Privacy

by Mike Masnick


Filed Under:
anonymity, criminals, detective work, tor



Yes, Federal Agents Can Identify Anonymous Tor Users, Because Most People Don't Know How To Be Anonymous

from the well,-duh dept

For many, many years now, we keep hearing law enforcement whine about the "threats" of anonymity and how people would be able to get away with all sorts of criminal activity if they weren't given the ability to track, monitor and tap pretty much every communications technology that has come along. A decade ago the fear was that free and open WiFi was going to be a major boon to criminals who could use it "with no trace." As we pointed out, however, nothing about using an anonymous connection like that means you won't get caught, because criminals have to do a lot of things, many of which will expose them in other ways, without having to tap and track every technological interaction. What's known as good old-fashioned detective work can often track down criminals who used tools to be anonymous -- and for years, we've pointed out many, many, many examples of this.

More recently, law enforcement's concern has been about Tor (which is slightly ironic, given that Tor was created and funded by the US government). The Snowden revelations have shown that, try as they might, the NSA has not had much luck in compromising Tor, and Snowden himself has noted that properly used encryption mostly works.

A recent Wall Street Journal article notes that law enforcement is slowly realizing that perhaps Tor isn't a parade of horribles that must be encumbered with backdoors for wiretapping... after realizing that most criminals more or less reveal themselves by doing something stupid along the way anyway.
But officials are becoming more confident that Tor's shield of anonymity isn't impenetrable.

"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," said James Kilpatrick, one of the HSI agents who is part of Operation Round Table, a continuing investigation into a Tor-based child-pornography site that has so far resulted in 25 arrests and the identification of more than 250 victims, all children.
This is a good thing. We should want law enforcement to be able to track down criminals -- and it's good to see that they're figuring out ways to do so. But it's important that they should need to do so via basic detective work, rather than by compromising important technology, creating security flaws and opening up all sorts of dangerous unintended consequences.

As with all kinds of new technologies, anonymizing technologies seem to create something of a moral panic among law enforcement types, who then insist those technologies need to be "broken" and backdoored or else criminals could somehow get away with everything. But that's silly. Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc.

One hopes that as this realization becomes more widespread, law enforcement and intelligence agencies will finally pull back from constantly trying to expand wiretapping laws that will break important innovations and technologies, but perhaps that's being too optimistic.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 3 Apr 2014 @ 5:45am

    This is an interesting article. It highlights why mass surveillance is not needed (ie: mainly plain investigative efforts are needed to get the errors) and that humans will err at some point. Driving is a good example. When you just learned you'll be very cautious paying a lot of attention to everything. As you get used to it you'll take more risks and drive less carefully resulting in higher chances of accidents. I first caused an accident over 5 years after I got my license. A type of accident I wouldn't have caused on my early driver years because I would have waited before trying to go through.

    reply to this | link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 3 Apr 2014 @ 11:10am

      Re:

      But kind of depressing when you think of the activists et al. that TOR was designed for.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 3 Apr 2014 @ 11:25am

        Re: Re:

        The activists actually suffer from the very same problem the criminals do. If Governments put investigative effort they will get to any of those guys given enough time. My father-in-law used to run a "rogue" newspaper during dictatorship here. He ran it for years but every once in a while they needed more help in different ways. Once he met a guy that seemed to be very engaged and worked diligently for the cause. With time this guy earned more trust and ended up going up the ranks. Turns out he was a spy and my father-in-law got tortured because of him. A friend of his got involved with a girl that was actually loyal to the cause till the point they broke up. She denounced the whole thing and got a few people killed. Because of a break up. And you know, mass surveillance still wouldn't do a thing for these people.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Apr 2014 @ 11:27am

        Re: Re:

        If you are being watched, the problem is getting on line, and some states will take use of VPNs, TOR or other encryption as evidence of anti-state activity. The problem activists have is getting material out without the act of getting it out being detected, rather than protecting the contents.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2014 @ 11:00am

    Still wont change anything...

    The epitome of catching the bad guy in the average zealous law enforcement's eye is that they need to have carte blanche in whatever they do. Rights and liberty be DAMNED!

    If you are innocent you have nothing to hide, right?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2014 @ 12:54pm

      Re: Still wont change anything...

      America was shown what good people do when the law allows their job to be above the law : Hank Schraeder. Noble cause, perhaps, yet it seems that in the USA, extralegal manners to get at people your government says do illegal things or simply don't like is usual business.

      That's obviously not how it should be. I'm glad we have a more powerful piece of paper than the Bill Of Rights in Canada, the Charter On Human Freedoms is a much more recent document.

      Too bad the CONservative Harperians are doing everything they can to corrupt it. A recent example is them trying to make criticism of Israel, antisemitism, which is illegal in Canada.

      Yep, that's the part where I say, we might be less fucked up, but we don't have any first amendment.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Oct 2015 @ 7:51am

        Re: Re: Still wont change anything...

        As a Breaking Bad fan, yep, Hank is not a hero either, the PTSD his job gave him, a job that shouldn't even exist and which thrives on breaking the law.

        But he was just a confused good person, because he views Walt as a betrayer of the law of family...the opposite is true, it's Walt who after looking at Hank alone in his hospital bed who kind of inadvertently offered to pay the bills for Hank when asking Marie if they (he and Skyler) can do anything at all. Then Skyler picks up with her gambling lie.

        Somehow I don't see Hank in Walt's position care enough to shell out some money because he does/did something he didn't like. Walt didn't like the ways of the DEA but still volunteered to save Hank and totally lost what was left of him when he was shot in front of him. The jingoistic culture he was raised in through the DEA makes him unable to count somebody as a human being when they're not the way he thinks they should be. It's a common trait of narcissists, yet Hank after getting shot changed for the better until Walt had that idiotic drunken rant about how Gale isn't a genius and his guy is still out there. That made him want to chase cockroaches again...what LEO's mostly think of their fellow human beings who aren't part of the "good side", which is pretty much the legal gangsters which are called cops.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2014 @ 11:14am

    From the article "Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc."

    So the question is, how many children have to be exploited, how many people killed, how many terrorist attacks have to happen before we get around to the sooner or later?

    reply to this | link to this | view in chronology ]

    • identicon
      Glen, 3 Apr 2014 @ 11:23am

      Re:

      Oh....the protect the children argument. That's cute.

      Sounds like you are willing to give up your rights so no bad things happen to anyone ever again.

      reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 3 Apr 2014 @ 11:31am

      Re:

      The question is, how many people should be persecuted, killed, have their freedom stripped, be unfairly prosecuted etc....

      Got my point? Are you really willing to sacrifice an entire nation for one or two children that can't get saved because due process is followed, investigative efforts are properly made and privacy is respected? Is that one children worth the risk of another possible Holocaust setting or some bloody dictatorship? I don't think so.

      reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 3 Apr 2014 @ 11:32am

      Re:

      So the question is, how many children have to be exploited, how many people killed, how many terrorist attacks have to happen before we get around to the sooner or later?

      How many innocent people need to have their lives ruined, privacy destroyed, etc.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2014 @ 11:33am

      Re:

      250 kids having a bad childhood. If thats the price of internet freedom, then i dont care about those kids.

      reply to this | link to this | view in chronology ]

      • identicon
        PRMan, 3 Apr 2014 @ 11:48am

        Re: Re:

        Oh, I care about them. I am saddened that people victimize others.

        But not enough to outweigh some freedoms (ie being spied on 24/7 and having that be used politically against people trying to fix the system).

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2014 @ 11:53am

      Re:

      Zero tolerance policy is a great example of how well the government helps children.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2014 @ 12:24pm

      Re:

      You want answers? You want the truth?

      So the question is, how many children have to be exploited

      27. But its the same one's over and over.

      Say, how's that Franklin Scandal investigation going?

      how many terrorist attacks have to happen before we get around to the sooner or later?

      3. Unless the "terrorists" are blowers of whistles

      Now that you know 27 and a conditional 3 as answers you can move on.

      reply to this | link to this | view in chronology ]

    • identicon
      woodchuck, 3 Apr 2014 @ 2:10pm

      Re:

      Well , if everybody was under permanent surveillance, child abuse, crime and terrorism would probably be reduced to a certain degree. But wouldn't it even be better to sent everybody to jail - solitary confinement of course? Like this the problems of child abuse, crime and terrorism could be solved really efficiently.

      reply to this | link to this | view in chronology ]

      • identicon
        Bill, 3 Apr 2014 @ 3:55pm

        Re: Re:

        Oh, let's go one step further! In addition to preventing all crime, we also want to make absolutely sure that nobody is ever hurt at all!

        So, instead of traditional solitary confinement, we'll just put everybody in nice, safe, cocoons.

        And sedate them, so they won't get bored.

        Yes, no measure is too much to ensure total safety!

        reply to this | link to this | view in chronology ]

        • icon
          James Jensen (profile), 3 Apr 2014 @ 4:05pm

          Re: Re: Re:

          Make sure you sterilize anyone who has to remain outside to monitor. Once the current generation dies off, there will no crime ever again!*

          * At least until the descendants of raccoons develop self-awareness.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous, 3 Apr 2014 @ 4:26pm

            Re: Re: Re: Re:

            Once the Erudites take over, crime won't be a problem. They'll have the Dauntless eliminate both the divergents and the factionless.
            Oh, wait, they tried something like that already.

            reply to this | link to this | view in chronology ]

        • identicon
          The Crime Dawg, 3 Apr 2014 @ 6:52pm

          Re: Re: Re:

          You obviously don't care about protecting the children. Prisoners might escape from their cells, break into the other prisoners' cells, and harm them. Clearly the only solution-- the final one, if you will-- is to execute everyone. You can neither commit, nor be a victim of, a crime if you're dead.

          reply to this | link to this | view in chronology ]

    • identicon
      MusicCityDawg, 27 Apr 2015 @ 12:48pm

      Re:

      How many children have to die in car accidents before we ban cars and alcohol?

      How many children have to die due to neglect before we take all children away from their parents and give them to the State?

      reply to this | link to this | view in chronology ]

  • icon
    madasahatter (profile), 3 Apr 2014 @ 11:21am

    User Skill

    Most users are not really computer literate in the sense they understand what is going on. I would suspect most of the people using TOR do not really understand how TOR works. Nor do many of them care. Like any crytographic system, TOR can easily be defeated by user carelessness. Also, with a relatively large ring in the criminal activity it is very likely a couple of members are either clueless or do not care. Either way, they make simple mistakes that allow others to break the system.

    reply to this | link to this | view in chronology ]

    • identicon
      PRMan, 3 Apr 2014 @ 11:47am

      Re: User Skill

      Exactly. If ANYTHING on your computer tries to connect to a service at the same time as you are on TOR, they may be able to track you. So, you pretty much would have to boot off a Live CD every time you used TOR, which is a massive pain, that is too cumbersome for most people.

      Also, any photo taken needs to have the GPS info stripped. If you forget even once, you're going down. Etc, etc, etc.

      Way too many things to think about to get it perfectly right every single time. But that's what it takes to stay anonymous.

      reply to this | link to this | view in chronology ]

      • identicon
        zolar1, 4 Dec 2014 @ 12:18pm

        Re: Re: User Skill

        Not true about other services at the same time as tor.

        When you have multiple connections from your computer simultaneously with TOR, it begins to be the needle in a haystack.

        It is also irrelevant when it comes to being tracked by the feds.

        In fact it is quite easy to hide from them if you know how.


        It is the dumb ones who are complacent with their internet use are the ones at risk,

        The biggest problem is th government itself.
        It literally has no right to make laws affecting personal behavior.

        If you want to see a naked baby picture, then you have that right despite any illegal laws the government passes. If you want to see a naked girl say 17 years, 11 months and 29 days old there is no problem but for the government tyranny against it.

        If you want to look at dead bodies, you again have that right.

        Jefferson said "I would rather live in dangerous freedom than in peaceful slavery"


        Want to be a ghost?
        You do not need tor to do it.
        Just a used laptop, and a few precautions...

        reply to this | link to this | view in chronology ]

  • identicon
    Julian Cook, 3 Apr 2014 @ 11:47am

    Finally someone gets this right

    Finally someone gets it right. Tor is awesome IF YOU KNOW WHAT YOURE DOING.

    Tor offers a lot of anonymity but it's critical that you understand how Tor anonymity works. Your traffic is routed through three random hops that strip your info and the weak link in the equation has always been from the last relay to your target site. If you use https everywhere (a great extension from EFF) then you pretty much have all the anonymity you can ask for. Now for some landmines.... You need to be careful about leaving breadcrumb trails. The busting of the Silk Road founder was a failure of the human and not the technology. It's probably best to never do any kind of authentication if you can, or use user names that are similar on Tor and non Tor networks. Also be wary of the browser bundle from Tor. This bundle is the subject of special interest by FBI and they are constantly trying to exploit whatever version of Firefox that it uses and was recently successful. If you want to get on Tor you can always do it the easy way by using a router that has Tor embedded in it. I recommend PAPARouter (http://paparouter.com) because it's inexpensive (less than $100.00), allows you to anonymize several devices at once and best of all it has non U.S. exit nodes hard coded into it . Given all the uproar that other countries are having with U.S. spying, making your last Tor relay outside of the U.S. to your target site is great security and using https would be massive protection. TOR AND HTTPS PAGE https://www.eff.org/pages/tor-and-https FBI exploit using Firefox Bundle http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-use rs/

    reply to this | link to this | view in chronology ]

    • identicon
      zip, 3 Apr 2014 @ 7:48pm

      Re: Finally someone gets this right

      It should be common sense to assume that the most common brand and version of operating system/web browser/anonymity software/etc will be the highest-priority target for exploitation.

      If authorities are going to invest a great deal of time and money into cracking an encryption method or underground network, they're naturally going to choose as a target something that delivers the most "bang for the buck" - not something that hardly anyone uses.

      The TOR users who got busted failed to understand this basic rule of both espionage and law enforcement -- as well as criminal hacking.

      reply to this | link to this | view in chronology ]

    • identicon
      ivan hawkins, 21 Feb 2016 @ 2:58pm

      Re: Finally someone gets this right

      julian cook i know you don't know me, but i've been reading a lot about your Paparouter - would love to buy one if possible. Any help you can give me will be greatly appreciated! (keep trying to contact you at admin@papparouter.com - email can' get through - NSA?) Anyway you can call me on my phone here in hawaii @ 808 312-3436. Probably won't hear from you, but I'm going to keep trying. thanks for your time, Ivan

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2014 @ 11:54am

    I'll give up my anonymous and secure communication channels, as soon as governments and corporations around the world give up their anonymous and secure communications too.

    Then we can start exposing the real "criminals". I guarantee the crimes exposed in government and corporate communications, will eclipse the crimes in civilian communications.

    Until then, I reserve the right to communicate as anonymous and secretive as everyone else.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous, 3 Apr 2014 @ 2:48pm

    "...Tor was created and funded by the US government". That should tell you all you need to know.

    reply to this | link to this | view in chronology ]

    • icon
      James Jensen (profile), 3 Apr 2014 @ 2:54pm

      Re:

      In this case, it really doesn't. Tor has been designed and implemented in a completely open process. They've dedicated an amazing amount of work to circumventing attempts to block Tor traffic remember when Iran decided to shut down Tor communication, and it was back up the next day with the new traffic-obfuscation system?

      reply to this | link to this | view in chronology ]

  • identicon
    Bill, 3 Apr 2014 @ 3:52pm

    A cop once told me that it's a good thing criminals are mostly stupid, because they outnumber the cops pretty badly. But, he said, they ARE mostly stupid.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Apr 2014 @ 9:39am

    Smart criminals won't get caught.

    reply to this | link to this | view in chronology ]

  • identicon
    Kevin, 2 Jul 2014 @ 7:40pm

    TOR

    I know that there is a lot of bad stuff on TOR. I have seen countless news reports about this or that sicko who was caught downloading child porn and it is sad that it even exists. But there must be a lot of people who use it to access their bank accounts and stuff to keep prying eyes away too. I was the victim of Identity theft and found that not only was my computer hacked but someone had found a way to copy the darn MAC address on my PC and was using my Wireless Router. I had even set up WEP key on that thing and still got hacked. So I started using TOR to access my account because it seemed a good way to keep the identity thieves out. Then I found out that there were people on TOR who were selling peoples credit card information. Criminy is there any way to keep these scum bags out? I know that the feds are working on it and I applaud their work but without these safety lines to stay anonymous you are open to all kinds of attacks. It is kind of a double edged sword. So why break TOR to get criminals? It is sad that you can have a tool that is so useful yet so easy to use for criminal activity. Seems a shame. I have been worried that the scum bag that hacked my stuff did something criminal. If they did what the heck do you do if it comes back to your IP address. THAT is scary!

    reply to this | link to this | view in chronology ]

  • icon
    Mitch (profile), 4 Aug 2014 @ 8:49am

    TOR isn't all bad

    The article is clear and well-stated.. I think that law enforcement can do more with observance than penetration of networks and that is absolutely the correct goal. When you develop penetration techniques they get shared and the tables turn every time... Whether or not everyone should be using TOR would be an interesting debate. If it protects consumers from marketers then it might be the right move... TOR can be improved upon as it has an obvious weakness that I think I can see pretty clearly. I think I could make it 1000 times harder to crack but I would never get the job, don't be surprised if they already have.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 9:20pm

    My childhood was fucked before the internet. It's called neglectful and abusive parenting

    reply to this | link to this | view in chronology ]

  • identicon
    elite services, 7 Oct 2016 @ 1:17am

    HIRE ELITE RUSSAIN SERVICES YOU WONT GET FOUND

    We provide a whole bunch of neato services like control the stock exchange fuck the dow jones every day since sept 11 11:11pm well yep were controlling it fuckers you better search that whole fibre line right through wall street way down to the street retards in brooklyn yep we have tech HOMEYS know LUCYF3R IS IN THE HOUSE PRAISE SATAN 7777 AC BAYER PHRMECUTICALS OMEGA HAIL HYDRA

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.