https://marx.wtf/2024/10/10/law-enforcement-undermines-tor/
Few weeks ago, the German political magazine Panorama and STRG_F reported that law enforcement agencies infiltrated the Tor network in order to expose criminals. The reporters had access to documents showing four successful deanonymizations. I was given the chance to review some documents. In this post, I am highlighting publicly documented key findings.
Related:
Thanks for sharing.
Feds will just look at general traffic from ISPs and ASK themself: “Hey man, this Server which is hosted on big Hosting Prodvider XYZ (Hetzner/DigitalOcean) connects to a lot of known Tor Nodes. Also some of which we run ourselfs. Let’s have a look at this and get all the traffic from the ISP (which we already have) and all the traffic from this big hosting provider. Lots of connections. It doesn’t look like it’s just a Tor Node. This could be a hidden service operation.”
That’s how they find the IP Addresses of Hidden Services. Remember: One of the Tor nodes will always in the end connect to the IP of the “hidden” service.
Most darkweb drug stores just host on bug tech companies cloud infrastructure because it’s cheap. That’s how many got identified. The hosted just gave the police a tip that something suspicious is going on if its too much traffic.
Then they start trying to do timing analysis.
In the future Random Daita like Nym Project aurkmaticly uses will be necessary.
Also there is a huge need for a more decentraliced Tor Network.
Around half of all Nodes are in the US, Germany, Netherlands and the UK. These countries work together and can observe a lot.
Most nodes are all run in Hetzner or this big French hosting operator, because they are cheap.
I figure this will fit also
The same issues with Timing Attacks but in an even more dangerous way also apply to VPNs.
Mullvad has a great solution with it’s DAITA Program.
Don’t just say:" Hey man, For isn’t safe anymore, let’s get some VPN from some dubious Bulgarian Company noone knows any founder from."
VPN’s are literal honeypots for the Feds.
Feds operate VPN’s to attract criminals to get all the daita extremely easy.
Similar to how they operated these “anonymous phones” a few years ago.
VPNs are no solution.
With all due respect, all this looks like FUD; so worry not, keep using Tor as usual, stay safe and have fun.
What is FUD here?
I think it is hard to say either way based on the information, or lack thereof, given.
The reporter claims to have “evidence that shows that in several cases German law enforcement authorities were able to locate the Tor entry node of onion services and thus successfully deanonymise Tor users. V2 and V3 onion addresses were affected at least between Q3/2019 and Q2/2021.” The reporter further claims that “law enforcement agencies used so-called timing analyses and broad and long-term monitoring of Tor nodes in data centres.”
As of today, The Tor Project has not been granted access to supporting documents, and has not been able to independently verify if this claim is true, if the attack took place, how it was carried out, and who was involved.
It’s definetly a real threat and not just misinformation.
@Focus how do you know this?
That’s why all the VPN we recommend have public listings of their execs, and two of them even have public listings of all their employees.
They are also in jurisdiction (IDK for IVPN) that can’t force them to log.
Sorry to not having differentiated more.
The VPN’s listed by Privacyguides are very good.
Mullvad is my favorite.
I was thinking about all the VPNs which advertise on YouTube and buy these review sites.
You are completely right.
Looks like tor gave an update / blog post
From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022.
[…]
In contrast to the CCC, Chaos Computer Club, who was provided access to the documents related to the case and was able to analyze and validate the reporter’s assumptions, we were only provided a vague outline and asked broad clarifying questions that left us with uncertainty of the facts, and questions of our own. While we appreciate the journalist contacting us, this same access was not given to the Tor Project.