This is a guest contribution from old Cryptosphere pal Gonzo PhD. It originally appeared on the Grey Coat Labs blog. I personally will continue to use Tor (with a VPN, can’t have salt without pepper) but your mileage may vary. We thought it was worth sharing a different point of view. And now half my friends will never speak to me again.

Fear and Loathing in Onion Land

Ah, OnionLand. An easy trip through the looking glass into the bowels of the internet. Just download a modified browser, and with a few mouse clicks you’re transported to a dark, mystical place where you can, in theory, (and with some Bitcoin, a somewhat anonymous digital currency) buy anything from narcotics to a hit man, and maybe even a decommissioned Russian nuclear submarine if you’re willing to take delivery in New York Harbor at midnight, under the most dubious of circumstances. Of course, being the “Dark Web”, there’s also millions of hosted image files, everything from the scourge of pedophilia to midget Asian bondage donkey porn, if that’s your thing. Basically, if it’s too outlandish (and/or illegal) for the clearnet, (the “regular” internet) you can probably scratch your itch to chase down and own your deepest fantasy, like your very own lead-lined box of depleted Soviet-era uranium, on the deep, Dark Web.

Here’s a little background on tor, courtesy of Wikipedia.org

Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. The term “onion routing” refers to application layers of encryption, nested like the layers of an onion, used to anonymize communication. Tor encrypts the original data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communication can be de-anonymized through network surveillance that relies upon knowing its source and destination.  An adversary unable to defeat the strong anonymity that Tor provides may try to de-anonymize the communication by other means. One way this may be achieved is by exploiting vulnerable software on the user’s computer. The NSA has a technique that targets outdated Firefox browsers codenamed EgotisticalGiraffe, and targets Tor users in general for close monitoring under its XKeyscore program. Attacks against Tor are an active area of academic research, which is welcomed by Tor itself. (Wikipedia)

  Recently, there have been several law enforcement actions against the operators of .onion “Hidden Sites” which suggest that, beyond what Wikipedia notes as potential vulnerabilities, there are more attack vectors for de-anonymizing tor than previously known. Being that Tor was created by scientists at the Naval Research laboratories and continues to be funded to this day by DARPA, (Defense Advanced Research Projects Agency) it can be assumed that as a derivative project of the U.S. Government, it was clearly not designed to circumvent US military or Law Enforcement. The idea that the government would create a tool that could, by default, allow terrorists to communicate with impunity, and not hold keys to manipulate the system and it’s processes, is ludicrous.

The most recent theory on the “decloaking” that lead to the de-anonymization of the seized Deep Web sites is that the government simply aimed a Distributed Denial of Service (DDoS) attack on specific Tor nodes, forcing traffic through nodes they control, which allowed them to decloak and identify servers that ran the .onion sites and possibly user’s IP (Internet Protocol) addresses. This is not proven as of yet, but with the recent release and analysis of data from an .onion operator whose site was seized, it seems to be a strong potential answer to the current vulnerability question.

[ ed. note: if this is the case, the government could identify people coming into its nodes only by the last node they used, or (if it’s the first node they hit) where they originally signed on to Tor; in order to put together the identity from the computer that signed on to the final website they would need to control ALL the nodes in between, a huge undertaking UPDATED TO ADD: after further talks with Gonzo, we have enough for a new article about just how many nodes are really free vs unavailable. All very interesting. Please stand by and do not adjust your interwebs]

It has been my experience that many people are under the assumption that the use of Tor equals absolute anonymity. The fact is, that is far from the truth. Any time a person connects to Tor from home, their internet service provider (ISP) can tell via a list of Tor nodes, that they are indeed using the onion router.  (This factoid was recently published in the Silk Road 2.0 indictment against the site operator, who frequently connected to his .onion site from his house and other locations. The police were able to, with a warrant, obtain his IP logs from his ISP and easily determined he was logged in and connected to Tor relays, right down to the minutes spent online.) Your ISP may not know (thanks to Tor) exactly where you’re surfing to, but they do know that you are utilizing it, which isn’t very “anonymous” to begin with, is it?

For activists in Third World countries, Tor certainly provides a “cloak” to minimize their online footprint, especially if they don’t use their own home internet connection, as many repressed, poor countries don’t have access to aggressive internet tracking technology services. However, in First World countries where there are no financial or budgetary constraints where technology is concerned, in my opinion Tor is only slightly “safer” to use for “cloaking” than say a borrowed library computer, and less so if used from home, as noted above.

In closing, I’d again say “Information is power”. Research services and tools that you’re using, and don’t blindly take the words of a random blogger or social media user about your security too seriously. Use a search engine, and invest some time in learning about any tools you may choose to employ, for whatever reason. Ignorance is never a valid excuse, and in a repressed country where dissidents are hunted down and killed like rabid dogs, the life you save may be your own simply by being well informed about the technology you’re using to mitigate potential threat vectors.

Categories: Activism, Anonymity, Communication, Dark Web, DARPA, Hackers, News, NSA, OpSec, Police, Politics, Privacy, Security, TOR, US Government