Is TOR kill?
"When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all"
tl;dr Tor without Java(/script) and flash blockers is useless
> When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all, according to Motherboard Vice.
>The NIT was able to capture the actual IP address of the computer, the type of operating system the user's computer was using, the computer's architecture, the computer's MAC address, the computer's host name, the computer's active operating system username and was even able to issue a unique identifier to the user in order to distinguish all data collected from another user's IP address.
>Even though the method has undoubtedly helped to bring down child pornographers, the American Civil Liberties Union is concerned that the FBI was able to hack into over 1,000 computers with just a single warrant, and believes that Congress and the public should play a role in evaluating whether law enforcement should be allowed to use NITs at all.
American Civil Liberties Union confirmed pedos
they just skimmed some of the retards off the top and can add them to their sex offender lists. Of course they didn't get a single producer which would actually be important but BIG NUMBERS look good to the equally retarded public and they can pretend to be doing something.
so basically do this for max security:
>use a closed-shell system used only for TOR.
>boot up from Tails OS
>connect through a virtual machine that doesn't have access to the internet
>VPN (use company that doesn't keep records) tunnel into TOR
>Make sure Firefox, TOR, Noscript, and everything are up-to-date
>disable scripts globally, no flash, no java
Wouldn't be using VirtualBox be just as good as a closed-shell system? I thought that whatever happened in the virtual machine had no effect on the host computer.
>Playpen had almost 215,000 members
Only 1500 arrested and 1500 more to get arrested (probably)
>After seizing the computer server running Playpen from a web host in Lenoir
How did they find it? Thats more worrying. It could be the sysadmins of the datacenter easily, who knows.
>a Flash application was secretly installed
>When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all
Tor is not compromised, idiots just don't know a single thing about computers and think that Tor is a magic program that makes them perfectly anonymous.
>installing Flash on Tor
Fingerprinting only means they can identify you as a unique individual, doesn't it? Unless the NSA owns all sites on the Tor network, or clearnet for that matter, that unique identification doesn't really pose a risk, right?
>I thought that whatever happened in the virtual machine had no effect on the host computer.
Only if the VM host had perfect security. That's not the case, not by a long shot.
This is not a complete list by any means, but I hope you get the idea that VMs have bugs & flaws just like any other piece of software.
It's possible to redirect all the traffic from the virtual NIC right into Tor's SOCKS server, for example. Personally I don't trust the VM enough (see above), nor the host (in case of a VM escape) so I use a designated Tor machine and use another machine as an intermediate router to do filtering, redirection to SOCKS, etc. This way, even if my Tor machine got completely fucking owned by a 1337 state actor, it has no way whatsoever to get to the internet without passing through Tor first (sans an attack on the router, but I believe to be properly fortified).
That's enough of a private setup for me, but YMMV.
Part of Tor is that it is used by US operatives overseas to deliver very sensitive data back to the states, this is why the Navy develops it. It has to be robust enough to potentially deliver top secret data when used correctly, which means that they have to assume very powerful nations are attempting to read the data.
But will anything be done?
I've looked at that shit off the hidden wiki to see if what was said was true about the "deep web". Shit's gross mang
I bet the people who will be v& are those who are supplying and manufacturing the cheese pizza
>forget that other classes exists
>play HA 24/7
TOR was never good considering the vast majority of the nodes are owned by the US government.
The more nodes they own the more likeihood all your nodes will be one of theirs and if they can establish a circuit from end-to-end the entire thing falls apart and they can know everything you do and who you are.
Fun fact: the most effective way has NSA to deal with TOR was using a psych warfare operation to associate the software with pedos, thus avoiding that normies will ever think in using it.
We don't know what attack vector they used for this.
The Flash attack was Operation Torpedo in 2011.
>When visitors accessed the website, although their traffic might have been encrypted, a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all, according to Motherboard Vice.
Then go to the vice article:
>In 2011, “Operation Torpedo” was launched, which saw the agency place an NIT on the servers of three different hidden services hosting child pornography, which would then target anyone who happened to access them. The NIT used a Flash application that would ping a user's real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity.
>As for how the Playpen NIT operates, it’s not totally clear >exactly how it was deployed, but the warrant allowed for >anyone who logged into the site to be hacked.
How do I into reading comprehension?
>a Flash application was secretly installed on the user's computer that quietly sent important data about the user straight to the FBI so that it did not pass through the Tor network at all
So basically they caught a bunch of complete retards who were browsing CP sites with Flash enabled. Good.
The real question here is how they managed to find and compromise the server, if they used a flash exploit or not is irrelevant since finding the server through exploits in Tor itself means they could've found the users using the same method.
>the FBI decided to run the child pornography web site from its own servers in Newington, Virginia,
Nice now watch the FBi getting sue'd for running cp websites, still have a feeling this news report is full of shit.
TOR has always been kill, Pretty much every government has taken steps to weaken and decloak users.
No ammount of hops and legit nodes can compete with multimillion dollar investments flooding tor with honeypot nodes
>They installed Flash on Tor
>They didn't disable scripts globally
dumbass pedos deserved it
>Over 1,500 cases have resulted from the investigation
>No ammount of hops and legit nodes can compete with multimillion dollar investments flooding tor with honeypot nodes
Is that right? Wow, you know more about the subject than anyone
I read the whole thing and still believe using vpn will add extra layer of security. Nothing in that article contradicts this. I trust vpn providers whole lot more than billion dollar isps.
Wow, another patronizing teenager/TOR shill
There's so many vulnerabilities in TOR it's starting to become laughable, decloaking individuals is trivial.
Okay I'll bite.
What argument exactly? You think calling people out because they write TOR (which is widely considered the correct case for acronyms) instead of Tor is somehow NOT considered pedantic?
I'll bite too, despite the second autism meme. Yes, exactly, as per https://www.torproject.org/docs/faq.html.en#WhyCalledTor of course, and it's important to accurately refer to names and technology in order to avoid confusion, ambiguity, but also to show that you care and know what it is that you're talking about, without coming off as an illiterate moron.
That wasn't a meme, it's literally autistic to get so buttblasted about the case of an acronym.
>and it's important to accurately refer to names and technology in order to avoid confusion
"What's TOR? I'm so confused, I've never heard of that before... OH.. you mean Tor?"
See how retarded that is? there's nothing to confuse you bumbling idiot. The case is largely insignificant to it's meaning. As I stated in my previous post the use uppercase for acronyms is generally the correct use case (CPU, GPU, RAM, IDE are other common examples) see >>52380071 for a little reminder.
>without coming off as an illiterate
That's not what illiteracy is you fucking mouth breathing autismo.
I'm sorry anon, I can't let that level of idiocy go unchecked, you retards have been shitting up this place.
>That wasn't a meme, it's literally autistic to get so buttblasted about the case of an acronym.
Again with the memes.
This meme isn't even a word.
>>and it's important to accurately refer to names and technology in order to avoid confusion
>"What's TOR? I'm so confused, I've never heard of that before... OH.. you mean Tor?"
This is too cheap. That's not the only remark I had about being accurate.
>>without coming off as an illiterate
>That's not what illiteracy is you fucking mouth breathing autismo.
Actually, it is. http://www.merriam-webster.com/dictionary/illiteracy
>I'm sorry anon
No, you're not. Neither am I.
>analyzed the traffic at exit node
>under laboratory conditions
>exit nodes found to be sniffing passing traffic
You get what I'm saying? None of these affect hidden services, and if you're using Tor for something illegal and connecting to an internet site you're just dumb. Also the first link is a complete joke because it requires being able to directly monitor both the server and the client, and if they are able to monitor the server they can just use a far easier exploit like the Flash exploit mentioned in the OP.
Has nothing to do with Tor, sorry.
>They installed Flash on Tor
they used the tor browser bundle on a (probably) windows machine with flash installed.
or they used a tor plugin for firefox with flash still enabled.
> After seizing the computer server running Playpen from a web host in Lenoir, North Carolina
> the FBI decided to run the child pornography web site from its own servers in Newington, Virginia
I thought it was mitm attack but it was not, easy to find people when they connect on their server accessing FBI own contents