Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How The NSA Targets Tor

Soulskill posted 1 year,19 days | from the i-bet-it's-a-layered-approach dept.

Privacy 234

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

Sorry! There are no comments related to the filter you selected.

How about the nodes (1)

Anonymous Coward | 1 year,19 days | (#45037237)

I don't see the document talking about the security of nodes.

How is the safety of operating your own node?

Re:How about the nodes (1)

pipatron (966506) | 1 year,19 days | (#45037341)

What do you mean by this? If you operate a node, your computer is simply a passive router of traffic. I'm not sure what you mean by "safety" here.

Re:How about the nodes (2)

larry bagina (561269) | 1 year,19 days | (#45037523)

He means: will the NSA try to root you for running a tor node?

Re:How about the nodes (5, Interesting)

pipatron (966506) | 1 year,19 days | (#45037603)

Interesting. If I worked for NSA, I would try to. It would give some more information. Though on the other hand, they may just as well run their own nodes to get that information (oh yes, they do this already), and hacking 'normal' people just for the lulz always increases the chance of information about your operations getting out.

In short: It would be stupid to hack you just because you're running a node, unless you're their target in some other way.

Re:How about the nodes (5, Interesting)

lgw (121541) | 1 year,19 days | (#45037661)

Not according to this latest leak (who knows about future leaks).

As I read this leak, TOR isn't broken (I the sense that the NSA isn't recording all unencrypted TOR traffic, the way some had feared). The NSA doesn't root all nodes. If they're interested in some specific person, they break their anonymity by rooting them specifically. But I still need to go read Bruce's analysis.

I find it interesting/amusing that when Freedom Hosting was busted, and the FBI left behind a rootkit on the hosted servers to infect users wholesale, that wasn't an NSA payload - it was a 0-day they bought on Silk Road. For all that this spying pisses me off on principle, I love that bit: someone at the FBI has a sense of humor, or at least irony.

Re:How about the nodes (2)

lgw (121541) | 1 year,19 days | (#45037743)

Reading through Bruce Schneier's Guardian article, I could be wrong here. It's unclear whether they root all TOR nodes. I don't see this one on his blog, where he occasionally responds to comments, so it's hard to ask.

Either way, it's (so far) a good sign for TOR users trying to avoid government scrutiny by not-the-US-or-it's-allies, that the NSA has to root nodes in order to break anonymity. The system described is pretty elaborate, and seems unnecessary if they could get the same result from total network traffic analysis.

It does make a comedy of the TOR groups presentations to the FBI in recent years, though, about why TOR should remain legal.
 

Re:How about the nodes (2, Informative)

Anonymous Coward | 1 year,19 days | (#45037685)

He means: will the NSA try to root you for running a tor node?

One of the presentations says "probably not" and cites legal and technical challenges. We all know "legal" isn't really much of a roadblock, probably written in there for plausible deniability while the presenter mentioned with a wink and a sneer while dictating against the powerpoint, but sounds like if you run an exit node and keep it patched up, it might not be worth the squeeze for a full attack.

Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.

Re:How about the nodes (2)

SecurityTheatre (2427858) | 1 year,19 days | (#45037923)

The powerpoint specifically states that they have considered it but regard it a questionable action both for policy reasons as well as technical ones.

Re:How about the nodes (1)

SuricouRaven (1897204) | 1 year,19 days | (#45038143)

That means they are aware that wholesale hacking of TOR nodes would be noticed and invite countermeasures.

Re:How about the nodes (1)

hydrofix (1253498) | 1 year,19 days | (#45037981)

Anyone can run a Tor node. I would think it's much easier for NSA to operate a gigaton of its own Tor nodes via different cloud providers than try to infiltrate existing nodes. And, anyway the whole idea of Tor is that you never get to read other people's messages unless you are operating an exit node or a hidden service. If you are running a simple router node, all your inputs and outputs are encrypted and not readable by you.

Re:How about the nodes (1)

eddy (18759) | 1 year,19 days | (#45038069)

One slide mentioned this. It said that the node exploitation route was improbable due to technical and legal difficulties.

We need a workers government (2)

For a Free Internet (1594621) | 1 year,19 days | (#45037247)

Only a Soviet America will clean out the den of thieves and criminals that is the NSA, CA, etc.

TAILS (2, Informative)

Anonymous Coward | 1 year,19 days | (#45037297)

And this is exactly why you use TAILS. No fingerprints. Heck I have an exclusive machine for TAILS.

Re:TAILS (5, Insightful)

plover (150551) | 1 year,19 days | (#45037393)

This quote from TFA was particularly insightful:

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.

What that says is "hang on to old copies of TAILS and Tor, and don't 'upgrade' them." Sure, they're going to keep trying to attack them, but for right now this is as close to evidence as we'll ever get that says they're effective.

Re:TAILS (1)

jaymzter (452402) | 1 year,19 days | (#45037507)

I was thinking the same thing (FoxAcid, does it run Linux?). Why ANYONE doing anything online a government thinks they shouldn't, would do so running MS Windows is a mystery. The only way I would even consider it is if the machine was completely blocked from internet access with the exception of the TOR proxy ports.

Re:TAILS (4, Interesting)

lgw (121541) | 1 year,19 days | (#45037845)

I think you've misunderstood the attack.

1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.

2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.

3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.

4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.

This is the full financial power of a Cold War military intelligence branch being directed against individual citizens. Doesn't matter what you're running, you brought a knife to a gun fight, and they brought an armor division.

Re:TAILS (5, Informative)

SecurityTheatre (2427858) | 1 year,19 days | (#45038117)

This is absurd.

Listen, I've read the analysis and I've read all the available documentation. I agree with Schneider's analysis, but you're exaggerating.

1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.

Maybe. But they do this by injecting cookies and then trying to find those cookies later on the unencrypted Internet, once you've turned off Tor. This doesn't work so well if you're using the browser bundle, or some sort of Live CD, but it may work on

2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.

The race-condition man-on-the-side capability of the NSA was never doubted, though nobody was really sure until recently how/where/if it was deployed and how often it was used. It looks like it's a rather common thing they use these days. In that vein, they can probably intercept the traffic between the exit node and the hosted content, unless, of course, you're using a .onion site, in which case, they most certainly cannot (unless they own the exit node, which they will only sometimes do).

3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.

If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.

4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.

Doing a blind root on a BIOS is pretty unlikely. In fact, rooting someone who doesn't have a browser/OS combination that has a pre-built exploit make is much less likely. Especially even moreso if you spoof the user agent.

Regardless, the tone of your post is a bit over the top, and doesn't match the evidence- just figured I would point that out.

Re:TAILS (1)

Anonymous Coward | 1 year,19 days | (#45037891)

You're not secure running Linux, Captain Neckbeard.

Re:TAILS (1)

larry bagina (561269) | 1 year,19 days | (#45037955)

Duh, use SE Linux!

Re:TAILS (0)

Anonymous Coward | 1 year,19 days | (#45038045)

FoxAcid

Very clever - wouldn't have worked if you didn't have something (mentioned in the documents) - that enables you to grep all HTTP requests. Doesn't even have to have an exploit on it. I get a kick out of that as a technical achievement, but I really get a kick out of the little joke Bruce played in his article. Somewhere in the bowels of the US surveillance bureaucracy, there are a gazillion referrer-IDs pointing to the Guardian article, and some poor guy has to look at them all.

A hat tip to both the spooks in the administration and to the journalists covering the story today, that was fun.

It's so nice of the NSA (0)

Anonymous Coward | 1 year,19 days | (#45037299)

To point out weaknesses in the Internet for us, at least they're putting our hard earned tax payer money to good use. BTW, when do we get to switch to a IPv6 based Internet with IPSec enforced on all routes?

-- stoops

Re:It's so nice of the NSA (0)

mellon (7048) | 1 year,19 days | (#45037323)

IPsec isn't that interesting if the keys are all compromised.

Re:It's so nice of the NSA (1)

0123456 (636235) | 1 year,19 days | (#45037417)

IPsec isn't that interesting if the keys are all compromised.

Duh. No form of encryption works if the keys are all compromised.

However, IPSEC supports forward secrecy, which should always be used where available. That means they can't easily decode a recorded IPSEC session even when the keys are compromised, only launch man-in-the-middle attacks.

Re:It's so nice of the NSA (2)

TheResilientFarter (3216187) | 1 year,19 days | (#45037497)

My understanding is whenever quantum computing reaches its whatever level of computations, FS won't work when at least one of the private keys is known. Many are running on the assumption that many encrypted sessions are being archived for later decryption.

Govt. won't be happy (2, Insightful)

darrellg1 (969068) | 1 year,19 days | (#45037303)

until it can monitor EVERYTHING. The end result of that will be CONTROL. Smart TVs? Built in cameras. How long until they start REQUIRING being monitored?

Re:Govt. won't be happy (5, Funny)

Anonymous Coward | 1 year,19 days | (#45037407)

You call them "Smart TVs." I call them "telescreens."

Re:Govt. won't be happy (5, Insightful)

interkin3tic (1469267) | 1 year,19 days | (#45037693)

How about we not personify the government? I find it more useful. Understanding the factors and motivations at work will allow us to respond appropriately, or at least properly understand why this keeps happening.

Here's how I see it: Government agencies tend to take the path of least resistance to accomplish their assigned goals. Spy agencies goals are to monitor and identify threats. It's much easier to monitor everyone online rather than the comparatively difficult task of getting a proper subpoena for each individual being monitored.

The reason this is easier is because it's allowed by the government and tolerated by the people (at least enough to let it stand, we're not taking to the streets with torches and rope). Due process has not been updated to cover this in a way most of us feel would be appropriate. There are probably other barriers against this type of behavior that more knowledgeable people could come up with. They should be there, but they're not.

The officials in charge likely know that there is only so much they can abuse that power before it's taken away from them. If it came out that the NSA had found a way to listen in on every conversation and track you at the moment, and the public understood it and wasn't successfully distracted from it, the NSA would have it's powers trimmed. And then their job would be harder again.

So it's not that they're just voyeurs who will stop at nothing to have a live feed on your sphincter. It's more that we want to have our cake and eat it too. We want the NSA to protect us from the boogeymen terrorists, and we don't want them to spy on us either. But we're more flexible on the latter, so there you have it.

We'd need to keep limiting the NSA from taking the easiest paths we don't want them to take, but we're also lazy and apathetic as a nation.

Dichotomy (2)

plover (150551) | 1 year,19 days | (#45037313)

People often claim that the NSA is watching exit nodes, and can tie Tor traffic back to the users. This apparently claims the opposite.

So do we know for sure if this a real leak, or was this "leaked"?

Re:Dichotomy (1)

pipatron (966506) | 1 year,19 days | (#45037387)

Of course they are watching exit nodes. Everybody should assume they do (also the person running the node will watch, and that person's ISP).

However, I have never heard anyone claiming they can tie the traffic back by watching the traffic, other by the well know timing attacks that they *do* talk about in the article. Basically, they see some traffic exit the node at the same time as they see similar traffic at some completely unrelated place in the network, building up statistics which can identify a suspect over time. This is why they say they have limited success.

Re:Dichotomy (2)

blueg3 (192743) | 1 year,19 days | (#45037531)

No, this article states directly what most people are really saying. People say that NSA controls quite a few exit nodes, but we're not really sure how many. If they controlled a lot, they could deanonymize Tor traffic. According to TFA, NSA knows full well exactly this and tried it, but couldn't gain control of a sufficient number of exit nodes. That's not surprising, it really would take controlling quite a lot of exit nodes.

The more real danger is mentioned in the article, also. Your computer and the connection from the exit node to the site you're visiting are the main weaknesses in Tor. The exit node has an ideal man-in-the-middle position over your traffic, and the NSA is one of the most benign malicious actors running exit nodes. Any HTTP connection over Tor is idiotic and any HTTPS session should be examined carefully.

Re:Dichotomy (1)

Threni (635302) | 1 year,19 days | (#45037831)

They don't have to 'control' exit nodes, as in compromise or seize them. They can simply run thousands of exit nodes so that the chances are you'll use one of them. They could also run thousands of regular nodes to do traffic analysis. Finally, they can work with ISPs to monitor other people's exit node usage. None of this is very complicated if people are compelled to obey you.

Re:Dichotomy (1)

Anonymous Coward | 1 year,19 days | (#45038093)

The presentation is six years old. They probably have more techniques by now.

Tor site says so (2)

Rato Ruter (1008363) | 1 year,19 days | (#45037335)

To make a long story short, Tor warns about this in the site, if not with the exact words, anyone capable of watching outgoing traffic from a machine and incoming traffic to the destination server may be able to match both. Thinking that most internet traffic goes through the US, it not really a surprise they are able to do so. Saying they will *never* be able to de-anonymize all Tor users to me sounds like a trap, an attempt to make users feel safe, but instead might just be a computational power issue.

Insufficient data to draw useful conclusions (5, Interesting)

IamTheRealMike (537420) | 1 year,19 days | (#45037337)

A few days ago a well known Tor developer was getting angry on Twitter because he thought the Guardian was holding back a story on Tor due to redacting requests and pressure from governments.

The presentations cited date from 2007. That's 6 years ago and tells us diddly squat about their current capabilities. All it tells us, really, is that in 2007 they had developed some working techniques in the lab, and were talking about the same kinds of attacks that were being discussed in public. It also tells us they use custom malware - but that was already revealed previously.

The Snowden files contain a complete copy of GCHQ's internal wiki. It seems highly unlikely that there is no further information on Tor after 2007. Rather, it feels like the British and American governments treat their capabilities against Tor as one of their most valuable secrets and applied significant pressure, the resulting compromise being "you can make a story about Tor, as long as it's based on old information that is no longer relevant".

Re:Insufficient data to draw useful conclusions (0)

Anonymous Coward | 1 year,19 days | (#45037443)

News organisations and journalists are a shame. They'd be given the Pentagon Papers and instead publish something about WWI.

a related question (1)

tonfagun (1410889) | 1 year,19 days | (#45037499)

Sorry if the answer to my question is obvious/common knowledge, but is it known why Snowden didn't release the complete data set, e.g. via wikileaks? Why is the Guardian the "gatekeeper" to this information, I wonder?

I mean, I can think of one reason maybe: to protect his own safety perhaps. Maybe he set something up that releases the full data in case he's arrested, or worse. But anyway, that's speculation... anyone knows if there's some definite answer to the question why the complete data isn't torrented yet?

Re:a related question (1)

pipatron (966506) | 1 year,19 days | (#45037619)

He did claim early on that he did this because he didn't want any personal information about any NSA agents getting out, and I bet the papers are full of them.

It is, however, a pretty lame excuse IMHO. But I'm not the one with a government agency after me.

Re:a related question (0)

Anonymous Coward | 1 year,19 days | (#45037749)

because his employer doesn't want those released.

Re:a related question (5, Interesting)

IamTheRealMike (537420) | 1 year,19 days | (#45037977)

Because he knew that if there was an indiscriminate data dump, governments would use that to distract from the real meat. By getting professional journalists to digest the data into understandable stories, he ensured that would not happen. Also he feels details about specific operations or sites or whatever isn't really important to the debate, which is what he cares about the most.

Now that said, we'll have to see if he is happy with the current level of disclosures. My impression so far is that he has been very happy with how things worked out. But this is a guy who had EFF and Tor stickers on his laptop. If he knows Tor is broken and the Guardian do stories implying that it's not, it'll be interesting to see if he has any reaction to that. Right now he's lying low because he wanted to fade away so the stories focus on the material - and that's something he has done amazingly well.

Re:a related question (1)

tonfagun (1410889) | 1 year,19 days | (#45038187)

Great answer... didn't think of that. Completely agree, sometimes more would actually be less, certainly when it comes to media attention. I just hope he's watching all of this closely, and if he feels the Guardian isn't doing its job, he'll dump the entire data anyway, maybe with names/addresses striked out.
You also make another good point, about how he managed to keep a *relatively* low profile... quite different from our favorite activist slash attention seeker Assange. (by the way, I'd mod your comment insightful, but alas, got no mod points)

Re:a related question (1)

lgw (121541) | 1 year,19 days | (#45037999)

For non-geeks, the slow release by the Guardian has been the best approach - much as we'd like to know everything all at once, it would be a 1-week story that way. This way the NSA is constantly in the news, every week a new outrage, and it might just possibly make people care.

Re:Insufficient data to draw useful conclusions (0)

Anonymous Coward | 1 year,19 days | (#45037539)

Yeah, something doesn't pass the sniff test here. Either it's just old or the whole presentation was just a honeypot that suckered Snowden & Co., but Tor regularly admits that it can be deanonymized with timing attacks if the attacker can see all the traffic everywhere, which is exactly what PRISM is for.

Instead of an Arab Spring (1, Insightful)

Anonymous Coward | 1 year,19 days | (#45037353)

Man, it's about time we had an American Spring... before it becomes impossible.

Re:Instead of an Arab Spring (5, Insightful)

i_ate_god (899684) | 1 year,19 days | (#45037561)

so will this result in a theocratic christian government run by the bible belt?

Re:Instead of an Arab Spring (1)

CanHasDIY (1672858) | 1 year,19 days | (#45037769)

At least then they'd be consistent.

Re:Instead of an Arab Spring (1)

Anonymous Coward | 1 year,19 days | (#45037965)

Christian extremists blackmailing the government? Noooooo, that could heeeevaaaa happen...

Re:Instead of an Arab Spring (0)

Anonymous Coward | 1 year,19 days | (#45037985)

so will this result in a theocratic christian government run by the bible belt?

Just nuke'm from orbit. It's the only way to be sure.

Re:Instead of an Arab Spring (1)

Lunix Nutcase (1092239) | 1 year,19 days | (#45037941)

Then get off your fat ass and do something rather than expecting others to do all the work.

Ehhh... (0)

Temtongkek (975742) | 1 year,19 days | (#45037375)

I'm no expert, but this doesn't feel right. I really can't explain it, so I won't even try...just feels like things are being "let loose" into the wild on purpose, as opposed to actual documents surfacing because of Snowden. I may very well be wrong, but the whole scope of things just feels...off.

Re:Ehhh... (1)

pipatron (966506) | 1 year,19 days | (#45037485)

I think it's because Snowden didn't release it all, like Manning, but just released a small part of it, and only to a newspaper. He claimed to have his reasons for this, not that I agree with them. Something about how the Manning files identified some people, and that Snowden didn't want that to happen.

duh.. (3)

Anonymous Coward | 1 year,19 days | (#45037383)

For Tor browsing you should use a different browser and OS, in a VM, than the one you normally use.

Re:duh.. (1)

TheResilientFarter (3216187) | 1 year,19 days | (#45037549)

I run Secret Agent [dephormation.org.uk] in FF. Doesn't that accomplish basically the same thing?

Re:duh.. (1)

pipatron (966506) | 1 year,19 days | (#45037643)

Uhm, heh...

No. Sorry.

From the look of that website, you probably have some nice tracking installed now though.

Re:duh.. (1)

TheResilientFarter (3216187) | 1 year,19 days | (#45037713)

Why do you say that?

Re:duh.. (1)

pipatron (966506) | 1 year,19 days | (#45037883)

I'm just judging the book by its cover. It looks like it's design to lure people with flashy but cheap looking animations.

Anyway, changing your browser string won't make you less trackable. They don't use those for tracking individual users.

Re:duh.. (0)

Anonymous Coward | 1 year,19 days | (#45037563)

For Tor browsing you should use a different browser and OS, in a VM, than the one you normally use.

I.e. IE running on Windows 8.

Re:duh.. (0)

Anonymous Coward | 1 year,19 days | (#45037587)

A good first step would be to put Tails [boum.org] OS on a bootable USB drive and only use that to access tor services.

Dont forget stupid people. (2)

Kenja (541830) | 1 year,19 days | (#45037389)

For example, the silk road guy who legally changed his name to his handle ("frosty") and then used said name in his encryption key.

They target Tor via the ISP's (5, Interesting)

John3 (85454) | 1 year,19 days | (#45037427)

I've been running Tor on my home FIOS connection for about six months in non-exit relay mode. Last month I received a registered letter from Verizon [dslreports.com] notifying me that I was using excessive bandwidth and that my connection would be terminated in ten days if I did not cease and desist. From what I read there were less than 100 FIOS customers that received this letter, and it was sent to folks who used upwards of 10tb per month. The paranoid conspiracy theorist in me says that the NSA encourages ISP's to crack down on Tor relays, while the annoyed consumer in me looks on it as a ploy by Verizon to sell me a commercial fiber service. Either way, I don't have the inclination or money to fight this battle, and so I shut down my Tor relay for now. Interesting to note that we were blocked from accessing Hulu Plus from our home as they had identified my IP as a Tor relay. Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45037583)

Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.

A long time ago (in a galaxy far, far away) I ran a tor exit node. Years after shutting it down, my IP-address was still blocked at various sites.

I hope you don't have to wait that long.

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45037725)

Does tor not disguise itself as web traffic? Whatever else it does it should look like ordinary HTTP(s) noise.

I'm not familiar with tor so maybe it's a naive question.

As for the GP .... um, 10tb/month .... you are the reason ISPs have to establish caps.

Re:They target Tor via the ISP's (2)

larry bagina (561269) | 1 year,19 days | (#45038063)

node-to-node traffic is encrypted, usually on port 9001. At the exit node, it's decrypted and sent to the final destination as standard traffic. Standard trafic with the exit node's IP address, that is.

Start posting goatse and tub girl links on slashdot and see how long it takes for your ip address to get blocked. Bonus points if you can crapflood to the point you get some pink. Then try sending some spam. I'm sure you can imagine how an exit node IP address gets put on a block list.

Tor does let exit nodes specify which ports are allowed.

get a new router and get a new IP address (1)

logicassasin (318009) | 1 year,19 days | (#45037747)

or, if your current router supports changing the MAC address do that and get a new IP. It really isn't that hard to get a new IP from your ISP without calling them up.

Re:They target Tor via the ISP's (1)

omnichad (1198475) | 1 year,19 days | (#45038037)

well..they said non-exit, so probably not.

Excessive bandwidth (1)

davidwr (791652) | 1 year,19 days | (#45037597)

Well, if you didn't deliberately throttle TOR usage I can see that as an issue.

Memo to anyone with a consumer-grade ISP that doesn't explicitly allow you a specified bandwidth:

Call your ISP and get them to "name a bandwidth" below which you are guaranteed not to be called out for "excessive usage" and/or buy a business-grade service that has specified bandwidth limits.

Don't go over these limits.

Also, if your grade of service doesn't explicitly allow servers, buy one that does. You don't want to give the ISP an excuse to shut you down.

Re:Excessive bandwidth (1)

John3 (85454) | 1 year,19 days | (#45037683)

Great advice and something I will look at in a few months once the dust settles. I guess I was too eager to do as much as I could with my shiny new upgraded 100mb FIOS connection. :)

Re:Excessive bandwidth (1)

fisted (2295862) | 1 year,19 days | (#45037841)

100 millibits per what? That'd better be nanoseconds, then.

Re:Excessive bandwidth (0)

Anonymous Coward | 1 year,19 days | (#45038053)

Wow. A 100 millibit data cap on a FIOS connection. No wonder you got hit with an overage.

Re:They target Tor via the ISP's (1)

airdweller (1816958) | 1 year,19 days | (#45037607)

Can't you just throttle the relay bandwidth?

Odd. Why would Hulu care whether anyone is a Tor node?

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45037675)

I was running as an exit relay for a while. Trying to do as much as I could, but then realized it was not that great an idea to run exit from a home ISP connection. We received several letters about illegal activity so decided to step it back a notch and just run regular relay.

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45038001)

Hulu is not available in all places because of legal issues around copyright, TOR is used to bypass those restrictions.

Re:They target Tor via the ISP's (1)

SecurityTheatre (2427858) | 1 year,19 days | (#45038177)

Hulu doesn't allow connections for anyone outside the US. They have copyright holders with a gun to their head so they have to be extreme dicks about blocking non-US access, including all proxies they know of...

Re:They target Tor via the ISP's (1)

LordKaT (619540) | 1 year,19 days | (#45037609)

I run a non-exit Tor node, and have not received any letter like this, on FiOS. Although, I DO limit my bandwidth consumption via Tor.

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45037695)

I'm sure my problem was Tor was running at full throttle. I will set it up again in a month or two and throttle the bandwidth to reasonable levels.

Re:They target Tor via the ISP's (1)

LordKaT (619540) | 1 year,19 days | (#45037751)

Yeah, that was probably your problem. Also, keep a check on any torrents you have running - running those at full tilt can consume an ass-load of bandwidth too.

Tor basically asks "how much bandwidth can I use" and then uses it. I have to keep an eye on it because I run a live stream at HD resolutions, and being conscious of my bandwidth usage is priority #1.

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45037641)

it was sent to folks who used upwards of 10tb per month

and you don't think that *this* was the reason you got the termination notice? you're still as clueless know as you were when you set up the software without configuring speed or bandwidth usage limits.

10 terabytes per month is equal to over 30 megabits/sec *continuously* for the entire month... you may need both hands to count the number of terms in your tos/aup you're in violation of with that usage pattern on verizon fios residential service.

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45037765)

FIOS advertises as "No limits", and the tos/aup doesn't specify bandwidth. It does, however, specify that you can't run servers on a residential line so that's the tactic they use. And I knew there were bandwidth throttles in Tor, I just didn't expect Verizon to have an issue with the usage since they had advertised "No limits".

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45037651)

Yep, it's annoying when sites blacklist you even if you're a non-exit. On another note, perhaps the Tor software could have some bandwidth limiters. Then you could be sure that there's ulterior motives behind the letter.

Re:They target Tor via the ISP's (1)

geekamole (1966386) | 1 year,19 days | (#45037691)

I'm curious about the Hulu Plus situation--why would they have a reason to block a non-exit relay? Was your relay a listed one or a non-listed one (a.k.a. obfuscated bridge, I think)?

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45037783)

Tor was configured as an exit relay for about two weeks. I think that was what kicked in the issue with Hulu. Another user posted in the thread that he ran exit relay and was blocked by Hulu for several years.

Re:They target Tor via the ISP's (1)

tacokill (531275) | 1 year,19 days | (#45037853)

Why would you have problems with Hulu if you are a non-exit relay? I don't understand how that can happen or how Hulu even knows you're running a tor relay.

If you are running a Tor relay AND setup as an exit node, then I get it.

Please clarify.

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45037973)

Sorry, didn't post the complete timeline. I ran as an exit node for a few weeks but stopped when I received a couple of letters questioning activity that came through my IP address. That was what probably got me blacklisted with Hulu. I will likely reconfigure Tor with bandwidth limits and set it up again in a few weeks.

Re:They target Tor via the ISP's (1)

tacokill (531275) | 1 year,19 days | (#45038077)

Got it. That makes perfect sense now. Yes, that is certainly what got you blacklisted. Thanks for the clarification. I have run a relay but never an exit node for precisely this reason. I can't believe you ran it for 2 weeks without hearing from Verizon before that time.

Did you know you can run tor and be a relay without being an exit node? That still helps the Tor network tremendously so you might consider that if you aren't able to be an exit node anymore.

Re:They target Tor via the ISP's (1)

John3 (85454) | 1 year,19 days | (#45038141)

Yes, I'm going to set it up again in a few weeks, as a non-exit relay and with a bandwidth cap. I jumped in with both feet without looking, not usually a good idea. :)

Re:They target Tor via the ISP's (0)

Anonymous Coward | 1 year,19 days | (#45038017)

Interesting to note that we were blocked from accessing Hulu Plus from our home as they had identified my IP as a Tor relay. Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.

That is interesting, Hulu shouldn't be blocking Tor relay nodes, it's the exit nodes that they should be blocking.

It's obvious that they are blocking EVERY Tor node listed rather than just those that exit said traffic.

Maybe we should tell the EFF that compiling lists of EVERY Tor server is a bad idea.

War against privacy. (2)

gmuslera (3436) | 1 year,19 days | (#45037441)

This is not about monitoring anymore, probably never [schneier.com] was [reuters.com]

...giving the agency opportunity to launch prepared attacks against their systems

They are actively attacking Tor nodes and clients, be or not outside US, being used for criminal activities or just someone worried about his own privacy.

This is not about defending against terrorists, they are attacking the US citizens that dares to try to have some privacy. Along with foreing citizens worried about the same.

And they are not just forcing everyone to be unsafe, they are too, so others (foreing countries, private companies wanting to get rid of competitors, hacking groups, old-style criminal organizations, even terrorist groups) can use the same tools/backdoors/exploits as them, being either provided by leaks (not just Snowdens unknown predecessors, there are a lot of private companies with high security clearance with access to all of that that could have their own agenda (Snowden worked for one of them), or just plain hacking (like yesterday's Adobe one that could had leaked where Acrobat or Flash have NSA backdoors).

Re:War against privacy. (1)

AlphaWoIf_HK (3042365) | 1 year,19 days | (#45037529)

This is not about defending against terrorists, they are attacking the US citizens that dares to try to have some privacy.

And these pieces of garbage seem damn smug about it, too; exactly what I'd expect from thugs.

No money to be made in privacy (0)

Anonymous Coward | 1 year,19 days | (#45037701)

If you're in the business of government, there's not much money to be made in accepting the defaults of human nature -- one of which is that human beings value privacy, and expect others to respect that privacy.

Spying is clearly a violation of
        * Freedom of movement
        * Freedom of association

Let's put it this way. Would it be normal human behavior for your next-door neighbor to track your daily movements, intercept your communications, and generally know every aspect of your life? Of course not -- he would be considered a stalker. What makes government different? Why is government spying not merely a glorified form of stalking?

The money is made by attacking human nature, not accepting it. If you want to know the real reason government spies on innocent people, look no further than the hundreds of billions of dollars it justifies in spending. The end goal is to (1) create that cash flow in the first place, and (2) leverage it for personal gain.

Re:No money to be made in privacy (1)

AlphaWoIf_HK (3042365) | 1 year,19 days | (#45037735)

Why is government spying not merely a glorified form of stalking?

Given the amount of authority the government has, it is much, much worse, and far more dangerous than mere stalking, even if it is similar in some aspects.

Re:No money to be made in privacy (0)

Anonymous Coward | 1 year,19 days | (#45037989)

Agreed, although I feel it's crucial when evaluating government to compare the behavior of government to normal human behavior. Only then will a person begin to question their motives. If a person accepts that government inherently has the right to behave differently than everyone else, then there's no point in going any further. Government wins by TKO, and human nature loses (freedom along with it).

The plan (0, Troll)

Anonymous Coward | 1 year,19 days | (#45037491)

Find FoxAcid related boxes.
Exploit the shit out of said boxes. (win2k3 lol)

Enjoy mayhem.

Re:The plan (1, Interesting)

lgw (121541) | 1 year,19 days | (#45038061)

Find FoxAcid related boxes.
Exploit the shit out of said boxes. (win2k3 lol)

Enjoy mayhem.

You approach a military roadblock. You see one guy manning the roadblock, and he's unarmed. Why do you think that is?

When you know an organization cares about security, and you don't see the security, what should you conclude?

Foreign government? (4, Insightful)

Hatta (162192) | 1 year,19 days | (#45037509)

What the NSA is doing is unacceptable whether or not a foreign government access any of the data. Unless the US government obtains a warrant, based on probable cause, that specifically describes the places to be searched and things to be siezed, this activity is illegal.

Re:Foreign government? (2)

pixelpusher220 (529617) | 1 year,19 days | (#45037715)

Sadly, no it isn't illegal anymore. It should, however, be ruled unconstitutional once we manage to pry a case up to a competent SCOTUS (and I'm not sure we have one currently).

Re:Foreign government? (2)

Hatta (162192) | 1 year,19 days | (#45037759)

Of course it's illegal. The laws that they claim make it legal are unconstitutional, and therefore completely null. Congress has no authority to pass a law that makes generalized surveillance legal.

Re:Foreign government? (1)

SecurityTheatre (2427858) | 1 year,19 days | (#45038189)

The Patriot Act begs to differ...

They are welcome to target tor (0)

Anonymous Coward | 1 year,19 days | (#45037557)

As I only use it to bypass my countries dns restrictions on the pirate bay Im sure it costs the American government more money in time and effort to get the information than it is worth.

"Tor stinks" (2)

davidwr (791652) | 1 year,19 days | (#45037625)

Tor, originally sponsored by the United States Navy.
Any questions?

New FBI logo (-1)

Anonymous Coward | 1 year,19 days | (#45037727)

A pig masturbating before a laughing world.

DNS mentioned in the slide deck (0)

Anonymous Coward | 1 year,19 days | (#45038175)

One interesting point in the slide deck was the suggestion that maybe Tor users accessed DNS in such a way as to leave a fingerprint. That begs the question - how much instrumentation does the SIGINT community have on well-known or well-used resolvers and authoritative servers, and at what level? I'm going to crawl back into my hole and put on my tin foil hat now.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?