Yes, Federal Agents Can Identify Anonymous Tor Users, Because Most People Don't Know How To Be Anonymous

from the well,-duh dept

For many, many years now, we keep hearing law enforcement whine about the "threats" of anonymity and how people would be able to get away with all sorts of criminal activity if they weren't given the ability to track, monitor and tap pretty much every communications technology that has come along. A decade ago the fear was that free and open WiFi was going to be a major boon to criminals who could use it "with no trace." As we pointed out, however, nothing about using an anonymous connection like that means you won't get caught, because criminals have to do a lot of things, many of which will expose them in other ways, without having to tap and track every technological interaction. What's known as good old-fashioned detective work can often track down criminals who used tools to be anonymous -- and for years, we've pointed out many, many, many examples of this.

More recently, law enforcement's concern has been about Tor (which is slightly ironic, given that Tor was created and funded by the US government). The Snowden revelations have shown that, try as they might, the NSA has not had much luck in compromising Tor, and Snowden himself has noted that properly used encryption mostly works.

A recent Wall Street Journal article notes that law enforcement is slowly realizing that perhaps Tor isn't a parade of horribles that must be encumbered with backdoors for wiretapping... after realizing that most criminals more or less reveal themselves by doing something stupid along the way anyway.
But officials are becoming more confident that Tor's shield of anonymity isn't impenetrable.

"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," said James Kilpatrick, one of the HSI agents who is part of Operation Round Table, a continuing investigation into a Tor-based child-pornography site that has so far resulted in 25 arrests and the identification of more than 250 victims, all children.
This is a good thing. We should want law enforcement to be able to track down criminals -- and it's good to see that they're figuring out ways to do so. But it's important that they should need to do so via basic detective work, rather than by compromising important technology, creating security flaws and opening up all sorts of dangerous unintended consequences.

As with all kinds of new technologies, anonymizing technologies seem to create something of a moral panic among law enforcement types, who then insist those technologies need to be "broken" and backdoored or else criminals could somehow get away with everything. But that's silly. Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc.

One hopes that as this realization becomes more widespread, law enforcement and intelligence agencies will finally pull back from constantly trying to expand wiretapping laws that will break important innovations and technologies, but perhaps that's being too optimistic.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Apr 3rd, 2014 @ 5:45am

    This is an interesting article. It highlights why mass surveillance is not needed (ie: mainly plain investigative efforts are needed to get the errors) and that humans will err at some point. Driving is a good example. When you just learned you'll be very cautious paying a lot of attention to everything. As you get used to it you'll take more risks and drive less carefully resulting in higher chances of accidents. I first caused an accident over 5 years after I got my license. A type of accident I wouldn't have caused on my early driver years because I would have waited before trying to go through.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:00am

    Still wont change anything...

    The epitome of catching the bad guy in the average zealous law enforcement's eye is that they need to have carte blanche in whatever they do. Rights and liberty be DAMNED!

    If you are innocent you have nothing to hide, right?

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    ChurchHatesTucker (profile), Apr 3rd, 2014 @ 11:10am

    Re:

    But kind of depressing when you think of the activists et al. that TOR was designed for.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:14am

    From the article "Sooner or later most criminals do other things that reveal who they are, opening them up to investigation and potential indictment, arrest, trial etc."

    So the question is, how many children have to be exploited, how many people killed, how many terrorist attacks have to happen before we get around to the sooner or later?

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    madasahatter (profile), Apr 3rd, 2014 @ 11:21am

    User Skill

    Most users are not really computer literate in the sense they understand what is going on. I would suspect most of the people using TOR do not really understand how TOR works. Nor do many of them care. Like any crytographic system, TOR can easily be defeated by user carelessness. Also, with a relatively large ring in the criminal activity it is very likely a couple of members are either clueless or do not care. Either way, they make simple mistakes that allow others to break the system.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Glen, Apr 3rd, 2014 @ 11:23am

    Re:

    Oh....the protect the children argument. That's cute.

    Sounds like you are willing to give up your rights so no bad things happen to anyone ever again.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Ninja (profile), Apr 3rd, 2014 @ 11:25am

    Re: Re:

    The activists actually suffer from the very same problem the criminals do. If Governments put investigative effort they will get to any of those guys given enough time. My father-in-law used to run a "rogue" newspaper during dictatorship here. He ran it for years but every once in a while they needed more help in different ways. Once he met a guy that seemed to be very engaged and worked diligently for the cause. With time this guy earned more trust and ended up going up the ranks. Turns out he was a spy and my father-in-law got tortured because of him. A friend of his got involved with a girl that was actually loyal to the cause till the point they broke up. She denounced the whole thing and got a few people killed. Because of a break up. And you know, mass surveillance still wouldn't do a thing for these people.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:27am

    Re: Re:

    If you are being watched, the problem is getting on line, and some states will take use of VPNs, TOR or other encryption as evidence of anti-state activity. The problem activists have is getting material out without the act of getting it out being detected, rather than protecting the contents.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Ninja (profile), Apr 3rd, 2014 @ 11:31am

    Re:

    The question is, how many people should be persecuted, killed, have their freedom stripped, be unfairly prosecuted etc....

    Got my point? Are you really willing to sacrifice an entire nation for one or two children that can't get saved because due process is followed, investigative efforts are properly made and privacy is respected? Is that one children worth the risk of another possible Holocaust setting or some bloody dictatorship? I don't think so.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Mike Masnick (profile), Apr 3rd, 2014 @ 11:32am

    Re:

    So the question is, how many children have to be exploited, how many people killed, how many terrorist attacks have to happen before we get around to the sooner or later?

    How many innocent people need to have their lives ruined, privacy destroyed, etc.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:33am

    Re:

    250 kids having a bad childhood. If thats the price of internet freedom, then i dont care about those kids.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    PRMan, Apr 3rd, 2014 @ 11:47am

    Re: User Skill

    Exactly. If ANYTHING on your computer tries to connect to a service at the same time as you are on TOR, they may be able to track you. So, you pretty much would have to boot off a Live CD every time you used TOR, which is a massive pain, that is too cumbersome for most people.

    Also, any photo taken needs to have the GPS info stripped. If you forget even once, you're going down. Etc, etc, etc.

    Way too many things to think about to get it perfectly right every single time. But that's what it takes to stay anonymous.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Julian Cook, Apr 3rd, 2014 @ 11:47am

    Finally someone gets this right

    Finally someone gets it right. Tor is awesome IF YOU KNOW WHAT YOURE DOING.

    Tor offers a lot of anonymity but it's critical that you understand how Tor anonymity works. Your traffic is routed through three random hops that strip your info and the weak link in the equation has always been from the last relay to your target site. If you use https everywhere (a great extension from EFF) then you pretty much have all the anonymity you can ask for. Now for some landmines.... You need to be careful about leaving breadcrumb trails. The busting of the Silk Road founder was a failure of the human and not the technology. It's probably best to never do any kind of authentication if you can, or use user names that are similar on Tor and non Tor networks. Also be wary of the browser bundle from Tor. This bundle is the subject of special interest by FBI and they are constantly trying to exploit whatever version of Firefox that it uses and was recently successful. If you want to get on Tor you can always do it the easy way by using a router that has Tor embedded in it. I recommend PAPARouter (http://paparouter.com) because it's inexpensive (less than $100.00), allows you to anonymize several devices at once and best of all it has non U.S. exit nodes hard coded into it . Given all the uproar that other countries are having with U.S. spying, making your last Tor relay outside of the U.S. to your target site is great security and using https would be massive protection. TOR AND HTTPS PAGE https://www.eff.org/pages/tor-and-https FBI exploit using Firefox Bundle http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-use rs/

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    PRMan, Apr 3rd, 2014 @ 11:48am

    Re: Re:

    Oh, I care about them. I am saddened that people victimize others.

    But not enough to outweigh some freedoms (ie being spied on 24/7 and having that be used politically against people trying to fix the system).

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:53am

    Re:

    Zero tolerance policy is a great example of how well the government helps children.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 11:54am

    I'll give up my anonymous and secure communication channels, as soon as governments and corporations around the world give up their anonymous and secure communications too.

    Then we can start exposing the real "criminals". I guarantee the crimes exposed in government and corporate communications, will eclipse the crimes in civilian communications.

    Until then, I reserve the right to communicate as anonymous and secretive as everyone else.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 12:24pm

    Re:

    You want answers? You want the truth?

    So the question is, how many children have to be exploited

    27. But its the same one's over and over.

    Say, how's that Franklin Scandal investigation going?

    how many terrorist attacks have to happen before we get around to the sooner or later?

    3. Unless the "terrorists" are blowers of whistles

    Now that you know 27 and a conditional 3 as answers you can move on.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Apr 3rd, 2014 @ 12:54pm

    Re: Still wont change anything...

    America was shown what good people do when the law allows their job to be above the law : Hank Schraeder. Noble cause, perhaps, yet it seems that in the USA, extralegal manners to get at people your government says do illegal things or simply don't like is usual business.

    That's obviously not how it should be. I'm glad we have a more powerful piece of paper than the Bill Of Rights in Canada, the Charter On Human Freedoms is a much more recent document.

    Too bad the CONservative Harperians are doing everything they can to corrupt it. A recent example is them trying to make criticism of Israel, antisemitism, which is illegal in Canada.

    Yep, that's the part where I say, we might be less fucked up, but we don't have any first amendment.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    woodchuck, Apr 3rd, 2014 @ 2:10pm

    Re:

    Well , if everybody was under permanent surveillance, child abuse, crime and terrorism would probably be reduced to a certain degree. But wouldn't it even be better to sent everybody to jail - solitary confinement of course? Like this the problems of child abuse, crime and terrorism could be solved really efficiently.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous, Apr 3rd, 2014 @ 2:48pm

    "...Tor was created and funded by the US government". That should tell you all you need to know.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    James Jensen (profile), Apr 3rd, 2014 @ 2:54pm

    Re:

    In this case, it really doesn't. Tor has been designed and implemented in a completely open process. They've dedicated an amazing amount of work to circumventing attempts to block Tor traffic remember when Iran decided to shut down Tor communication, and it was back up the next day with the new traffic-obfuscation system?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Bill, Apr 3rd, 2014 @ 3:52pm

    A cop once told me that it's a good thing criminals are mostly stupid, because they outnumber the cops pretty badly. But, he said, they ARE mostly stupid.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Bill, Apr 3rd, 2014 @ 3:55pm

    Re: Re:

    Oh, let's go one step further! In addition to preventing all crime, we also want to make absolutely sure that nobody is ever hurt at all!

    So, instead of traditional solitary confinement, we'll just put everybody in nice, safe, cocoons.

    And sedate them, so they won't get bored.

    Yes, no measure is too much to ensure total safety!

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    James Jensen (profile), Apr 3rd, 2014 @ 4:05pm

    Re: Re: Re:

    Make sure you sterilize anyone who has to remain outside to monitor. Once the current generation dies off, there will no crime ever again!*

    * At least until the descendants of raccoons develop self-awareness.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous, Apr 3rd, 2014 @ 4:26pm

    Re: Re: Re: Re:

    Once the Erudites take over, crime won't be a problem. They'll have the Dauntless eliminate both the divergents and the factionless.
    Oh, wait, they tried something like that already.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    The Crime Dawg, Apr 3rd, 2014 @ 6:52pm

    Re: Re: Re:

    You obviously don't care about protecting the children. Prisoners might escape from their cells, break into the other prisoners' cells, and harm them. Clearly the only solution-- the final one, if you will-- is to execute everyone. You can neither commit, nor be a victim of, a crime if you're dead.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    zip, Apr 3rd, 2014 @ 7:48pm

    Re: Finally someone gets this right

    It should be common sense to assume that the most common brand and version of operating system/web browser/anonymity software/etc will be the highest-priority target for exploitation.

    If authorities are going to invest a great deal of time and money into cracking an encryption method or underground network, they're naturally going to choose as a target something that delivers the most "bang for the buck" - not something that hardly anyone uses.

    The TOR users who got busted failed to understand this basic rule of both espionage and law enforcement -- as well as criminal hacking.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Apr 6th, 2014 @ 9:39am

    Smart criminals won't get caught.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Kevin, Jul 2nd, 2014 @ 7:40pm

    TOR

    I know that there is a lot of bad stuff on TOR. I have seen countless news reports about this or that sicko who was caught downloading child porn and it is sad that it even exists. But there must be a lot of people who use it to access their bank accounts and stuff to keep prying eyes away too. I was the victim of Identity theft and found that not only was my computer hacked but someone had found a way to copy the darn MAC address on my PC and was using my Wireless Router. I had even set up WEP key on that thing and still got hacked. So I started using TOR to access my account because it seemed a good way to keep the identity thieves out. Then I found out that there were people on TOR who were selling peoples credit card information. Criminy is there any way to keep these scum bags out? I know that the feds are working on it and I applaud their work but without these safety lines to stay anonymous you are open to all kinds of attacks. It is kind of a double edged sword. So why break TOR to get criminals? It is sad that you can have a tool that is so useful yet so easy to use for criminal activity. Seems a shame. I have been worried that the scum bag that hacked my stuff did something criminal. If they did what the heck do you do if it comes back to your IP address. THAT is scary!

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Mitch (profile), Aug 4th, 2014 @ 8:49am

    TOR isn't all bad

    The article is clear and well-stated.. I think that law enforcement can do more with observance than penetration of networks and that is absolutely the correct goal. When you develop penetration techniques they get shared and the tables turn every time... Whether or not everyone should be using TOR would be an interesting debate. If it protects consumers from marketers then it might be the right move... TOR can be improved upon as it has an obvious weakness that I think I can see pretty clearly. I think I could make it 1000 times harder to crack but I would never get the job, don't be surprised if they already have.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Oct 6th, 2014 @ 9:20pm

    My childhood was fucked before the internet. It's called neglectful and abusive parenting

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    zolar1, Dec 4th, 2014 @ 12:18pm

    Re: Re: User Skill

    Not true about other services at the same time as tor.

    When you have multiple connections from your computer simultaneously with TOR, it begins to be the needle in a haystack.

    It is also irrelevant when it comes to being tracked by the feds.

    In fact it is quite easy to hide from them if you know how.


    It is the dumb ones who are complacent with their internet use are the ones at risk,

    The biggest problem is th government itself.
    It literally has no right to make laws affecting personal behavior.

    If you want to see a naked baby picture, then you have that right despite any illegal laws the government passes. If you want to see a naked girl say 17 years, 11 months and 29 days old there is no problem but for the government tyranny against it.

    If you want to look at dead bodies, you again have that right.

    Jefferson said "I would rather live in dangerous freedom than in peaceful slavery"


    Want to be a ghost?
    You do not need tor to do it.
    Just a used laptop, and a few precautions...

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.