To give you a sense of the madness out there following the digital privacy politics of U.S. government (supposedly) cracking one section of one piece of the system that’s widely used to preserve anonymity online, we’re going to play a little game. Let’s call it what the heck is going on with Tor? Ready? Now, remember, you only get to speak when someone hands you the talking stick.
Darlene Storm at Computer World, how about you kick it off:
People use the Tor anonymity network to protect their privacy, but perhaps as much as half of all the Onion Router sites—and Tor Mail—are potentially compromised . . . and some hackers are pointing the finger of blame at the FBI. – Computer World
Wait, did I really just hear that the FBI hacked half of #Tor? That can’t possibly be legal.
— Mark W. Schumann (@MarkWSchumann) August 4, 2013
It has LONG been rumored that some #tor exit nodes were operated by gov agencies looking to track the deep web.
— Jarmer (@Jarmer) August 6, 2013
By some estimates, taking down Freedom Host has removed the majority of all child pornography online. Actually, it seems to have downed the majority of the Tor Network as a whole, which has far-reaching consequences that extend well beyond illegal pornography. This is a fundamental blow to a section of the online world which is at least several times larger than the web itself. -ITProPortal
Who just pwned the Tor anonymity network? All signs point to the hackers at the FBI http://t.co/VhOCDNnlAB via @InformationWeek @cringely
— CoreSecurity (@CoreSecurity) August 6, 2013
The address was actually part of several blocks of IP addresses allocated by SAIC to the NSA. This immediately spooked the researchers. … The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested. -ars technica
Just How Anonymous is Tor?
You know the cat’s out of the bag when even mainstream news like NBC is asking the question: How anonymous? The whole meltdown began when Eric Eoin Marques appeared in court last Friday for an extradition request by the FBI for essentially being “the largest facilitator of child porn on the planet.” But if he was on Tor, an anonymous network, how did the FBI catch him?
The truth is that Tor isn’t exactly anonymous. The idea is basically a giant game of hot potato with the original sent data getting tossed around through multiple locations with multiple layers of encryption until — poof! — the data spits out the other end without anyone knowing who the original sender was.
Is tor safe?
In truth, it’s not completely secure. No matter how secure the middle, data must always go in at one point and leave at another. Clever hackers can watch those endpoints and draw assumptions — or just steal the data. That’s how Julian Assange founded Wikileaks, or so it’s alleged, by basically stealing — many would argue illegally — millions of anonymous documents that were being passed through Tor by sitting on that exit node and vacuuming all the data up:
The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for WikiLeaks founder Julian Assange’s assertion in 2006 that his organization had already “received over one million documents from 13 countries” before his site was launched.
And if Wikileaks was doing it, are governments as well? On what side of that question people fall is certainly a universal barometer for naivety.
Of course, the technical side is more complicated than described, and grabbing data is completely different than grabbing the identity of who sent that data. But the game is the same. The Tor project is now telling everyone to abandon Windows and say sayonara to Java. Just another step in the game. The fact that Tor is not quite anonymous is the dirty, little secret everyone knows. This recent FBI-NSA-some-other-agency malware just kicks it up a notch and puts it on the front page.