this post was submitted on 10 Apr 2024
521 points (98.0% liked)

Technology

59574 readers
3196 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] TonyTonyChopper@mander.xyz 8 points 7 months ago (2 children)
[–] Zetta@mander.xyz 20 points 7 months ago (3 children)

While TOR does accept funds from the U.S. federal government it is not a honey pot. Given tor is free and open source it is easy to verify the security of the software.

I use fedora btw (use open source software you fools)

[–] Socsa@sh.itjust.works 4 points 7 months ago

And it is very easy to verify that the feds control enough exit nodes to know that it's a Honeypot.

[–] EpicFailGuy@lemmy.world 2 points 7 months ago (2 children)

If no one has told you yet. The feds busted a child porn network in the UK that used for because they were hosting over 65% of the exit nodes at the time. If your open source anonymous VPN is hosted by the feds, they can 100% see where the traffic is coming and where it's going

[–] michaelmrose@lemmy.world 2 points 7 months ago (1 children)

Please link to a story substantiating this. What I have heard of happening repeatedly is that they trick criminals into communicating outside of tor, running an executable, or just take over the endpoint and nail people eg take over dark web drug markets and use information to track down the folks using it.

[–] EpicFailGuy@lemmy.world 0 points 7 months ago (2 children)
[–] GamingChairModel@lemmy.world 3 points 7 months ago

As the article notes, it's hard to tell just how much of the unmasking comes from exit node control. An exit node will only know what public services are being accessed, without knowledge of any of the user's addressing/location data (since each node only knows that information about the single hop in each direction). Plus, I'm not even sure exit nodes are used at all when connecting to a tor-hosted service (no need to exit the tor network, after all).

It sounds like the servers are being compromised and then being used to exploit IP-leaking vulnerabilities in how the browser/plugins and Tor network connection are configured.

I'm sure they've got a lot of tricks up their sleeves, but exit node control seems like the least significant of them.

[–] Zetta@mander.xyz 2 points 7 months ago

I remember this story and re skimmed through the article, it has nothing to do with exit nodes.

[–] Zetta@mander.xyz 2 points 7 months ago

The story you linked is from 2015, and has nothing to do with exit nodes. The feds bsuted the actual server that was used to host csam and kept it up while collecting user information for two weeks. Not exit nodes related.

There are many illegal sites hosted on tor that get taken down quite often. Tor in itself is not an insecure software and it proves that by readily having nefarious and illegal sites operate for long durations of time.

All the instances I have read about large sites that host some form of illegal content on Tor going down have all had quite unique and extensive efforts put in by law enforcement agencies to make the bust happen.

[–] EpicFailGuy@lemmy.world 1 points 7 months ago

Also, if you're into that kinda thing, you should look into ceilidh from the cult of the dead cow

[–] Dasus@lemmy.world 1 points 7 months ago (1 children)

You don't understand how the technology works, do you?

[–] linearchaos@lemmy.world 10 points 7 months ago (1 children)

I think the concept is if you own enough exit nodes and you have monitors at the backbone level you can correlate traffic with time-based attacks.

The current number of people using tor in a given time isn't so insurmountable that you can't throw a couple of data centers worth of VMs at The problem and they've had backbone monitoring for decades.

The thing is, the feds aren't going to come knocking at your door because you are downloading movies. The MPAA figured out a long time ago that it's a losing battle going after individual people downloading/uploading. If you were trying to use tor to hide behind doing things to harm other people, running terrorist networks and the like, there's a reasonably good chance they could track you down if you were just using tour but they'd have to really want to do it, and that's not going to happen for Steve's half terabyte of CSI.