To be honest I just take it for granted that all exit relays are either run by Feds or at least compromised by Feds. If you use Tor for anything you wouldn't want Five Eyes to know about, you're an idiot.
Isn’t Tor designed to ensure anonymity despite a snooping exit relay? I thought that even if you compromise an exit you can’t do much without compromising the in-between relays.
Its designed so that a snooping exit node can't identify you, but it can see all traffic.
Which is why you should generally only use https when using tor. The last leg may be snooped on so you need to use encryption during it. (http is fine with hidden services though)
Its important to keep in mind that anonoyminity and data integrity are separate properties. You can have one without the others.
Using https would help. If you totally disable http (or only use http on .onion sites) the described attack won't work. Similarly, if the site in question enabled HSTS the attack would be prevented.
Think of tor like the open wifi network of dubious origin at a black hat hacker convention. You are probably fine if using https, but plain http is a bad idea.
Using a vpn is more questionable. Generally a paid vpn already knows who you are so hiding you origin ip with tor would be pointless. Also sometimes combining vpn technologies can cause traffic congestion algorithms to interact poorly and make things really slow, but that will depend on which technologies are in use.
Purchase some hardware with cash and distribute it around the world to tunnel through. Then expose them as public proxy servers (or even Tor nodes) so that a fair amount normie traffic passes through them.
If you seriously feel paranoid about being watched then you'll want to own the hardware you're actually passing through. And I assume that any large organizations that demand this level of invisibility (cartels etc...) have essentially done this - likely locating some of those servers behind armed guards that will protect the physical device.
That said, I think it's unlikely that Tor has been majority compromised at this point, but as it fades from the minds of folks and becomes more and more niche the probability will escalate.
I would have paid some homeless guys to get me bunch of SIM cards, use em once, and proxy via some hacked webcams, after cleaning the rest of the malware off em…
I mean. That’s what I uhh, would do if I was doing something dodgy on the internet…
Edit; with a second hand android bought from a pawn shop running nethunter as an ap ofc…
Given the immense barriers to setting up an exit node, I would find it rather surprising if the majority of exit nodes are not already controlled by state actors, either directly or by proxy. My personal opinion is that if anonymity on Tor is to continue, it will be the result of competition for control of the network between opposing states and not altruistic non-profits.
I suspect those “opsec failures” are just parallel construction. The FBI almost certainly used a zero day on him and then waited to see how they could construct a feasible explanation for having identified him from there.
Parallel construction is not new for US intelligence when it comes to solving high-profile crime. We know US intelligence both hoards and uses zero days, especially on users of Tor. As such, we can be reasonably certain that parallel construction is used to capture cybercriminals in high-profile cases, since it immensely simplifies solving the crime to a matter of using the exploit and merely observing for gaps in opsec.
Furthermore, using a zero-day on Ulbricht would be optimal as he is no security researcher. You are unlikely to “burn” a zero-day unless you are using it in a dragnet sort of fashion while a vigilant security researcher is watching.
By definition, it’s hard to find proof of parallel construction. However, former intelligence officials have confirmed its use as a “bedrock technique” for catching criminals [1].
Perhaps, but no one is perfect. Keep in mind that perfect opsec also encompasses physical security+surveillance, where intelligence agencies are much better than this than criminals.
People say that part of Ulbricht’s shitty opsec was that he left his laptop unlocked, but think of this - the FBI was already ready to grab his laptop the very moment he left it alone. Clearly, they knew he was the criminal well beforehand, and were just lying in wait for him to slip up just one single time.
All in all, this is really cool work. I wonder what it would be like to work for the FBI or NSA solving high profile cybercrime. I imagine it would definitely feel more impactful than my current FAANG position, even if the compensation would be lower.
> People say that part of Ulbricht’s shitty opsec was that he left his laptop unlocked, but think of this - the FBI was already ready to grab his laptop the very moment he left it alone. Clearly, they knew he was the criminal well beforehand, and were just lying in wait for him to slip up just one single time.
Is there another laptop of his that they physically accessed somehow prior to distracting and arresting him? (I don't understand how someone could think from that story that the laptop seizure played any part in initially identifying him, since it was done by FBI agents in the course of arresting him pursuant to a warrant.)
No, the theory is that a zero day was used on Ulbricht and they knew he was guilty for a long time. Things like seizing the laptop was just theater to construct a parallel trail of evidence for the courts.
I understand that theory, but I don't understand what leaving his laptop unlocked has to do with it. As the FBI already had a warrant to arrest him when they encountered him in the library, they had already made a probable cause showing to a judge by that point. The probable cause showing isn't the same standard as the "beyond a reasonable doubt" needed for a criminal conviction, but clearly the FBI already believed he was guilty before they seized his laptop, whether or not they accurately told the judge about all of the evidence and evidence-gathering methods that led them to that conclusion.
It's unfortunately entirely possible that they didn't tell the judge about all of it, but it's still not as though seizing his laptop was the event that convinced the FBI that he was guilty, or even that they claimed to be particularly unsure about their suspicions before that.
I agree with this. They just wait to find a small breadcrumb trail and then use that construct a case. The identifying the suspect is done through hidden means.
Try public WiFi + spoofed MAC + directional antenna.
What if you live 3 blocks away from a public library but a few floors higher? With direct line of sight and some wireless networking gear?
Would they really try to triangulate the client packets? It is a large leap past "oh he is in the library, let's go find him". You aren't triangulating the AP, you need to logically isolate the packets from the client, calculate their dB and somehow triangulate on just that.
>Would they really try to triangulate the client packets? It is a large leap past "oh he is in the library, let's go find him".
This is smart, and a good idea. But it really just adds a step. Once they go to the library and don't find him, they'll start looking for something 'smart'. And doing 'smart' things like this really get the hackles of the feds up because they start thinking exciting things like 'state actor', and "I'll get a promotion out of this".
The best place to hide something is right out in the open. Preferably behind a SEP field.
Not hating on your idea, just exploring it further.
Arguably it did protect him, but Ulbricht compromised himself by making several major opsec blunders including linking his personal Gmail address to his pseudonyms.
Because he walked away from his computer and left it unlocked. Wear a hidden bluetooth device or something to lock your computer and use USBGuard if you're that worried.
I feel that, at the point where the fbi is trying to distract you by making out so they could steal your laptop, its already too late and you are very screwed.
Maybe a bluetooth autolocking thing could have delayed the inevitable, but it would just be a delay.
They can watch you for the rest of your life, interrogate you, etc.
Presumably they acted the way they did because they had reasonable belief that their plan would work. If Ross behaved differently i assume they would have a different plan of action
There's one kind of tech that's good enough to protect your privacy from corporations that want to profile your behavior or keep you safe from malicious hackers who want to steal your data by luring you into digital spider nets.
Then there's another kind of tech (and tactics and practices) that could hope to keep you safe when you are targeted by state-level actors in both digital space and meat space.