All the recent dark net arrests seem to be pretty vague on how the big bad was caught (except the IM admin’s silly opsec errors) In the article they say he clicked on a honeypot link, but how was his ip or any other identifier identified, why didnt tor protect him.
Obviously this guy in question was a pedophile and an active danger, but recently in my country a state passed a law that can get you arrested if you post anything the government doesnt like, so these tools are important and need to be bulletproof.
There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it’s network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.
Going further, don’t deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.
Just some thoughts. Not sure any of this was applicable to the case.
There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.
Mullvad is pretty good in this regard by forcing you to use their DNS. Though of course, you have to trust them.
Or use Tails which routes all network traffic through TOR
Agreed. There are countermeasures to take against everything I mentioned. You just have to be aware and ideally not be a criminal in the first place.
Does Tor have no protection against such a simple attack? I always thought any clearnet address i type in the browser (along with the dns query) hops 3 times.
You can do DNS in multiple ways. The question is what you try to do, or what your software tries to do.
I can’t answer this with confidence, but I was thinking the link in the email opened in the default browser, which wasn’t Tor in their case. Or something in the email client perhaps. Ultimately, I have no idea what happened and I was just speculating
This question gets asked every year and every time it turns out to be an OPSEC mistake instead
And hopefully will continue to be asked, because one day it may not be poor OPSEC.
Hopefully it will be asked by the very smart people who actually develop TOR, and not just paranoid Internet randos like OP.
True - although just because you are paranoid, that doesn’t mean they aren’t out to get you…
Honestly i believe there is no point in speculating whether there are backdoors installed in popular privacy and encryption apps; for all we know, the powers that are may already have a digital fortress’esque quantum computer decrypting everything from your signal messages to onion sites in a matter of seconds.
I think(my personal headcanon) that there probably was a Manhattan project like top secret research project that has yielded some very fruitful results, now i guess we have to just wait for some whistleblower or a disgruntled employee to feed it a file that blows it up.
lmao, just now reading this incredible response to me calling you paranoid.
I didn’t deny it; its akin to a first year med student reading about all the subtle little ways that the body hints something is majorly wrong and noticing symptoms exhibit in them, I guess i am just not jaded enough to accept that online anons can just send a swat team to my house if i comment on the local weather online.
Well OPSEC is the stated cause. Who knows how the person was initially identified and tracked. For all we know he was quickly identified through some sort of Tor backdoor that the feds have figured out, but they used that to watch for an unrelated OPSEC mistake they could take advantage of. That way the Tor backdoor remains protected.
As far as we know. Could be mitm servers
It’s like being surprised that body armor doesn’t help against being gassed.
Tor was always comrpomised, the point has never been to be uncrackable, the point is that tracking down an induvidual user is enough effort that it can’t just be done on mass like with normal internet traffic. If you draw direct attention to yourself then it isn’t going to save you.
Exactly. Tor was originally created so that people in repressive countries could access otherwise blocked content in a way it couldn’t be easily traced back to them.
It wasn’t designed to protect the illegal activities of people in first world countries that have teams of computer forensics experts at dozens of law enforcement agencies that have demonstrated experience in tracking down users of services like Tor, bitcoin, etc.
Welp repressive countries have more stringent teams of computer forensics experts now. Though compared to our neighbours i wouldn’t call my country repressive(yet)
Tor cant save you from bad opsec.
I went one step further than OP and actually read the article.
Web-based generative AI tools/chatbots
…
he created fake AI CSAM—but using imagery of real kids.
All the privacy apps in the world won’t save you if you’re uploading pics to a subscription cloud service.
Why wouldn’t tor be compromised?
I would assume that because it is a popular open source software relied upon by millions that it theoretically shouldn’t?
It’s just that if I were the FBI, or the CIA, or a large criminal organisation, why wouldn’t I be putting a lot of money and the best people I could find on sneaking backdoors for tor into the onion somehow. What a treasure trove of the most potent information there is there! If you can crack tor, you own the keys to the underworld and enough blackmail fodder to get you almost anything you want.
I haven’t been following the DNM seen much. Are there any good sources on the recent busts?
Mental Outlaw and seytonic on YouTube usually provide pretty good coverage.
deleted by creator
That wasn’t a headline but a real question from OP.
Lol
