[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
Is TOR kill?
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 137
Thread images: 13
Is TOR kill?
https://www.ibtimes.co.uk/fbi-crack-tor-catch-1500-visitors-biggest-child-pornography-website-dark-web-1536417
>>
>>52369974
good. I hope one of these bad people was Stallman

-----------------------------
~Sent from Windows® 10™ with 4Chan Gold app
>>
>Jan 6
phew
>>
>>52370113
damn i hope that too

-------------------------
~Sent from iMac® Pro ™ using 4Chan Platinium app
>>
>The FBI installed a malicious flash application to figure out the user's IP address.

Should have been using tails or whonix.
>>
No
"When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all"

tl;dr Tor without Java(/script) and flash blockers is useless
>>
> When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all, according to Motherboard Vice.
>The NIT was able to capture the actual IP address of the computer, the type of operating system the user's computer was using, the computer's architecture, the computer's MAC address, the computer's host name, the computer's active operating system username and was even able to issue a unique identifier to the user in order to distinguish all data collected from another user's IP address.

Kek, so basically the ones who got caught were idiots who decided to use their everyday browsers through Tor proxy, since the Tor Browser comes with plug-ins and Javascript disabled.
>>
>>52369974
>shitty side channel attack
>Is TOR kill?

fuck off
>>
>>52370253
always disable java browsing tor it s write on the first lines of the advice section
>>
>a Flash application was secretly installed on the user's computer

Amazing. If only the pedos had uninstalled flash.
>>
I almost felt sorry for the pedophiles.
But:
>Flash
Fuck em all, nobody who has Flash installed deserves to walk around free.
>>
>Even though the method has undoubtedly helped to bring down child pornographers, the American Civil Liberties Union is concerned that the FBI was able to hack into over 1,000 computers with just a single warrant, and believes that Congress and the public should play a role in evaluating whether law enforcement should be allowed to use NITs at all.

American Civil Liberties Union confirmed pedos
>>
>>52370113
>>52370226
Don't have your hopes so high up you're on our list too. Faggots.

-----------------------------
-Sent from RHEL 6 Workstation using NSA Unlimited Access key
>>
>>52370365
they just skimmed some of the retards off the top and can add them to their sex offender lists. Of course they didn't get a single producer which would actually be important but BIG NUMBERS look good to the equally retarded public and they can pretend to be doing something.
>>
>>52370418

Fuck you.

---------------------
-Sent from Dankpad t420 running RedStarOS personally delivered to me by the Dear Leader
>>
>>52369974
Should have followd the main principle of ultra-paranoid computing: Always assume your system is compromized.

They only have themselves to blame.
>>
>>52370424
Pirating Hollywood movies kills the movie industry.

Pirating CP strengthens the child molesting industry.
>>
>>52370113
>>52370226
>>52370418
>>52370442

Is this the birth of an epic new funny meme? I'm posting this on /r/4chan :D
>>
>>52369974
>People get persecuted for the pornography they consume.
I know you Americlaps were fucking prudes, but this is taking things a bit too far, don't you think?
>>
>>52370477

I love /r/4chan. What's your username, I'll send you some gold
>>
>>52370492
no, it makes more sense to jail people who look at pictures than to jail people who are actually fucking children right now, breh.
>>
>>52370522
Your name has been added to the FBI child sex offender watch list
>>
>>52370522

/u/mootykins :3
>>
>>52370576
I meant >>52370492 name, but what the hell, might as well add you too it to
>>
>>52370442
Watch your language, newfag.

-------------------------
~Sent from my Nexus 5X using 4Chan Platinium app
>>
Probably another Javascript exploit.
Never use Tor outside of an internet-less VM, let alone without NoScript, uBlock, etc.
>>
We did it Reddit!!

All the pedophile scum can finally burn in hell!

-----------

Sent from my iPhone 6s plus
>>
>>52370628
It won't read.

Why won't it read?!
>>
Linux fanboys are going to jail
>>
>>52370253
Correct me if I'm wrong, but isn't NoScript by default set to "Allow All"?

>not just installing uMatrix
>>
>>52370747
>isn't NoScript by default set to "Allow All"?
Absolutely not. It's called NoScript, not YesScript for a reason.
>>
so basically do this for max security:
>use a closed-shell system used only for TOR.
>boot up from Tails OS
>connect through a virtual machine that doesn't have access to the internet
>VPN (use company that doesn't keep records) tunnel into TOR
>Make sure Firefox, TOR, Noscript, and everything are up-to-date
>disable scripts globally, no flash, no java

Wouldn't be using VirtualBox be just as good as a closed-shell system? I thought that whatever happened in the virtual machine had no effect on the host computer.
>>
>>52370628
Ok I'll bite. If the vm doesnt have internet connection how do you connect to tor?
>>
>>52370844
https://tor.stackexchange.com/questions/1066/how-do-i-turn-javascript-off-in-tor-browser-bundle-3-5
>Do you have NoScript set to globally forbid all Javascript? NoScript in Tor Browser 3.5 seems to allow scripts by default,
https://tor.stackexchange.com/questions/1183/why-did-the-option-to-permanently-allow-javascript-disappear-from-the-noscript-m
>The TorBrowser ships with NoScript which is configured to allow JavaScript (globally) by default. By default the menu should say "Forbid Scripts Globally", as JS is not blocked.
>>
>>52370896
>>52370628
seconding this. explain yourself
>>
>Playpen had almost 215,000 members
Only 1500 arrested and 1500 more to get arrested (probably)

>After seizing the computer server running Playpen from a web host in Lenoir
How did they find it? Thats more worrying. It could be the sysadmins of the datacenter easily, who knows.

>a Flash application was secretly installed
Tor Browser with Flash/Java/Silverlight/Javascript on is useless
>>
>>52370844
it is in tails. you need to disable scripts manually on every boot.
>>
>>52370844
It allows all scripts by default on TBB
>>
>>52369974
>When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all

Tor is not compromised, idiots just don't know a single thing about computers and think that Tor is a magic program that makes them perfectly anonymous.

>installing Flash on Tor

Complete idiots.
>>
>>52370916
>>52370941
>>52370946
Why the flying fuck?
>>
>>52370970
Yeah that always confused me too.
>>
>>52370970
Just search on Google/Bing for Tor Browser, go to images and you´ll see many images with the NoScript icon in white and with the !, which means it allows all globally
>>
>>52370981
Because muh fingerprinting.
>>
>>52370928
They could only hack those that attempted to login/sign up in the two weeks they ran the site. That and most the users were pinged outside of the U.S.
>>
>>52371015
>better to be exposed than to be fingerprinted based upon what you block!
Flawless logic.
>>
>>52371044
Fingerprinting only means they can identify you as a unique individual, doesn't it? Unless the NSA owns all sites on the Tor network, or clearnet for that matter, that unique identification doesn't really pose a risk, right?
>>
>>52370864
>helping pedos to get away with their crimes
>>
>>52370864
>I thought that whatever happened in the virtual machine had no effect on the host computer.
Only if the VM host had perfect security. That's not the case, not by a long shot.
https://hsmr.cc/palinopsia/
https://eprint.iacr.org/2015/898.pdf
http://www.s3.eurecom.fr/docs/fc14_maurice.pdf
http://venom.crowdstrike.com/
https://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf

This is not a complete list by any means, but I hope you get the idea that VMs have bugs & flaws just like any other piece of software.

>>52370896
>>52370920
It's possible to redirect all the traffic from the virtual NIC right into Tor's SOCKS server, for example. Personally I don't trust the VM enough (see above), nor the host (in case of a VM escape) so I use a designated Tor machine and use another machine as an intermediate router to do filtering, redirection to SOCKS, etc. This way, even if my Tor machine got completely fucking owned by a 1337 state actor, it has no way whatsoever to get to the internet without passing through Tor first (sans an attack on the router, but I believe to be properly fortified).

That's enough of a private setup for me, but YMMV.
>>
>>52370970
Because most of the web need scripts to work. It allows regular people in fuckupistan to access facebook. Paranoid pedophiles were never intended to be TBBs target audience.
>>
>>52371187
>helping *everyone get away
True anonymity has consequences, but it's worth it
>>
>>52370970
Color me surprised as well. The least they could've done was to briefly explain the issue and present a yes/no dialog the first time you run it.
>>
>>52371348
if pedos can be discovered, why can't those in fuckupistan be?
>>
>>52371383
You do realize that there's an immense skill gap between the FBI/NSA & whatever shitstain of a law-enforcement agency fuckistan has, right?
>>
>>52371383
Because Iran can't just go and put malware on facebook like the FBI can on some shit pedo ring server.
>>
>>52371440
Part of Tor is that it is used by US operatives overseas to deliver very sensitive data back to the states, this is why the Navy develops it. It has to be robust enough to potentially deliver top secret data when used correctly, which means that they have to assume very powerful nations are attempting to read the data.
>>
File: 1432584271968.png (864 KB, 745x691) Image search: [iqdb] [SauceNao] [Google]
1432584271968.png
864 KB, 745x691
But will anything be done?

I've looked at that shit off the hidden wiki to see if what was said was true about the "deep web". Shit's gross mang

I bet the people who will be v& are those who are supplying and manufacturing the cheese pizza
>>
>>52371490
Tor is used to ensure anonymity, not secrecy & authenticity.
Those are very, very different things.
>>
>>52371604
>I bet the people who will be v& are those who are supplying and manufacturing the cheese pizza
you couldn't be more wrong
>>
Is silkroad still up somehwere? It was the good only reason to use tor anyway.
>>
>>52369974
Fu>>52369974
Fuck off
>>
>is tor kill? #1122323
Were you just born yesterday?
>>
>>52371659
>forget that other classes exists
>play HA 24/7
>???
>>
>>52371750
You seem to be lost, let me help you out:
>>>/v/
>>
File: image_7_0.jpg (31 KB, 396x400) Image search: [iqdb] [SauceNao] [Google]
image_7_0.jpg
31 KB, 396x400
>>52370492
Pedo detected
>>
>>52370113
>good. I hope one of these bad people was Stallman
he uses other peoples computers so some other poor innocent bastard will cop the flack.
>>
>>52370230
I wouldn't be using flash from the getgo lol
>>
File: giphy.gif (1005 KB, 500x375) Image search: [iqdb] [SauceNao] [Google]
giphy.gif
1005 KB, 500x375
>2016
>using flash at all
>>
>>52369974
TOR was never good considering the vast majority of the nodes are owned by the US government.

The more nodes they own the more likeihood all your nodes will be one of theirs and if they can establish a circuit from end-to-end the entire thing falls apart and they can know everything you do and who you are.
>>
>>52369974
No. TOR is difficult to deal directly. Almost all attacks are on javascript or social enginnering.
Fun fact: the most effective way has NSA to deal with TOR was using a psych warfare operation to associate the software with pedos, thus avoiding that normies will ever think in using it.
>>
>>52369974
Not even going to open the article. It's going to be yet another instance of Flash/Java/Javascript fucking someone over. Like every other time this thread has been posted.
>>
We don't know what attack vector they used for this.
The Flash attack was Operation Torpedo in 2011.

>When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all, according to Motherboard Vice.

Then go to the vice article:

>In 2011, “Operation Torpedo” was launched, which saw the agency place an NIT on the servers of three different hidden services hosting child pornography, which would then target anyone who happened to access them. The NIT used a Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity.

>As for how the Playpen NIT operates, it’s not totally clear >exactly how it was deployed, but the warrant allowed for >anyone who logged into the site to be hacked.

How do I into reading comprehension?
>>
>>52370864
>>VPN (use company that doesn't keep records) tunnel into TOR
NO you goddamn fucking retard holy shit.
>>
>flash exploit

And it's fucking nothing.
>>
>>52369974
>a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all

So basically they caught a bunch of complete retards who were browsing CP sites with Flash enabled. Good.
>>
>>52372158
why the fuck not?
>>
>>52369974
but tor explicitly disables flash. were these retards stupid enough to actually download and run some shit?
>>
>>52372239
The VPN is straight up the weakest link in the chain. You're just increasing your attack surface.
>>
>>52372319
Tor Browser isn't the same as Tor.
>>
>>52370477
>>52370522

FUCKING NORMIES REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
>>
>>52372339
oh shit you're right. but i bet almost all windows users use it anyways
>>
The real question here is how they managed to find and compromise the server, if they used a flash exploit or not is irrelevant since finding the server through exploits in Tor itself means they could've found the users using the same method.
>>
>>52372468
They owned the server.
>>
>>52369974
>>52370864
>>52372077
>>52372087
>>52372158
>TOR
https://www.torproject.org/docs/faq.html.en#WhyCalledTor
>>
>>52369974
First bowie, now this

Great way to start a day
>>
>>52372982
bullshit propaganda.
>>
>>52373099
>Ignorant computer illiterate.
>>
>>52373124
>WHA YOU CAPITALIZED ALL THE LETTERS
>YOUR COMMENT HAS BEEN DISCARDED

this is full denial.
>>
>>52373146
Learn to address tech properly, newbie. Nobody will take you serious until you do.
>>
>>52373210
Tor is not Tech you imbecile. It's software.
>>
>>52373256
Which is technology, newbie. This is fast getting embarrassing.
>>
>>52373284
You're the biggest retard ever
>>
>Caught 1500 people on a site that probably had tens or even hundreds of thousands of users
>>
>>52369974
>200k total users
>1.3k arrested (0.5%)
Just got the casuals who used browser bundle with javascript on.
>>
>>52373307
Whatever makes you feel better, muppet.
>>
>>52369974
>the FBI decided to run the child pornography web site from its own servers in Newington, Virginia,

Nice now watch the FBi getting sue'd for running cp websites, still have a feeling this news report is full of shit.
>>
>Stupid pedos getting caught because they didn't use noscript
Fine by me
>>
So they arrested 4 people of the 1300 IPs?
Considering they have 1300 real IPs( or are they nodes + vpns + proxies)
>>
>>52370226
That would be nice

---------------------------
-Sent from my Nvidia® 3.5GB™ GTX970™ meming machine through the 4Chan Iridium App
>>
>>52371233
>fortified router
NETBSD,PF,and everything encrypted down to the bits in the flash?
>>
>>52372336
Even if the VPN is broken they'd just find out I use Tor, they can't tell what website any better than my ISP can.
>>
>>52373875
I don't think they care about non-distributors
>>
> flash application was installed
I'm assuming they are talking about windows right? Would an exploit like this work with windows and Linux?
>>
>>52374212
it's easier to compromise the link between your VPN and you, or just bug your VPN than to compromise TOR
>>
>>52374212

That's not how it works.

https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/combining-tor-with-a-vpn/
>>
>>52372468
hosting the site in the US in the first place was pretty damned stupid
>>
>>52369974
TOR has always been kill, Pretty much every government has taken steps to weaken and decloak users.

No ammount of hops and legit nodes can compete with multimillion dollar investments flooding tor with honeypot nodes
>>
How do you install a flash application? Is this just shitty wording or was this some kind of flash executable?
>>
File: 1449189192299.png (946 KB, 912x905) Image search: [iqdb] [SauceNao] [Google]
1449189192299.png
946 KB, 912x905
>They installed Flash on Tor
>They didn't disable scripts globally

dumbass pedos deserved it
>>
File: 1452283692460.jpg (12 KB, 251x242) Image search: [iqdb] [SauceNao] [Google]
1452283692460.jpg
12 KB, 251x242
>>52369974
>Over 1,500 cases have resulted from the investigation
>>
>>52376854
they likely meant that a flash applet was embedded in pages

people dumb enough to have flash available while using tor for illegal stuff deserve to be caught
>>
File: -.png (253 KB, 378x411) Image search: [iqdb] [SauceNao] [Google]
-.png
253 KB, 378x411
>Mfw use flash and not a pedophile
>>
They caught everyone who didn't disable flash and had JS enabled

Low hanging fruit
>>
>>52372077
>considering the vast majority of the nodes are owned by the US government.

You're an idiot. Get off the internet.
>>
File: hurpdurp.jpg (125 KB, 717x880) Image search: [iqdb] [SauceNao] [Google]
hurpdurp.jpg
125 KB, 717x880
>>52370477
>>52370522
>>52370599
>>
>>52375918
>No ammount of hops and legit nodes can compete with multimillion dollar investments flooding tor with honeypot nodes

Is that right? Wow, you know more about the subject than anyone
>>
>>52375607
I read the whole thing and still believe using vpn will add extra layer of security. Nothing in that article contradicts this. I trust vpn providers whole lot more than billion dollar isps.
>>
>>52372077
largest single node runner is that german charity group last i heard (1-2 yrs?)
>>
>>52375555
Elaborate.

OTOH I bet you $100 that at&t, verizon etc will give logs to any authority easier than malta based vpn provider.
>>
>>52378167
Wow, another patronizing teenager/TOR shill

https://archive.is/gBS7u
https://archive.is/gaWSX
https://archive.is/abFMB


There's so many vulnerabilities in TOR it's starting to become laughable, decloaking individuals is trivial.
>>
>>52370970
>use privaceeeh-program
>program is set to be a data-slinging shithole

HOLYSHIT X^)
>>
>>52370113
>>52370226
>>52370418
>>52370442
>>52370627
>>52370695
>>52373931
>Signature
You are all in violation of global rule #13 https://www.4chan.org/rules
>>
>>52375555
>>52375918
>>52378479
See >>52372982
>>
File: 2061.jpg (93 KB, 533x700) Image search: [iqdb] [SauceNao] [Google]
2061.jpg
93 KB, 533x700
>>52369974
>tor
should have used freenet master race
>>
>>52379879
Stop being fucking pedantic.
https://en.wikipedia.org/wiki/Acronym#Case
>>
>>52380071
Stop making excuses
https://en.wikipedia.org/wiki/Rationalization_(making_excuses)
>>
File: sdgfdsfg.gif (2 MB, 245x253) Image search: [iqdb] [SauceNao] [Google]
sdgfdsfg.gif
2 MB, 245x253
>>52380092
>https://en.wikipedia.org/wiki/Autism
>>
>>52380205
>I can't win an argument, so I'll just meme his ass by throwing the autism accusation his way.
Just drop it, anon.
>>
File: 1436048768676.jpg (102 KB, 1089x881) Image search: [iqdb] [SauceNao] [Google]
1436048768676.jpg
102 KB, 1089x881
>>52380281
Okay I'll bite.
What argument exactly? You think calling people out because they write TOR (which is widely considered the correct case for acronyms) instead of Tor is somehow NOT considered pedantic?

Leleleliterally autism
>>
>>52370113
>>
>>52380380
I'll bite too, despite the second autism meme. Yes, exactly, as per https://www.torproject.org/docs/faq.html.en#WhyCalledTor of course, and it's important to accurately refer to names and technology in order to avoid confusion, ambiguity, but also to show that you care and know what it is that you're talking about, without coming off as an illiterate moron.
>>
>>52380496
That wasn't a meme, it's literally autistic to get so buttblasted about the case of an acronym.

>and it's important to accurately refer to names and technology in order to avoid confusion

"What's TOR? I'm so confused, I've never heard of that before... OH.. you mean Tor?"

See how retarded that is? there's nothing to confuse you bumbling idiot. The case is largely insignificant to it's meaning. As I stated in my previous post the use uppercase for acronyms is generally the correct use case (CPU, GPU, RAM, IDE are other common examples) see >>52380071 for a little reminder.

>without coming off as an illiterate
That's not what illiteracy is you fucking mouth breathing autismo.

I'm sorry anon, I can't let that level of idiocy go unchecked, you retards have been shitting up this place.
>>
>>52380626
>>>52380496 (You)
>That wasn't a meme, it's literally autistic to get so buttblasted about the case of an acronym.
>literally autistic
Again with the memes.
>buttblasted
This meme isn't even a word.
>>and it's important to accurately refer to names and technology in order to avoid confusion
>"What's TOR? I'm so confused, I've never heard of that before... OH.. you mean Tor?"
This is too cheap. That's not the only remark I had about being accurate.
>>without coming off as an illiterate
>That's not what illiteracy is you fucking mouth breathing autismo.
Actually, it is. http://www.merriam-webster.com/dictionary/illiteracy
>I'm sorry anon
No, you're not. Neither am I.
>>
>>52378479
>https://archive.is/gBS7u
>analyzed the traffic at exit node
>under laboratory conditions

>https://archive.is/gaWSX
>exit nodes found to be sniffing passing traffic

You get what I'm saying? None of these affect hidden services, and if you're using Tor for something illegal and connecting to an internet site you're just dumb. Also the first link is a complete joke because it requires being able to directly monitor both the server and the client, and if they are able to monitor the server they can just use a far easier exploit like the Flash exploit mentioned in the OP.

>https://archive.is/abFMB
Has nothing to do with Tor, sorry.
>>
>>52376895
>They installed Flash on Tor
nope.
they used the tor browser bundle on a (probably) windows machine with flash installed.
or they used a tor plugin for firefox with flash still enabled.
>>
> After seizing the computer server running Playpen from a web host in Lenoir, North Carolina
> the FBI decided to run the child pornography web site from its own servers in Newington, Virginia

I thought it was mitm attack but it was not, easy to find people when they connect on their server accessing FBI own contents
>>
>>52373446
no, they're above the law, everyone knows that.
>>
>>52381662

Not when they're connecting to you over tor, which is why they were able to get less than 1% of the IP addresses.
Thread replies: 137
Thread images: 13
Thread DB ID: 404022



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.