Content

Various findings.

Operation Onymous, Operational Security, Open Bazaar and Facebook on Tor

9 November 2014 - Filed under Default

On Thursday Operation Onymous, a joint operation between several US and European law enforcement agencies was announced, shutting down between 20-400 sites running on Tor, arresting 17 people (releasing several after questioning), being sure to highlight that these sites are using Tor and that some are illegally selling drugs and/or weapons. Though Bitcoin was used by many of the markets that were shut down it was not the central headline on the story. Perhaps authorities have realized that Bitcoin is not their biggest problem – there are hundreds of similar currencies – but that being able to operate anonymous markets on the web is.

seized

Tor users I spoke with are not rattled. They see it as a risk to run Tor, especially to run an exit node, which is a gateway between Tor users and the non-Tor sites they visit, and are impressed that the vast majority of hidden services are still online.

The general consensus is that Blake Benthall, who took over Silk Road 2 from one of a line of Dread Pirate Roberts, was careless on a number of fronts. The keyword here is operational security, maintaining separation between his offline identity and all activities related to operating Silk Road 2. Among his mistakes were tweeting about his bitcoin, retweeting previous Silk Road stories, purchasing a Tesla with his bitcoin. Most damning were that he allegedly signed up for server hosting for the Silk Road 2 hidden service using his personal Gmail address and received messages there that came from the administrative interface of SR2. He also hired people who were “just around” to help moderate the forums, one of whom was a government agent, and trusted them more than necessary. Finally, he worked from San Francisco, the same city where Ross Ulbricht, alleged operator of the original Silk Road was arrested.

According to the community, bigger and better run sites including Agora and Evolution are still online and serving customers. Only time will tell how long they last but depending on their own operational security and Tor itself they could run for years saving lives, violence, and jail time for many.

The closure of these services has highlighted another vulnerability with their architecture: they are centralized. One solution to the centralization problem has been in the works for several months going by the name Open Bazaar. OB operates as a peer-to-peer network like Bittorrent and Bitcoin and would allow vendors to establish and manage a reputation, offer goods and services, and collect funds. Though OB is not anonymous, it is designed to work well with Tor to add privacy to its censorship-resistant market features.

In other news, Facebook now offers access via Tor which is odd because Facebook is often viewed as THE big brother for privacy-concerned internet users. Still, it could bring a large amount of mundane Tor use and make it harder allege guilt-by-association for Tor users. At the same time, there is utility in enabling users in the most oppressive jurisdictions to access the leading social network platform even if many would not touch it.

Tagged: ¤ ¤

2014-11-09  »  David Sterry