Got a TorMail account to avoid Uncle Sam's web snoops? About that... It appears the US Federal Bureau of Investigations (FBI) has a copy of a server used by TorMail – a hidden email service that tries to keep its users anonymous. In a court filing [PDF] that emerged this week, it's said FBI agents obtained the contents of a TorMail server last summer. According to the statement, submitted by a …
It was in France.
Anyone who is naive enough to think that any sort of dark network will provide unassailable protection deserves what they get. Like any secure system there are many points of attack, many of them not technical. If a government agency wants to find you, they can muster forces that you can only guess at. Such a touching trust in a technological solution must gladden the hearts of spooks everywhere.
It isn't impossible that Tor is, end to end, an intergovernment security honeypot.
Hah, and just a few days ago, on some tenuous thread related to facebook, I was going to tie in Bill Gates as a way to posit that MZ must have been a very, very naughty boy, and then bought back his freedom with genious: creating the most massive government honeypot ever seen in this quadrant, or sector at least.
If Tor is a hidden honeypot, exposed only recently, one must wonder which multi-government (domestic and international) honeypots are right in our noses.
Of course, probably only the PhDs and most senior board members would know that. And, if they are only after bad guys and smart, potential payroll subjects, then, really, really, those who are not breaking laws of interest for punishment really, really don't have much to worry about even if snooped in.
I kinda say this because:
A. I always suspected monitoring and honeypotting of any sizable social online gathering platforms (fb, yahoo, google, half life, and more, any place where crims, spies, and others used to be able to hide themselves)
B. Just looking around and observing the wackiness on the streets, and which we put up with because as long as WE, individually are safe, we could care less as long as the spies, police, and courts keep enforcement to either a dull roar, or an entertaining show
C. It is just plain folly to expect governments of any significant power to allow their most talented intrusion artists just sit on the sidelines and be blindsited or blindsided
I have never used encryption because I have feard locking myself out of my own stuff, and if I kept clear copies, it would not be of much use to encrypt anything. I have locked myself out, permanently, of a few password-protected files only because after a two-week vacation, I could not remember my password to a set of files. Also, as others regularly point out, use of very notable crypto just puts crypto users on the radar. Why join a party that has so many looking to scan deeper than is needed and than I could care for? Don't be an outlier, and if one must be an outlier, don't be an outlier worthy of or incurring being framed, killed, or abusively exploited.
One can only imagine how many thousands upon thousands of industrial spies, pedophiles, arms dealers, kidnappers, gang-rapists, corporate embezzlerrs, priests, adulters, and myriad other categories of people are at some designated prosecution level according to severity of their self-admissions in purportedly uncrackable messages. Imagine the collective sigh of relief by those who avoid doing stuff that would make it tempting and addictive to use Tor-like services.
The tore through Tor, and on what, Slashdot, many non-tor-adherants got belittled, down-scored, abused, and dismissed for daring to suggest Tor was nowhere near safe as its users claimed it to be.
Amazing? Scarry? Impressive? Stay tuned: The show is not over -- the fat lady (or your fav character) has not sung yet. And her falsetto is endless... Glasses are still shattering in the distance, unseen.
One of the many frightening things you can find on TOR is a thriving black market for physical goods. Guess how the goods get sent to the customers. Though, to be fair, anyone dumb enough to order something illegal and have it delivered to their mailbox deserves a visit from some very interested police.
Tor was written to allow dissidents in despotic regimes to air stuff that would enable more enlightened nations to launch strikes and free the oppressed.
Now then,
Q1. Who wrote it?
Q2, Why do you think it is secure from them?
The way to keeping under the radar is laughably simple and I am sure that is what most bad peeps do.
Tor was written to allow... Nope: correction, It was written for Spooks to inter-communicate before they were all issued with netEraser©™ (In-Q-Tel/VirnetX) type technologies. Other TOR users were tolerated in order to dilute the inter-Spook traffic a bit. I personally wouldn't use it from inside a repressive regime. Try it in KSA or Dubai and AQ-al-Saud would be stringing you up after a heads-up from their Tier-1 partners. Try it from Iran and discover how many of the TOR bug-doors the SAVAK have really discovered. It might work in Tuvalu or Malawi, but there's no guarantee. Sorry Runa.
Q1: Who wrote it ... US Navy Patent No. 6266704 (1998) Authors Michael G. Reed, Paul F. Syverson, and David M. Goldschlag
Q.2 ...
The way to keeping under the radar is laughably simple...
Ok, so expand on that and let the commentards judge the quality of your method?
I've heard a number of supposedly easy ways to do this that all end up falling down somewhere along the line. I did read about one way to do it, but it seemed prohibitively expensive for my needs, compared to deleting my por... erm, browsing history, every session.
It's common knowledge that TorMail was on Freedom Hosting so of course they have it, along with everything else that was there. Although some of the feds many indeed have been happy about shutting down a child porn site, it doesn't take much imagination to guess that they were even more excited to grab the contents of a supposedly secure mail server. I don't expect we'll ever know if TorMail was to some extent the true target of that bust or if it really was just very happy coincidence for them.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
