Re: [freenet-dev] Reportedly half of all Tor hidden services compromised by FBI
On 08/04/2013 05:40 PM, Matthew Toseland wrote: Also, it initially talks about a 0day in Firefox and then concludes that it's probably not a 0day, it's just obfuscated, and it's specifically for Firefox 17 - presumably they were looking for some specific individual using FF 17 (possibly meaning they were using Debian?) Firefox 17 also seems significant because it is used in the Tor Browser Bundle. The Tor Project has a post on their blog about the Freedom Hosting compromise. [0] [0] https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Reportedly half of all Tor hidden services compromised by FBI
On Sunday 04 Aug 2013 18:48:15 Ian Clarke wrote: I cannot vouch for the accuracy of this information, but it appears plausible: http://www.twitlonger.com/show/n_1rlo0uu This one is confusing. It links to a paper claiming radical attacks on Tor, without explaining why. The person who was arrested apparently has been known (speculatively) to be linked with Freedom Hosting for some time; *there is no evidence that the FBI broke Tor itself*, which is the key point here: There is still no publicly visible evidence anywhere that any of the major open source darknets have been compromised in the real world (though of course there are various papers on attacks). This is an interesting fiction that the authorities are maintaining, possibly to maintain intelligence options, given that IMHO compromising Freenet users is well within their capabilities. Also, it initially talks about a 0day in Firefox and then concludes that it's probably not a 0day, it's just obfuscated, and it's specifically for Firefox 17 - presumably they were looking for some specific individual using FF 17 (possibly meaning they were using Debian?) Here is a report in a reputable news source, however there is no specific mention of Tor: http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html http://arstechnica.com/tech-policy/2013/08/alleged-tor-hidden-service-operator-busted-for-child-porn-distribution/ This may be a better source. This could lead to a significant influx of users if it results in trust in Tor hidden services being significantly damaged. We should discuss our response to it. A few days ago I wrote a detailed but rather long piece comparing Tor to Freenet. IMHO Tor provides greater anonymity today than Freenet, if you use it correctly (most people don't), although it's a debatable point if you want to actually run a hidden website; certainly this is much easier on Freenet, although it has to be static content. Having said that I wasn't aware of the paper the first link above links to when I wrote the below, but there are papers about attacking Freenet too. https://freenetproject.org/faq.html#tor I assume you want to write a press release / website post? signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Reportedly half of all Tor hidden services compromised by FBI
On Sunday 04 Aug 2013 22:40:18 Matthew Toseland wrote: On Sunday 04 Aug 2013 18:48:15 Ian Clarke wrote: I cannot vouch for the accuracy of this information, but it appears plausible: http://www.twitlonger.com/show/n_1rlo0uu This one is confusing. It links to a paper claiming radical attacks on Tor, without explaining why. The person who was arrested apparently has been known (speculatively) to be linked with Freedom Hosting for some time; *there is no evidence that the FBI broke Tor itself*, which is the key point here: There is still no publicly visible evidence anywhere that any of the major open source darknets have been compromised in the real world (though of course there are various papers on attacks). This is an interesting fiction that the authorities are maintaining, possibly to maintain intelligence options, given that IMHO compromising Freenet users is well within their capabilities. Also, it initially talks about a 0day in Firefox and then concludes that it's probably not a 0day, it's just obfuscated, and it's specifically for Firefox 17 - presumably they were looking for some specific individual using FF 17 (possibly meaning they were using Debian?) Here is a report in a reputable news source, however there is no specific mention of Tor: http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html http://arstechnica.com/tech-policy/2013/08/alleged-tor-hidden-service-operator-busted-for-child-porn-distribution/ This may be a better source. This could lead to a significant influx of users if it results in trust in Tor hidden services being significantly damaged. We should discuss our response to it. A few days ago I wrote a detailed but rather long piece comparing Tor to Freenet. IMHO Tor provides greater anonymity today than Freenet, if you use it correctly (most people don't), although it's a debatable point if you want to actually run a hidden website; certainly this is much easier on Freenet, although it has to be static content. Having said that I wasn't aware of the paper the first link above links to when I wrote the below, but there are papers about attacking Freenet too. https://freenetproject.org/faq.html#tor For those quoting the above out of context: Read the whole of the linked article. Emphasis on today. A (sadly so far hypothetical) global darknet (with PISCES tunnels) would provide very strong anonymity and be very hard to block. I assume you want to write a press release / website post? signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Reportedly half of all Tor hidden services compromised by FBI
On Sunday 04 Aug 2013 18:48:15 Ian Clarke wrote: I cannot vouch for the accuracy of this information, but it appears plausible: http://www.twitlonger.com/show/n_1rlo0uu Here is a report in a reputable news source, however there is no specific mention of Tor: http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html This could lead to a significant influx of users if it results in trust in Tor hidden services being significantly damaged. We should discuss our response to it. Ian. Something on IRC: [00:09:32] Tster can what happened on Tor recently happen on freenet? [00:10:51] toad_ no [00:11:01] toad_ there was no attack on Tor itself [00:11:47] toad_ as far as we know, the person arrested hosted a load of hidden services for other people ... and he didn't hide that fact very well, he was widely known/speculated to be connected to Freedom Hosting [00:12:14] toad_ plus, content on freenet doesn't go away just because the person who uploaded it goes away / gets grabbed / etc [00:12:32] Tster thanks bro [00:12:34] toad_ content on freenet will persist for as long as people access it [00:12:57] toad_ https://freenetproject.org/faq.html#tor [00:13:05] toad_ have a look at that [00:13:54] toad_ freenet is not necessarily more secure than tor - at least not in its current state of mostly opennet and no tunnels - but it's easier to (relatively safely) upload content to freenet than to tor, and it's less centralised [00:14:13] toad_ and in the long run freenet could be a lot more secure - if we can build a global f2f darknet signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
