To give you a sense of the madness out there following the digital privacy politics of U.S. government (supposedly) cracking one section of one piece of the system that’s widely used to preserve anonymity online, we’re going to play a little game. Let’s call it what the heck is going on with Tor? Ready? Now, remember, you only get to speak when someone hands you the talking stick.

Darlene Storm at Computer World, how about you kick it off:

People use the Tor anonymity network to protect their privacy, but perhaps as much as half of all the Onion Router sites—and Tor Mail—are potentially compromised . . . and some hackers are pointing the finger of blame at the FBI. – Computer World

The malicious code in question … uses Javascript to collect the hostname and MAC address of a person’s computer, exactly the exact kind of data that Tor users are hoping to keep private while surfing the Internet. –TechSpot

By some estimates, taking down Freedom Host has removed the majority of all child pornography online. Actually, it seems to have downed the majority of the Tor Network as a whole, which has far-reaching consequences that extend well beyond illegal pornography. This is a fundamental blow to a section of the online world which is at least several times larger than the web itself. –ITProPortal

The address was actually part of several blocks of IP addresses allocated by SAIC to the NSA. This immediately spooked the researchers. … The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested. -ars technica

Just How Anonymous is Tor?

You know the cat’s out of the bag when even mainstream news like NBC is asking the question: How anonymous? The whole meltdown began when Eric Eoin Marques appeared in court last Friday for an extradition request by the FBI for essentially being “the largest facilitator of child porn on the planet.” But if he was on Tor, an anonymous network, how did the FBI catch him?

how tor works

The truth is that Tor isn’t exactly anonymous. The idea is basically a giant game of hot potato with the original sent data getting tossed around through multiple locations with multiple layers of encryption until — poof! — the data spits out the other end without anyone knowing who the original sender was.

In theory

In truth, it’s not completely secure. No matter how secure the middle, data must always go in at one point and leave at another. Clever hackers can watch those endpoints and draw assumptions — or just steal the data. That’s how Julian Assange founded Wikileaks, or so it’s alleged, by basically stealing — many would argue illegally — millions of anonymous documents that were being passed through Tor by sitting on that exit node and vacuuming all the data up:

The siphoned documents, supposedly stolen by Chinese hackers or spies who were using the Tor network to transmit the data, were the basis for WikiLeaks founder Julian Assange’s assertion in 2006 that his organization had already “received over one million documents from 13 countries” before his site was launched.

And if Wikileaks was doing it, are governments as well? On what side of that question people fall is certainly a universal barometer for naivety.

Of course, the technical side is more complicated than described, and grabbing data is completely different than grabbing the identity of who sent that data. But the game is the same. The Tor project is now telling everyone to abandon Windows and say sayonara to Java. Just another step in the game. The fact that Tor is not quite anonymous is the dirty, little secret everyone knows. This recent FBI-NSA-some-other-agency malware just kicks it up a notch and puts it on the front page.