[tor-talk] Dutch Police Investigation & Tor Spike: Correlation Or Also Causation?

Matthijs R. Koot koot at uva.nl
Sat Sep 10 06:20:39 UTC 2011


Hi Andrew,

> : Requests: Why? [1] from the Tor-talk mailinglist. Some believe (credits
> : to @ly_gs for enlightening me) that the August 2011 spike in Tor users
> : via bridges may be related to the Dutch police investigation on Tor
> : hidden services hosting child pornography, which also took place during
> 
> How do these two things go together? Hidden services are unrelated to
> bridges. And we're seeing massive bridge queries, and huge spikes of
> bridge useres in European countries. 

I know, mind the last part (see below) of my post, which was probably
WAY too long. I'm wondering whether, in lack of a better explanation,
the bridge spike might have been caused by undisclosed activities
performed by Dutch police et al. Not looking for a yes/no answer, only
proposing a possible lead to follow for finding an explanation.

"I don't know what activities were performed during the investigation,
but exploring de-anonymization attacks against Tor may fit the Dutch
investigators' aim of identifying those involved in child porn. The
press release does not state that Tor hidden services (.onion sites)
were the only lead from the Amsterdam case. Failure of Tor-level attacks
may be irrelevant to mention in the press release, or preferred not to
be disclosed because that would strengthen offenders' confidence in
relying on Tor for criminal purposes. Success might deliberately not be
disclosed for the sake of ongoing investigations, or out of fear that
criminals will then move to I2P or other systems perhaps less
well-studied in digital forensics than Tor. This is all very
speculative, of course."

Kind regards,
Matthijs

> 
> -- Andrew pgp key: 0x74ED336B



More information about the tor-talk mailing list