Us­ing the tor browser could land you in jail

Traveling Minds - - Table Of Contents -

The Tor browser was in­vented and pro­moted as one of the safest ways to pri­vately surf the In­ter­net. It is un­for­tu­nately no longer safe – and the U.S. gov­ern­ment is a ma­jor part of the blame.

Ac­cord­ing to a re­port pub­lished in the ABA Jour­nal about a year ago, on March 30, 2016, David Robin­son and part­ner Jan Bult­mann had the ter­ri­fy­ing ex­pe­ri­ence of hav­ing six of­fi­cers show up at their build­ing at 6:15 a.m. with a search war­rant. They were look­ing for ev­i­dence of traf­fick­ing in child pornog­ra­phy.

The of­fi­cers spent over an hour and a half with the two, ques­tion­ing each of them in sep­a­rate po­lice vans. They also went through all of their elec­tronic de­vices, all the while treat­ing Robin­son and Bult­mann as you might ex­pect po­lice would treat sus­pected child-porn traf­fick­ers.

They found noth­ing and mostly left Robin­son in par­tic­u­lar “afraid” and “fu­ri­ous.”

The rea­sons why they found noth­ing were that the two were not guilty of the al­leged charges and there was noth­ing there to be found.

But the rea­son the po­lice showed up on their doorstep is a lot more se­ri­ous.

To ex­plain this re­quires a mi­nor de­tour to de­scribe what the Tor web browser is. It is a spe­cial browser de­vel­oped to pro­vide a way of read­ing ma­te­ri­als on the In­ter­net com­pletely pri­vately. It does so by ran­domly rout­ing its con­nec­tion through dif­fer­ent com­put­ers just about any­where. It ef­fec­tively keeps the IP ad­dresses, the unique iden­ti­fiers for ev­ery com­puter and/or net­work, con­stantly in flux.

The Tor browser has been quite suc­cess­ful be­cause of the al­lure of the pri­vacy fea­ture. It is also rec­om­mended by the U.S. De­part­ment of State for dis­si­dents stuck in more re­pres­sive re­gions, such as China, Egypt and Rus­sia, to gain ac­cess to blocked In­ter­net ser­vices. The bad part is that be­cause of its pri­vacy ca­pa­bil­i­ties, those look­ing to dis­trib­ute il­le­gal ma­te­ri­als like child pornog­ra­phy also use this kind of browser for their pur­poses.

What had hap­pened in this case was that some­one send­ing child pornog­ra­phy was ap­par­ently us­ing ei­ther the Tor browser or its equiv­a­lent to send it. In the process of send­ing at one point or an­other, the child pornog­ra­pher’s browser ap­par­ently routed some of that pornog­ra­phy through an exit node Robin­son had set up as a ser­vice to peo­ple on­line in his own sys­tem as a means for those peo­ple to browse pri­vately.

The IP ad­dresses over­lapped, so when the Na­tional Cen­ter for Miss­ing & Ex­ploited Chil­dren no­ti­fied the Seat­tle Po­lice De­part­ment of a list of po­ten­tial child­pornog­ra­phy users, Robin­son had the mis­for­tune of hav­ing his own IP TOR ad­dress “exit node” come up on its list.

The re­al­ity is that this hap­pens all the time now,

es­pe­cially as the use of pri­vacy browsers like TOR has soared, in part be­cause of fear-of-pri­vacy is­sues in­volv­ing the U.S. gov­ern­ment in par­tic­u­lar.

IT ex­perts say part of the prob­lem with search war­rants in­volv­ing IP ad­dresses is that most law en­force­ment of­fi­cials who seek, and judges who sign, such war­rants, still think tech­nol­ogy ex­ists back in the days of static IP ad­dresses. Those static ad­dresses once did more or less guar­an­tee the match­ing of an IP ad­dress to a spe­cific in­di­vid­ual or com­pany and a fixed land ad­dress. That, how­ever, is no longer the way the sys­tem works.

Static IP ad­dresses are now a rar­ity, in part be­cause of the nec­es­sary evo­lu­tion of such la­bel­ing iden­ti­fiers as de­vices have be­come mo­bile and the va­ri­ety of de­vices con­nected to the In­ter­net has grown. Even then there are ways to pin down a user based on the IP ad­dress, but it is not so sim­ple. And, ac­cord­ing to IT ex­perts, if the IP ad­dress that may come up in a web sur­veil­lance case turns out to be a TOR exit node (which was the case in the Robin­son sit­u­a­tion above), the way the web works makes that lead com­pletely use­less.

So, the Robin­son exit node com­ing up should never even have made it to the point of ei­ther a law of­fi­cer or judge hav­ing any­thing to do with a search war­rant against him. The chal­lenge is that with hun­dreds of thou­sands of po­lice of­fi­cers and likely most judges not un­der­stand­ing the tech­ni­cal is­sues in­volved, there will likely con­tinue to be search war­rants is­sued against in­di­vid­u­als who have done noth­ing wrong – just be­cause they were us­ing Tor browsers (or their equiv­a­lent) and the IP ad­dresses over­lapped.

As­sum­ing that this is a prob­lem that will get worse with time, is the Tor browser still a good way to go for those look­ing for pri­vacy with­out do­ing any­thing un­law­ful? Un­for­tu­nately the an­swer is no.

One rea­son is that many se­nior law en­force­ment of­fi­cials have, es­pe­cially back in the days of the Obama ad­min­is­tra­tion, gone on record as say­ing that if some­one is us­ing a pri­vacy browser, they are more likely to have some­thing to hide than oth­ers. Since the browser type can be de­tected, that may make the use of the browser it­self one of many jus­ti­fi­ca­tions for a web sur­veil­lance war­rant to be re­quested – and ap­proved.

A sec­ond rea­son is that it ap­pears the U.S. gov­ern­ment has de­vel­oped a means of hack­ing into the Tor browser any­way.

That news broke with a case in­volv­ing a school ad­min­is­tra­tor for Van­cou­ver, Wash­ing­ton, who was ar­rested in July 2015 for view­ing child pornog­ra­phy. The web­site in­volved was Playpen, a child-porn web­site seized in 2015 by the FBI that had op­er­ated on the Tor anonymity net­work. Be­sides its crim­i­nal con­tent, Playpen was unique in that it used Tor’s “hid­den ser­vice pro­to­col.” That pro­to­col blocked Playpen’s own IP ad­dresses so users could not see it and also kept the users’ IP ad­dresses blocked so the web­site couldn’t see them. Think of it as a two-way anony­mous ap­proach.

Af­ter seiz­ing the site, the FBI elected to keep it op­er­a­tional. It then hacked users via the Tor pro­to­col to at­tack users vis­it­ing the site and ob­tained their IP ad­dresses. The FBI calls its means of ex­ploit­ing the Tor ap­proach a “Net­work In­ves­tiga­tive Tech­nique” (NIT) and has cho­sen not to dis­close any in­for­ma­tion about it, call­ing it clas­si­fied.

Through the use of this hack­ing tech­nique, the FBI caught a num­ber of peo­ple who had viewed Playpen’s ma­te­ri­als, in­clud­ing the school ad­min­is­tra­tor from Van­cou­ver. That trial had gone well un­til one rather im­por­tant is­sue was chal­lenged by the de­fense. They de­manded to know how the hack­ing tool worked so there would be proof of va­lid­ity of the orig­i­nal ev­i­dence that had al­legedly linked their client to the child-porn site.

The FBI balked at the re­quest, say­ing the con­fi­den­tial na­ture of the tool was so valu­able that they should not be forced to dis­close it.

The judge sided with the FBI about there be­ing a le­git­i­mate rea­son why the gov­ern­ment might not want to dis­close how its hack­ing tool worked. But in May 2016 he ruled that the gov­ern­ment could not use the ev­i­dence gath­ered by the hack as a ba­sis for pros­e­cu­tion while at the same time in­sist­ing on keep­ing how it works se­cret.

Re­al­iz­ing the value of the Tor hack for so many other rea­sons, the FBI even­tu­ally de­cided to back off this case and asked for the school ad­min­is­tra­tor case to be dis­missed.

It is be­cause of this hack – as well as prob­a­bly many dif­fer­ent vari­ants of it al­ready de­vel­oped by the U.S. gov­ern­ment and po­ten­tially oth­ers – that the Tor browser it­self may be a far higher risk to use than one might imag­ine.

Photo by ryanomeilia,

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.