[tor-talk] Darknets/science vs. GPA/LEA/Law, and playing dirty pool

[grarpamp]

On Fri, Nov 7, 2014 at 9:29 AM, Öyvind Saether <oyvinds at everdot.org> wrote:
>> http://www.bbc.com/news/technology-29950946
>
> "The BBC understands that the raid represented both a technological
> breakthrough - with police using new techniques to track down the
> physical location of dark net servers"
>
> They do have the capability to locate Tor hidden services at this point.
>
> To those who want to pretend otherwise: The first step to fixing a
> problem is to admit that it exists. There is no point in pretending
> these .onion sites are secure anymore. The only interesting question
> now is: How can this be fixed?
>
> They could simply look for high amounts of Tor traffic and pull the
> plug in IPs whos traffic pattern look like it may be a hidden service
> and see if anything goes down.

This is a critical weakness of any anonymous system if...
the way things are looking worldwide, GPA's seem to be the real
deal and they seem to have no problem handing off to the LE side,
and laws be damned... well, the old ways are over, it's the Wild West.

Filling all the network links with chaff could be a way to protect users
(maybe they were just loading the homepage over and over), but they
could still bounce all the IP's to look for servers.

There may be an oppurtunity for the operators of anonymous services
to band together and monitor themselves or each other for bounces
simply to confirm if bounce tests are infact happening against all such
service participants, high data/connection rate ones, services based
on age of identity key, or any other such class they are able to identify.
And they'd have to characterize true bounces from network reachability
anomalys.

This is hard to defend against. Store-and-forward... maybe.
Decentralized p2p/blockchain... more likely, at least for market-like
things that could be modeled as transaction-listing-like things.

Another way to test is for someone to use perfect opsec (wifi, tor,
bitcoin, etc), and actually run a number of illegal sites and see what
happens. Then consider some sites may be allowed to live even if
actionable, or simply won't be taken down if there are no real world
links to act on.

Tor had one recent whitepaper that claimed to have actually located
hidden services (real or test) within a minor budget and timeframe by
abusing nothing other than the Tor network itself. Right? Has anyone
replicated that work?

People need to be analysing these court documents very carefully to see
what bits of knowledge can be drawn from them. That's a project in itself
and EFF/Tor wiki would be a good home to begin cataloging them all
and making notes of such things in each case.

It's pretty obvious something is going on besides opsec, especially
with the quotes in the news. Question is, what is it?

Tests need done, knowledge needs found, capabilities need catalogued,
and defenses need developed. Step by step, scientific method.

While you're at it, play some dirty pool in return, set up a bounty for leakers.
Cash, sex, drugs, whatever. Not everyone is motivated by the same things
Ellsberg/Snowden et al are.

> Regardless of how it is actually done: It seems perfectly clear that
> they are able to identify the servers hosting hidden services. Those
> who pretend otherwise at this point are either cointelpro/military/law
> enforcement or morons.