[tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto

Mirimir mirimir at riseup.net
Mon Feb 10 08:48:09 UTC 2020

On 02/09/2020 12:19 PM, Felix wrote:
> Hi everybody
> Am 2020-02-09 um 12:40 PM schrieb grarpamp:
>> Given the variety of known weaknesses, exploits, categories
>> of papers, and increasing research efforts against tor and
>> overlay networks in general, and the large number of these
>> "mystery gaps" type of articles (some court cases leaving hardly
>> any other conclusion with fishy case secrecy, dismissals, etc)...
>> the area of speculative brokeness and parallel construction
>> seems to deserve serious investigative fact finding project of
>> global case collation, interview, analysis to better characterize.
> ...
>> Early on August 2 or 3, 2013, some of the users noticed “unknown
>> Javascript” hidden in websites running on Freedom Hosting. Hours
>> later, as panicked chatter about the new code began to spread, the
>> sites all went down simultaneously. The code had attacked a Firefox
>> vulnerability that could target and unmask Tor users—even those using
>> it for legal purposes such as visiting Tor Mail—if they failed to
>> update their software fast enough.
>> While in control of Freedom Hosting, the agency then used malware that
>> probably touched thousands of computers. The ACLU criticized the FBI
>> for indiscriminately using the code like a “grenade.”
>> The FBI had found a way to break Tor’s anonymity protections, but the
>> technical details of how it happened remain a mystery.
> https://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
> A malicious route around Tor was/is solvable by keeping the system
> updated or by the use of techniques like Whonix or Tails.
> -- 
> Cheers, Felix

That depends.

Whonix would protect users against malware that bypasses Tor browser.
Perhaps Tails would as well, given its iptables rules, but arguably not
as well as Whonix does. Because in Whonix, Tor client and apps are in
separate VMs, and there's no forwarding from the workstation VM, just
SocksPorts exposed to it on the gateway VM.

And onion services could also use Whonix, or at least the basic concept
of Whonix, implemented in KVM or VBox VMs on the server. Onion services
on Tails would be harder, but probably doable.

However, neither Whonix or Tails would protect users or onion services
against attacks that manipulate Tor clients into using malicious guards.
And once an adversary controls the guard, it knows the IP address of the
user or server. Tails might even be more vulnerable, because it picks
new guards at each boot.

As far as I know, there just two ways to defend against attacks via
malicious guards. One is using vanguards.[0,1] The other is simply
hiding the user's or server's IP address from the guard, using a VPN
service, or a nested VPN chain.

0) https://github.com/mikeperry-tor/vanguards/
1) https://lists.torproject.org/pipermail/tor-dev/2020-February/014156.html

More information about the tor-talk mailing list