• Zetta
      link
      fedilink
      English
      arrow-up
      20
      ·
      7 months ago

      While TOR does accept funds from the U.S. federal government it is not a honey pot. Given tor is free and open source it is easy to verify the security of the software.

      I use fedora btw (use open source software you fools)

      • Socsa@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        And it is very easy to verify that the feds control enough exit nodes to know that it’s a Honeypot.

      • EpicFailGuy@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        4
        ·
        7 months ago

        If no one has told you yet. The feds busted a child porn network in the UK that used for because they were hosting over 65% of the exit nodes at the time. If your open source anonymous VPN is hosted by the feds, they can 100% see where the traffic is coming and where it’s going

        • michaelmrose@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          7 months ago

          Please link to a story substantiating this. What I have heard of happening repeatedly is that they trick criminals into communicating outside of tor, running an executable, or just take over the endpoint and nail people eg take over dark web drug markets and use information to track down the folks using it.

            • GamingChairModel@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              7 months ago

              As the article notes, it’s hard to tell just how much of the unmasking comes from exit node control. An exit node will only know what public services are being accessed, without knowledge of any of the user’s addressing/location data (since each node only knows that information about the single hop in each direction). Plus, I’m not even sure exit nodes are used at all when connecting to a tor-hosted service (no need to exit the tor network, after all).

              It sounds like the servers are being compromised and then being used to exploit IP-leaking vulnerabilities in how the browser/plugins and Tor network connection are configured.

              I’m sure they’ve got a lot of tricks up their sleeves, but exit node control seems like the least significant of them.

            • Zetta
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              I remember this story and re skimmed through the article, it has nothing to do with exit nodes.

        • Zetta
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          The story you linked is from 2015, and has nothing to do with exit nodes. The feds bsuted the actual server that was used to host csam and kept it up while collecting user information for two weeks. Not exit nodes related.

          There are many illegal sites hosted on tor that get taken down quite often. Tor in itself is not an insecure software and it proves that by readily having nefarious and illegal sites operate for long durations of time.

          All the instances I have read about large sites that host some form of illegal content on Tor going down have all had quite unique and extensive efforts put in by law enforcement agencies to make the bust happen.

      • EpicFailGuy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Also, if you’re into that kinda thing, you should look into ceilidh from the cult of the dead cow

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        3
        ·
        7 months ago

        I think the concept is if you own enough exit nodes and you have monitors at the backbone level you can correlate traffic with time-based attacks.

        The current number of people using tor in a given time isn’t so insurmountable that you can’t throw a couple of data centers worth of VMs at The problem and they’ve had backbone monitoring for decades.

        The thing is, the feds aren’t going to come knocking at your door because you are downloading movies. The MPAA figured out a long time ago that it’s a losing battle going after individual people downloading/uploading. If you were trying to use tor to hide behind doing things to harm other people, running terrorist networks and the like, there’s a reasonably good chance they could track you down if you were just using tour but they’d have to really want to do it, and that’s not going to happen for Steve’s half terabyte of CSI.

        • Dasus@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          10
          ·
          7 months ago

          I don’t know if you know this, but the internet is a bit wider than the reach of the US authorities.

            • Dasus@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              4
              ·
              7 months ago

              And what would that word be, exactly? How will it change the fact that US feds can’t seize servers which exist outside the US?

                • Dasus@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  7 months ago

                  It describes a North Carolina server hosting a Tor hidden service site. The setup was seized in February 2015

                  A North Carolinian server. I think that’s in America, right?

                  to monitor its nearly 215,000 users.

                  How many were actually busted? Isn’t that just the amount of traffic? Busting 215 000 pedophiles would’ve definitely made the news…

                  Currently, at least three men—Peter Ferrell, Alex Schreiber, and James Paroline—have been charged in connection with this site.

                  Three Americans? Good job, feds, but that doesn’t exactly disprove my point about the feds’ limited (if sizable) reach.

                  she said the FBI may have used a honeypot technique that feeds site visitors a link to a webpage outside of To

                  So to people who open non-tor links from tor are vulnerable? That’s not exactly news.

                  Tor isn’t a magical shield that makes everything cop-proof, but feds definitely don’t have power over it the way you seem to imply they do.

            • Dasus@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              7 months ago

              Having the ability to monitor Google and Yahoo datacenters still doesn’t mean that US feds can do anything about servers not located in the US.

              They can’t physically go to another country do to cop shit. I don’t know how to say it more simply.