Those cases revolve around the FBI's investigation into dark web child pornography site Playpen. In February 2015, the FBI seized the site, but instead of shutting it down, the agency ran Playpen from a government server for 13 days. However, even though they had administrative control of the site, investigators were unable to see the real IP address of Playpen's visitors, because users typically connected to it through the Tor network.
In order to circumvent that anonymity, the FBI deployed what it calls a network investigative technique (NIT), or a piece of malware. That malware, which included a Tor Browser exploit, broke into the computer of anyone who visited certain child pornography threads on Playpen. It then sent the suspect's real IP address back to the FBI.
According to court filings, the FBI obtained over 1,000 IP addresses of alleged US-based users. Over the past year, Motherboard has also found that the FBI hacked computers in Australia, Austria, Chile, Colombia, Denmark, Greece, and likely the UK, Turkey, and Norway too.
Well if you're using modern consumer hardware (botnet) with mainstream OS (botnet) then you're in trouble. But if you deviate from that, and the more you deviate from that, the harder it is for anyone to hack you. It will require a lot more effort than sending canned exploit. And you can further improve by leaving very little attack surface, the least amount possible. But this is the opposite of "convenience", so most people won't bother to even take the most basic steps. At the end of the day, there is the bottom line: money. If you make it cost too much effort, you're no longer worth it.
Nathan Richardson
Let's count off the various ways they fucked up this investigation.
In summary: gigabytes of child abuse content circulated, a handful of fucked up cases, widespread outrage hampering future efforts and collaboration with foreign governments. Oops.
Grayson Nguyen
Shouldnt the bigger story here be that the fbi ran a cp site? That has to be illegal and makes everything else quite irrelevent as law enforcement cant break laws to catch people. Im no legalfag but ive seen enough crime shows to know you cant collect evidence illegally.
Jaxson Russell
Don't forget Why are they still being funded? So they can hack into peoples computers to plant evidence so they can "solve" it later?
Carson Scott
Got source to back your claims up?
Luis Wood
No, that's why I used variables. They'd have to answer how many unsolved crimes they chose to ignore to prioritize this instead.
Wyatt Wright
it required javascript enabled to malware you and whonix/vm/tails vm would protect even with js
US is totalitarian 3rd world shit, they don't care about laws
Asher Bennett
Well, that's not the first time I've read about Tor being an insecure piece of shit.
Blake Nguyen
Are you questioning the NAVY and DARPA's competence?
Matthew Allen
It's okay when we do it goy.
Christian Sullivan
Firefox isn't Tor. Tor Browser with security on high is a good default for most people. If you don't agree, post security tips instead of just shilling.
Landon Ross
The fact the FBI has to exploit the web browser means Tor works pretty well.
And Freenet and i2p are mostly used with web browsers, so they'd be vulnerable to the same types of attacks.
Kayden Morgan
Fucking sea lions
Ethan James
Well that wouldn't work with a setup like Whonix. The attacked computer wouldn't even know the IP-address.
Lincoln Wood
If they wanted, they could chain a virtualbox or qemu/kvm exploit to break out of the VM.
It's unlikely because of the added cost and low amount of targets using virtualization, but it's possible.
Ryan Williams
We don't know anything about the actual exploit except it was for Tor Browser. The FBI classified the exploit for "national security reasons" after defendants asked for details.
There was one unconfirmed report that the exploit was in Firefox's graphite2 font file renderer.
Josiah Long
How would I go about using links with Tor?
Alexander Evans
NoScript doesn't download fonts by default, so even if this was an issue with Firefox's font renderer (some rumors point to that), unless you're dumb enough to disable NoScript on an onion site you should be safe.
The Playpen operation wasn't a complete fuck up like the 2013 Freedom Hosting attack. If it was limited as described in the warrant then I have no problem with the Playpen hack.
The FBI only deployed the exploit against users who were logged in and browsing threads clearly labeled as CP. Even with 1 warrant, they had enough probable cause for all 8000 computers.
Liam Anderson
The Freedom Hosting exploit was supposed to be limited to 23 illegal sites too. But in reality, they (accidently?) embedded the exploit on every single onion hosted on Freedom Hosting. Thousands of legitimate Freedom Hosting onions were affected.
Brandon Bennett
Congratulations to the FBI for accelerating the destruction of pedophilia worldwide. Our thanks must also go to them for creating delicious, juicy pedo butthurt.
Liam Phillips
Thats not at all what happened. Pedos can still easily view cp whenever they want. This was a terribly executed idea that arguably did more damage to the fbi than the pedos. If anything it has solidified peoples ideas that tor is secure as they had to find a different way to get peoples ip than "breaking tor".
Dominic Green
Dark web pedos are a minority. The average internet pedo still downloads CP through open P2P networks, bare IP. They don't know or care about security. We see millions of IPs sharing CP each year and we can only afford to arrest less than 1%.
Leo Thomas
this I2P would actually even better for them because it can do P2P as well. But I really don't know what these kinds of raids are supposed to accomplished other than to serve as PR for the FBI, because it really doesn't make any difference in the long run and they probably even know that themselves.
Joseph Howard
As if this is the first time the FBI has broken the law during investigations. Look into the Weather Underground. The FBI broke so many laws gathering information against these guys, some of them got off for detonating bombs in government buildings.
Adam Davis
...
Landon Jones
The term 'pedophilia' is a plot to genocide white people. Other cultures recognize puberty as when sex isn't deviant behavior. As a result, their women have more usable fertile years, the age of first birth is lower speeding population growth, and careers don't get in the way of raising kids. Cultures terrified of pedophilia now have birth rates so low they are literally dying out and are being quickly replaced by Mohammad and his pregnant 12 year old who will end up with 10 children. They've tricked you into killing yourselves by thinking this is unnatural despite it being normal in your own cultures until just one century ago. Figure it out.
Josiah Carter
Everything's a plot to genocide white people. Mohammad never wore shoes and he bore 72 children. In white countries today, everyone wears shoes and have a negative growth rate. Support white genocide today and war your shoes.
Logan Taylor
Remember though that with customization comes less anonymization.
Weigh the pros can cons before switching browsers.
