>>Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.
Hmmm, I really wonder who that could be...
You know I don't even want to make some shitty ebin comment here, you'd have to be fucking clueless to not understand who would be behind that. The Rubbermints
I truly do understand why people would do this
>want to screw anonymity to gain more power
this kind of attack isn't *really* in tor's threat model and they've known about it for ages. this one just happens to exploit unintentional design flaws within tor to do it, which they're fixing.
but if someone is controlling all the nodes passive surveillance can still determine your point of entry. this is why other methods are useful in addition to tor.
nothing is flawless for anonymity, though.
>passive surveillance can still determine your point of entry. this is why
Is it a good thing to be an exit node when using TOR - am I right in saying the more cool exit nodes the less the controled noded can capture - is it somthing that is not worth it if you are just a homw user? or will it still be some help - also does it "mark" you more if your an exit node?
Controlling exit nodes isn't the only way traffic can be passively captured. If you control the backbone, you have access to all of it.
Basically, Tor doesn't protect you against the NSA and other sigint agencies doing this kind of surveillance... especially if they're adding fingerprinting to the headers.
Turbo whiteknight retards who think Tor = Criminals
Also I am kinda glad this happened. It's a good thing if they blow their load early and cause people to fix current vulnerabilities and find others. Otherwise some really bad shit could happen to a lot of people.
>the NSA and other sigint agencies doing this kind of surveillance... especially
So is it true to say their is absolutly no know way to stop the NSA level of snooping - TAILS, TOR, VPN, ect ect - nothing in the known universe? Or is there, but it would be extreamly complex to implement...? You just feel so helpless against NSA - my thoughts are mine for me to share with only the people I care to... kinda basic human rights privacy - have nothing to hide in a "leagal" way just don't like not having control.
this is the first bit of hard evidence that anyone has been actively doing passive timing attacks... but it's always been theoretically possible and it was never in the scope of tor's threat model to begin with.
multiple hops outside the territory where the surveillance takes place can help, along with other things. but ultimately, the issue is that the way we do routing wasn't designed for privacy.
Governments and jewvernments are trying their hardest to "crack" Tor, pumpings loads of cash to get some nerds to do it for them.
I guess not everyone care about privacy, but they should. Is a good thing Tor is a very robust network, still, I believe we should put some more effort into supporting the Meshnet.
All hail to the CypherPunk gods... I pray they have the power. They are the only hope for a free net and even further a free society as the net is very instramental for society. If only I could code like Gandalf... Is there any place a donation would make a diffrence? Are there people working on new versions of TCP/IP and a way of getting it iplemented that would give some hope? Can ALL data not be encrypted PGP style - to trusted/particapating sites?
Lets face it, who actually trusts TOR anymore?
I havent used it for over a year, but even when I did I never fully trusted it. How you guys can trust a technology that was developed by military intelligence services and is funded still by the military, I just dont know. You have got to be completely insane. Who the fuck do you think the NSA are ? They are military intelligence you numbskulls. The article in that link is to make you think TOR project is working with you. It isnt, it is working against you. You have to be fucking insane to trust TOR
It was the CMU fags
>How you guys can trust a technology that was developed by military intelligence services and is funded still by the military
why do you flaunt your ignorance
plenty of advances came out of NRL
guess you better not use any form of electronic key distribution. NRL INVENTED IT! BOTNET! XDDDDDDDD
also it's not even funded by the NRL anymore.
The shills waved their flags and showed their true colors. Dave leaned back in his chair and lit another cigar, and tasted the cool smoke and contemplated how he would shoot their flags full of holes
They didn't practice responsible disclosure, assuming that this is the same attack as the CMU presentation. They were vague as fuck in their communication, if the tor project is to be taken at their word.
You're mentally ill.
It's a 1970s era program that has nothing to do with modern fiber taps, you stupid fucking moron. It's for satellite trunks and radio dishes to pick up any communications they can.
Stop throwing around this garbage like I KNEW THEY WERE SPLITTING FIBER WITH TEH ECHELON IN 1995 LEL PLEBS.
So what who invented it, if it is useful to any other branch of the Military they use it, and since the NSA is a signals intelligence agency, which means any transmission method, they use it
Oh puleeze now youre just trying to have a pissing up the wall competition and believe me your dick aint big enough
Ah ok - never heard of level 3 coms - so, they see all - no hope may as well go back to using google and sign up with facebook then? ahhh shit.. that sucks balls - maybe some kind of peer to peer wifi network accross the land making our own net with our own protocals and privacy - would that have a chance of being "free" if designed right - not sure how it would interface with the web yet but just as (if it took off and everyone installed it) a skype/messanger type thing with file sharing - all totaly secure?
the government did this, remember they canceled that talk on hacking tor? and pulled all the speakers?
this is them trying to take down pedo rings and drug trade
(like anything they do will ever stop it)
>pedo rings and drug trade
I'm sure they actually do stop those things when they can be bothered to, but the real goal is to make sure that it's impossible to use the Internet anonymously. The NSA's goal is the continuity of the NSA and the power structure of the US government.
If you really think some terrorists in caves over in some shit hole Stan country are an existential threat warranting such surveillance, you're a gullible useful idiot. This surveillance state is being built by and for the oligarchy to protect the fundamental aspects of American Capitalism. People like MLK and Julian Assange are the real enemies.
If someone starts getting too popular with a message like Universe Healthcare, free higher education, dismantling the military industrial complex, these people need to be discredit. The NSA needs their entire online history in their archive so they can playback a person's whole life, find something illegal or embarrassing, and discredit that person before they can become too disruptive.
Why do you think they permanently track anyone who has anything to do with the Occupy movement? For a while that movement looked like it was going to explode and become a real threat to entrenched powers. It got their attention.
If you ever went to one of those rallies, or just walked by one, you've got the NSA's hand up your ass for the rest of your life.
This man speaks the truth... Totaly this is about keeping control of the population.
Activists go back to using leaflets (printed on stolen/abandoned/non tracable printers. Note: all printers print a serieal number code within the print dot patterning - but I'm preaching to the converted i guess).
GEE Anon looked up this hidden service. We don't know if he accessed it or downloaded anything. Let's arrest him for looking it up the service. It's gotta be worth a death sentence.
I wonder who is behind all these new relays?
Everything I said is backed up by evidence, from Snowden and others.
Ever heard of COINTELPRO? The FBI really did try and take down MLK. They tried to get him to kill himself. It's unknown whether they actually assassinated him or not--so I'll stop short of making that claim. They could have just encouraged Ray to do it. Hell, they could have organized his escape just for that. But the truth will probably never be known. The facts that we do have are more than enough to know the FBI/NSA/CIA are horrible and treasonous organizations.
I'm not a truther who believes 9-11 was an inside job. It wasn't. It was a result of incompetence and some very ingenious exploits of security holes.
I'm sure that a lot of good people have done likewise, but the explosion of new nodes is the NSA trying to take over the network. If they control the majority of nodes and can watch them all in real time, they can deanonymize a lot of users if they put enough effort in.
Tor is structurally incapable of defending against a Network Adversary. When Tor was created, the idea that some entity could surveil the entire Internet in real time was absurd--but the NSA built out the capability to do exactly that.
Did you even read the comment?
Actually, the NSA doesn't need to (and from the evidence we've seen, actually doesn't) run relays of their own.
But that shouldn't make you happy, since one of the huge risks is about how many parts of the network they can observe, not how many relays they operate. They don't need to run their own relays, if they can just wait until nice honest folks set up a relay in a network location that they're already tapping.
Now, the interesting thing about the traffic confirmation attack here is that you actually do need to operate the entry guard, not just observe its traffic (because you need to see inside the link encryption). So in fact the NSA would have to run a bunch of relays in order to do this exact attack.
But the more general form of traffic confirmation attack can be done (if you're in the right places in the network) by correlating traffic volume and timing -- and that can be done passively just by watching network traffic.
The two blog posts to read for more details are:
>e IRL as paranoid as you, which probably has something to do with the fact some
Fool... there is plenty of evidence, and this dates back a long time - what do you think gov. is about? A free and democratic society? yeh that had to be fort for and taken - it was the least they could give to keep the mob down. And even then all they needed was the illusion of choise - you chose the colour but they still bringing you a toilet...
>I don't think I've ever met someone IRL as naive as you, which probably has something to do with the fact someone like you would never read a history book.
Sounds like a name who know ? The man who controled the United States politicians
I think the US Congress is scared shitless of the NSA/CIA.
Remember a guy named Anthony Weiner? Great politician, had a promising career and was a real champion of personal liberty and Social Democracy.
He also had a habit of sending dick pics to women online. They leaked out, he resigned. And you've never heard from him again.
Ever heard of a guy named Eliot Spitzer?
New York Prosecutor
One week before the banks collapse because bankers fucked shit up and lied to each other, he is forced to resign because he fucked a prostitute (while all rich bankers do that)
Everything is rigged
Yeah, him too. I'm watching out for Elizabeth Warren. She's going to get burned if she tries to run for POTUS, mark my words. Something will leak out.
She's just too legitimately anti-establishment. They won't be able to flip her, so they'll have to take her down.
>Together these relays summed to about 6.4% of the Guard capacity in the network.
Anyone else notice that part?
Six-decimal-four percent of the entire Tor network was part of this attack. Who else but a government could run something like that for six months?
>e 2000 and what do y
Although I would not say any true /g/ is not in education - SOME of you are waaay smarter than many "in education" types - there is an impressive amount of self education hear... fuck university was not so hot compaired to 4chin in many ways. If some of you will use the skills in the right way when the right time comes you are in training, As for employment 50/50 there is are pros about....
Other people are calculating that it could be within the $3,000 price tag of the exploit from the cancelled Tor talk at Blackhat conference. So I don't know where to go on this one.
And that is on the heels of:
PS: This is how it is being reported now:
So honest question guys, if I'm just a regular chinese cartoon, porn watching university student who torrented movies & music, why should I bother to Tor up? Tor is clearly an inferior laggy browser compared to many others.
The most embarassing internet footprint I have is my porn habit, and I can't stream pron anyway with Tor which kinda defeats the point of Tor-ing up during my most vulnerable moment. I agree with all that muh freedom and liberty argument against government surveillance, but the way to win this war is not by advocating a clearly inferior product for the general normalfag public and there's no way the US government gonna pull back on the surveillance program because it has been very beneficial for them to maintain their power. There's only two kind of countries in the world, countries who spy on their citizens and countries who wished that they can spy on theirs.
If you're a journalist, activist, kiddy fiddler, or drug trafficker I understand the point of using Tor, GPG etc but would you seriously bother to encrypt, teach your parents how to encrypt/decrypt messages, have signed public key from them, etc just so they can check on you? No, noone would to that because it's too inconvenient. I'm quite satisfied in avoiding just Google's targeted ad botnet, if NSA want to audit my entire internet footprint I dont think I have anything to hide