# Anonymous Web-host shut down, owner arrested; Tor users compromised by Javascript exploit



## drmike (Aug 4, 2013)

Well, yet another major hacking incident involving United States nazi police forces.

This time, ToR - The Onion Router has been massively compromised via a javascript exploit that calls home to the feds.

The entire situation is wrapped up in the illusion of the good guys (FBI) pursuing child porn folks.    Needless to say, the implications of this will effect BitCoin, SilkRoad, whistleblowers and anyone else who unwisely has banked on ToR as some sort of solution to the know-all monitor-all police state.

"FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. "

Whole enchilada and more here: http://boingboing.net/2013/08/04/anonymous-web-host-shut-down.html

I've long advocated disabling javascript in your browser as it is both a security issue and a privacy issue.

Discuss


----------



## Slownode (Aug 4, 2013)

Govs have stated they want to ban the civilian use of encryption, just a matter of time until people who use vpn and encrypted archives are locked up for wanting to keep their financial data safe.


----------



## Damian (Aug 4, 2013)

It is hoped that the "United States nazi police forces" continue to win such battles against child porn, since the Irish apparently had this going on in their own back yard and were clueless.


----------



## Lee (Aug 4, 2013)

So if I get this correct the FBI actually created the exploit which resulted in them identifying people distributing images and whatever else? Nice, go the FBI 

Oh wait, sorry was that the wrong answer?  Are they not allowed to resort to that kind of action?

Meh!


----------



## Steve (Aug 4, 2013)

W1H-Lee said:


> So if I get this correct the FBI actually created the exploit which resulted in them identifying people distributing images and whatever else? Nice, go the FBI
> 
> Oh wait, sorry was that the wrong answer?  Are they not allowed to resort to that kind of action?
> 
> Meh!


I think people here are just butthurt that they can't get their drugs anymore. But it is alarming that people attribute cracking down on pedophiles to nazism.


----------



## Magiobiwan (Aug 4, 2013)

It's certainly a major hit to Tor. I checked the Hidden Wiki page, and it appears that Tormail was also hosted on FreedomWeb. Tor itself is still alive, just the sites hosted on FreedomWeb are gone. Not all sites were on it afaik though.


----------



## jarland (Aug 4, 2013)

Well it's no secret that tor is a major platform used for the distribution of child pornography. These people may very well be guilty of such and should be held accountable if so.


----------



## Magiobiwan (Aug 4, 2013)

The assumption that "That person uses Tor! He must be into kiddie-porn!" is unfortunate. There are so many LEGITIMATE uses for Tor that aren't "illegal" (depending on the country).


----------



## Aldryic C'boas (Aug 4, 2013)

Magiobiwan said:


> The assumption that "That person uses Tor! He must be into kiddie-porn!" is unfortunate. There are so many LEGITIMATE uses for Tor that aren't "illegal" (depending on the country).


To be fair, its no less accurate an assumption than "He is involved with HF, he is probably a skid!".  I'm sure HF has some legitimate learning material (... nope, couldn't say it with a straight face);  but we all know what's actually going on there.


----------



## drmike (Aug 4, 2013)

Magiobiwan said:


> The assumption that "That person uses Tor! He must be into kiddie-porn!" is unfortunate. There are so many LEGITIMATE uses for Tor that aren't "illegal" (depending on the country).


Whatever yanks the opiated masses heart strings is what the governments pushes as cover cause.  Oh that child porn, it's the end of humanity.  Never mind the mass pedophilia within the US government, contractors and top colleagues abroad.

Yeah, sure, child porn isn't right and isn't anything I have any interest in.  But using that BS to go hacking a network of sorts and sniffing everyone out.   More of the same government misdoing that has become the daily paper for months now.



Steve said:


> I think people here are just butthurt that they can't get their drugs anymore. But it is alarming that people attribute cracking down on pedofiles to nazism.


I suppose some folks are "butthurt" about their drug connect.  Perhaps they can just take their socialized / Obama mandated health care and get Dr. Feelgood to write them an opiate loaded script like over half of all pharma meds are...?  That's the real issue, pharma drug abuse (at least in the United States).

This isn't a crack down on pedophiles or pedo-files.  This is government doing the same bad and illegal things that a hacker would and which would result in criminal prosecution of said hacker for.   You can't go misapplying laws and bending things and just yell BOO louder to try to scare people.  Wrong is wrong and pedos are wrong and FBI is certainly wrong.  How about all the people they sniffed and undermined who are not US citizens?  Like the US/FBI playing cop of the world?

As for the US Government doing this = Nazis,   perhaps you missed history.   Controlling, monitoring, etc. isn't only attributable to Nazis but also to many other total control freaks.  What this is more akin to though is East Germany stazi.   Where did the lunatics that ran that miserable circus end up?  The United States.


----------



## drmike (Aug 4, 2013)

Magiobiwan said:


> The assumption that "That person uses Tor! He must be into kiddie-porn!" is unfortunate. There are so many LEGITIMATE uses for Tor that aren't "illegal" (depending on the country).


PS: I use to be a fan of ToR until I heard Applebaum talk and played follow the money.

The entities behind ToR financially aren't folks I'd be trusting with anything (i.e. Google and US Defense).   ToR is a honeypot and was designed to be.    Gives edgy people a false sense of security and gets them associated with others who are also suspect.   It is like moving into a crackhead infested neighborhood -- the assumption is you being there must be a crackhead also.


----------



## jarland (Aug 4, 2013)

Magiobiwan said:


> The assumption that "That person uses Tor! He must be into kiddie-porn!" is unfortunate. There are so many LEGITIMATE uses for Tor that aren't "illegal" (depending on the country).


I mean yeah there's great uses for it but I don't think any of us would stand up in defense of child abuse. Now we all know you won't stop what they do by any means, but that is also no reason to allow them to cultivate a garden. There's just no way to take this issue and draw one conclusion because we may never know what the primary use of tor is, but I hope we all feel as though we should not put up a wall and say "child abusers can do what they will on the other side of this wall because we can't stop them."

It's painful, because we all want that sanctuary where we can be truly free, but perhaps our anger should be targeted at the people who insist on tainting our sanctuaries with child porn.


Perhaps if those of us who valued these sanctuaries so much did more to actively find a way, by any means, to cleanse them of this one basic thing, we could more reasonably target our anger to governments when they step on our territory. At some point we have to come together to agree that there are some things we will not stand by and watch others do, if we have any respect for the social and technological progress that our society has made. We didn't make that progress by allowing ourselves to be so uncivilized that we cannot at least agree on a few things.


----------



## tonysala87 (Aug 4, 2013)

I wonder if this has anything to do with thepiratebay being down.


----------



## Tux (Aug 4, 2013)

This brings me to another anonymity/dark net system - I2P.


I2P focuses on hidden services further than what Tor currently does.


I think buffalooed might be interested


----------



## MannDude (Aug 4, 2013)

Tux said:


> This brings me to another anonymity/dark net system - I2P.
> 
> 
> I2P focuses on hidden services further than what Tor currently does.
> ...


Was about to post the same.

Good discussions over at:

http://www.reddit.com/r/i2p

http://www.reddit.com/r/Darknetplan

http://www.reddit.com/r/meshnet


----------



## drmike (Aug 5, 2013)

Thanks for the i2p pointer 

I am contemplating working on local wifi based connectivity --- neighborhood / city level shared network.  Tightly limited content and outlets to the "internet".     

Seems to be a big need for local networks for people to communicate online while being off-net.

Some discussions out there about wifi based network sharing and communications in disaster situations.  I view that as a day-to-day reality these days.



jarland said:


> It's painful, because we all want that sanctuary where we can be truly free, but perhaps our anger should be targeted at the people who insist on tainting our sanctuaries with child porn.


I don't want a sanctuary or some place that is perceived "free".  I expect some level of censorship, be it the site owner telling me to stop saying F*CK or stop ranting about the elected puppets.  Beyond that, other obstructions to browsing, viewing and contributing really shouldn't be happening. No justification by any part to be doing what they are.  The US is NOT the world.  They are violating rights of foreign citizens.  Odd since the FBI is not tasked with such by any charter (i.e. they are a domestic agency).

What the FBI did is far worse than those illogical free for all DUI checkpoints.   The FBI altered code on websites and harvested information on people.  It's not as if they did this on a kiddie porn site to unearth the paying customers.   They did this on non criminal, totally legitimate sites where many users were likely well behaved and not subject to any court interest or order.  So it constitutes a free-for-all by the feds.  Certainly a human rights violation, as are most of the other spy and data collection practices as of late.


----------



## MannDude (Aug 5, 2013)

buffalooed said:


> Thanks for the i2p pointer
> 
> I am contemplating working on local wifi based connectivity --- neighborhood / city level shared network.  Tightly limited content and outlets to the "internet".
> 
> ...


https://en.wikipedia.org/wiki/File:Building_a_Rural_Wireless_Mesh_Network_-_A_DIY_Guide_v0.8.pdf

http://projectmeshnet.org/

https://wiki.projectmeshnet.org/Main_Page

https://wiki.projectmeshnet.org/List_of_Mesh_Locals


----------



## KuJoe (Aug 5, 2013)

jarland said:


> I don't think any of us would stand up in defense of child abuse.


There's one member on here who argued for almost an hour straight with me and a few others on #leb why it should be decriminalized.


----------



## Aldryic C'boas (Aug 5, 2013)

> There's one member on here who argued for almost an hour straight with me and a few others on #leb why it should be decriminalized.


The same guy that runs the pedophile roleplay forums, I assume.


----------



## Zen (Aug 5, 2013)

KuJoe said:


> There's one member on here who argued for almost an hour straight with me and a few others on #leb why it should be decriminalized.


....

At first I was like "Wait what."

And then..




Aldryic C said:


> The same guy that runs the pedophile roleplay forums, I assume.


 

And I was like, wait what?


----------



## Amitz (Aug 5, 2013)

Zen said:


> ....
> 
> At first I was like "Wait what."
> 
> ...


For me, it was more of a "What? Wait!" experience, but I know how you feel...


----------



## KuJoe (Aug 5, 2013)

Aldryic C said:


> The same guy that runs the pedophile roleplay forums, I assume.


He doesn't run any forums that I know of. I would post his username but I don't have any of the IRC logs so I'd hate to post something publicly without having the logs to back it up. I'm sure there were plenty of others in the channel at the time so if they'd like to post his name I'll be happy to attest to it.


----------



## acd (Aug 5, 2013)

I'm not a lawyer, but I think under US law, since he is a web services provider, he had to have knowledge that illegal activities were taking place on his equipment to be complicit, or operate with the intent to enable illegal activities (for which Tor might just be sufficient). But since it is child abuse related, such things will probably be waived while thinking of the children. Don't get me wrong, child abuse is despicable and should not be tolerated, but due process must be required and equitable treatment under the law applied. I'm fairly sure the FBI didn't have a warrant to hack into an online service to expose connecting users, so it'll be interesting to see the admissibility of anything gained by those efforts in court--a much bigger can of worms.

i2p will be no better than tor. You'll note the method exploited here was an anonymity trust breach via javascript in the tor browser, a vulnerability which would be equally effective against i2p. The i2p site actually has a pretty good breakdown of the advantages and disadvantages of both. The gist of it is this: because of its routing design, i2p has all the disadvantages of the regular internet (routing complexity, ddosing, etc) on top of the inefficiency of the network-on-network design and obfuscating routing mechanisms that tor suffers from. i2p has fewer developers, much worse documentation and significantly less academic study than tor.

In my opinion, from a useful-for-purpose perspective, tor has quite a few more legitimate uses, mostly because outproxy/exit nodes were an integral part of the original goal. i2p seems to specifically cater to people who wish to obfuscate provided services in a way that removes the accountability of the service provider to any law; a practice which I find very difficult to justify with a legal usage case that cannot otherwise be implemented using a more transparent and less convoluted technology. (If you can think of one and don't want to post it in this thread or think it is OT, PM me; I'd love to hear your opinion on it).

*edit:* having read a couple of articles on the subject, there's no question that he had to know there was child pornography on his servers, especially given the publicity freedom hosting received in 2011 in that regard.


----------

