On 04/26/2012 02:03 PM, Douglas Lucas wrote: > Hi all, > > On Thu, Apr 26, 2012 at 12:44 AM, Jacob Appelbaum <ja...@appelbaum.net>wrote: > >> Practically, I also think that mixmaster is an example of "great on >> paper" and soon we'll see how it works out in the real world. Now that >> the FBI is taking nodes left (in New York last week) and right (in >> Austria this week) - we'll note that some of these anonymity properties >> are coming up for a serious test. For example, if you don't compose Tor >> and Mixmaster together, what happens when you're the only person to ever >> connect to Mixmaster? I think the answer is that you're a suspect, >> cryptographic evidence be damned. > > Note (the arrested and alleged Stratfor hacker) Jeremy Hammond's complaint > ( > http://www.wired.com/images_blogs/threatlevel/2012/03/Hammond-Jeremy-Complaint.pdf) > says an "FBI TOR network expert analyzed the data from the Pen/Trap > and > was able to determine that a significant portion of the traffic from > [Hammond and others'] CHICAGO RESIDENCE to the Internet was TOR-related > traffic." It goes on to say "[Hammond's] Apple MAC address was the only MAC > address at the CHICAGO RESIDENCE that was connecting to known TOR network > IP addresses. The defendant [...] has discussed with [the informant Sabu] > that he used the TOR network" and elsewhere defines Tor as "a system > designed to enable users to access the Internet anonymously [...]" > > Because the FBI connected the only Tor use the Pen/Trap picked up with > Hammond's specific MAC address, and because as Jacob pointed out elsewhere > in this thread "members of police forces around the world use Tor, as does > the Internet Watch Foundation," the Hammond complaint does not per se > indicate that the FBI finds Tor use in itself suspicious. (Nor am I trying > to knock Tor; I myself use it.) But -- the FBI has a Tor network expert? I > wonder what the expert's job duties are, how many Tor experts they have, > and what implications there might be of the FBI having a Tor expert(s). > Anyone know? There is also the issue of ISPs throttling or potentially > throttling Tor traffic, which is a form of suspicion.
That's a great question for a FOIA directed at the FBI - I think we'd all like to know! > > This is a tangent, but I wonder why Hammond didn't routinely spoof his MAC > address. I guess it wouldn't have mattered, though. > I think that is irrelevant - they probably would have resorted to RF fingerprinting or something else, such as who was in the suspect's house, if it wasn't made easier by this trivial example. I think it's an example of how hard it is to anonymously do anything - Tor did a perfectly fine job from the sound of it - the thing that mattered was the human element. Lots of bad stuff to go around in the human element in this case and many others. All the best, Jacob _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
