[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 02:50:34PM +0100, Alexander W. Janssen wrote:
> OK, we heard a lot of technical details, I'll cover the non-tech part of it.
> On 3/7/07, Fergie <fergdawg@xxxxxxxxxxx> wrote:
> >Comments?
> Yes, it's stupid.

Well, it sounds like a pretty thorough implementation of a well-known
attack.  If the goal was getting press coverage, it's successful.  If
the goal was "let's embed a scripting language in everything!" then
it's also a success there.  If the goal was getting talks at hacker
cons, then I bet it will work fine.  These are all laudable goals, and
I sympathize with them all as far as they go.

But if the goal were actually to send criminals to jail, then I rather
suspect that the fellow would've had a talk with law enforcement, or a
lawyer, beforehand.

Similarly, I hope that in his interview, the author of this attack
mentioned that the attack depends on bad configuration choices on the
part of the user, and that the interviewer just didn't that would be
interesting.  It would be a bit misleading to say "I have an attack on
this system" when you only have an attack against users using the
system wrong.

> First, the legal issues. What he does is overtaking a TOR-user's
> machine by malicious code. He's accusing people of being childporn
> consuments based on the fact that *some* childporn keyword was found -
> we all know how good that works! (just have a look at the available
> internet filtering-software out there).

Right.  I don't see what keyword set you could possibly use to
reliably distinguish between real criminals, people reading Nabokov,
people reading reports _about_ the real criminals, and fangirls
reading harry/ron slashfic online.

> Secondly: It's harming the TOR-project in two ways:
> * TOR will lose valuable reputation and the rest of the world will
> denounce us of bigotry.
> * If the anti-child-porn patch will be applied the next lobby-group
> will demand a backdoor. Why not the PETA? They could as for all
> customers who bould furry clothes online. It's for the animals! Why
> not the RIAA or MPAA? It's for the better good and the artists!

Right.  This _is_ a general-purpose attack tool; there's no reason it
can't be just as useful for identifying the IPs of misconfigured Tor
users looking for information on democracy in China, or for the
nearest VD clinic, or for information on how to run for office, or
whatever.  Snoops everywhere should be pleased.

Nick Mathewson

Attachment: pgpWzyZdIDJ3r.pgp
Description: PGP signature