they are constantly trying to exploit whatever version of Firefox that it uses and was recently successful. If you want to get on Tor you can always do it the easy way by using a router that has Tor embedded in it. I recommend PAPARouter (http://paparouter.com) because it's inexpensive (less than $100.00), allows you to anonymize several devices at once and best of all it has non U.S. exit nodes hard coded into it . Given all the uproar that other countries are having with U.S. spying, making your last Tor relay outside of the U.S. to your target site is great security and using https would be massive protection. TOR AND HTTPS PAGE https://www.eff.org/pages/tor-and-https FBI exploit using Firefox Bundle http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-use rs/
[ link to this | view in chronology ]
Re: Finally someone gets this right
If authorities are going to invest a great deal of time and money into cracking an encryption method or underground network, they're naturally going to choose as a target something that delivers the most "bang for the buck" - not something that hardly anyone uses.
The TOR users who got busted failed to understand this basic rule of both espionage and law enforcement -- as well as criminal hacking.
[ link to this | view in chronology ]
Re: Finally someone gets this right
[ link to this | view in chronology ]
Then we can start exposing the real "criminals". I guarantee the crimes exposed in government and corporate communications, will eclipse the crimes in civilian communications.
Until then, I reserve the right to communicate as anonymous and secretive as everyone else.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
TOR
[ link to this | view in chronology ]
TOR isn't all bad
[ link to this | view in chronology ]
[ link to this | view in chronology ]
HIRE ELITE RUSSAIN SERVICES YOU WONT GET FOUND
[ link to this | view in chronology ]
- Install a GNU/Linux distro
- Don't change default settings in Tor Browser
- Change identity for each website and/or subject
[ link to this | view in chronology ]
i got away with it.
[ link to this | view in chronology ]