Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

EPIC lawsuit seeking to uncover Tor subversion

To stay ahead of new and evolving threats, cryptostorm has always looked out past standard network security tools. Here, we discuss and fine-tune our work in bringing newly-created capabilities and newly-discovered knowledge to bear as we keep cryptostorm in the forefront of tomorrow's network security landscape.
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

EPIC lawsuit seeking to uncover Tor subversion

Postby Pattern_Juggled » Mon Sep 23, 2013 5:43 pm

This is... well, I'd suggest you read it for yourself and draw your own conclusions. I'll see if I can find any other public statements on this on the part of EPIC - prior to seeing this come thru my email inbox, I'd not heard of the issue at all.

Case 1:13-cv-01362-RBW Document 1
Filed 09/09/13

UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
________________________________________________

ELECTRONIC PRIVACY INFORMATION CENTER
1718 Connecticut Ave., NW | Suite 200
Washington, DC 20009
Plaintiff,

v.

Broadcasting Board of Governors
330 Independence Avenue, SW
Washington, DC 20237
Defendant

epic-v-bbg.pdf
(55.96 KiB) Downloaded 435 times


...here's an excerpt of some of the guts of the filing; note that I've removed some errant formatting and the underlying footnotes to reference sources - both of which are to be found, unchanged, in the underlying .pdf. I brought this stuff forward not as a substitute for reading the document itself, but simply to make it easier for my own further research on the subject. I've made no changes to the text, below, otherwise:

FACTS

6. Encryption is the core technology for privacy and security.

7. “Tor” is one of several encryption techniques deployed by Internet users to safeguard privacy and security.

8. According to Wikipedia, “Tor directs Internet traffic through a free, worldwide volunteer network consisting of more than three thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.”

9. Tor is currently maintained by the Tor Project, Inc., a 501(c)(3) research-education nonprofit organization.

10. The BBG met with the Tor Project in January 2010 to discuss “various topics.”

11. In June 2012, the Tor Project signed a contract with BBG.

12. On July 25, 2012, SC Magazine reported that the BBG had provided the Tor Project with funding to install 125 “exit nodes” into the network software.

13. The Tor Project reported on August 4, 2013 that a “large number of hidden service addresses have disappeared from the Tor Network.”

14. The New York Times, The Guardian, and Pro Publica reported on September 5, 2013 that the National Security Agency is able to “undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.”

15. A security researcher subsequently determined that Tor communications are vulnerable to attack by the National Security Agency.

16. As of 2012, the BBG had directed over $1 million dollars to Tor. The Department of State, the Department of Defense, and the National Science Foundation have also directed federal funds to Tor. In total, the U.S. Government provided 60% of Tor’s development costs in 2012.

17. According to the “Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence,”6 a person whose physical location is unknown, which will include many users of the Tor service, "will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person.”

18. Also, according to the “Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence,” in the event that an intercepted communication is later deemed to be from a US person, the requirement to promptly destroy the material may be suspended in a variety of circumstances, including if the “communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.”
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

"Tor Project mulls $100 cheque for exit relay hosts"

Postby Pattern_Juggled » Mon Sep 23, 2013 6:08 pm

Tor Project mulls $100 cheque for exit relay hosts
Darren Pauli | Jul 25, 2012 5:38 PM | SC Magazine


The Tor Project is considering paying operators to host exit relays in efforts to increase the speed and security of its global anonymity network.

Under early consideration is a suggestion by Tor founder Rodger Dingledine that operators receive $100 a month to cover bandwidth costs.

The Broadcasting Board of Governors (BBG) has already donated an undisclosed amount of funds over 12 months to provide for at least 125 fast exit relays which would provide extra capacity for Tor users.

Exit relays are the last nodes within the global anonymity network. The Tor network becomes faster and generally more diverse as more nodes are added.

Anyone can establish an exit node by volunteering their bandwidth resources.

The burgeoning initative marks a change of stance by Dingledine who for years had declined to pay for exit relays, citing concerns it could reduce the diversityof the network.

"We've lined up our first funder BBG, and they're excited to have us start as soon as we can," Dingledine wrote on the Tor mailing list.

The backflip came about because exit node diversity was low: most Tor users choose one of just five of the fastest exit relays about a third of the time, from a pool of about 50 relays.

"Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try [the] experiment," he said.

Performance of the network had steadily improved, however, thanks in part to better load balancing to larger relays and a healthier bandwidth to user ratio.

Dingledine suggested paid exit relays should have at least 100Mbit links and that organisations with large capacity networks and legal prowess be considered alongside smaller operators.

The legal muscle was necessary because of the potential for exit relays to funnel illicit traffic.

Dingledine posited other proposals to Tor users regarding the move. For example, it may turn exit relays into telcos, allow the network to operate in new legal juristictions, and require a committee of fast relay operators to decide where funding should be directed.

Yet he warned that the Tor Project must not become "addicted to external funding".

"So long as everybody is running an exit relay because they want to save the world, I think we should be fine," he said.

Tor relay operators, and interested internet providers were encouraged to join the discussion on the mailing list and Tor Project blog.


Copyright © SC Magazine, Australia
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

EPIC Files FOIA Suit to Determine If Tor Is Compromised

Postby Baneki » Mon Sep 23, 2013 6:17 pm

Here is the citation directly from EPIC's site:

EPIC Files FOIA Suit to Determine If Tor Is Compromised

EPIC has filed a Freedom of Information Act lawsuit against the Broadcasting Board of Governors, a federal agency that oversees all U.S. civilian international media. EPIC seeks information about the federal government's interest in the Tor network. Tor is a program designed to allow encrypted, anonymized online browsing and is used by many human rights organizations. Recent news reports indicate that the National Security Agency has targeted the communications of Tor users. In a related matter, EPIC has asked the Supreme Court to halt the NSA collection of domestic telephone records. For more information, see EPIC: EPIC v. BBG - Tor.

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Torsploit Reloaded...

Postby Pattern_Juggled » Mon Sep 23, 2013 6:33 pm

"In its May 2013 Internet Anti-Censorship Fact Sheet, the BBG wrote that "[t]he BBG is working with the Tor Solutions Group to significantly increase the number of high-speed Tor exit relays and bridges to improve the speed of the Tor network. IAC is also developing several enhancements to the Tor software to improve its usability and performance for users subject to Internet censorship."


(boldface added)

Tor_FOIA_Request_31_May.pdf
(558.68 KiB) Downloaded 462 times


It does seem odd that the IAC claims to be "developing" these "enhancements." Not the Tor Project, not "Tor Solutions Group," and not some other party being funded by the IAC/BBG. They, themselves, say they are doing the developing..?

Anti-Censorship-Fact-Sheet-May-2013.pdf
(1.31 MiB) Downloaded 485 times
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


torrified

Re: Torsploit Reloaded...

Postby torrified » Sat Oct 19, 2013 10:37 am

{duplicate post removed & copy below left as production version; apologies for the delay in getting these guests posts approved, we're managing the beta network rollout at the same time & approvals are manual to cut down on spambot noise... we're working to implement a more efficient, quicker turnaround approval procedure for guest posting just as soon as the beta testing phase of network launch is complete! ~admin}


torrified

Re: Torsploit Reloaded...

Postby torrified » Sat Oct 19, 2013 10:39 am

Pattern_Juggled wrote:
"In its May 2013 Internet Anti-Censorship Fact Sheet, the BBG wrote that "[t]he BBG is working with the Tor Solutions Group to significantly increase the number of high-speed Tor exit relays and bridges to improve the speed of the Tor network. IAC is also developing several enhancements to the Tor software to improve its usability and performance for users subject to Internet censorship."


(boldface added)

Tor_FOIA_Request_31_May.pdf


It does seem odd that the IAC claims to be "developing" these "enhancements." Not the Tor Project, not "Tor Solutions Group," and not some other party being funded by the IAC/BBG. They, themselves, say they are doing the developing..?


While, I think this is well meaning, it is FUD. The Tor project is extremely open. Anyone, including government agencies, can propose and make improvements to Tor. Doesn't mean it'll get accepted. It *does* mean the code will be open source and peer reviewed the heck out of.

As you may know the NSA has code in almost every linux system today, the whole community knows. In fact, its all open. Does that scare you? I'm not sure it should. The code I'm referring to is "legitimate", its called Security Enhanced Linux, and provides a MAC layer. I've never seen a single accusation that there was a problem with this code... but then maybe its all a conspiracy.

Bottom line: Assumption and Innuendo cause damage to the reputation of a project that's not easy to repair. Here's a novel idea, log into #tor or get on the mailing list and ask a dev there about this. These are incredibly open guys who want to dispel any rumors of this sort.

Thanks for spreading the word on this court case, I've not heard of it before. I doubt the Tor guys can say why BBG is doing this, but how much does it matter if it makes Tor better for everyone?

One of the bigger concerns raised here is that Tor users are considered fair game, even after its discovered that they're US citizens. Not sure in reality if that's much different for non-Tor US citizens in this day and age anyway.


CharlesJk8
Posts: 1
Joined: Thu Apr 02, 2015 11:51 am

Re: EPIC lawsuit seeking to uncover Tor subversion

Postby CharlesJk8 » Thu Apr 02, 2015 11:53 am

Great! Thanks for expressing!
Significantly nevertheless, this really is great sound assistance in addition to I'd include which it’s additionally nice when blog writers reply to remarks. This can be some thing I didn’t complete after i commenced my web site – at this point I usually produce a stage associated with answering; it tells you attention!
NoorAlamShahzad


Return to “cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity”

Who is online

Users browsing this forum: Yahoo [Bot] and 7 guests

Login