How Did the FBI Get a Tor User’s IP Address?

Discussion in 'privacy technology' started by longshots, Jan 12, 2023.

  1. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    533
    Location:
    Australia
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Hello @longshots

    Have you ever wondered if the FBI/NSA owns Tor relays and nodes?
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    That would be my assumption.
     
  4. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    533
    Location:
    Australia
    That has always been a weak point in the system that that the TLA's were always likely to explore. The ANOM sting operation only makes that argument stronger.
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    If you are in a threat model requiring it the best method is an "extended partition of trust" on a TAILS machine. I do not have that need. However I do extend my partition of trust by using at least two independent VPN's chained before connecting to TOR and then ultimately public workspace. In this way a compromised TOR system would still require working backwards through two VPN relays. Even on the safest needs use I have I employ at least one VPN in the path to public workspace!

    When you posture your network just do so with the assumption that you want a partition of trust where one failure doesn't "sink your battleship"!
     
  7. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Hello @Palancar:

    Despite all those laudable, strong precautions, the weakest link is still the link between the Tor's Exit node and the destination server:

    1. The destination server may not be set to redirect to https (from http), the obviously more secure protocol.
    2. The destination server may not be updated to use the latest TLS protocol. TLS 1.3 protocol use is still too infrequent.
    3. Again, due to poor server maintenance, the negotiated Cipher Suite may need to be a weaker one.
    4. There is no way to compel the owners/operators of the destination server to keep OpenSSL updated.

    5. Last (and certainly not the least), the Tor Exit node may be owned/operated by the CIA/NSA or another nation state's equivalent.

    I really do like and use Tor frequently.

    With great respect.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    If a user was to end up using a Tor Circuit where all nodes were owned by an adversary, then they would be able to see the user's original IP.
    Another way would be if the user was only using the Tor Browser Bundle and not tails. The user could execute some malicious code that pinged or connected to a spy server. It could be as simple as opening a document or clicking on any executable file directly.
     
  9. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    There's no reason you couldn't add more layers of TOR to this. In my setup, I have TOR over a VPN in my router on a subnet over wifi. I could have a client computer run another VPN and TOR on top of it and then do the same within a VM on that machine. Something like a layered cake approach or box within a box. It costs a bit of bandwidth but I've had no problems running VPNs over TOR.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    All of the posts on this thread share some great ideas and give room for consideration to anyone on a network. My TOR is setup so that it will fail and STOP without a solid HTTPS connection. As always you can have a dozen hops -- > VPNs, TOR, etc.... but at some point you will have to exit from your cleverly constructed "pipe" out into clearnet. A safe perspective would be to basically assume your ultimate exit node is less than reliable or honest. You have to pause and consider IF the exit node is total crap what are your risks in pursuing further?? Even here (and I believe this place rocks so its an example only) if something is wrong they simply see Palancar as a psuedo on TOR with multiple VPNs before that. What is my true risk here?
    Answer: very little.

    I do have needs for extreme privacy conducting certain activities but for those I am 100% onion and I never enter clearnet so there is NO true exit node - ever.
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.