????

Call me very confused.

That's what I seem to have gathered from the news stories and analysis of what happened.

who did the exploit? That seems unclear, with some claiming it was the US Government and others claiming it was Anonymous, which used to to expose child pornographers.

I see it as a good thing if it's helping stop the exploitation of children.

http://www.zdnet.com/inside-the-tor-exploit-7000018997/

Given the FBI arrests both here and elsewhere, it still looks as though the US Government may well be involved in this. I suppose it will remain unclear, though.

ZDnet is usually a pretty good source for technology information. Like you, I consider child pornography to be one of the very worst aspects of what the Internet has enabled. It appears that segment is a major user of TOR services.

I have noticed, too, that some articles pointing out the gloom and doom regarding TOR's problems ignore the child pornography aspect of the Darknet. It seems like there are other users of these services for nefarious purposes, and those too seem to be left out in many discussions of it.

If it's Anonymous, people seem OK with using browser exploits to send user information to some locating in Virginia. If it's the U.S. or some other government doing this, the same people aren't OK with it. And yet, it is governments who prosecute child pornography. The
Virginia connection seems to point toward the government as the entity using these browser exploits.

Additionally, the Irish government's arrest of the CEO of one of the TOR host providers and the recent FBI arrests of a large number of child pornography suspects seem to point toward a government agency as the exploit provider.

So, if this exploit is sending user information to some government agency located in Virginia (aren't they all?), it stands to reason that user information not connected to child porn also was sent there. That, apparently is the worry for some, who have no connection to child porn. Yet, the only arrests recently have been of people with some connection to child porn.

Perhaps the unnamed agency simply discarded all of the information not connected to that porn. That appears to be what the NSA says it's doing with other data collection: discarding anything not directly connected to criminal or terrorist activities.

It's all confusing, really. We definitely want to shut down the child porn distribution network. But how do we find those involved in that without surveillance of the network where it is distributed?

Look, when you talk about the 4th Amendment, you can't just leave people out. Even kiddie porn people. It covers us ALL. If the government wants to target kiddie porn producers, fine. Get a fucking warrant. But don't, wholesale, scoop up everybody's communications.

And, also, REALLY? REALLY? Terra, terra, terra didn't work, so now they gotta spy on everybody, because of kiddie porn? Give me a break.

NO, you DON'T have my permission to spy on me because you're trying to catch people with kiddie porn.

The govt.

They can be assured any method of communication meant to be secret will have child porn and other low life's using it, in addition to people who simply don't want to be spied on by the government.

Terrorism, drugs, and child porn are the magic words that give them control of it all and they will use it to its fullest extent.

How would they investigate that without accessing information concealed by TOR communications? See, that's the issue. Child Porn is largely distributed by such networks, so finding who is doing that involves surveillance of those networks. That's the dilemma, isn't it?

That's where the BS lies. They say they need to know everything to get a few. That's exactly what the constitution protects us from.

The entire Darknet seems prone to illegality of all kinds, from what I'm learning through researching it. Not just child porn, but other types of criminal activity seem to rely on the TOR network for communications. Since I have never used TOR nor am I interested in exploring that part of the system, I don't know what is going on there, except from what is written about it.

If, in fact, there is criminal activity occurring, though, that would be of legitimate interest by the FBI, I would think. Are people using TOR for other reasons that have nothing to do with criminal behavior being harassed or otherwise interfered with by government agencies? I don't think that's clear at all, so far.

I don't assume anything. I'm looking at what is being written about this by sources I trust to simply explain it, instead of projecting onto it. If you have some reliable sources of actual information I can check out, links would be appreciated.

Here's a starting point:

http://en.wikipedia.org/wiki/Darknet_(file_sharing)

Google can supply more information with a search on TOR or Darknet. It's all kind of ugly, in many ways, but also has innocent uses. As I said, I'm still learning about it, so I'm probably not the best one to write a plain-english explanation.

I don't like being spied on by the government. Why shouldn't I be able to use it without them infecting my computer with viruses? Is it even legal to do that?

I don't know the legalities, frankly. That would depend on many things. A court order allowing the FBI, for example, to use tracking software in an investigation might include safeguards that prevented any information not specifically related to some criminal activity from being retained. In fact, I'd expect such restrictions to be included.

If you're using TOR for purposes having nothing to do with any criminal activity, your information could not be used to prosecute you for something you had not done, under such restrictions. So, yes, I suppose the FBI could do that legally, if they could convince a court that safeguards were in place. Law enforcement agencies are often so restricted in warrants, etc.

What FISA warrant is that covered under? That's scary!!!

If they ever used it they legally would be obligated to inform the defendant and then that could be challenged. If they intend to hide it they are in violation of the constitution.

This may be another legal can of worms.

The FBI gets its warrants and court orders through the federal court system, and it would be the FBI that was the lead agency on investigations of child pornography, so they wouldn't be using FISA at all, in all likelihood.

Probably the authorization of inserting tracking software would be similar to requesting wiretaps. People whose phones are wiretapped are not informed in advance of those wiretaps, for obvious reasons. Neither would people who had tracking software put on their computers be informed of that.

But, with the appropriate court order or warrant, I'm sure it would fall under the same sort of regulations and laws that deal with wiretaps. But I don't know the actual federal laws involved.

Supposedly for terrorism and foreign intelligence purposes. But it doesn't stay in the foreign domain. That is the scandal exactly.

Blanket warrants are only available through the unreviewed rulings of the FISA court.

A mass release of a tracking virus can't be achieved in the regular system or we would be able to see it, right?

Or it could be completely illegal.

Fruit of the poisoned tree. Maybe they would have to let ALL of them off.

Reliable Link?

You must have seen the Verizon warrant?

Or that blanket warrants are illegal? Read the constitution...there are standards for how warrants are issued based on probable cause.

This is exactly the interpretation of the FISA law that is classified, that the ACLU and EFF and Wyden want released so it can be reviewed for constitutionality.

http://m.huffpost.com/us/entry/866920

Of course I just said that. And it was not equivalent to your paraphrase.

So, if I wrote something, there's no need to ask me if I wrote it. It's there to read.

And, yes, it's the equivalent.

The "WE MUST PROTECT THE CHILDREN" rallying cry is right up there with "WE MUST STOP THE (insert villain here: terrorists, drug dealers, homoseckshuls) FROM RUINING OUR WAY OF LIFE!!!"

It's all scare porn, designed to entice you to give up your rights.

One doesn't have to do any decrypting to find darknet sites and see what they contain.

Breaking encryption to trace back who is accessing the sites is the only questionable part. Do they try and trace all communication on the web or do they only target illegal activity? We know in reality they access everything on the normal web but breaking encryption takes time, so I think regarding the darknet they more carefully target, which is why people use it. Unless they are doing something terribly illegal , their communication is probably safe.

warrant obtained by the FBI or whoever was doing this. Such restrictions are common in normal search warrants. As you say, careful targeting would be needed to limit the scope of such an investigation, simply for cost-effectiveness.

even to ferret out such heinous criminals as child pornographers. It's stomping hard on the constitution. Scooping up everyone's data on that network to find the criminals is the equivalent of LE picking the locks to every house on the network, going into every computer and electronic device in the houses and downloading the data to store, all without leaving a trace so the homeowners never even know LE was there. And then, when you're arrested because a house guest accessed a child porn site on your desktop, you can't defend yourself adequately because LE hid the trail of how they got the misleading evidence, and recreated a false trail of evidence-acquisition instead.

We can't as a society allow LE or any government agency to do this in the name of apprehending the worst among us, because it makes suspects of all of us and we're then all guilty until proven innocent.

I know you're really looking for info on TOR communications, but you did ask...

I don't know any such thing. The FBI, for example, is really picky about following rules about warrants, so I doubt they'd compromise their investigation of the use of TOR for distribution of child pornography by not following the legal channels. You may disagree, but there are going to be criminal cases that result from this, and that question will certainly be raised by the defense attorneys.

The assumption that warrants were not obtained is not supported by any factual information.

Given the number of child porn arrests just recently is really interesting, given the current news.

"FBI Sting Rescues 105 Kids, Nabs 159 Pimps—But What About the Johns?"
http://www.thedailybeast.com/articles/2013/07/30/fbi-sting-rescues-105-kids-nabs-159-pimps-but-what-about-the-johns.html

"Guilty: Man had 2,297 child porn images"

Because when Joe Blow is suspected of mail fraud, they gotta open every fucking piece of mail in every post office in the entire country!

Ever heard of WARRANTS?

Good grief.

didn't exist. Have you? If so, please provide a link and I'll go look at it. My assumption is that warrants did exist. If this was the FBI doing the investigation, I'm almost positive that there were warrants. If you have other information, I'll check it out.

They BROKE into the system, MineralMan. Does a warrant allow them to do that? I think not. A warrant demands the information, pure and simple. They can use a warrant to get the information on those they think are engaging in kiddie porn. They don't need to exploit the system's weaknesses.
Geez. This is unbelievable, the links that people will go to, to justify this kind of shit.

People implying he was resisting warrants. But all email providers have to comply with warrants, that's old news, and that's not what he said (or rather implied, because he was gagged)

"It wasn't about protecting a single user, but protecting the privacy of all my users."

http://www.theverge.com/2013/8/10/4608664/lavabit-founder-closed-his-secure-email-service-to-protect-the

One of the reasons, theories I've seen tossed around, is that by shutting down some of these hidden services that deal with illegal activities (ie. drugs), is to hamper, destabilize the use and value of Bitcoins
(can't have untraceable currency you know).

And honestly speaking... I'd wager that drug traffickers, dealers and buyers are Bitcoins greatest admirers and users.

It probably wasn't the primary reason for attacking a good deal of the hidden services; it was more of a
secondary purpose or unintended consequence.

and Glen Greenwald is a right-wng fanatic.

Is there any pattern here at all? Hmmmmm, one wonders. One also wonders where it is all coming from, and I really don't think we can blame FOX News for this one.

I think this is something that can be discussed, based on available information. I'm not that interested in suppositions and accusations. Just information, which is why I posted a request for information from people who are following this more closely and in more depth than I can muster.

Your post adds no information to the discussion. If you can add something that can be discussed, that would be great!

you ASSUME that they had a warrant to exploit the system and look at everybody's shit.

Yeah, right.

is pretty good. I'm not assuming that they're doing anything different now. And the FBI is the organization that interests itself in child pornography investigations, which appear to be the thing they were looking for on TOR. I have no difficulty in believing that a court would issue a warrant for that purpose.

They get warrants for wiretaps all the time, and then use whatever technology is required to do the wiretapping. That's certainly changed over time. In the case of TOR encrypted communications, the technology would be to place tracking software on people's computers. So, a warrant? Sure, why not.

My assumptions are based on history and practice. What are yours based on? You think that the techniques are wrong or illegal. I'm pretty sure you'll find that they are legal when used under a warrant or court order. There's a very complex set of laws dealing with high-tech communications and new technology. I haven't read those laws, and don't have time to do that anyway.

I do know that there has been an upswing in child porn arrests lately, some on a high level. That's where I'm getting the idea that the FBI is involved with this investigation. More than that, I don't know, and I didn't know anything about TOR until this came up. Now, I'm learning about it.

Geez.

I find propaganda techniques fascinating, especially the techniques of professionals, who are very skilled in the use of these techniques.

Unfortunately, many have difficulty seeing the man behind the curtain when it comes to perceiving the genuine motivations behind a clever propaganda post. These types of posts are like weaselspeak - they appear to say one thing, but in reality mean something else. The purpose of the propagandist is to subtly influence the subconscious of the unwitting victim of the propaganda to move in the direction the propagandist wishes.

Subtly and insidiously using the techniques of negative Name Calling, and Transfer such as in the examples you illustrated, "child porn", "pole dancer", "right wing fanatic" when accompanied by a reasonably coherent but insidious argument, is an attempt to influence the reader by attaching a negative feeling to the primary target reason for the propaganda in the subconscious of the reader.

An example would be associating something like the validity of NSA blanket spying or illegal activities by/for corporations/government with stopping child pornography in order to make the illegal spying and authoritarian activities more justifiable to the gullible reader.

This type of propagandist willgenerally post consistently on a variety of subjects, but when analyzed, the subjects can be found to be related to a common target theme, such as the aforementioned promotion of the justification for illegal authoritarian activities by corporations/government.

“If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State.” ~ Goebbels

The web is a bunch of small computers hosting content using web addresses. Search engines methodically go through the possible web addresses and look to see what content they have by categorizing the various words they find at each address. When you use a search engine to look for some keyword the engine returns a list of addresses where it found that word.

Now Google got popular because they found a way of sorting the websites that matched your keyword so that the top of their results were usually exactly what you were looking for rather than just a random list.

Google used to index all possible sites and rank them by number of people who chose that result. As it became a true business it started censoring out things that it found distasteful or thought it would get flak for from the govt. So now if you google "game of thrones" you will get a bunch of sites that talk about the show but you will have to really struggle to find a site that has a free download. If google didn't censor its results then a free download site would be at the top of the list based on popularity alone but google doesn't want to deal with the hassle of discussing copyright law and its part in providing links to help people violate it--so it censors that data.

Similarly, they don't return results for illegal porn. Google is not going to make it easy to deal drugs over the net either. So sites that promote this activity don't bother worrying about whether a search engine will provide links to their site and just put up their site anyway. Now, I don't know how people find these sites that aren't indexed by google, perhaps its word of mouth or some forum that discusses the matter? As far as I can tell the darknet does not have a search engine that catalogs the available sites. Generally these sites have a .onion extension rather than .com, .org, .net extension. I believe you have to use Tor and the Onion browser to get to these sites.

As far as I can tell most of the darknet is about a marketplace for drugs. Illegal porn is part of it but that has to be a smaller part than the profitable drug trade. Ordering pot off the internet certainly has its appeal. "Dissidents" can use the darknet as well. Instead of sending an email you create a random website like 3cj775lp8.onion to post or receive information. A search engine won't index that site. So the only people who will know it is there are the people you personally give the address. Giving you a relatively "secure" or obscure way of communicating.

BTW, the darknet is not very big. Probably 10's of thousands of sites. Only a few are visited by more than a dozen people.

learned through my own research. I won't be accessing the actual darknet, though. It sounds like a good place to avoid. I'm allergic to malware and viruses.

that, and of the government using that to interfere with legitimate use of this hidden part of the Internet? I'll read links, if they're from reasonably reliable sources.

Further, if it is the government doing this surveillance, can you suggest some other way they might investigate child pornography and other criminal activity taking place using TOR and other such services?

But, I recognize the connection. My questions still remain unanswered, regarding other methods that might be used to find the kiddie porn and other criminal activity taking place on these encrypted services. Do you have answers for that?

I consider stopping child pornography to be an extremely high priority mission. The rights of children all over the world are involved, it seems. How would the FBI, for example track down the child pornography network without using some tool similar to what was used. Apparently the effort has paid off already, given the news of arrests and shutdowns.

If you can suggest another method of finding people hosting and supplying child pornography on the Darknet, I'm open to hearing them. But, child pornography is an extremely important issue that affects the right so children not to be exploited. So, let's hear your ideas for stopping that.

More parallel construction? Violations of the 4th, 5th and 6th amendments?

All they do is turn everything into the fruit of the poisoned tree.

business (particularly Show); military; church; royalty; charities; etc.

Jimmy Savile and the highest levels of the UK. http://21stcenturywire.com/2012/11/24/the-prince-and-the-pedophile-what-are-charles-connections-to-jimmy-savile-obe/

http://www.cuttingthroughthematrix.com/articles/Partial_List_of_Convicted_British_Paedo_Politicians.html

http://hat4uk.wordpress.com/2012/11/21/lord-mandelson-prince-andrew-shaun-woodward-and-convicted-paedophile-pimp-jeffrey-epstein/

The Franklin Pedophilia scandal and the Bush 41 WH. http://educate-yourself.org/cn/franklincoverupexcerpt.shtml

Jerry Sandusky, the Second-Mile, and Penn State (Big 10).

The Dutroux Scandal and the Belgian govt. http://en.wikipedia.org/wiki/Marc_Dutroux#Allegations_of_Massive_Cover-Up

Etc.

I'd like to know what is really going on with this TOR activity by the govt.

I've always assumed that the government has had backdoors into most things, for use when they want to use them. I would be surprised if they didn't have methods to investigate TOR activity, along with other "private" services.

That's the world we live in, I think.

So you download it to a USB flash drive and run off that, independent of your hard drive. I'm sure malware is a problem but you can always just reload the USB and get a fresh start.

I forgot to mention that I am sure the NSA catalogs all available darknet sites. It knows who is dealing in what. But because Tor encrypts all communication between visitor and site it takes even the NSA's powerful computers quite a while to trace back to actual IP's. That is why these "busts" take so long to happen. It seems the FBI is rightly concentrating its resources on disgusting exploitative porn rather than going after some pot dealers.

is doing this investigation. And you're correct. It does seem as though they're targeting child porn distributors primarily. That seems like a good thing to prioritize, and the methods required for access to the darknet seem to require some sneaky stuff. That's sort of by definition, if I'm understanding this correctly.

There are apparently other organized criminal activities that use this hidden network for communications, as well. I'm thinking that they're reconsidering their methods after this has become known. That's a good thing, too.

Thanks for adding information to the discussion.

They just set up a web crawler like google does. They find all the available sites easily. They can go after the owners of these sites immediately. Building a case against the users of these sites is what takes time and resources. There they have to decrypt the communications to trace things back and then prove that the users were intentionally participating in illegal activity. Whether that decryption is legal or not is the only question. I, personally, don't have the expectation of privacy on the internet. So, I could encrypt something if I wanted to make it harder for the government to read my communications but don't really think they would be breaking any law if they decided to spend the time decrypting it. Perhaps we need such a law but I don't think it exists now.

Websites on it aren't really any harder to access than any other. They simply aren't indexed by search engines etc. To access the darknet under discussion really requires nothing more than the TOR software. Mind you, a "darknet" is a type of network, not really a specific one. The darknet we are talking about here is simply the one that requires the TOR client to access. There are many other private networks that require some form of user authentication to access, unlike the internet as most people think of it.

Humans generally have trouble remembering the strings of digits known as IP (Internet Protocol) addresses which are often shown in the form of 4 sets of up to three digits each such as 123.201.132.123 (none of the digits can be higher than 255), so we use what's called the Domain Name System (DNS) to resolve the human-readable addresses (such as www.mcdonalds.com) into that computer-usable IP address. There is a massive amount of routing that goes on in the background, too. The routing ensures that you get to the desired destination in the smallest (or fastest) number of hops possible (usually).

Since there are only a finite number of IP addresses 256^4 in the traditional IPv4 addressing mode, most of the original IP addresses have another mechanism behind them call Network Address Translation (NAT). NAT enables a large number of computers and servers to be hidden behind a single IP address (theoretically 255^4 again, but there are additional limitations).

IPv6 (Internet Protocol version 6) extends the total set of addresses to more than there are molecules in the universe since we've run out of IPv4 addresses already. IPv6 addresses are generally shown as 8 sets of digits, separated by colons instead of periods to differentiate them. The sets are up to 128-bits (binary digits) long (rather than only 32-bits long in IPv4), which means we now have a greatly expanded address-space to work from. NAT is theoretically unnecessary with IPv6, but there are still good reasons to use it: to hide corporate assets from the general network, for instance.

The other method of addressing the darknet assets, therefore, is to navigate to a specific publicly known address and then use that node's DNS translation tables to access an 'internal' or otherwise different destination than the normal public DNS would supply. An analogy would be going to a UPS store and leaving mail for box 103. If you go the UPS store on Main Street instead of 1st street, you get the wrong destination. Each of the Box 103s might have its own routing to room 523 within their respective destinations. The darknet sites have deliberately altered DNS tables to send you to a different place. (This all works seamlessly because every network card has a unique network address as well as its IP address. There would be absolute chaos if network cards started showing up with non-unique addresses, and lots of "Duplicate address on network" errors which generally cause the card to be shut down until the duplication can be removed).

Occasionally the so-called "poisoned" DNS tables manage to escape their intended spheres of influence, but that's a different story. Most of the legitimate industry is migrating to a method called DNSSec which precludes propagation of poisoned tables.



Reference: http://en.wikipedia.org/wiki/IPv6_address

This human is having trouble deciphering the string of words in your explanation.

Thanks for the details, I'll try to digest this info.

that utilizes whatever technology is available. Digging it out for prosecutions probably has had to change dramatically over time.

That's the problem I have here. Upthread you ask another poster what their solution would be to battle child pornography. That to me misses the point utterly. It is not his job, nor mine, nor yours, to solve that issue. Nor should it be. The point is that while we may all acknowledge that the goal of the authorities is a noble one, that does not EVER justify methods which violate the rights of the innocent. This is one of the basics principles upon which our justice system is founded.

It doesn't matter if they "meant well", or that the information gathered is being used to fight a public scourge like CP, or indeed terrorism. Violating people's civil rights is anathema to me, and if the NSA or another federal agencies is responsible for this exploit that is precisely what they have done.

Kudos.

porn exchanges, etc.

It is also a haven for endangered political dissidents.

It wasn't really something I've looked into before. I'm still learning as much as I can without actually accessing it. I'm just not interested enough to go there.

In reality, it's just one big honeypot.

Creepier...by the day.

I'm not sure what you are implying, but I can guarantee you're wrong if you think I have any reason to squirm. You've made similar implications at other times, directed at me. If you have an issue with me, address it directly in public, right here. I'll be happy to respond. I have nothing to hide from anyone. So, there's your opportunity. Take it if you wish.

Have a nice day. I am.

Gives me the creeps, too.

And to say that this is about child porn? Unbelievable.

I'm not engaged in the kinds of illicit activity that users of services like Lavabit and Darknet are typically engaged in.

My @yahoo.com is my only email account. It's too confusing to have more than one. When I've had .com websites, I never used the available email addresses that were provided. In one case, I couldn't opt out of it, and people started sending mail to addresses like info@website.com. What I did was go into the mail host there and set up a global way to delete all email sent to any address at website.com. Worked beautifully. The links at my websites went to my yahoo.com email, where I've very much enjoyed Yahoo's excellent spam filter, and now only see mail I want to see, except for stuff I instantly add to the spam filter. I've had the Yahoo account since the beginning of their offering the service. Before that, I used a Compuserve email address.

But use my ISP's address for shopping and business. I don't really think yahoo mail is secure enough to trust with personal financial information.

Although they'll be sorely disappointed when they learn they won't get shit with my credit.

actually the place where the transaction takes place. Never anywhere else. When they communicate with me, though, they do so through my Yahoo mail. Legitimate businesses never send any sensitive information in emails, and I never communicate with any business where I'm providing information via email. Only on their secure SSL site.

But I remember Gmail used to "mine" your emails for keywords and then target advertising toward you. So you order a pregnancy test online and then suddenly you are getting offers for a great price on diapers or perhaps personal lubricant. Too much information about your personal life getting out there.

I don't pay any attention to it, and I use Google, logged in, all the time. My browser is Chrome, and I'm logged into Google whenever I'm using it. I just don't care and pay no attention to Google's advertising.

You don't pay attention to the fact that google knows a heck of a lot about you. If for some reason the government became interested in you they could get all that information from google. You might say, "who cares-- haven't done anything wrong" but in the hands of a malicious prosecutor that benign information could be cherry-picked and twisted to make you out to be a despicable person. The time after the Boston bombings where you looked up "pressure cooker bombs" or the time during the Casey Anthony trial you looked up "chloroform". Suddenly, you are a date rapist, who wants to blow something up!

It sounds ridiculous but the possibility is there. It only takes one person in power with bad intent to make something like that the new normal.

a teenager, "Live your life as though someone was watching everything you do."

It was good advice, and I've followed it pretty closely. I'm not concerned, truly. My father, whose health is deteriorating these days, is a very wise man.

This guy was only providing a secure email service. He chose to close down rather than turn over data. If he actually decides to fight for his right to provide a secure email service, wait and see how he is slandered. The government will find some heinous email distributed on his network and paint him as the most despicable type of human being imaginable. He didn't write the email, he didn't know about its contents but they will portray him as if he did. They will charge him under some broad scope law with "enabling" some type of illegal activity. What one would call malicious prosecution. It happens all the time.

just feel special using an e-mail service that they feel can't be accessed by the government. They'd be just fine with a Gmail or Yahoo account.

And they are inadvertently providing cover for the users that use those services to proliferate things like child pornography, stolen identities, etc.

These types of shady people are good at playing the victim when services they use to conduct criminal activity are jeopardized.

On the very few occasions where I needed to deal with encrypted stuff, I've used PSP to encrypt the information, put it on a thumbdrive and FedExed it to the client. I have a separate PC I use whenever I'm working on client jobs. It's not connected to any network at all, and its monitor is right next to my other one. When I need to transfer data to and from it, it goes on a thumbdrive, of which I have far more than I need. Each thumbdrive is dedicated to a separate client or contract. It helps me keep things separate and provides an automatic backup for large projects.

But I almost never need encryption for anything, although a few of my clients have insisted on encryption, usually for weirdness' sake, I think. Those clients also have those bizarre disclaimers at the bottom of every email. They're also universally slow-paying, so I don't prefer them.

But long before any of the Prism, XKeyscore, NSA leaks came out I concluded that an encrypted stream of traffic coming out of the IP address I've had for years would only bring more attention to me.

My first, first, thought was: "Cool, anonymous surfing...", "How do they do that?", "Let me read up on this."

But then when I went to use the web from within TOR I got IP Address allocation from all over the place. Google is different in different countries. And, many sites in the US cannot be accessed by foreign IP's.

My further thoughts were that if people need TOR for dissent or political reasons, I should not be hogging up bandwidth because of mere curiosity. And like I stated previously I always thought that traffic was being, if not real time monitored, at least definitely logged in a database somewhere.

And, I'm sure an encrypted stream of traffic coming out of my IP Address is more like a flare signal. Who wouldn't want to look at what's being hidden. What is he trying to hide?

Why bring extra scrutiny to myself?

I've never really believed that total anonymity could be achieved on the internet. Any laptop, tablet, PC, or NIC enabled device, has two identifiers: A MAC Address and an IP Address. Both are most likely paid for by credit card.

So I'm thinking: "Meh, why bother..." But I am fascinated by the whole process. I just don't think it really is completely anonymous. It is all about just making it more difficult to find. Obscured is not invisible.

As far as Darknet goes... Nah... I have no reason to go there.

but I'd load it on one browser window and do my own surfing on another for the reasons you cited. It was clumsy beyond belief, although it was mildly amusing to get all the advertising in Dutch or Korean.

It also made my computer slow, which is why I dumped it ASAP.

was unintentionally responsible for the hack to take place.

My further thoughts were that if people need TOR for dissent or political reasons, I should not be hogging up bandwidth because of mere curiosity.

Actually, that's the opposite of what the founders and creators of TOR had in mind.

By using the software and network, you're contributing to it's usefulness by providing a route/node for other users.

The reason this 'exploit' worked, was because of a simple flaw in the TBB/Firefox ESR, and that was, the browser came with "Enable Java Script" set by default.

If a user disabled the setting, their machine and identity was not comprised (at least that's what we're being told). Users and members of the TOR community are somewhat upset and mystified as to why the developers chose to purposely configure (enabling Java Script as the default setting), the Firefox ESR so that anonymity could be compromised.

The reason for doing so was a common one... making it as user friendly and less intimidating as possible. The more users... the more nodes.

And, I do not want any of that stuff being transported, even if it is encrypted, through a node on my computer.

An age old problem that predates and goes waaaaay beyond the internet.

As soon as someone comes up with a great idea, invention, policy, etc, it's only a matter of time before someone fucks it up/ruins it for everyone else.

When was the last time you saw anybody wearing a 'tooth-brush mustache'?
Probably never.
Why?
Because one guy had to come along and fuck it up for everyone else!

Yeah... and now this post is getting to difficult to load.

Does anyone else get this problem?

I am using FF 22 with NoScript on Win7 and when a post gets over a certain number of responses it only loads half of the comments for me.

Anyone else?

And that device can be identified, one way or another. Putting obstacles in the way of that identification might slow things down, but you're still using that device.

There is no privacy on the Internet. No anonymity, either, really. It's an illusion that many believe is real.

What's the answer? Just use the Internet while being aware of the fact that you're not anonymous or hidden. It's simple.

And, as you say, encryption might hide the stuff you're communicating, but it certainly doesn't hide the fact that you're communicating something you don't want others to see. Given the current state of technology, I wouldn't trust any publicly available encryption methods, even if I ever communicated anything I didn't want others to see. I don't, though, so it's irrelevant to me.

Just don't buy them anywhere near security cameras...
Or use public wifi...

But, even if you do have truly anonymous equipment, where would you access the internet?

And, who around you has that expertise?

<~~~ LOL!

So, I don't have to do anything at all, except pay my cable bill, of course. They're the ones who give me an IP address, after all.

There's even warnings about it when you install the software: given enough smurfs, a dedicated attacker could take over the network. And given insecure client nodes, that could lead to compromises of users' computers.

My thinking might be muddled by just enough information without a full understanding of the underlying technology. But I never thought TOR was as secure as advertised. Insecure client nodes are something I've always considered a major liability to the system.

They didn't for years as long as it was useful to hide their own exploits. I'm glad the kiddie porn people are being shut down first.

A lot of people opposing their governments switched to Haystack three years ago. I'm probably way behind the curve on that one and there is undoubtedly something even newer out there.

I'm more concerned with corporate snooping at the present. I still use Google most of the time, but supposedly DuckDuckGo is an anonymous search. Ghostery has done a great job of getting rid of a lot of advertiser snooping. I've never bothered with encrypted email servers, I've always assumed email is insecure and have acted accordingly.

http://en.wikipedia.org/wiki/Haystack_%28software%29

Lots of people aren't, I guess.

That isn't information that helps anyone understand how this all works, though, is it?

Those service provide anonymous www access and/or encrypted data services, that's the second part.

That's what I'm looking for, and I appreciate your posting of the links!

On Edit: I see that I had already read the second two links. The first link is one I can't access, though, since I don't have TOR access. Thanks, anyhow.

It Is also available on the open Internet at this link.

http://billstclair.com/matrix/ar01s02.html

Snip ...

So then, what is it? Well, that's complicated. Much like in the movie, it's nearly impossible to convey the size and scope of the Matrix to someone who doesn't already see it for what it is. However, unlike the movie, I believe it is an ethical imperative to try to convey it in a literal sense, even to those who are so dependent upon the Matrix that they would fight to protect it. At worst, they won't understand or believe and will continue on about their business. In a sense, I believe Cypher was right to resent Morpheus for what he did, because Morpheus engaged in flat out trickery and deception to free people.

But I digress. The Matrix is the social structure that subordinates Humanity to its will. It is the machinery of society that exists solely to perpetuate itself, its influence, and its power independent of any human need. It insulates us from each other and ourselves through deception, and essentially transforms us into servile engines of economic and political output (power). The machines that live off this power are institutions: large corporations, governments, schools, religious institutions, and even non-profit orgs. Every institution will reach a point in its existence where its primary function becomes self-preservation and perpetuation, instead of serving human need. At this point it becomes a machine of the Matrix. For example, when they become machines, governments cease to serve people and instead seek to extend their power over them; corporations prioritize increasing shareholder value over producing quality products or otherwise serving the public good; schools view students as a means and not an end; religions equate membership with salvation (and actively oppose other teachings and even independent practice); and non-profits and charities spend more budget on fund raising activity than on their original focus. Inevitably all large institutions eventually become machines. They become too big for Humanity.

In addition to the independent self-perpetuating machines that write most of our paychecks, the Matrix has several major cooperative and more actively sinister groups of machines subsisting off of its power and directly contributing to the structure of the Matrix itself. These groups are the Military Industrial Complex, the Political Industrial Complex, the Prison Industrial Complex, the Surveillance Industrial Complex, the Media Industrial Complex, the Academic Industrial Complex, the Agricultural Industrial Complex, the Medical Industrial Complex and the major organized religions. All machines in these groups either actively oppress humanity, or enable the oppression to persist. It is through their combined efforts that the Matrix takes on some of its more distasteful qualities.

Snip ...

I think it's accurate to say any "bad guy" with a brain and even low level technical sophistication has to know by now that the USA government is surveilling them, even with Tor, Darknet, encryption, etc etc. My recollection is Usama bin Laden was using sneakernet and it was the courier's cell phone call that gave him away ?

It's really sad that a desire for legitimate privacy is now conflated with being a bad guy. I suppose it always has been, in some minds. I fooled around with Tor a few years ago, and it's just too damn slow to use for web browsing. Hi Analyst Mike of NSA !

eom