[liberationtech] Jacob Appelbaum's Ultrasurf Report
Jacob Appelbaum
jacob at appelbaum.net
Thu Apr 26 15:01:45 PDT 2012
On 04/26/2012 02:03 PM, Douglas Lucas wrote:
> Hi all,
>
> On Thu, Apr 26, 2012 at 12:44 AM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
>
>> Practically, I also think that mixmaster is an example of "great on
>> paper" and soon we'll see how it works out in the real world. Now that
>> the FBI is taking nodes left (in New York last week) and right (in
>> Austria this week) - we'll note that some of these anonymity properties
>> are coming up for a serious test. For example, if you don't compose Tor
>> and Mixmaster together, what happens when you're the only person to ever
>> connect to Mixmaster? I think the answer is that you're a suspect,
>> cryptographic evidence be damned.
>
> Note (the arrested and alleged Stratfor hacker) Jeremy Hammond's complaint
> (
> http://www.wired.com/images_blogs/threatlevel/2012/03/Hammond-Jeremy-Complaint.pdf)
> says an "FBI TOR network expert analyzed the data from the Pen/Trap
> and
> was able to determine that a significant portion of the traffic from
> [Hammond and others'] CHICAGO RESIDENCE to the Internet was TOR-related
> traffic." It goes on to say "[Hammond's] Apple MAC address was the only MAC
> address at the CHICAGO RESIDENCE that was connecting to known TOR network
> IP addresses. The defendant [...] has discussed with [the informant Sabu]
> that he used the TOR network" and elsewhere defines Tor as "a system
> designed to enable users to access the Internet anonymously [...]"
>
> Because the FBI connected the only Tor use the Pen/Trap picked up with
> Hammond's specific MAC address, and because as Jacob pointed out elsewhere
> in this thread "members of police forces around the world use Tor, as does
> the Internet Watch Foundation," the Hammond complaint does not per se
> indicate that the FBI finds Tor use in itself suspicious. (Nor am I trying
> to knock Tor; I myself use it.) But -- the FBI has a Tor network expert? I
> wonder what the expert's job duties are, how many Tor experts they have,
> and what implications there might be of the FBI having a Tor expert(s).
> Anyone know? There is also the issue of ISPs throttling or potentially
> throttling Tor traffic, which is a form of suspicion.
That's a great question for a FOIA directed at the FBI - I think we'd
all like to know!
>
> This is a tangent, but I wonder why Hammond didn't routinely spoof his MAC
> address. I guess it wouldn't have mattered, though.
>
I think that is irrelevant - they probably would have resorted to RF
fingerprinting or something else, such as who was in the suspect's
house, if it wasn't made easier by this trivial example. I think it's an
example of how hard it is to anonymously do anything - Tor did a
perfectly fine job from the sound of it - the thing that mattered was
the human element. Lots of bad stuff to go around in the human element
in this case and many others.
All the best,
Jacob
More information about the liberationtech
mailing list