Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

[grarpamp <grarpamp@xxxxxxxxx>]

In re: Mark McCarron wrote:
On Thu, Jun 26, 2014 at 2:00 AM, coderman <coderman@xxxxxxxxx> wrote:
> On Wed, Jun 25, 2014 at 10:09 PM, Mirimir <mirimir@xxxxxxxxxx> wrote:
>> ...
>> As far as I know, no hidden service site has ever been compromised
>> through an inherent weakness of Tor. Am I wrong in saying that?
>
> i am only aware of one Tor vulnerability that led to compromised
> hidden services of affected instances, back in 2007.
> also not a government or LE leveraged vuln.

What, controller auth? That's not exploiting a design weakness
[ie: timing], just an implementation bug.
Too long ago... if not this said bug, a link to actual leverage and
compromise news back then?

>>> Many of these sites arrived or remained even after the
>>> Freedom Hosting bust.

> the original argument is based on faulty assumptions.

Rather, it presents untested hypotheses. As in the past with
these sorts of sites, the operator perhaps got vanned for reasons
other than any particular weakness of tor itself, or just vanished
for unknown reasons.

Even without the cluster of services in question there's still around
1150 onions to browse... nearly a full rebound from the former
events.

>>> I think everyone needs to stop looking for excuses and start
>>> examining why this is happening

From the canary in a Tor mine perspective, yes there is definitely
value in monitoring these types of onions, the talk in their social
fora, legal cases, technical events and Tor developments such
as security of Tor HS whitepapers. That's really the only way to
resolve some of these hypotheses... with facts.

Given that we do have a couple such papers, and better knowledge
now that govt's do have some 'Snowden' capabilities, and even without
that LE are simply familiar and comfortable now in investigating darknets
and producing news events of related busts, I wouldn't doubt 'being
spooked into extreme caution" factor plays a big part. How do you say
in Bitcoin... "the coins are just moving to stronger hands"?

> posting material incriminating yourself harming another

This level of retardation never ceases to amaze.

> the markets you allude to, drug trade and sex crimes, perhaps a less
> appropriate measure - consider cyber crime where information trade
> alone is the offense, and you've got a better metric for the privacy
> protections of illicit infotrade across digital networks.

And this other trade (or scams therein), say in the subclasses of carding,
identity, corporate hacking... seems to doing quite well on tor. In fact,
here's a page full of nothing but scams...

http://kpvz7ki2lzvnwve7.onion/index.php/Main_Page

> last but not least, to the extent that these sites distributing
> deplorable content (rape of earth humans) represented a failure in
> enforcement, it seems logical that a vigilante response would develop.
> these may have significant impact on availability, yet say more about
> the general insecurity of software systems and digital networks more
> than anything specific about Tor's privacy protections.

Vigilante groups do exist on darknets, often exploiting just the posted
material alone.

> Juan scriben:
> Yep. For instance, the Âowners of the original hidden wiki were

There have been at least 20 wikis utilizing the 'hidden wiki' name, and
even more spinoffs, many before the original kpvz... so people need to
be specific as to onion address they refer to.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk