this post was submitted on 10 Apr 2024
516 points (98.1% liked)
Technology
60087 readers
3898 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Tor is a fed honey pot
While TOR does accept funds from the U.S. federal government it is not a honey pot. Given tor is free and open source it is easy to verify the security of the software.
I use fedora btw (use open source software you fools)
And it is very easy to verify that the feds control enough exit nodes to know that it's a Honeypot.
If no one has told you yet. The feds busted a child porn network in the UK that used for because they were hosting over 65% of the exit nodes at the time. If your open source anonymous VPN is hosted by the feds, they can 100% see where the traffic is coming and where it's going
Please link to a story substantiating this. What I have heard of happening repeatedly is that they trick criminals into communicating outside of tor, running an executable, or just take over the endpoint and nail people eg take over dark web drug markets and use information to track down the folks using it.
https://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
As the article notes, it's hard to tell just how much of the unmasking comes from exit node control. An exit node will only know what public services are being accessed, without knowledge of any of the user's addressing/location data (since each node only knows that information about the single hop in each direction). Plus, I'm not even sure exit nodes are used at all when connecting to a tor-hosted service (no need to exit the tor network, after all).
It sounds like the servers are being compromised and then being used to exploit IP-leaking vulnerabilities in how the browser/plugins and Tor network connection are configured.
I'm sure they've got a lot of tricks up their sleeves, but exit node control seems like the least significant of them.
I remember this story and re skimmed through the article, it has nothing to do with exit nodes.
The story you linked is from 2015, and has nothing to do with exit nodes. The feds bsuted the actual server that was used to host csam and kept it up while collecting user information for two weeks. Not exit nodes related.
There are many illegal sites hosted on tor that get taken down quite often. Tor in itself is not an insecure software and it proves that by readily having nefarious and illegal sites operate for long durations of time.
All the instances I have read about large sites that host some form of illegal content on Tor going down have all had quite unique and extensive efforts put in by law enforcement agencies to make the bust happen.
Also, if you're into that kinda thing, you should look into ceilidh from the cult of the dead cow
You don't understand how the technology works, do you?
I think the concept is if you own enough exit nodes and you have monitors at the backbone level you can correlate traffic with time-based attacks.
The current number of people using tor in a given time isn't so insurmountable that you can't throw a couple of data centers worth of VMs at The problem and they've had backbone monitoring for decades.
The thing is, the feds aren't going to come knocking at your door because you are downloading movies. The MPAA figured out a long time ago that it's a losing battle going after individual people downloading/uploading. If you were trying to use tor to hide behind doing things to harm other people, running terrorist networks and the like, there's a reasonably good chance they could track you down if you were just using tour but they'd have to really want to do it, and that's not going to happen for Steve's half terabyte of CSI.
I don't know if you know this, but the internet is a bit wider than the reach of the US authorities.
Hahahahaha
Darpa would like a word with you
And what would that word be, exactly? How will it change the fact that US feds can't seize servers which exist outside the US?
Because the feds NEVER act out of their jurisdiction, RIGHT?
https://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
A North Carolinian server. I think that's in America, right?
How many were actually busted? Isn't that just the amount of traffic? Busting 215 000 pedophiles would've definitely made the news...
Three Americans? Good job, feds, but that doesn't exactly disprove my point about the feds' limited (if sizable) reach.
So to people who open non-tor links from tor are vulnerable? That's not exactly news.
Tor isn't a magical shield that makes everything cop-proof, but feds definitely don't have power over it the way you seem to imply they do.
Sure
https://www.raqwe.com/nsa-infiltrated-communication-data-centers-yahoo-google/
Having the ability to monitor Google and Yahoo datacenters still doesn't mean that US feds can do anything about servers not located in the US.
They can't physically go to another country do to cop shit. I don't know how to say it more simply.