Did Police Break Tor?

[espe0n]

i was looking at some articles, and i ended up watching a video of mental outlaw talking about TOR nodes, and i'm wondering how secure you think tor can be and if you think tor can become insecure (or more insecure) over time?

 

[Infernolord]

Young padawan, you have much to learn.)

'Re: About Xen: maybe a reiterative question but ..' - MARC

Yes! You can't get very far without understanding the underlying principles.

 

[BlackedOut]

i was looking at some articles, and i ended up watching a video of mental outlaw talking about TOR nodes, and i'm wondering how secure you think tor can be and if you think tor can become insecure (or more insecure) over time?

they have been hitting it HARD sense covid - Operation DIStor

 

[Zavik]

I will have a lot to learn, I do all my activities through a raspberry pi using docker containers where I can spin up virtual browser or terminal, and when am done I destroy everything, hopefully leave no traces of what I have done.

The pi is of cause encrypted.

 

[bbi34yy]

Anyone who is trying to mess with my lovely TOR should get severe diarrhea while stuck in a traffic jam

 

[steaIth]

Тор сам по себе не ломаем, его можно деградировать, если разместить кучу узлов, но пока хотя бы 1 настоящий узел остается, он не сломан. Это не значит, что он идеален, например, если ты используешь его в Вашингтоне, все узлы будут узлами ФБР, потому что они их размещают, все зависит от того, где ты находишься и от текущего состояния узлов

 

[kasm]

They did not break TOR, they did a timing analysis on a user using an outdated version of the Ricochat Messenger (which was not using Vanguards).
With CWTCH, it would probably be not possible.

 

[wunder]

The only story I have heard about tor being broken is that FBI owns majority of the tor nodes allowing them possible to possible de-anonymous user. If that was honestly true, a lot more pedo would be caught using TOR.

 

[pwncat89]

Tor was designed by the U.S. Dept. of the Navy.

yeah and supported by tons of different US organisations

The mission of The U.S. Department of State is to protect and promote U.S. security

...and main point: everytime then u read about that some software has a bit "US security" in it -> consider that shit backdoored as a fuck.
[to everyone] tern on brain for a second: how much tor node online? 10-15k? here on forum has people which has botnet more bigger then that, 15k IPs can afford even local police department in USA

 

[Sec13B]

Create own tor server
Source : Tor Zireael

1.Upgrading the server
apt update
apt upgrade

2. Install apt-transport-https (needed to download packages over HTTPS)
apt install dirmngr apt-transport-https

3. Adding keys to verify the authenticity of Tor repository packages
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

4 We find out the code name of our distribution, put it in the source and add it to the Tor repository sources
lsb_release -a
nano /etc/apt/sources.list
________________________________________________________________

deb https://deb.torproject.org/torproject.org buster main
deb-src https://deb.torproject.org/torproject.org buster main
________________________________________________________________

5. Install tor from the verified repository you just added
apt update
apt install tor deb.torproject.org-keyring

6. Installing obfs4proxy
apt install obfs4proxy

7. Edit torrc (Tor configuration file)
nano /etc/tor/torrc
________________________________________________________________

# ORPort any
# ContactInfo optional contacts for contacting you, just in case.
# ServerTransportListenAddr should be specified as mine, instead of port 4443 it can be any other port.
# Log file is not necessary to specify, but it is easier with it than without it, only notifications are saved in it.
# Don't touch the rest and leave it as it is.
____________________________________________________________

BridgeRelay 1
ORPort 443
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:4443
ExtORPort auto
ContactInfo alextokarev125@gmail.com
Nickname TorZireael
Log notice file /var/log/tor/notices.log
________________________________________________________________

8. Restart Tor
systemctl restart tor

9. For monitoring, download nyx and run it, copy the fingerprint of our bridge from there, check if Tor is up to date.
apt install nyx
nyx

10. Getting the necessary data to connect to your own bridge
nano /var/lib/tor/pt_state/obfs4_bridgeline.txt

11. Enter your ip (46.148.26.148), port (4443), fingerprint ().
12. Specify your obfs4 bridge in Tor browser, Whonix, Tor Expert Bundle ...

 

[Yugong]

They did not break TOR, they did a timing analysis on a user using an outdated version of the Ricochat Messenger (which was not using Vanguards).
With CWTCH, it would probably be not possible.

That is something told for people not to dig deeper. If you compare yourself based on all available evidence the version he was using was already fixed and already had Vanguards.

It was recently revealed a market (Versus) admin (WilliamGibson) had used Tox almost exclusively with informant acting as moderator (SamCulper). WilliamGibson had used Tor correctly for sure and there was vague explanation about tracing XMR transactions that led to his identification. A notable fact is the use of Tox whom is from same family of P2P Tor model chats as Ricochat messenger.

Post WilliamGibson did some time ago in Dread /post/a2bd644eb90267f49f46/#c-e999cd8d71bc6b8738

I think of it like this: Getting the average DNM user to switch to Tox is kind of like the hassle of getting your grandma to use signal instead of whatscrapp.

Unfortunately people still use jabber + OTR out of ignorance or because they really don't know it better even though OTR is outdated for years and full of bugs, not even talking about the many downsides of jabber like its semi-centralized architecture, non-encrypted nature and vulnerable/bloated clients in general. The OTR developer himself recommended to use OMEMO instead of OTR but you still see everywhere on the darknet as well as on the clearnet that jabber + OTR is the gold standard for "secure messaging". As long as you see this questionable information everywhere and every random user on forums repeating questionable pieces of information they read somewhere we won't see any change in the near future.

What it needs is an educational campaign and trusted services/individuals on the DN promoting Tox and its advantages. Or at least promote OMEMO if it has to be jabber.

Others have mentioned too WilliamGibson did in fact use Tox almost exclusively with everyone. Tox was also used in the Hansa darknet market case too. There is definite evidence to suggest LE prefers P2P communication where they can grab the opposing party IP. Lets also not forget Lockbit who used Tox too. It doesn't matter if all communication encrypted they can still link the IPs. If not at the moment every time you login they will take more and more information until they can build a profile large enough to run it through their cluster of data of cooperating ASes.

Official court documents cp080-2025(67151) whom US HSI tried to bury really hard not to be revealed publicly about the bust

“William Gibson” communicated with the Confidential Source, among other things, through an encrypted messaging application and the messaging feature of the Versus platform. The same individual who used the handle “William Gibson” in the Versus messaging system corresponded with the Confidential Source through an encrypted messaging application, relying on the fact that “William Gibson” used the Versus messaging feature to provide the Confidential Source with a unique ID—a sequence of letters and numbers—so that the Confidential Source could identify and communicate with this same individual on the encrypted messaging application.

The discussion here has actually prompted me to repost my article from exploit because it relates to many cases and breaking (?) of Tor.

Обсуждение безопасности Tor Операция RapTor 2025 "Ваша анонимность заканчивается там, где начинается наш глобальный охват" - /threads/138895/

 

[Surgan]

i was looking at some articles, and i ended up watching a video of mental outlaw talking about TOR nodes, and i'm wondering how secure you think tor can be and if you think tor can become insecure (or more insecure) over time?

In short: No, They did not break tor (yet).
It is important to note that tor (as well as any other anonymization technology) should only be used as a layer of protection from the bigger threat. Having one technology being the only thing that separates your real identity from your alias is not a good idea. Think of defensive security and opsec as an onion. Everything you do just adds to your level of privacy/anonimity.