Sign in / up

back to article Tor insists its network is safe after German cops convict CSAM dark-web admin

The Tor project has insisted its privacy-preserving powers remain potent, countering German reports that user anonymity on its network can be and has been compromised by police. A report by German news magazine program Panorama and YouTube investigative journalism channel STRG_F claims that the German Federal Criminal Police …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge

    "The Tor project has insisted its privacy-preserving powers remain potent"

    I would hope that is true, but given that the entire project is based on the work of a US Government agency and that there is no reason to not believe that the CIA (or other agencies) is actively involved in it, I somehow doubt that that is entirely true.

    7 4 Reply
  2. Mike 125

    It sounds like the authorities already have suspects, and a known dodgy server. So assume they can simultaneously monitor accurate data rate/timing to/from the suspect, and to/from the server.

    Isn't there an unavoidable side-channel attack? Simply compare the two graphs over time. Obviously if the server is very busy, its graph will be smoothed.

    But presumably there are quiet server periods. And during those periods, the suspect's graph will tend to show a match.

    What am I missing?

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      > Isn't there an unavoidable side-channel attack?

      I remember that Tor.org always warned that their security is not absolute and it has been known from the start that users can be deanonymized with timing attacks. Any entity that can observe enough entry and exit nodes can find out the origin of connections if the connections are repeated often enough.

      The shorter the latencies, the faster the discovery is possible. Real-time chats are obvious the most vulnerable. But any consistent pattern of connections and message sizes makes you vulnerable.

      To answer your question: Any low-latency communication can be traced with timing attacks for an attacker that can see all or most in- and outgoing connections. The only protection would be to make communications completely asynchronous with random large latencies.

      In a more general note, there will always be side-channels that leak information. Computation and communication take time and use power, and these will always leak information, one way or another.

      17 0 Reply
      1. Mike 125
        Reply Icon

        Yea, I've probably been here before, and just forgot. Thanks. Nice summary.

        3 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Anonymity.....

    There are additional ways to increase the likelihood of preserving anonymity...not mentioned in the article. .....although, of course, TOR provides a robust starting point.

    (1) Use a burner. So the end point has no personal identity attached.

    (2) Communicate only from internet cafes or the like. So the originating IP address has the "wrong" owner.

    (3) Never communicate from a location (home, school, office) which can be linked to a limited group of actual people.

    (4) Never use OTHER transactions at the same time as anonymous transactions. (E.g. a credit card transaction in the internet cafe in item #2)

    (5) Be aware of CCTV in places where anonymous transactions are conducted.

    .....and so on......

    Perhaps the German plod were tracking their target using some or all of items #1 though #5.............

    ......and the mention of TOR is simple misdirection? Just a thought!!!

    9 0 Reply
    1. Anonymous Coward Silver badge
      Reply Icon
      Facepalm

      Re: Anonymity.....

      And the most obvious one: don't look at CSAM or do other illegal activity online so that the police have no reason to even look for you.

      17 1 Reply
    2. Little Mouse
      Reply Icon
      Black Helicopters

      Re: Anonymity.....

      Totally ignorant question here - Are internet cafes still a thing?

      I haven't used one in 25 years, and haven't even seen one in 15.

      I can't help feeling that just using one these days in the UK would immediately get you flagged as a wrong 'un with something to hide.

      4 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Anonymity.....

        Internet cafes??

        Well.....Caffe Nero or Costa Coffee don't stop laptop users staying for a while....and they also do WiFi and internet access.

        For myself, I go to Caffe Nero and use the WiFi/internet from the next door betting shop..........

        ...Pizza Express WiFi/internet from down the street also works very well..........

        11 0 Reply
      2. katrinab Silver badge
        Reply Icon

        Re: Anonymity.....

        Regular cafes have internet. You do need to bring your own computing device though.

        4 0 Reply
  4. Mockup1974

    Seems like back in 2022 when it happened, that guy WAS using the up to date version of Ricochet. So while this bug has been fixed, who knows what other bugs still may exist.

    However, I think had he simply used a trustworthy VPN (like Mullvad or IVPN) before connecting to Tor, this might have given him one more layer of protection.

    1 0 Reply
    1. collinsl Silver badge
      Reply Icon

      Using a VPN would allow the police to track all his encrypted traffic back from the VPN provider to his home, based on tunnel ID etc, thus rendering Tor useless.

      9 0 Reply
      1. brainwrong
        Reply Icon

        Surely you use a VPN to connect to the TOR entry node. That way TOR cannot see your IP address, the VPN cannot see what you're connecting to, and neither tunnel stretches the whole link.

        1 0 Reply
    2. katrinab Silver badge
      Reply Icon

      VPN would surely if anything make you more traceable though? They will respond to legally issued law enforcement requests and they have your account data.

      2 0 Reply
  5. Tubz Silver badge

    As a TOR user, I have no issues with the German Police hunting down this scum bag and his friends for their sick content.

    14 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Nothing to do with the article, but the photo used for illustration

    I like the way the German police in that photo are uniquely identified via a number of their backs in case an individual needs to be applauded for sensitively managing a situation... oh... wait.

    6 0 Reply
  7. Dinanziame Silver badge
    Holmes

    "sadly without explanation of how the technique works"

    Isn't it just checking that every time a specific user was active on the onion service, person of interest X had traffic going to a Tor server?

    That's apparently how they got the student who sent a bomb threat to skip exams:

    https://www.theregister.com/2013/12/18/harvard_bomb_hoax_charge/

    9 0 Reply
    1. Little Mouse
      Reply Icon

      Re: "sadly without explanation of how the technique works"

      I immediately thought of this case too - Was shocked when I realised it was 11 years ago...!

      3 0 Reply
    2. Mike007 Silver badge
      Reply Icon

      Re: "sadly without explanation of how the technique works"

      Well that would be considered a timing attack.

      This does smell a bit like careful use of language to imply something without actually lying or making any claims that you can be discredited for once people get the details of what happened.

      1 0 Reply
  8. Zippy´s Sausage Factory
    Meh

    Running out of date software leads to vulnerabilities. Who ever could have predicted that?

    On the other hand, given who it happened to, this is one for the "oh dear, how sad, never mind" file.

    5 0 Reply
  9. Long John Silver Silver badge
    Pirate

    TOR offers no protection against old-fashioned sleuthing methods

    Regardless of whether the reported case is an instance of Internet snooping, malefactors on Tor, and similar anonymised networks, especially if they seek to interact with other people by selling goods and services, are vulnerable to conventional police enquiry methods.

    Patient study of all their Tor output can reveal slips, leading to physical identification. Writing style analysis would be another means for linking supposedly differing identities. Some of this task could be automated.

    2 1 Reply
    1. W.S.Gosset
      Reply Icon

      Re: TOR offers no protection against old-fashioned sleuthing methods

      Smart police would be training an AI for that job. Far less prone to fatigue/data-overload oversight.

      0 1 Reply
      1. Muscleguy
        Reply Icon

        Re: TOR offers no protection against old-fashioned sleuthing methods

        Considering we are now using AI to listen and talk to the animals this is the right approach. In the latest results from that it has been learned that marmosets, tiny gregarious primates, have names for each other. They can be added to dolphins and elephants in that category.

        0 0 Reply
  10. DS999 Silver badge

    Only 2000 exit nodes?

    That seems quite doable for law enforcement with sufficient resources to compromise. The German police alone wouldn't be able to budget enough for that, but if you expand it to INTERPOL, plus the FBI and the like, its seems well within their reach.

    Law enforcement might already comprise more than half of the exit/guard nodes in the TOR network, making it quite doable to gather a lot of data about who is using TOR and what is being connected to by TOR. Putting the pieces together to figure out which specific user is connecting to which specific endpoint would be trivial with enough data, at least for endpoints that are lightly used enough to be able to prove a relationship between that user sending out packets and that endpoint receiving them.

    2 1 Reply
  11. Paul 87

    Pro-tip - Don't look at, produce or distribute CSAM, or conduction illegal business and guess what? You'll almost certainly be fine using Tor because no one cares.

    7 0 Reply
  12. roastedpeacock

    Out-dated or out-implemented?

    By 'outdated software' was this an issue of Ricochet not following best practice for running an anonymous .onion service at the time of the suspect being identified? (an issue that has plagued other third-party applications utilising Tor in the past) or something that was mitigated upstream by Tor after the fact? In the case of being targeted at the time running latest software would not have saved you.

    Ricochet itself was last committed to in 2017 and the project was forked to what became Ricochet-Refresh in 2019.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like