Anonymous Web-host shut down, owner arrested; Tor users compromised by Javascript exploit
- Thread starter drmike
- Start date
He doesn't run any forums that I know of. I would post his username but I don't have any of the IRC logs so I'd hate to post something publicly without having the logs to back it up. I'm sure there were plenty of others in the channel at the time so if they'd like to post his name I'll be happy to attest to it.
acd
New Member
I'm not a lawyer, but I think under US law, since he is a web services provider, he had to have knowledge that illegal activities were taking place on his equipment to be complicit, or operate with the intent to enable illegal activities (for which Tor might just be sufficient). But since it is child abuse related, such things will probably be waived while thinking of the children. Don't get me wrong, child abuse is despicable and should not be tolerated, but due process must be required and equitable treatment under the law applied. I'm fairly sure the FBI didn't have a warrant to hack into an online service to expose connecting users, so it'll be interesting to see the admissibility of anything gained by those efforts in court--a much bigger can of worms.
i2p will be no better than tor. You'll note the method exploited here was an anonymity trust breach via javascript in the tor browser, a vulnerability which would be equally effective against i2p. The i2p site actually has a pretty good breakdown of the advantages and disadvantages of both. The gist of it is this: because of its routing design, i2p has all the disadvantages of the regular internet (routing complexity, ddosing, etc) on top of the inefficiency of the network-on-network design and obfuscating routing mechanisms that tor suffers from. i2p has fewer developers, much worse documentation and significantly less academic study than tor.
In my opinion, from a useful-for-purpose perspective, tor has quite a few more legitimate uses, mostly because outproxy/exit nodes were an integral part of the original goal. i2p seems to specifically cater to people who wish to obfuscate provided services in a way that removes the accountability of the service provider to any law; a practice which I find very difficult to justify with a legal usage case that cannot otherwise be implemented using a more transparent and less convoluted technology. (If you can think of one and don't want to post it in this thread or think it is OT, PM me; I'd love to hear your opinion on it).
edit: having read a couple of articles on the subject, there's no question that he had to know there was child pornography on his servers, especially given the publicity freedom hosting received in 2011 in that regard.
i2p will be no better than tor. You'll note the method exploited here was an anonymity trust breach via javascript in the tor browser, a vulnerability which would be equally effective against i2p. The i2p site actually has a pretty good breakdown of the advantages and disadvantages of both. The gist of it is this: because of its routing design, i2p has all the disadvantages of the regular internet (routing complexity, ddosing, etc) on top of the inefficiency of the network-on-network design and obfuscating routing mechanisms that tor suffers from. i2p has fewer developers, much worse documentation and significantly less academic study than tor.
In my opinion, from a useful-for-purpose perspective, tor has quite a few more legitimate uses, mostly because outproxy/exit nodes were an integral part of the original goal. i2p seems to specifically cater to people who wish to obfuscate provided services in a way that removes the accountability of the service provider to any law; a practice which I find very difficult to justify with a legal usage case that cannot otherwise be implemented using a more transparent and less convoluted technology. (If you can think of one and don't want to post it in this thread or think it is OT, PM me; I'd love to hear your opinion on it).
edit: having read a couple of articles on the subject, there's no question that he had to know there was child pornography on his servers, especially given the publicity freedom hosting received in 2011 in that regard.
Last edited by a moderator: