Using the tor browser could land you in jail
The Tor browser was invented and promoted as one of the safest ways to privately surf the Internet. It is unfortunately no longer safe – and the U.S. government is a major part of the blame.
According to a report published in the ABA Journal about a year ago, on March 30, 2016, David Robinson and partner Jan Bultmann had the terrifying experience of having six officers show up at their building at 6:15 a.m. with a search warrant. They were looking for evidence of trafficking in child pornography.
The officers spent over an hour and a half with the two, questioning each of them in separate police vans. They also went through all of their electronic devices, all the while treating Robinson and Bultmann as you might expect police would treat suspected child-porn traffickers.
They found nothing and mostly left Robinson in particular “afraid” and “furious.”
The reasons why they found nothing were that the two were not guilty of the alleged charges and there was nothing there to be found.
But the reason the police showed up on their doorstep is a lot more serious.
To explain this requires a minor detour to describe what the Tor web browser is. It is a special browser developed to provide a way of reading materials on the Internet completely privately. It does so by randomly routing its connection through different computers just about anywhere. It effectively keeps the IP addresses, the unique identifiers for every computer and/or network, constantly in flux.
The Tor browser has been quite successful because of the allure of the privacy feature. It is also recommended by the U.S. Department of State for dissidents stuck in more repressive regions, such as China, Egypt and Russia, to gain access to blocked Internet services. The bad part is that because of its privacy capabilities, those looking to distribute illegal materials like child pornography also use this kind of browser for their purposes.
What had happened in this case was that someone sending child pornography was apparently using either the Tor browser or its equivalent to send it. In the process of sending at one point or another, the child pornographer’s browser apparently routed some of that pornography through an exit node Robinson had set up as a service to people online in his own system as a means for those people to browse privately.
The IP addresses overlapped, so when the National Center for Missing & Exploited Children notified the Seattle Police Department of a list of potential childpornography users, Robinson had the misfortune of having his own IP TOR address “exit node” come up on its list.
The reality is that this happens all the time now,
especially as the use of privacy browsers like TOR has soared, in part because of fear-of-privacy issues involving the U.S. government in particular.
IT experts say part of the problem with search warrants involving IP addresses is that most law enforcement officials who seek, and judges who sign, such warrants, still think technology exists back in the days of static IP addresses. Those static addresses once did more or less guarantee the matching of an IP address to a specific individual or company and a fixed land address. That, however, is no longer the way the system works.
Static IP addresses are now a rarity, in part because of the necessary evolution of such labeling identifiers as devices have become mobile and the variety of devices connected to the Internet has grown. Even then there are ways to pin down a user based on the IP address, but it is not so simple. And, according to IT experts, if the IP address that may come up in a web surveillance case turns out to be a TOR exit node (which was the case in the Robinson situation above), the way the web works makes that lead completely useless.
So, the Robinson exit node coming up should never even have made it to the point of either a law officer or judge having anything to do with a search warrant against him. The challenge is that with hundreds of thousands of police officers and likely most judges not understanding the technical issues involved, there will likely continue to be search warrants issued against individuals who have done nothing wrong – just because they were using Tor browsers (or their equivalent) and the IP addresses overlapped.
Assuming that this is a problem that will get worse with time, is the Tor browser still a good way to go for those looking for privacy without doing anything unlawful? Unfortunately the answer is no.
One reason is that many senior law enforcement officials have, especially back in the days of the Obama administration, gone on record as saying that if someone is using a privacy browser, they are more likely to have something to hide than others. Since the browser type can be detected, that may make the use of the browser itself one of many justifications for a web surveillance warrant to be requested – and approved.
A second reason is that it appears the U.S. government has developed a means of hacking into the Tor browser anyway.
That news broke with a case involving a school administrator for Vancouver, Washington, who was arrested in July 2015 for viewing child pornography. The website involved was Playpen, a child-porn website seized in 2015 by the FBI that had operated on the Tor anonymity network. Besides its criminal content, Playpen was unique in that it used Tor’s “hidden service protocol.” That protocol blocked Playpen’s own IP addresses so users could not see it and also kept the users’ IP addresses blocked so the website couldn’t see them. Think of it as a two-way anonymous approach.
After seizing the site, the FBI elected to keep it operational. It then hacked users via the Tor protocol to attack users visiting the site and obtained their IP addresses. The FBI calls its means of exploiting the Tor approach a “Network Investigative Technique” (NIT) and has chosen not to disclose any information about it, calling it classified.
Through the use of this hacking technique, the FBI caught a number of people who had viewed Playpen’s materials, including the school administrator from Vancouver. That trial had gone well until one rather important issue was challenged by the defense. They demanded to know how the hacking tool worked so there would be proof of validity of the original evidence that had allegedly linked their client to the child-porn site.
The FBI balked at the request, saying the confidential nature of the tool was so valuable that they should not be forced to disclose it.
The judge sided with the FBI about there being a legitimate reason why the government might not want to disclose how its hacking tool worked. But in May 2016 he ruled that the government could not use the evidence gathered by the hack as a basis for prosecution while at the same time insisting on keeping how it works secret.
Realizing the value of the Tor hack for so many other reasons, the FBI eventually decided to back off this case and asked for the school administrator case to be dismissed.
It is because of this hack – as well as probably many different variants of it already developed by the U.S. government and potentially others – that the Tor browser itself may be a far higher risk to use than one might imagine.