

Japan's National Police Agency to urge Internet providers to block users of Tor - pixelcort
http://mainichi.jp/english/english/newsselect/news/20130418p2a00m0na013000c.html

======
hkmurakami
_> The move comes on the heels of a series of online threats via remotely
hijacked computers using the Tor system, which allows users to mask their
online identities and locations by routing connections through several
servers._

There's been an investigation/questioning going on regarding one particular
incident for many months now, where a guy had used Tor (among other things) to
hijack others' computers and send crime threats from these machines. The
Japanese police, being pretty inexperienced at this sort of thing, arrested
the wrong person back in late 2012 (which btw ruined that poor guy's life,
because the Japanese press has this retarded tendency to report suspects' real
names, addresses, occupation, even when the status is preliminary), and it's
been a series of embarrassments for them ever since.

They even have the prime suspect in custody, yet they can't find concrete
evidence to lock him up. (in fact, they're doing some pretty shady stuff by
keeping him in custody for an inordinately long time through various loop-
holey means). The whole debacle has shown both the technology ineptitude of
Japan's police department as well as its heavyhandedness.

Old article, but you'll get the gist of the situation.

[http://www.wired.co.uk/news/archive/2013-01/07/japan-cat-
col...](http://www.wired.co.uk/news/archive/2013-01/07/japan-cat-collar-
hacker-clue)

Then there is an article in February saying he was "caught", but two months
later, he is still stuck in custody as police try in vain to find conclusive
evidence that can lock him up.

[http://www.wired.co.uk/news/archive/2013-02/12/japanese-
cat-...](http://www.wired.co.uk/news/archive/2013-02/12/japanese-cat-hacker-
caught)

~~~
jpbuff
OK, this needs context.

Japan has an insanely hight conviction rate in pretty much all crimes. What
happens is this: police find someone who is plausibly guilty (very low
threshold and lots of bias) and keep them in custody for a long time
(sometimes months) until they finally confess. Case solved.

So what you have just described is just business as usual for Japan.

~~~
hkmurakami
Yes and that behavior resulted in the wrongfully convicted guy (back in 2012)
"confessing" that he's the one who sent the crime threats, even though he was
innocent.

(I forgot about this part in my original post, for thanks for being the
impetus for making me remember :P)

~~~
jpbuff
It seems very plausible.

Most crimes in Japan have conviction rates of well over 90% for the reasons I
wrote so I would be very surprised if this case was any different.

------
jrockway
So this would work by the host wanting to be nice to the police; a dating site
doesn't want child rapists, so they ban Tor exit nodes. That makes sense. What
I found amusing, though, is that they want sites that accept leaks from
government agencies to do the same thing. If you're a site that collects
leaked information, the last thing you're going to do is block Tor. So I found
that example amusing.

~~~
DrStalker
How do you know if traffic is from a Tor exit node? Is there a giant list of
exit nodes kept somewhere that can be referred to?

For that matter, if I'm using TOR does the ISP have anyway to know that? I
know they can't get to the contents of what I'm sending, but does the data
look like different to "normal" internet use in a way that could be detected
and filtered?

~~~
jrockway
Yes, there's a list of exit nodes. Which machines are exit nodes is not
supposed to be secret and could be easily derived by an interested party.
(Send a bunch of requests to your web server over Tor. Observe the list of IPs
making requests.)

[http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_E...](http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv)

And yes, ISPs could detect Tor traffic if they wanted to.

~~~
DrStalker
Could Tor traffic be encapsulated in HTTPS to stop ISPs from identifying it,
or would they still be able to either identify the traffic as Tor or identify
the relay nodes and block access to them?

I'm curious if the Japanese proposal is even possible, or if it's another
political policy that isn't supported by technology like Australia's proposed
internet censorship system (which was eventually abandoned)

~~~
cdjk
That's a complicated question. This talk from CCC in 2011 addresses some of
the points (and is very interesting in it's own right):

<http://www.youtube.com/watch?v=GwMr8Xl7JMQ>

Tor already uses SSL, so I'm not sure how valuable encapsulating it in HTTPS
would be. In fact (and this is from memory, so I may be wrong), some
governments were able to block Tor by looking at certificate expiry date - Tor
uses short lived certificates, but no real https site is going to use an ssl
cert that expires in a couple hours. There were some other ways to fingerprint
Tor traffic, but I'd have to watch the video again to remember.

The Tor developers also apparently have a list of potential ways to identify
Tor traffic, but haven't fixed all of them because they're waiting for
evidence that they're being used to block Tor traffic first.

As for relays - the bridge system addresses that. It's difficult or impossible
to compile a complete list of bridge nodes, so that method should be pretty
effective. It's also possible to run a "private" bridge and share it out of
band with other. That method certainly should make relay identification
extremely difficult.

------
pyre
What authority does the NPA have to force providers based in Japan to do this?

~~~
ihsw
Please, there is no mention of force anywhere. Not in the title nor in the
article.

Urge is very different from force, and furthermore they are _urging_ ISPs to
voluntarily block Tor communications.

~~~
Ueland
The problem here is that they want this at all, this is a typical first step
for introducing censorship.

Real life example from Norway:

1: Police wanted/suggested a filter to stop child porn (think of the children,
etc)

2: This filter is then implemented by the ISP`s that wants to use it.

3: Police/Government suggests/mentions that it should be required for all
ISP`s.

4: Government starts talking about implementing filter for stopping sites that
"can be bad"(read: piracy sites)

(what will happen in the future, at least as i suspect it)

The child porn filter will be forced upon all ISP`s, it will be changed to
also block other sites that the government/police thinks that should be
blocked.

Now this filter is as of today easy to go around by simply using other DNS
servers, but the problem is that censorship is wanted at all. I will not be
surprised if the next step is to put the filter on a lower level on the
network stack. And even in the long term, forbid the use of TOR/Freenet etc.

~~~
ihsw
Iin their eyes there are already limits on what people can browse and adding a
couple more is no different than what is already established.

You're implying that censorship will lead to a slippery slope but we're
already sliding down one.

------
charonn0
Is it even feasible to block Tor connections?

~~~
gizmo686
Kind of. Tor operates over a standard port, so detecting it is relativly easy.
However, people in a non blocked region can create a non-standard entry node
that is indistiguishable from normal encrypted connections.

~~~
falcolas
That "standard port" is 443, by the way. The same port as SSL traffic. So
actually detecting it requires analysis of the traffic patterns.

Blocking known exit nodes, on the other hand, is pretty easy - just block a
subset of IPs.

------
D9u
I cringed when I read the headline reference to Tor as "hijacking software."

~~~
ihsw
Even more worrying are phrases like "the Tor system was abused in a number of
crimes." I realize that this is a Japanese translation but the conflation
between "maliciously use" and "abuse" is still odd.

~~~
J_Darnley
The use of "abuse" is correct here. It was used in an incorrect/improper
manner, which is the definition of abuse.

------
jayfuerstenberg
Brought to you by the nation that arrested a developer for creating P2P
sharing software called Winny.

[http://www.afterdawn.com/news/article.cfm/2006/12/17/japan_c...](http://www.afterdawn.com/news/article.cfm/2006/12/17/japan_convicts_winny_author)

Japan is inching ever closer to China's version of the internet. BitTorrent
piracy is also a criminal offense in Japan (not a civil one as in many other
nations).

------
freddealmeida
I find it interesting that the police would rather have Tor blocked at ISP's,
which is not an easy thing to do, than find how to use it effectively to
police those that abuse it. <https://www.torproject.org/docs/bridges>

Head in the sand mentality. Well, I better get my Tor installation updated.

------
pixelcort
> The panel specifically recommends that communications be blocked when there
> is access from IP addresses publicly listed as those allocated to the third
> in a chain of computers that are used by Tor.

This means blocking Tor exit nodes (third in a chain), right? So this means
using Tor won't be blocked, but the exit nodes within the relevant ISPs would
be?

------
np422
"First they came ...."

