HAHAHA TOR BTFO

archive.is/4YXuI#selection-2114.0-2114.1

HAHAHHAHAHAHAHHAHAHAHAHHA

Other urls found in this thread:

127.0.0.1/zz/Unprecedented-Mass-Surveillance.html
thedailybeast.com/articles/2017/03/23/the-slip-up-that-caught-the-jewish-center-bomb-caller.html
archive.fo/tXONX
nakedsecurity.sophos.com/2016/09/07/can-you-trust-tors-hidden-service-directories/
nakedsecurity.sophos.com/2016/07/26/honey-onions-probe-the-tor-dark-webt-at-least-3-of-dark-web-nodes-are-rogues/
twitter.com/NSFWRedditVideo

if tor is btfo, why do ghcq slides show that they have struggle with deanonizing tor users?

Source?

This says that a Tor user got caught. It doesn't say that they got caught because of a flaw in Tor. It does say that Tor made it a lot harder to catch them.

Fucking up can be your own fault. Tor can't stop you from accidentally revealing your public e-mail address, for example.

dont shit where you sleep, anons
at least when you're making threats

I don't see why using neighbors wireless is a security risk?

...

kek

see this


This

if you aren't a total noid, you will have a million holes in your bucket, leaking side channel info about you.
even if you are noided out, it's just a bad idea since no one has perfect opsec.

if you want me to list all the side channels, fuck you, knock your two remaining neurons together to think about it.

Damn it Jews

...

This.

What the actual fuck

...

Thousands of pedos were deanonymised with the browser exploit on Playpen

Hundreds of pedos were identfied when Austrailia's Task Force Argos took over The Love Zone (TLZ) and posed as the admin, Shannon McCoole.

Dozens of pedos were identifed in the 2012 Operation Torpedo

Hundreds of drug dealers from various Tor markets have been arrested.

All of these were because they turned javascript or something else on.
Literally all their fault.

You can still run javascript and not worry, you just need to make sure the VM your browser is running on cant reach the internet.

In the TLZ operation, Task Force Argos used media player exploits to phone home and deanonymise pedos. They also did a lot of traditional investigations. The admin of The Love Zone was busted because of his unusual greeting, "hiyas".

In the TLZ operation, Task Force Argos used media player exploits to phone home and deanonymise pedos. They also did a lot of traditional investigations. The admin of The Love Zone was busted because of his unusual greeting, "hiyas".

Why are you so willing to trust some piece of code you didn't even design and write yourself, when a single bug can be used to exploit you, or identify you, or whatever the case may be. Do you think that somehow the people who write VM are incapable of error? Or that there's no way to get around VM?

Why are you even using a computer then?

>>>/g/
also, tor users can't even see whatever you're linking to (which from the comments here sounds like nothing). fucking moron. it's like if I made this post:
HAHAHAHA CLEARNET CUCKS BTFO
127.0.0.1/zz/Unprecedented-Mass-Surveillance.html

Go away CIA.

Isn't that their end goal? The people that have really good opsec (agents, the police) will know how to use it correctly, while the average idiots (pedos, drug users) will eventually fuck up and get caught?

Ross Ulrich was deanonimized because of poor compartimentization (forum posts + Stack Overflow post + email address); before that, DPR's identity was a mistery to the FBI.

Of course, these degenerates are experts on opsec.

that's because they always insist on using tracked postage. to catch them they just order something from them then get the tracking info from the post company. then order something else and stake out the post boxes in the area where the last order was posted from.

thedailybeast.com/articles/2017/03/23/the-slip-up-that-caught-the-jewish-center-bomb-caller.html

archive.fo/tXONX

"On at least one occasion, he neglected to route his Internet connection through a proxy server, leaving behind a real IP address in the server logs. The address was in Israel, where police traced it to a WiFi access point that Kaydar was allegedly accessing through a giant antenna pointed out a window in his home"

He probably wouldn't have been caught if a giant antenna wasn't poking out his window, even with the IP fuck up.

They had access to the router, you can use special tools to find the physical location of computers connected to it.

the antenna

You'd have to triangulate to pinpoint the source. Reception on one device isn't enough. With two it can be done, but three or more is much more precise.
Maybe they could get his MAC address, or anything special his DHCP client left as a fingerprint, but they'd still need a way to figure out who that hardware belongs to. Not so easy if the machine in question was paid for in cash (or otherwise untraceable), dedicated to only "underground" activities, and was configured to set random MAC in bootup scripts.

Those are from like 2011

nakedsecurity.sophos.com/2016/09/07/can-you-trust-tors-hidden-service-directories/

nakedsecurity.sophos.com/2016/07/26/honey-onions-probe-the-tor-dark-webt-at-least-3-of-dark-web-nodes-are-rogues/

tl:dr dont know why those idiots were just using tor anyway

Enumerating hidden services with malicous HSDir relays has nothing to do with most users, unless you are trying to keep the link to your hidden service secret. This is being fixed in the next generation hidden services which is being work on right now.

If you run a hidden service at the moment, you can use HidServAuth and HiddenServiceAuthorizeClient to keep unathorized people from connecting to your HS.

mmm. if you read the whole articles it talks about setting up inproxies and hsdir relays, correlating the traffic to get users real IPs over a span of 3 - 6 months.

Correlation attacks using HSDir relays is probably the easiest to do since they are the cheapest relays to run. Running many HSDir with 1 or 2 colluding high probability entry guard will eventually get someone doing a HS lookup in one circuit.

The problem is, it would result in a very high number of false positives without something like the RELAY_EARLY tagging exploit the FBI used. HSDir lookups use a very small amount of traffic then it builds a new circuit to the rendezvous point.

Anyway, this is being fixed anyway, hidden services were always tacked on and an after thought. Tor is finally spending development time on them.

what is that?

Researchers at Carnegie Mellon were trying to do correlation attacks with entry guards and HSDir relays against the live network and had problems with false positives, so they found a vulnerability in RELAY_EARLY cells which allowed them to embed a random identifier and have it come out the same on the other end. Then you can do a 100% positive correlation attack. This was fixed.

The FBI funded then subpoenaed the research to deanon some hidden services and users.

tOR a shit, it can't even keep people from accidentally not using it.

i've never seen a more made up dichotomy

go back to reddit or stack exchange or wherever you idiots who think this is a real problem come from