Hacker News new | comments | show | ask | jobs | submit login
A Tor of the Dark Web (slifty.com)
310 points by slifty 1889 days ago | hide | past | web | 204 comments | favorite

Yes, I know I shouldn't say it out loud, but here I am saying it (take me, Police) - out of curiosity, I went to Hard Candy section of The Hidden Wiki. (Yes, it is exactly what you would think it is.)


There are seriously forums full of pedofiles sharing pictures and - maybe worse? - their stories and wisdoms. Maybe out of utter fascination, I spend about few hours on there and I felt like I want to murder all humanity. On one of these forums, there was this alleged "doctor", who adviced people, from what age you can have sex with your children without their doctor to notice. Tips how to kidnap young children. The worst thing was that I just knew that - if they don't do something stupid - they are basically untracable and uncatchable, while I would simply want to catch them all and kill them one by one. (I am sorry for being so expressive.)

There were also some picture forums but really I couldn't stand that, I just wanted to vomit while I was shaking.

I... am not sure why I am writing this. I am all for Tor. But we have to admit - when everything is allowed and anonymous, EVERYTHING is allowed and anonymous. And the dark parts of humanity flow on top. Drug markets, weapon markets, assasin markets (altough I don't know how sersiously to take those), terrorist websites, child porn websites.

But - as hard it is for me to say it - to see that the seriously f...d up child molesters are freely allowed to say really anything there and noone has a chance to catch them just shows that Tor is really anonymous and safe.

edit: I do not know if The Hidden Wiki is still operating, if the dark places I visited are still operating, it is about one year and I did not feel any urge to revisit it again.

That's the proof that its working. As you say, when the child molesters are really and truly safe to speak their minds, everyone is.

These people would exist anyway. Sometimes humanity sucks. Interesting though, TOR allowed you to study them in a way you would never have been able to otherwise. It merely disgusted you, but it could be a valuable resource to someone who studies how people break and thinks about what might be possibly done to help or hinder them.

Whether or not they exist anyway, it seems obvious to me that a supportive peer group is going to increase their effectiveness at predation.

Perhaps they talk about it so much that they don't get around to doing it--studies on violent pornography and child pornography sometimes find that viewers use them as a safe outlet to actually doing it themselves. But that's a huge gamble. At present, TOR is simply enabling child predators to be better child predators.

Maybe not.

Imagine a perfect world. Not a world in which everybody is perfect, that would be boring, but a world in which institutions really function. In such a world you'd expect to find this kind of forums, find them anonymously and relatively easy. They'd be up and running for years. And they'd be fully staffed by people well-versed in finding and helping pedophiles (cops, psychiatrists etc).

You can't check people at birth and see if they have criminal tendencies. It's unethical (and impractical) to watch everybody all the time. What you can do is make sure there are places where they'll gravitate naturally towards, and control them for your benefit.

The right way to dismantle a pedophile network is to arrest everybody, steal their online identities and keep on posting the materials they already have. Otherwise you're just playing whack-a-mole.

Although, logically, it doesn't allow for infiltrators (e.g., police) to enter the forums and attempt to build enough cred to initiate convincing these predators into doing something stupid, for instance dangling financial rewards in front of them for real world meetup for exchange of goods, etc.

This is how law enforcement has been working on carding forums. And while I don't think the enforcement is effective for that, since the financial incentive is always there, I do think there is a finite supply of people willing to prey on children for money and that there's a possibility of capturing the vast majority of them.

The problem aren't the people who do it for money :/

Why would they ever meet up? What goods are there to exchange, other than, uhh, tips and tricks? I wish I could share your optimism, but I decidedly don't.

> What goods are there to exchange

There are "new" images.

There are children.

Sure you can catch some by that, but what then? The remainder will be resistant, and very used to how to phrase things, and also noticing attempts to play them into giving something away. We're also talking about people who exchange tips on how to get at actual children, remember, and you can do that fine without giving anything away. It's like open source, no strings attached, works fine with dead mailboxes.

Unless an actual law enforcement person involved with this confirms it's usually that easy, I file all of this under rationalizations... understandable ones, but still. Because yeah, this stuff can mess you up, and we always seek to return to normality.

It's very easy to say all this until you visited those places. I wouldn't want to, I remember trying to talk with pedophiles in a public, above-board forum, (where they were of course always beating around the bush, it was all about "simply loving children", who have a right to be loved blah blah), and I couldn't even take that for more than one post, I read the replies and thought fuck this, fuck you people, I don't need this in my brain. But that was harmless - the dark, uninhibited underbelly of that? WHOA. I wouldn't have the nerve to read an hour of that - just talking about text here, that's enough for me kthxbye :/ - but I take it seriously, because I think I can kinda imagine how it might be. I know just ranting about it also pointless, but I also disagree with hand-waving it away.

If you read "Kingpin", even though the owner of one of the top carding forums could have just traded digital goods and been fine, he choose to dabble in physical goods for the money/whatever. That was how he was caught. I'd surmise the predators are not too different, though perhaps decidedly more cautious.

What is a carding forum?

It's where people (think mostly the lowest common denominator of wannabe hackers like script kiddies and such, i.e. not just bad but fairly inept) go to learn how to and share information about stealing credit card information, usually leading to minor levels of success if they keep at it, it seems.

"At present, TOR is simply enabling child predators to be better child predators."

As are their cars, their phones, the air they breathe, etc.

When are smart people going to stop falling into this fallacy?

What's the fallacy?

I bet law enforcement agencies crawl those places frequently trying to lure child molesters. And that's the good part of the story, without the Internet in general or specifically Tor there would be little chance to catch those pricks. The more they express themselves the easier I guess it gets to nail one or two of them eventually.

> As you say, when the child molesters are really and truly safe to speak their minds, everyone is.

Not the most attractive canary I could possibly imagine.

I am a pedophile and I use Tor.

I use it not to share pictures nor commit crimes but to do what you say is worse: talk to other pedophiles. Tor permits us a safe support forum.

fatbird says: Whether or not they exist anyway, it seems obvious to me that a supportive peer group is going to increase their effectiveness at predation.

Quite the opposite in fact. Dialogue among pedophiles facilitates two things that you might not have expected:

1. Greater awareness of the draconian consequences which generally result from breaking certain laws, and a corresponding discouragement of doing so in the first place.

2. Most importantly, it gives us role models beyond the ugly stereotypes society has created for us: each other. Since role models are by definition templates for action, this makes it far less likely that we'll act as badly as society would expect.

I can't claim that all pedophile forums are like this. But the ones I frequent -- which are among the most popular -- are, and the less we're driven underground, the more our dialogue will resemble my description and the less it will resemble yours.

In your opinion what is the overall impact on children safety of something like Tor? Positive, negative or neutral? I realize this is tough to answer.

Keep in mind when asking me that question that I probably have a different idea than you of what "children safety" means (for example: we probably believe different reasons for why it's best for all concerned if pedophiles avoid breaking the law). But for nearly all definitions, you'd rather have us acting as we'd like to envision ourselves than acting as society envisions us, and having a community enables the creation of that self image and sense of what it means to be ethical. We're not going to go away, and we're far more numerous than most realize, so you might as well let us figure out how to be good people. That can only happen through dialogue, and for the time being that dialogue is only possible anonymously.

Also, it may sound self serving of me to say this, but the risk of pedophiles on the Internet is waaaay overblown. The behavior most of society considers sexual abuse is far more likely to be from a child's caretakers than some stranger on the Internet. And child pornography, from what I understand (and I really am not stupid enough to download it myself, even with Tor), is mostly the same old images again and again.

> "but the risk of pedophiles on the Internet is waaaay overblown"

You are correct that a child's caretaker is often the culprit.

However, you are dead wrong on Internet pedophiles being overblown. It's quite the opposite. Post a Craigslist or Backpage ad saying you're a 12 year old who wants to meet a mature older man to have sex, and watch the replies pile in from every direction. Or, enter any chat room saying you're a teenage girl and count the seconds until an adult male begins flirting. Or, see how many friend requests and direct messages underage girls get from adult strangers on Facebook.

There's a reason why convicted sex offenders in the US are not allowed to have access to a computer (yes, law enforcement searches their home twice monthly).

Post a Craigslist or Backpage ad saying you're a 12 year old who wants to meet a mature older man to have sex, and watch the replies pile in from every direction.

And how many who post such an ad are actual children?

Or, see how many friend requests and direct messages underage girls get from adult strangers on Facebook.

Do you have statistics on this, including how many advances actually get anywhere? I know a few underage girls who are on Facebook (no, my reason for this has nothing to do with sexual interest in case you were wondering) and I haven't heard much about this from them.

I'm not saying nothing on the Internet involving a pedophile and a child ever happens which society would judge to be bad. I'm saying it's pretty damn unusual as compared to such events offline, and the risk is, indeed, overblown.

are you actually a pedophile? Just curious.


...and this is a perfect example of why anonymity on the internet is a good thing which has inherent value. Now we've learned something we wouldn't have otherwise. It's not like people with these paraphelias show up for interviews with the newspaper.

That's dangerous reasoning.

Your comment suggests there is greater value in learning from a pedophile while he is out there victimizing children than there is learning from him behind bars.

There are plenty of interviews of convicted pedophiles that help the public understand their point of view (e.g. http://www.putlocker.com/file/19CQ36KXSUTC0408# - many more in scientific journals, less sensationalized than TV)

There are plenty of interviews of convicted pedophiles that help the public understand their point of view

There's no such thing as a convicted pedophile, since being a pedophile is not a crime. There is such a thing as a convicted sex offender, and they are the subject of the interviews you speak of. Good luck finding any law abiding pedophile such as myself willing to talk to you without Tor.

But poft hasn't indicated that he's done anything illegal. Being a paedophile is viewed with disgust by society, but in itself it isn't illegal. Or even immoral if you use an utilitarian moral system. Whatever happens inside your own head doesn't cause any harm to others.

What age range are we talking about? 17? 15? 13? less than that?

I am most attracted to children around the age of puberty, but it can go as low as 6, with no upper limit.

To be clear, I'm not a criminal. That seems to have been a source of confusion in this thread.

6? Wow, I don't think I liked girls that young even when I was 6 myself. What's there to like? there's nothing feminine to them. I can understand the attraction to some 15 or 17 year olds, because they can be attractive women. But I find it mysterious that someone can be attracted to a prepubescent person.

Anyway, good job about not hurting anyone I guess.

I am attracted to children, not children who appear as adults. Do you find it equally mysterious that someone can be attracted to a person of the same sex? Would you expect a gay guy must only be attracted to feminine looking men?

Yes, in fact I find it mysterious too. I can get used to the fact that there are such these people but I cannot possibly relate. I can empathize but I can't pretend I really understand how does it feel. Frankly I find it a bit repulsive but I won't judge for what's in other people's minds. You'd possibly find some of my tastes repulsive as well. To each his own.

Well, for what it's worth, I find it mysterious (and a bit repulsive :P) that anyone could not find Dakota Goyo attractive.

I had to look that up :S

Eww well... I'm male, straight and not into kids. Maybe boring but I guess it's good to be acceptable.


One thing that really bothers me about the whole war on child porn is that there seems to be no difference in gradation to people: people seem to think that a pedophile is the worst kind of human that can possibly exist no matter the circumstances. I think the following three scenarios are very different:

A. An 18 year old falls in love with a 14 year old girl, they're completely comfortable with each other and have some sexual experimentation.

B. A 35 year old captures and rapes a 14 year old girl.

C. 35 year old is attracted to young and innocent, cute-looking girls, and sometimes feels attracted to 10 year old girls on the street in bikinis. He does, however, not deliberately go to swimming pools in order to spot them. He deals with his fetish by watching animated cartoons of young-looking people engaging in consensual sex and dating petite women that have cute manners, well above the age of consent.

Our strategy for dealing with child porn should be aimed at reducing the number of actual children harmed, and turning as many pedophiles from group B into group C as possible. A support group where you can anonymously exchange stories could definitely help.

So long as we, as a society, hold the position that pedophile C is no different from pedophile B, we may pressure people that really don't want to rape children into feeling a kinship with people who do think it is normal to rape children.

As wrong as it sounds, maybe it's for the better to have a forum where pedophiles can aggregate knowledge on how to safely (physically speaking) molest children. Also, I have to say that while I find the idea of sex with children repulsive, having a place where you can discuss the topic should be 100% ok.

Child rape is awful, talking about child rape is unsettling, but having someone proactively monitor my communications is even more unsettling. It feels like a stranger offering me candy.

Besides, for this particular problem, the best solution seems to be what we're already doing - tell as many children as possible that if someone tries to rape them, there are people who will listen and help.

You don't think that enabling them to discuss it, enables them to carry it out? Who's the more effective child predator: the one who does it alone, with little guidance or feedback from others; or the guy who spends time discussing it with a supportive peer group and perhaps carrying out predation with their help?

The only value to such a forum is for monitoring and catching them. If by definition the forum isn't useful for that because it's TOR, then that's a giant negative for me in the existence of TOR. If the cost of assisting dissidents is that children get raped... then I don't know that we should be assisting dissidents this way.

I'm not sure you have a basis to make the assumption that the forum leads to more predation. What if it works the opposite? We know that violent movies lead to lower violent crime rates, because the criminals who would be out committing violent crimes are instead enjoying going and seeing this movie. The same could be true of people who might otherwise act on their intentions for predation, but are instead satisfied by just living vicariously through others on the forums.

I agree with you that I'd like nothing better than to round all these predators up, but it's only through rational thought and discussion that we can figure out the best way to do that.

The US DOJ has released this excellent memo on why child pornography is illegal, despite the lack of an "obvious" victim (you've probably seen arguments along those lines for why it should be legal if you read Slashdot or Reddit at all):



The basic reason why the "give them a safe outlet" arguments don't hold water is because it normalizes the behaviour as they discuss it with like-minded individuals, which leads to easier rationalization and more abuse.

I've seen that before and it's a really horribly ill-conceived memo. As in, almost certainly helping child abusers justify raping kids levels of bad.

Why? Because it takes the most brutal, violent examples of child pornography that the FBI could find - the stuff that from the discussions I've seen even most pedophiles are disgusted by - and uses that as its justification for why child porn is wrong. Now, this is very effective as a shock tactic for convincing the general public that child porn is evil and must be wiped out at any cost. Unfortunately, one of the main ways pedophiles justify acting on their urges is that they're not like the bad child rapists who torture kids for kicks, they actually care about the children they coerce into having sex with them and would "never harm them". (Again, I've seen this happen in multiple discussions and I believe it's even been documented by various researchers.) Documents like that FBI memo which use kids being tortured as their sole justification for why child porn is wrong can only further help them rationalise their actions.

I know SRS over on Reddit use that document to justify why they won't debate child porn and I have a feeling that's where you got it from. They've basically made it impossible to point out just how big a mistake they're making.

Why doesn't it work the same way with violence? Violence on the screen does not "normalize the behaviour".

Well, if you'd read the memo you'd be able to answer that question :)

It goes on about it for a bit, but here's a good passage:

"There are other insidious dynamics of this crime, discounted by Mr. Hansen: the impact of the content on the viewer, and the impact the collectors have on each other. In his article, Mr. Hansen quotes Mr. Stabenow, who essentially suggests that child pornography laws are wrongly concerned that the images goad the consumers to commit future crimes: “People who watch movies like Saw and Friday the 13th are being titillated by the act of torture and murder ... That doesn’t mean that they’re going to go out and commit torture and murder.” The analogy does not hold water, principally because no one who watches Saw believes that the images of violence are actually happening, where in child pornography images, real children are actually being abused. Furthermore, what is the point of any pornography if not to stoke the fires of sexual desire."

Actually, no you wouldn't. You'd be able to answer why Alexandra Gelber, Assistant Deputy Chief of the Child Exploitation and Obscenity Section, thinks violence/violent imagery is different than sexual abuse/sexual imagery. The only citations are to law (both statutory and case law) but in a memo arguing for the justification of the law, citing the law is begging the question. She does make reference to a number of specific cases, but one could just as easily pick out examples of violent acts being committed by people exposed to violent imagery. In order to refute the analogy, you must show why the two situations are different; Ms. Gelber makes an effort to connect sexual images of children with sexual abuse of children but fails to show (rather than state) how that differs from the case with violence.

Consider the passage you quoted.

"no one who watches Saw believes that the images of violence are actually happening"

Actually, you do believe it, at least for the duration of the film; the concept is known as "suspension of disbelief". Rationally, you know better, but your mind takes a temporary lapse of its senses for the sake of enjoyment. That doesn't change the fact that the violence is realistic enough to pass for the real thing.

"where in child pornography images, real children are actually being abused."

What about animated images or self-taken images? There is plenty of content produced that involves no actual depiction of children, nonetheless the abuse of children. Yet the law seems to state and the courts seem to think, for the most part, possession of images not depicting abuse constitutes the same offense as possession of the genuine article.

"Furthermore, what is the point of any pornography if not to stoke the fires of sexual desire"

I could just as easily say: what is the point of any pornography if not to satisfy sexual desire? Since I too am providing no citations for my claim, one cannot objectively state which of our two statements holds more water.

I appreciate the contribution to the discussion, but ultimately what we have (as is often the case in such matters, to be fair) is a dispute between opinions, lacking any hard evidence for either position. Remember that the position is about child pornography/pedophilia in general, so you can't just cite specific offenders; exceptional cases do not a trend make. Statistics are needed here, but obviously they're going to be hard to come by.

Also, even if we take Ms. Gelber's argument at face value, it essentially boils down to: images of child pornography are very highly correlated with acts of child abuse. If that is true, then I would certainly say it, coupled with the necessary accusations, justifies a police investigation and the issuance of a warrant. However, I do not believe that makes a compelling argument for the act in and of itself to be illegal. Sexual abuse of minors is the crime; possession of its depiction is, at best, a minor offense (invasion of a child's privacy).

In my mind, the difference is in the legality of the material, and the degree to which said material can be effectively simulated. Due to the illegal nature of the material, and the limited number of people who are interested in it, there is not a developed profession of experts in simulating child abuse. As such, the majority of images of child abuse are created by actually abusing children. Combine that with offenders use of trading mechanisms, and the the desire for "new" images, it's easy to see how demand for images of child abuse increases the number of children being abused.

On the other hand, violence is not illegal to depict, and there are many professionals who are experts in simulating violence without actually causing harm. This results in violence and rape in this country going down. If violence was hard to simulate, and the only way to create images of violence was to hurt or possibly kill someone, I think we'd be much more likely to treat images of violence in the same way as we treat images of child abuse.

In the end, I think your argument may hold for fabricated or animated images of child abuse, but fails to do so for images of actual abuse. AFAIK, most images in circulation now are of actual children, and as such, we prosecute all images as if they were.

What about videos or images of gore where the authenticity may be hard to verify? Do these incidents of people or creatures being maimed or murdered cause people to be more likely to engage in the activities they see? Should they be illegal?

I think it depends on the prevalence of the activity. Right now, there are no recorded instances of someone engaging in violence or murder for the purpose of capturing it as an image or video for distribution. Most of the gore images on shock sites are coincidental video recordings of violent incidents/accidents or documentary images taken after the fact. These are not intentionally recorded "snuff" films, and to date, no true "snuff" film has ever been made, according to Snopes. In the absence of evidence of that sort of behavior, we should stick with the 1st amendment and not criminalize images of video of violence. In addition, it is possible for an adult to consent to being the subject of violence. That's not the case with children.

That's not the case for child abuse photos and videos. The articles linked in this post provide plenty of evidence of child abuse offenders producing images and video of their sexual abuse of children for the purpose of sharing it with other offenders.

In the future, if violence became more like child sexual abuse, I would probably support criminalizing possession of the images, initially narrowly, and then growing as the scale of the problem did.

Your statement here suggests that what is considered child porn always involves the abuse of a child. This is not the case. Many teens have been put on sex offender lists and had their lives trashed because it was found out that a girl/boy of similar age sent them a picture of themselves naked.

Also I wonder what the prevalence of fake/real violence in our society has on the demand for "snuff". You don't really need to seek out snuff films because you can easily see films that depict horrible things happening to people, completely legally.

I am not pro-child porn here, it just makes for an interesting philosophical/societal topic.

If you could make snuff films in a sustainable way (without disabling the actors and starting a murder investigation), they might well be made. Maybe even with willing victims. There's a scifi/horror plot here somewhere...

Luka Magnotta

Actual videos of killed/shot people probably does, too.

like the news…

And even that would not be actual murder.

I remember when I was rather fresh on the internet, ran into Stileproject of all things (don't google that if you don't know it, it can be summed up as porn and gore, plus "funny mutilation" and midgets), and ended up seeing a video of someone having their throat cut, while someone had a boot on their head - it was very real, in Russia by the sounds of it. Then there was a beheading, and of course stonings from them middle east. I was shocked, but I could also not not look, if that makes any sense.

That was 12 years ago, and I still feel helpless and angry thinking of it, I still remember more of these videos than I care to. The idea of someone watching such videos, and actually laughing, chills me to the bone. But I'm under no delusion that that was not the primary reason for their circulation.

Sometimes humanity sucks.. and I'm torn between my right to learn about the banal cruelty that actually exists in the world, and not wanting such things to be glorified.

No. Free speech rights are limited.

I can add to disgust: 50% (unsubstantiated claim) of these people are active duty federal and state officers, sitting behind their boring desks in their boring offices across the country.

Seriously, though, if you think about it from this perspective then you'll agree that Tor is a great thing. Instead of working knee deep in the dirt, risking their real lives finding highly suspective local small groups of child abusers and infiltrating them, officers can do their jobs sipping lattes under air conditioner and risking no more than their avatars.

...just shows that Tor is really anonymous and safe.

It shows that the groups who go after and prosecute these people don't have the resources or motivation to get to all of them.

When you have a very significant target of the US (near the wanted level of Bin Landen) or China talking freely on Tor without getting caught, then perhaps you can rule it as being seriously anonymous.

I don't know about other countries, but in the US I generally only hear about people getting prosecuted for CP and similar crimes when they are caught in the act or when somehow the computer files get accidentally discovered or reported by some 3rd party.

This is an important point. The anonymity of Tor relies on finding safety in numbers (or rather, among numbers).

However, the bar doesn't have to be quite that high in order for Tor to be considered de-facto anonymous. There is an order of magnitude separating the resources available to a local police force and the entire DoD. Criminals guilty of capital offenses might only garner the attention of the former, whereas someone at a 'Bin Laden' level of notoriety would be chased with the near-limitless resources of a superpower's defense apparatus.

The feds conduct ongoing child porn investigations, not just passive enforcement. Once someone with CP is found, the feds often try to seize the provider in order to collect information on other offenders, which in turn leads to further arrests/prosecutions. And the cycle continues. I used to think Child Porn was rare. I was wrong.

China is blocking Tor outright and pretty effectively.


So really, rather than providing useful anonymity to political dissidents, it's just providing anonymity to pedophiles?

It is used all over the world, including Iran, when its usage is pretty high.

> Yes, I know I shouldn't say it out loud, but here I am saying it (take me, Police) - out of curiosity, I went to Hard Candy section of The Hidden Wiki. (Yes, it is exactly what you would think it is.)

That was a ridiculously reckless thing for you to do. You've opened yourself up to a variety of legal sanctions.

Knowingly, deliberately, breaking the law is a bafflingly dumb thing to do, especially when the consequences to your life would be so severe.

Comedians constantly talk publicly and on record about having broken the law. Thing is, based on one HN comment, there's nothing to go on. If it goes to court, runn1ng just has to say "I made it all up to get attention". If there's no other evidence of wrongdoing, it'll be hard to make anything stick.

Admitting to breaking the law isn't what I was talking about, although being investigated for a crime involving images of child sexual abuse will be a traumatic experience even if it goes no further than that.

Imagine police raiding your home right now, and removing all computer items, and keeping those for several months (maybe years). Even without trial or conviction you'll have been put through a horrible experience.

Breaking any random law is also not much of a big deal. People break traffic laws all the time. People chose to break laws they consider unjust.

But choosing to break a law about images of child sexual abuse is a stupid thing to do. Being caught will lead to severe repercussions, with life long consequences.

Those consequences include criminal conviction and criminal record, having to register on a sex offenders list, potentially losing the employment he has, loss of employment opportunity in future, loss of travel opportunity, social stigma, etc etc etc.

That's the risk; what's the gain? "I was curious to see what was available"?

There are many bafflingly dumb laws. Hundreds of them. If I was smoking cannabis right now I might be thrown in jail for breaking the law. The problem is that there are so many stupid laws and so many state goons employed to enforce them.

Lots of people smoking weed right now would not shed a tear for you if you were arrested because you went looking for child pornography.

So you missed my point exactly.

Would you not shed a tear for the OP then?

Yes, because I'm super baked.

No, but seriously-- is it off that I can be made a felon because I clicked the wrong link? Yes. Does that make the laws forbidding the possession of child pornography dumb? No. If there were a reliable way to find out who they all were -- which is a fairy-tale scenario, so we're clear -- would I have a problem with anyone who looked for child pornography on the Internet being brought in for questioning? Nope. Because it is that bad.

Well, I'm gonna upvote you just for being baked! First, you have accepted the principle that you will follow what YOU feel is OK to do, regardless of its legality, and second, it's a damned good excuse!

Have you had a look at how widely the age of consent varies around the world? There have been cases of 17 year olds in the US being jailed for sex with their 15 year old girlfriends. In Islamic countries there are 8 year olds getting married. It just isn't that cut and dried, and I don't believe the state should be involved in policing ANY aspect of people's sex lives. Yes, I am an anarchist - of the Lew Rockwell type ;)

Okay, so that's a fair point: Federal and international laws about pornography are arguably broad. For example, it would be legal for me to have sex with a 16 year old, but illegal for me to photograph the act-- that's definitely silly.

And of course, there's a glut of images that teenagers upload of themselves, without any perpetrator or victim, and understandably this is treated as a very low priority by law enforcement. It's also an issue of some consternation to consumers of child pornography, which is why there are clear divisions in the community between content involving "jailbait" (13-17), pubescent (10-13), pre-pubescent (6-10), toddlers (2-6), and babies (0-1). (Honestly, it makes me a bit sick just writing that. I wish I didn't know this.)

I don't see a gray area here: I feel absolutely comfortable with pursuing individuals who search for images featuring pre-pubescent children being penetrated sexually. If they wind up having sought these images without any intention to molest children, then, like the man who walks into a bank with a mask and gun to make a legitimate withdrawal, they can damn well explain themselves.

This is not an overreach of the state; this is exactly what the state should be doing.

> Drug markets, weapon markets, assasin markets (altough I don't know how sersiously to take those), terrorist websites, child porn websites.

One of these things, is not like the others...

I assume you are talking about "drug markets."

Why would that be any different from a weapons market?

If either existed (in brick and motor or amazon style stores) I would frequent both regularly.

The difference, if I could put it in as mild a way as possible, is that it has yet to be conclusively demonstrated that safe, reliable access to weapons of known quality is a net positive to public health and safety.

Some of us see it as, drugs being something that one inflicts to oneself, while weaponry, assassination, terrorism and manufacture of pedophile pornography is, in contrast, inflicted to others by force.

Well yes, the last three in your list are terrible exactly because they harm others. That is what I said.

Weapons are like drugs, they don't necessarily hurt anyone unless you plan to invade my home or threaten me. Assassination implies that the sole goal is killing a target, buying a gun can be for protection, for a collection, for fun and hobby, for sustenance, ect.

gunbroker.com is a pretty decent online weapons market. I use it quite frequently (in full compliance with state and federal law).

If you're interested in this type of thing:

http://www.collectorsfirearms.com/ -- Mostly Military and Older Weaponry.

http://www.aimsurplus.com/default.aspx -- C&R, Military and Black Rifles

http://www.budsgunshop.com/catalog/index.php -- Modern Firearms from almost all medium and large manufactures

http://www.cdnninvestments.com/ -- Whole sale gun catolog.

http://www.slickguns.com is also a great "daily deals" site for guns and ammo.

Other good cheap vendors (in addition to the above) are http://www.jgsales.com and for ammo, http://www.ammoman.com/ and http://www.luckygunner.com/

I hope you're not in the UK. Just looking at that stuff, whatever the reason, is enough to get you on the sex offender register here.

Good point. Especially in the UK, the so-called "good guys" are a hair's breadth away from a doctrine of thought-crime, and pre-crime.

Oh yeah. Ethics and moral values simply evaporate when we are unable to see/watch one another in society. We are suppressed animals. Go watch 'Blindness'[1]; it is the real life representation of the dark web.

[1] http://www.imdb.com/title/tt0861689/

Let me put on my tin foil hat for a moment: Tor being anonymous, there is no way to know whether what you saw was a.) authentic content created (mostly) by actual child molesters b.) excellent copy written to cause maximum outrage against tor by some entity that does not like tor c.) somewhere in between, e.g. making sure that you actually stumble upon CP every once in a while when using onion sites

While b is not very probable, I can actually imagine that c is a pretty easy option to put many decent people off using tor.

I didn't click through the links described (or even have time to install Tor), but it occurs to me that one may be able to find these guys via statistical analysis of writing style.

Spider the web and then correlate less-anonymous writings with the stuff the ringleaders are saying on the Darknet.

Oh, you could catch them much more directly than that. There are technical means through which you can very easily track them down, if they make certain mistakes in their setup. On a non-technical side, it's often quite easy to social engineer people into giving you just enough information to track them (a kind of social equivalent to privilege escalation).

As part of another gig I worked on ways to track people, or more commonly to work out if two distinct users were actually the same human, and I'm almost salivating at the thought of all the potential ways authorities could bring some of these people to justice.

A while ago Anonymous hacked one of those forums and published the usernames and hashes. Apparently a lot of them where using the same usernames and passwords in another porn-related forums in the "lit" web.

Don't know if it resulted in someone being caught by the police or not, but definitely subtler methods such as statistical analysis of writing style are not the only way to get a lead from those forums.

So, Tor is only as good as the person using it.

I urge caution against amateur investigations, but it'd be interesting to see what software tools could be written to help law enforcement do a better job.

Statistical analysis of text

"social web"


Just be careful, if you get too god at this it might be used for things you don't agree with. This is an area that I would steer completely clear of, the same way I'd never help develop chemical or biological weapons.

An excellent stance.

You'd have missed out on the opportunity to work with Feynman if you'd declined work at the Manhattan Project.

Are you saying that working with a very skilled person is worth sacrificing your ethical integrity? I would not hesitate for a second to deny working on things I consider against my personal beliefs even if there was both money and fame at stake.

To use the good old reductio ad absurdum, would you be willing to kill a random stranger if it meant you would get to work with Albert Einstein?

You can to a certain degree, yeah. There was a project in the UK that looked at using NLP to determine what age/gender child groomers are (to see if they were adults impersonating children in order to befriend children online). It was pretty successful (the Isis project - see http://www.scientificamerican.com/article.cfm?id=pedophile-p... for an overview). The problem is that doing this sort of thing "live" is ethically dubious - not only for the privacy of the child but also for the privacy of the potential offender (because being labelled paedophile is probably one of the worst things you can be labelled - imagine if you are falsely accused).

So yeah, you'd need a huge amount of certainty that this was "the guy", and, frankly, storing enough data about individual writing styles for comparison means it's highly unlikely (right now) that this would be possible to do from a technical perspective, and potentially ethically dubious even if the technology were there - what constitutes "public data" on the internet from a privacy and data protection perspective?

Perhaps that would work, but taking that idea one step further: I doubt that there's anything you could do to them legally, because the evidence of a similar writing style most likely wouldn't hold up in court. IANAL but I think the least you need to prosecute someone for their actions on the internet is an IP and a statement from the ISP that the IP was assigned to this users account at that very moment.

And then again I am unsure if simply visiting and contributing to such a forum could get you in any trouble, legally.

A judge ruled that an IP is not a person: http://techland.time.com/2012/05/07/you-are-not-an-ip-addres...

Interesting idea. Do you have any link of methods to identify people by writing style? Google didn't give me anything. To be honest I am a bit skeptical that it's possible but I'd appreciate to be proven wrong.

How many are Feds, on the site you mention? Something you did not take into consideration.

What can the feds do, other than take note of the information the predators exchange? How protective do you think pedophiles are of their real identity, or clues that might lead to it?

Something you did not take into consideration.

As if the most gut-wrenching bits were written by feds, which you surely did not mean to imply, how does it matter if even 80% were feds?

Be careful about visiting those sites. If you have any of the images saved in any sort of browser cache you could have criminal charges brought against you for possession of child porn. This is doubly true if you work in tech or IT and know a lot about computers... which I'm assuming many people in HN are

I hope that law enforcement agencies at least use this as a window into how these people operate.

So now all this information about them is freely available. Why doesn’t the police do text and psychology analyses to find those people?

Once you write, you give something of you away.

freely allowed to say really anything

Well, that's allowed on the normal internet for the most part.

That is utter nonsense.

I don't even know where to begin. Technically, you can say whatever you want, but you cannot expect to avoid persecution (or prosecution) if you do.

And in most forums, you can't even say whatever you want. You'll be censored by the site hosting the forum, by the hosting company (for web sites), or ISPs.

You can begin wherever you like, but you aren't going anywhere. If it was nonsense, it wouldn't be happening non-stop on 4chan and lots of other places. The only people iirc who've gotten in trouble there are those who've confessed to actual crimes. For instance, the kid who broke into Sarah Palin's yahoo account, or the guy who stood in a box of burger king lettuce. It's easy to track people down, but simply doesn't happen (yet) for speech "violations".

Maybe you're in Canada or some more oppressive place though.

4chan has bans, and authorities are frequently called when illegal content is posted. Try again.

The saddest aspect of this kind of discussion to me is to see how people argue in favor of their own oppression.

People seem to be increasingly conditioned by fear, and increasingly cowardly. What happened to sentiments like "Live free or die!" ?

Selected out

Try openly writing about your plans of assassinating some high-level official. You won't last a day.

A word of advice for those living under truly oppressive governments - do not connect to Tor directly (nor to a Tor bridge, to be on the safe side). Get a cheap VPS/EC2 abroad and use SSH tunnel to connect to that and from then onwards - to a Tor bridge. The reason is that, if connecting to Tor directly, security services will be able to figure out you are using Tor (although not what you are using it for) and may take an interest.

Jeremy Hammond, aka. 'Anarchaos', the Lulzsec member from Chicago, who was raided and arrested[1] by the FBI used Tor and it is mentioned in his indictment as one of the points that lead to his identification.

[1] http://arstechnica.com/tech-policy/2012/03/stakeout-how-the-...

[2] http://www.scribd.com/doc/84134934/Hammond-Jeremy-Complaint - Tor info starts at sec 37.

First of all the discussion of TOR starts at section 39. The FBI did not identify Anarchaos traffic coming out the other end of the TOR network. The FBI did not identify Anarchaos because of TOR. The complaint mentions that Anarchaos had previously mentioned the use of TOR and that one of the devices (Mac laptop) on the network under surveillance connected to a known TOR router. The complaint goes on to correlate traffic from the laptop to the TOR network with Anarchaos's presence in his residence.

They already knew who he was before they found the TOR traffic. Thats why they had a PEN/TRAP warrant, and wireless and physical surveilance in place.

the FBI played 33 bits and 1 of the bits was Tor use

I do not even know what you mean? Is this a reference to that one academic who said you needed X bits to identify someone? They already knew who he was. The tor use was circumstantial evidence that strengthened the case...at best.

Do you think the TOR information was neccessary for an identification? Surely you do not think it was sufficient?

thats what I thought he meant. I've never understood why that 33 bits meme caught on. I'd like to see an actual step by step identification of someone with 33 bits of information...

Don't take it literally. But it's a very illustrative concept. A single blog post is often enough to uniquely identify someone, if they give a couple of incriminating facts about themselves. (Which school they've studied at, which year, what sports they play would be enough to would narrow your list down from six billion to a couple).

How governments have tried to block Tor [28C3] https://www.youtube.com/watch?v=GwMr8Xl7JMQ

thanks so much for that video, inspired me to make a resolution to volunteer for Tor

Many people who need Tor can't afford or are unable to purchase VPSes abroad. However, the obfsproxy feature is available in the latest versions of Tor, which can mask traffic, and worked effectively against Iran's DPI earlier this year. You can contact the Tor Project directly to get a few bridges that support this feature.


By the same logic, won't they be able to detect SSH tunneled traffic too?

My advice would be to spin up a free EC2 instance, put a small "dog fancy" type blog/website up with a few articles about poodles, and then use something like openVPN to tunnel your traffic via tcp, port 443 through this.

It looks like you're just doing your wordpress thing, fancying your dogs. Just watch how much data you tunnel this way. 500 gig in a month might raise some eyebrows.

Also remember to use your regular un-vpn'd connection to visit ILoveAhmadinejad.com on a fairly regular basis so not all your traffic goes to this mysterious blog.

If using OpenVPN, there is one precaution one must take - make sure your firewall prevents traffic escaping when your VPN connection fails. Shorewall lets you set up such an arrangement fairly easily. Many US poker players have been burnt this way when using overseas VPN services to play poker as operators are able to catch their real location during brief moments of VPN failure.

With SSH tunnel, if your connection fails, no traffic will escape regardless.

There's a world of difference between "citizen spotted using SSH" and "citizen spotted using Tor".

In the first case you are just one in a huge number of people using SSH to avoid sniffers. With Tor the authorities know you're doing something you'd rather not be seen doing. It's a much, much bigger red flag.

I'd rather "the authorities" would stop spying on me whatever I'm doing, and I believe everyone should actively send up as many red flags as possible to confuse the bastards.

I don't accept the authority of any random gang of thugs over me, from whatever part of the world, period.

Mind the context. People under oppressive regimes do not have the luxury of messing with the thugs just to confuse them.

"There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers

Just because it's a funny quote doesn't make it any less of a non sequitur...

Ooh, the Tor darknet. I went there recently out of curiosity. You can get used to doing everything over Tor quite quickly, if you use it for everything you don't really notice the latency.

Yes, Tor has CP, but I didn't look for it so I didn't find it. Same with all manner of other illegal content, pretty sure it's there.

I2P and Freenet are more interesting than Tor, though, because they are truly P2P. Freenet is basically a distributed hash table (DHT) for HTML, CSS, image, and other files. It filters scripts and cross-origin requests out of HTML before serving them. I2P is like Tor, but everyone's a relay node (truly P2P, no central origin), and it's faster, but I haven't tried I2P. I have been on Freenet... it's slower than Tor!

> Yes, Tor has CP, but I didn't look for it so I didn't find it. Same with all manner of other illegal content, pretty sure it's there.

My assumption is that the open web has it too - but given tor isn't a single place with a directory to everywhere, I don't see how you could stumble on it accidentally at all.

Well, since Tor's anonymous, (secure enough) directories with legitimate sites also have illegitimate sites.

Also, yes, I think the open web probably has CP too, but Tor's anonymity means that CP is probably up for longer there, I suppose.

I've never visited any such sites, this is mostly speculation.

Tor was not "designed by the Navy" to protect dignitaries in cars or ships or whatever it is this article is alluding to. It was an academic research project for the NRL's CHACS group (NRL : CHACS :: MIT : Lincoln Lab).

If you look at the project's publication history, it was almost from the jump (and continues to be today) a project intended to frustrate online censorship. The DOD, via both DARPA and the NRL, continues to sponsor the project.

http://en.wikipedia.org/wiki/Onion_routing -- search "Navy"

And don't you try to tell me that the Navy doesn't try to protect its king.

He mentioned that IDEA, not the implementation nor Tor were invented by the Navy.

I have no sources on either, but it does seem plausible that solution similar or exactly the same in the concept was used for communication during warfare.

Tor exists at least in part because the US DOD decided that investing money in countering online censorship was a worthy use of military funding. This seems like an important point; it is not made effectively by the article.

> He mentioned that IDEA, not the implementation nor Tor were invented by the Navy.

Actually a creator and core developer of Tor is from the Navy. The implementation came from this person as much as it did from arma and nickm (the other 2 creators)

I wish there were a simple way to communicate how large and widespread CP is, and how much law enforcement could use your smarts to go after these guys.

There are more households sharing CP in your community than there are bus stops. (We can roughly map IPs of known CP files advertised over torrent networks.)

There are too few innovators in this space because specifics on CP networks are privy to law enforcement, and investigators are often patrol cops who get promoted into a child crimes unit.

It's fine (and true) to say these technologies are used for many more things than CP, but that's not an excuse to turn a blind eye to it, anymore than Craigslist does to child exploitation.

> There are too few innovators in this space

I don't know much about US law, but in my country it's illegal to even look at an image, even if it is part of a private investigation.

I'm sure that many would volunteer to help, but not while they'd risk jail time themselves

There's plenty that can be done that never involves having to look at an image yourself.

For instance, if I gave you a specific file name/size/hash (but not showing you the actual image), could you find out who possesses it, is distributing it, and anything about their location or identity that would aid law enforcement in catching the bandit?

I see what you're saying, but doesn't somebody, somewhere have to look at it to make sure it is CP first?

I strongly suspect that anti-CP laws have an exemption for people engaged in law enforcement and the judicial system engaged in real investigations. Otherwise it would be impossible for anyone to be prosecuted for CP. The law makers aren't thad silly.

You are correct. Law enforcement involved in these investigations absolutely looks at CP. If they confiscate a computer with 10,000 CP images, they're looking at every one, day in and day out, and putting together a case for the prosecution. I'm glad that's not my job, and thankful for those whose it is.

> There are more households sharing CP in your community than there are bus stops.

Sorry if I'm wrong, but I find that hard to believe. Any amount of CP is a problem IMO, but I don't think it's that bad. In my metropolitan area there's around 1,671,683 people, and I'd be surprised to learn there's 1000 honest-to-god pedos.

I live in a metropolitan area of around 500,000 and there are close to 200 markers indicating an IP address that's advertising CP availability.

We have methods of rating each marker (e.g. how many CP files, how many are teen, child, nudity vs. intercourse, etc). Of those 200, there are a handful of the worst offenders that law enforcement will use resources to pursue, a group in the middle that have downloaded a large number where victims are 12-18, and then those who have just a few random files from the known list.

Does that help?

<markers indicating an IP address that's advertising CP availability.>

Sorry if this is a dumb question, but what does that mean? There are 200 servers with that stuff in your city? If you know their IP can't you get a warrant and shut them down? I find it strange that the police know about so many people doing this stuff but don't do anything about it but maybe that's not what you mean? It seems pretty cut and dry if someone is advertising illegal stuff.

Yes they can get a warrant, and they do, but there's honestly so much of it out there that there's only so many hours in a day for investigators to subpoena information, arrest someone, do forensics on their computer, prosecute the suspect, etc etc. Far less serious offense, but it's similar to how the RIAA/MPAA can only go after so many music/movie pirates out there.

How do you avoid prosecution? Being in possession of child pornography is a crime. If you personally identified these torrents, then you are essentially confessing.

There is an interesting story in "Three Felonies a Day" where an employer discovers child pornography on an employee's computer. They contact their attorney, and the lawyer deletes the offending contact to protect the company. He then alerts authorities to the employee. The attorney is eventual prosecuted for evidence tampering. It's an absurd Catch 22.

After re-reading: you avoid prosecution by not being a large enough offender, or by offending in a jurisdiction where law enforcement is not trained to catch you. Not all that different than avoiding prosecution as a recreational drug user when the cops are too busy going after bigger fish.

There's a lot of time and resources spent in between the time of identifying that an IP address is broadcasting CP to having all the information you need to bust down the right door and lock up the guy for a long time.

Taking your example of image analysis, companies in this space will build applications that - for instance - identify which images of the 10,000 on a bandit's computer are all the same kid. The software company would use sample images of clothed kids to demonstrate how it works, then only law enforcement would input confiscated CP images to do the analysis.

I meant how do you avoid prosecution when analyzing these images for the purpose of catching the people spreading them? There is no "fair use" for contraband. Therefore, it would be hard to build a company around technology for stopping child pornography.

Example of what private companies can do - http://www.huffingtonpost.com/2011/05/20/facebook-photodna-m...

That doesn't sound like a Catch 22, that sounds like someone interfering with evidence. The absurd thing is if the company or lawyer would be prosecuted for not deleting the evidence. I'd hope not, cause they didn't do anything wrong if their employee did the wrong thing.

I did/do not personally identify them. I describe that law enforcement has tools to do so, but limited resources (and difficulties with ISP cooperation) to go after all of them.

Where are you getting this data from?

Privileged law enforcement information. Sorry but I cannot say more.

Can I ask how one gets into that gig?

Professionally? Contact your Sheriff's Office and ask to speak with someone from their internet crimes or child crimes/exploitation unit. They're always looking for talented people in those areas.

Does anyone have references to studies or data? I tried looking once, but couldn't even find a proper definition.

Tor is meant for dissidents and the oppressed, that's all fine and cool. But for me as a business community admin Tor always, always means trouble. Either the user using it is a scammer, a fraud or in the best case only a troll.

Unfortunately for every good user (dissident, whistleblower ,etc) you'll have 100 disgusting users. (it'd be interesting the know the ratio, but by Tor's very nature you can't!)

The promoters rationale is that the protection it provides the endangered good user is worth having to put up with the disgusting ones.

The things I always wonder about TOR: Won't I look like someone else's computer? Is it possible for me to get in trouble for because someone else's traffic exits from my home network?

> Won't I look like someone else's computer?

The IP address seen by a server on the regular Internet that you contact through TOR is that of some exit node.

> Is it possible for me to get in trouble for because someone else's traffic exits from my home network?

Not unless you run an exit node yourself. The standard TOR client software does not launch an exit node by default.

You can chose whether or not to be an exit node, so nobody else's traffic will exit through your connection if you don't want it to.

If you do enable it, my presumption is that by demonstrating that you have tor running you can show that traffic from your connection is as likely to not be you as to be you - but I'm not sure if this is backed up by law, or has been tested in court.

It has not been tested in court yet, however the theory is that safe harbor laws apply.

Safe harbor laws?

They are a part of the DMCA that protects internet service providers who transfer illegal data with an automatic protocol. I think the intended case was to protect ISP so they would not need to police their network.

Yes, this is something that is covered extensively on the TOR FAQs. They actually recommend you set up a business entity to limit your liability.

Mind providing a link? I briefly looked at Tor's FAQ and couldn't find anything on that.

Also, a business entity wouldn't help in the chance of criminal investigation, which means the money spent creating a business entity would be for naught.

Thanks for the link. It is only in the circumstances of running an exit node. If you aren't running one, then you don't need to worry (as stated by several others already).

If you're not running an exit node, you don't have much to worry about.

In addition to what other posters wrote: you can decide to run an exit node but restrict the sites that are available to Tor users. The most obvious use is to disallow your home country. For extra safety restrict it to far away countries that have no legal power where you live.

Yes, if you're set up to allow traffic to exit from your computer. It is possible to set it up so you only serve as one of the "internal" layers.

Check out the "This is a Tor Exit Router" notice https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f...

Only if you choose to be a Tor exit node. And you have to set that up explicitly.

FYI this is all I get running chromium in linux: http://i.imgur.com/7FUlr.png

Same with Chrome on Android after a flash of the content...

Yep -- apologies for that. I found the offending plugin and killed it dead.

I can't tell from this article whether the author is for or against Tor.

Achievement Unlocked: JOURNALISM

I'd like some more good Tor jokes, by the way...

People that argue that Tor enables crime do not realise that Tor also enables law enforcement (LE). Anonymity has been a tactic of LE from the beginning. Undercover LE use anonymous looking clothes to blend in with civilians to monitor criminals, police fighting drug cartels in Mexico wear masks to protect themselves and their families, informants require anonymity in order to assist LE with information. But there aren't sites in the onion exchanging this sort of information, you don't see it, which is the way it is designed to be.

I hate it how all discussion about anonymity and privacy ends up in CP.

> They can’t decrypt messages but they are able to track where everything comes from and where it is going. They can’t tell what you’re saying, but they have all they need.

He's talking about SSL here, right? For the record, this is completely incorrect. If "they" have access to a trusted CA (and circumstantial evidence says they do), they can MITM and snoop on whatever they want.

SSL encryption is not secure against state-sponsored attackers and sophisticated criminal enterprises.

No, the thought experiment didn't mention or imply SSL/TLS.

Your claim also only applies to the f'd up CA bundle that browsers ship by default, it's not a property of SSL/TLS.

If you are serious about encryption, you can use SSL without the Certification Authority system. Just self sign your own certs and only trust them.

And when you eliminate all of the default cert stores, then important things on the standard OSes most people use like Mac OS X and Windows will break, such as online banking, webmail, and security updates.

Places where illegal content is shared and people communicate for nefarious reasons and tools that create these places are just magnets for those wishing to find such people.

Anyone that chooses to take part in such things is at a heightened risk, no matter what they are doing.

There is no guaranteed right to privacy, regardless what your government decrees or what the tool you're using claims to do.

Those using Tor will be caught and charged as if they are enabling what the others are doing.

Be warned.

So, according to you, we have no right to privacy, and we will be "caught and charged" regardless of justice or the facts.

This sounds very much like a warning from Big Brother.

Be warned, Biggie, when the revolution comes, you just might find yourself with an appointment with the guillotine.

No, this is a warning for people that think they can work in a public space and be private. Privacy is a struggle, not a right. If you use a tool and expect it to keep your privacy, you should not be surprised when it doesn't work.

As for the guillotine, if big brother (which isn't me, I might add) goes on the chopping block, there is always another to take his place. The more people fight for privacy and the more people hack and cause damage, the greater big brother becomes to compensate. It was said that the meek will inherit the earth, and it is true.

"Privacy is a struggle, not a right."

You are wrong:

"Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Convenant on Civil and Political Rights and in many other international and regional treaties. Privacy underpins human dignity and other key values such as freedom of association and freedom of speech. It has become one of the most important human rights issues of the modern age. The publication of this report reflects the growing importance, diversity and complexity of this fundamental right. " http://gilc.org/privacy/survey/intro.html

You call it meekness, I call it cowardice.

Are you going to tell these guys to stop taking pictures of my property, then?: https://maps.google.com/

A couple questions.

1. Are users of .onion services protected from the server just as well as the hidden service is protected?

2. What reassurances are there that tormail is not a honeypot?

>1. Are users of .onion services protected from the server just as well as the hidden service is protected?

An .onion server, AFAIK, might have the IP of the end point your traffic ended up going through to reach the .onion server, but not of the point of origin.

The vulnerability with Tor, as a user, comes from folks operating the Tor nodes. Adrian Lamo, the guy that sold out Bradley Manning, was running Tor nodes at one points (that's not how he got wind of Manning, but my guess is he wasn't running the Tor nodes for altruistic reasons).

> An .onion server, AFAIK, might have the IP of the end point your traffic ended up going through to reach the .onion server, but not of the point of origin.

Correct. All any tor node gets with any traffic is the immediate node that it came from, and the immediate node that it is going to - only one hop in each direction.

If you get a packet from node C, to give to node E, that packet will be encrypted so that only E can decrypt it. They then "unwrap it" (like pass the parcel, or an onion) to reveal its next destination, F - and this unwrapped one is encrypted so that only F can read it.

(note: precise technical details almost certainly incorrect, but the principle is accurate)

> 2. What reassurances are there that tormail is not a honeypot?

None, which is why you should always use PGP. The advantage of tormail is they provide a free onion interface to email.

1) yes, in fact more so, because they rely upon no fixed keys

2) there is zero reassurance, there is also zero reassurance gmail isnt sending all your mail to the NSA, etc. TOR helps you ensure you can keep you tormail and your clearnet identities as separate as possible, alternatively, run your own service.

As stated in a comment above, using PGP/GPG could help. If those emails are encrypted, that adds an extra layer of security around the contents of those emails.

(Of course, that rests on the security of prime-number encryption, which may not be the best assumption when dealing with the NSA, but that's another discussion.)

2. You can't ever know for sure but doesn't necessarily matter. The point of tor is NOT to keep your activities secret (for example, your exit node would be able to read any plaintext traffic you send, such as regular HTTP, or IRC, and also know your patterns of access - which IPs, how much data, etc) - it is to disconnect the ownership of those activities from your "real life" identity.

Assume anyone can read those emails you're sending on Tor, and act accordingly (i.e. no information that could identify you).

1. In the sense the server does not know the user's IP address so far as I know, yes.

2. No idea.

Can you point to a good technical description of how Tor works under the hood?

If you are requesting a very high-level description: https://www.torproject.org/about/overview.html.en . Basically you send an "envelope within an envelope within an envelope" over TLS (formerly SSL) to some node, they open it, read the address on the envelope inside, and send it on, until it gets to the last letter-opener who happens to also be the sort of node which follows instructions on a sheet of paper. Those instructions may be an HTTP request for example, or you might ask them to communicate part of a TLS negotiation with a secure web site, so that they cannot eavesdrop. The envelopes themselves are encryption containers, so that you can't open the envelopes en route to see where they're going.

If you want to understand more details about how exactly you create these "extending" routes and "circuits", the design docs are here:


In particular, the above picture is a little naive because you cannot send three open envelopes to the exit node for the return trip without the exit node learning who you are by peeking inside.

Tor is the solution to getting hellbanned at HN.

That is "censorship", no?

Tor is also the solution to your Twitter API woes. Like it or not. I'm sure many SEO people use it to get around Google's restrictions. These are not necessarily uses that infringe anyone's IP. Twitter is UGC. And Google caches the entire web, indiscriminantly.

Tor, like the 'net itself, is controversial. It can be used for bad things. It can also be used for good things. It could be used to break criminal laws, or to enable copyright infringment. It could be used to violate TOS that may or may not be enforceable in civil court. Or it could be used just to evade idiosyncratic censorship by some webmaster that has no legal basis whatsoever. (This comment itself is being posted through Tor.) It is, however, any way you look at it, useful.

There may be an "intended purpose" for Tor. But as with almost all software, that means little. Users decide how they will use it. And that is unpredictable.

Did the folks at MIT, when they developed Tor, say to themselves, "You know, this will be used to commit crime"? Probably. But they also probably envisioned some other uses that were of undisputed benefit to society.

As someone else said, MIT is still behind Tor. Grep the source for the Tor client for IP numbers. You will find that some belong to MIT. My understanding is that Tor is controlled by a small group (maybe only one person) because like anything else that uses a network, there has to be a bootstrap, a "root" that hands out the initial addresses. And anyone that uses the Tor trusts that root. Somewhere there is/are a few people with a great responsibility on their hands: they make Tor possible, for better, or worse.

More people need to use Tor for non-criminal purposes. Using Tor as a workaround for censorship, whether it is on HN, or in some oppressed country is to be expected. If you are the censor, and you don't like it, ban Tor. It is not difficult. HN does not ban Tor.

One of the great myths on the 'net is that an IP address equates to a machine or a customer account. False. It represents an interface, which is itself an ephemeral concept. Interfaces can be created, cloned or destroyed at the blink of an eye.

This may all be frightening or it may be exciting, it all depends on how you look at it. It shouldn't matter whether you are a good samaritan or a criminal. It is just technology. Abstract tools. A hammer can be used to build something or it can be used to destroy something. It has no moral sensibility on its own.

That's up to you, the user.

As a Tor user (I can't post to HN without it), it bothers me that others are using it for criminal purposes. But when I look at hammer, I see a tool for creation, not destruction. I think like a carpenter. What can we build?

The hammer has no consciousness of its own, any more than Tor does.

Just curiosity... why is it that you can't post to HN without Tor?

My assumption would be that he's hellbanned

Tor is good, but totalitarianism is galloping to control the internet. They HATE the freedom we have come to take for granted, and they are surely encouraged by how easily the sheep are persuaded to acquiesce whenever they point at the familiar boogey men: paedophiles, terrorists, drug dealers, etc.

I am quite optimistic though about the development of mesh networks such as http://project-byzantium.org

Of course it will only take one state to declare it illegal, and there will be plenty of cowardly fools urging each other NEVER to use it, because it's just too DANGEROUS, and anyway, TERRORISTS find it useful for pursuing their nefarious and immoral activities.

I will keep on ignoring them.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact