
Tor trip report to an FBI conference - onosendai
https://blog.torproject.org/blog/trip-report-october-fbi-conference
======
mtgx
So that settles it for recommending Hushmail for true private communications -
don't use it.

~~~
revelation
Apparently you have never been to their website. They clearly state that they
will fully cooperate with law enforcement on signup.

Its a mandatory checkbox on signup:

 _I understand that Hushmail is not suitable for illegal activity and that the
providers of Hushmail will cooperate fully with authorities pursuing evidence
via valid legal channels. See our Security Page._

~~~
marvin
The corollary is that Hushmail is a shitty service. A good service for private
e-mail should make it impossible for the server administrators to see what is
going on. Obviously that checkbox should make any user that needs real
security turn around in the door.

I've never used Hushmail, but I assumed "secure e-mail" == "none of my
information touches the server in plaintext". So this comment is quite
interesting.

~~~
napoleond
The realities of the browser environment make it impossible to do what you
describe. It's been possible with native clients for a long time, but has
always been pretty cumbersome for non-geeks--I've been working on a native
client solution that would be easy for non-geeks to use and provide a few
different levels of security (which come with varying levels of convenience)
that are all better than the "plain-text everywhere" option most people use
now.

I posted a link to this yesterday and don't mean to spam, but the topic has
come up a few times in the past day, so: <http://parley.co>

~~~
noibl
> <http://parley.co>

Excellent writeup. It really helps when the conversation is steered away from
terms like 'amendment', 'advertisers', 'enforcement', 'criminality' and
steered back to the central idea of recovering and safeguarding an intuitive
and traditional idea of privacy in personal communication (postcard analogy).
Lots of people, many with vested interests, insist that this isn't possible,
that the genie is out of the bottle. But let's at least try, right?

In fact, PGP was a neat solution for the internet of the '90s with its quaint
directory services (Bigfoot, anyone?) and dialup links. I think it had Pretty
Good uptake too. So I'm very interested to see what can be done in today's
environment.

(Your exchange with jmillikin looked promising too. Did it continue?)

~~~
napoleond
Thanks noibl, that's very generous of you. Besides being as self-conscious as
anyone might be when publishing a bit of writing, I knew that I was writing
for two separately critical audiences (computer security experts and those who
would tend to brush off most privacy advocates as unnecessarily alarmist)
which made it considerably more daunting. You put it quite well yourself,
though: let's at least try. The defeatist attitude many people take toward
privacy (and I'll be the first to admit, I do it too sometimes) is at least as
concerning to me as the privacy challenges themselves, but I really do believe
we stand a fighting chance on both fronts.

My exchange with jmillikin didn't continue, unfortunately, but I really do
want to discuss exactly what we're building with anyone who will listen--there
will be more information on the website soon enough but I would love for
anyone who reads this to email me any time. My email is in my profile.

------
piqufoh
I like the idea that some agents are regularly using Tor, whilst others are
asking the Tor guy if he can track Tor users...

~~~
morsch
I'm not sure quite what they're using it for, though. I suppose some sites
block .gov IP ranges, but you'd think they could easily proxy via some
innocuous host provided by a commercial provider.

~~~
derrida
Law enforcement have for decades been anonymous, wearing plain clothes &
hiding behind false identities in efforts to catch criminals. Tor just gives
them digital plain clothes. If they were going through an open HTTP proxy,
that box better have a decently network facing attack surface (unlikely).
Sure, it's the same deal with Tor, except you have to pwn about 2/3rd of the
network (4000+ boxes) before you know about the equivalent of pwning 1 sole
proxy. Keep in mind there is a good mix of software, a whole variety of
kernels etc.

If you have one of the less common architectures around, consider running a
Tor node on it :-) Then we get a mix against random machine-code backdoors
too.

~~~
dmix
Another good reason might be because there are a ton of illegal onion sites on
Tor that they are investigating.

~~~
derrida
Sure, but that is a newer feature, and Roger Dingledine has been giving these
talks to law enforcement for some years (the earliest I am aware of is 2008).

------
Create
"The Tor design doesn't try to protect against an attacker who can see or
measure both traffic going into the Tor network and also traffic coming out of
the Tor network. That's because if you can see both flows, some simple
statistics let you decide whether they match up."

We now know, that entire nations' & worldwide traffic is being intercepted and
logged.

One would probably see I2P as an overkill without knowing the downfalls of its
predecessor. Tor was once a wonderful multi-proxy used for hiding IP addresses
and bouncing off servers all over the world. At one time, it was even trusted
by most governments for strong anonymity. All of that seemed to change after
an article was posted in 2600 Hacker Quarterly. One author exposed how
becoming an exit node for Tor allowed all the traffic on the Tor network to
pass right through your machine. Becoming an exit node was the same as
performing a Man-In-The-Middle attack. All one had to do was open up a packet
sniffer and see all the traffic going through encrypted. Tor is still used by
people trying to protect their privacy. But at the same time it has become a
playground for hackers and governments monitoring what they consider
suspicious. I2P has secured this problem while adding more functionality.

Proper German engineering: <http://www.i2p2.de/index.html>

~~~
derrida
> _One author exposed how becoming an exit node for Tor allowed all the
> traffic on the Tor network to pass right through your machine. Becoming an
> exit node was the same as performing a Man-In-The-Middle attack._

This is de-contextualised scaremongering.

What the poster is referring to is that when you leave the Tor network, the
connection is as it would have been before. This is by design. So if you were
not using TLS, then your traffic could be read, as is the case with ALL http
etc. Simple. Use SSL/TLS/SSH/ etc

Do a trace route to google. All those intermediate parties are capable of the
same thing.

But if you use TLS the attack is useless.

Tor provides one property, Anonymity, and it does this incredibly well.
Anonymity and Privacy are related by distinct properties. Obviously if you
send traffic to a site and sign off with your name, Tor can't help you be
anonymous there. Tor cannot prevent misuse & ignorance.

As for this 'MITM' attack, Tor's design is such that you do not have to trust
the exit nodes for it to work.

As for the comparison with I2P, I don't know much about it, but I support any
FOSS project that aims to provide new types of anonymity. As I understand it
the problem with I2p at the moment is that there is 1 exit node facing the
regular net. It's not entirely clear how I2P evades what you consider 'the
problem with Tor' when connecting with the regular net.

EDIT: Yep, did a bit of research and i2p is subject to the same sort of
"attack" you describe _"Like Tor, I2P does not magically encrypt the Internet.
You are vulnerable to snooping by the outproxy operators."_
<http://www.i2p2.de/faq.html#outproxy>

~~~
Create
The host part is the transport layer-dependent permanent hidden service ID.
For Tor, which is the primary transport layer supported by cables
communication, it is a 16-character Base32 representation of a half of Tor's
hidden service RSA-1024 public key fingerprint (an 80-bit part of SHA-1
cryptographic hash), with an .onion domain suffix. For I2P, it is a
52-character Base32 encoding of eepSite's ElGamal-2048 public key SHA-256
fingerprint, with a .b32.i2p suffix.

In this way, message security (inability of the attacker to reveal the message
contents) is independent of the transport layer security (inability of the
attacker to reveal the contents of network traffc and the location of
correspondents). This is important because, at present, Tor appears to
disallow “too much” security by design:

\- RSA-1024 is universally used as a public key cipher (identity, onion,
connection, and private keys, and likely for SSLv3 connections as well;
although long-term directory authority identity keys are RSA-3072). _This RSA
key size is likely inadequate against a resourceful adversary such as the
NSA/CSS. RSA-1024 provides only ~80 bits of security (see NIST SP 800-57 Part
1, §5.6.1)._

\- AES-128 is used as a stream cipher, although this key size is not allowed
for highly sensitive data protection in the government of USA (see CNSS Policy
№15 FS №1).

\- SHA-1 80-MSB are used as the hidden service ID, offering at most 80 bits of
security against hidden service impersonation. The security might be weaker
than even that, since an MSB section of a cryptographic hash does not
automatically inherit the second-preimage attack resistance properties of the
original hash.

<http://dee.su/cables-security>

~~~
belorn
For the claim that NSA/CSS can break RSA 1024, it should be mentioned that the
highest public known break of an RSA key is to a RSA 768, and above that, cash
prizes has been given up to $175 000, with $75 000 at the RSA 896 point.

So if someone think they can put together a FPG'a or graphic cards system for
less than $175 000, and that the system then will break RSA 1024, you can earn
some "easy" money.

Anyway, the real question about the actually security concerning key-size is,
how secure is recorded traffic. If the only protection here is the AES-128,
than that is the thing to be concerned about.

------
voltagex_
Can someone paste the content of this article elsewhere? *.torproject.org is
blocked as proxy avoidance where I work.

~~~
11001

        The post:
    
    

In October I attended an FBI conference, as part of my work to try to keep Tor
on good relations with law enforcement. My first goal is to remind them of all
the good uses of Tor, so if they ever find themselves lobbying to outlaw
anonymity online, they'll understand what they're giving up. The second goal
is to make sure they understand what Tor is and how it works, so if they
encounter it in their investigations they'll hassle our exit relay operators
less. (Here's a great way that one FBI person explained it to me: "I've got 10
leads, and 48 hours before this case doesn't matter anymore. If you can help
me understand which leads _not_ to follow, I can do my job better.") My third
goal is to help them be able to use Tor correctly for their own jobs —
remember that diversity of users is part of what makes Tor safe for everybody
to use.

Overall, we've been doing a pretty good job at teaching US-based law
enforcement about Tor. At the end of the conference, one of the FBI agents
took me aside and asked "surely you have _some_ sort of way of tracking your
users?" When I pointed at various of his FBI colleagues in the room who had
told me they use Tor every day for their work, and asked if he'd be
comfortable if we had a way of tracing _them_ , I think he got it.

I met a nice man from the DEA who worked on the "Farmer's Market" bust. This
was in the news a lot back in April, where apparently some people were selling
drugs online, and using a Tor hidden service for their website. At the time I
thought the news stories could be summarized simply as "idiot drug sellers
accept paypal payments, get busted." It turns out they were pretty smart about
how to accept paypal payments — they just had random Americans receive the
paypal payments, take a cut, and then turn them into a Panama-based digital
currency, and the Panama company didn't want to help trace where the money
went. The better summary for the news stories should actually have been "idiot
drug sellers use hushmail, get busted." Way before they switched to a Tor
hidden service, the two main people used Hushmail to communicate. After a
subpoena (and apparently a lot of patience since Canada still isn't quite the
same as the US), Hushmail rolled over and gave up copies of all the emails.
Many more details here: [http://www.scribd.com/doc/89690597/Willemsindictment-
Filed-0...](http://www.scribd.com/doc/89690597/Willemsindictment-Filed-045)

I should still note that Tor doesn't introduce any magic new silver bullet
that causes criminals to be uncatchable when before they weren't. The Farmer's
Market people ran their webserver in some other foreign country before they
switched to a Tor hidden service, and just the fact that the country didn't
want to cooperate in busting them was enough to make that a dead end.
Jurisdictional arbitrage is alive and well in the world.

------
TommyDANGerous
Great read, I use to use Tor but did not know it was used in this way. Pretty
epic.

