Use Tor If Needed

[FileCabinetGrow]

Hey Yall,

Just as a what's up, I'm now recommending all you fine folk use a proxy or the Tor Browser.

Just received some super-sketch subpoenas for my physical address from my ISP based on my IP address (luckily for an un-related thing that has nothing to do with cannabis).

HOWEVER, let it be known that both Criminal and Civil investigations really can subpoena your ISP for your real address.

Stay safe folks, especially if you're not in a legal state / area.

 

[dank.frank]

Last month, the Federal Bureau of Investigation (FBI) was ordered to reveal the complete source code for the TOR exploit it used to hack visitors of the world’s largest dark web child pornography site, PlayPen.

Robert J. Bryan, the federal judge, ordered the FBI to hand over the TOR browser exploit code so that defence could better understand how the agency hacked over 1,000 computers and if the evidence gathered was covered under the scope of the warrant.
Now, the FBI is pushing back against the federal judge’s order.

On Monday, the Department of Justice (DOJ) and the FBI filed a sealed motion asking the judge to reconsider its ruling, saying revealing the exploit used to bypass the Tor Browser protections is not necessary for the defense and other cases.

In previous filings, the defence has argued that the offensive operation used in the case was "gross misconduct by government and law enforcement agencies," and that the Network Investigative Technique (NIT) conducted additional functions beyond the scope of the warrant.

The Network Investigative Technique or NIT is the FBI's terminology for a custom hacking tool designed to penetrate TOR users.

This particular case concerns Jay Michaud, one of the accused from Vancouver, Washington, who was arrested in last year after the FBI seized a dark web child sex abuse site and ran it from agency’s own servers for the duration of 13 days.

During this period, the FBI deployed an NIT tool against users who visited particular, child pornography threads, grabbing their real IP addresses among other details. This leads to the arrests of Michaud among others.

The malware expert, Vlad Tsyrklevich held by the defense to analyse the NIT, said that it received only the parts of the NIT to analyse, but not sections that would ensure that the identifier attached to the suspect's NIT-infection was unique.

"He is wrong," Special Agent Daniel Alfin writes. "Discovery of the 'exploit' would do n
othing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud's computer, not what it did once deployed."

In a separate case, the Tor Project has accused the FBI of paying Carnegie Mellon University (CMU) at least $1 Million to disclose the technique it had discovered that could help them unmask Tor users and reveal their IP addresses. Though, the FBI denies the claims.

Source: http://thehackernews.com/2016/03/fbi-tor-browser-exploit.html


I certainly do not support or endorse the exploitation of children, but it is important to be aware that TOR can be breached. A highly quality encrypted VPN might be the only way to go these days.



dank.Frank

 

[igrowone]

^^^ thanks for that Tor update, knew there had been some breakage with it
it is the high priority target for leo

 

[_tessarecting]

Swedish vpn that doesnt keep ip records pay with bitcoin
Tor run off a thumb drive comp

 

[FileCabinetGrow]

Even though the FBI had "broken" through Tor, I'd like to point out that it was because these fellows had visitied a website run by the FBI and more than likely, the FBI used a form of malware, or other such method, to secretly install code onto the user's computer, which then talked to the FBI behind the Tor Browser or Tor Proxy settings.

As someone with computer expertise the above sounds most plausible, and rather in-expensively pulled off by a large government.

Actually cracking through 1,000s of Tor Relays is a far more complicated, and interestingly difficult, situation, than allowing for a form of malware to take advantage of a browser exploit, which could then subvert Tor settings behind the scenes after it had installed itself through something as simple as an exploit in the browser, or code in a picture that exploited a Windows OS defect.

At-least, if I was the FBI in this case, that's how I'd argue it:

1. Seize Child Porn Site
2. Discover common browser / OS exploits
3. Develop malware
4. Deploy to my now seized website running on my FBI servers
5. Wait for results from my malware

Simple, effective, and skips the entire part of cracking Tor encryption, and breaking through thousands of potential relays, some of which use varying operating systems, from unix, linux, to windows, and varying kernel versions, with varying levels of firewalls, iptables, rules, etc.

This also seems to co-inside with the fact that they all visited said website now run by the FBI.

Now, this does of course, purpose that one cannot always trust the very creators and maintainers of the website they visit.

One should also do everything possible to avoid using browsers with known, or potential zero-day exploits.

I do not endorse such treachery cited above for / as child porn. In fact I wish for all those individuals who do so, to get help and turn themselves in. That's disgustingly sick and crooked.

My ISP was being subpoenaed for whistle-blowing. Completely different. Yes folks, there are some laws to protect whistle-blowers, but bet you ass companies don't give two shits about them. I'm still being sued for blowing the whistle on illegal activity. It's a civil lawsuit of course, but it's not fun.

 

[Cannabis Motiva]

A good VPN is safer than TOR. Do your research and choose a paid one that keeps no records and offers servers in multiple countries. Be sure to use a fake & secure email address to sign up and pay by cash, bitcoin, or with a VISA gift card or something similar.

There is info all over the net about which VPNs are good and which are bullshit. Ideally, you should buy a USB internet device that's prepaid and when you visit the forum, only do so with that prepaid internet stick and under the cover of your VPN.

If you really want to you can also run a OS from an external drive as well. Better yet, buy a shitty used laptop specifically for visiting the forum and use all the methods above.

A good day of research will give you all the knowledge you need to be as anonymous as possible. Don't EVER log into any personal accounts, emails, facebook, etc. when using your VPN. It should only be used for your visits to the forum.

TOR is a huge red flag and it's rumored that ISPs are paying attention to people connecting to TOR. Even though the ISP cannot technically see what's going on, you can be flagged as suspicious for simply wanting privacy; it's sick.

 

[_tessarecting]

Even if you have viewed wired.com all of your data is currently being filtered/stored. The criteria would be hilarious if it wasnt sick indeed.

 

[Cannabis Motiva]

Even if you have viewed wired.com all of your data is currently being filtered/stored. The criteria would be hilarious if it wasnt sick indeed.

That's true. Reading isn't a crime yet - but it sure seems like it is.

 

[_tessarecting]

They used to try to ban books until they realized it had an opposite effect. Who remembers Howl?

I think its no wonder why poetry has become practically nonexistant in todays day and age. They dont want people reading or writing anything that can make a person think or feel.

Boingboing.net also puts you on the list.

 

[Mikell]

And to ask an overly simple question, which VPN would some of you more technologically abled recommend?

I've spent a bit of time vetting out a few, but truth be told am rather lost I'll poke around tonight with the above mentioned criteria.

 

[CoCoSativas]

Even if you have viewed wired.com all of your data is currently being filtered/stored. The criteria would be hilarious if it wasnt sick indeed.

What is wired.com?

 

[_tessarecting]

Tech and science news website.

Its been a while since I used a vpn. I think it was vpn-tunnel.se but I could be wrong on that, its been several years and im relying on memory, but it was legit/vetted in its time.

Personally, I know I've been on these stupid lists for a long time, and I couldnt care less! Enjoy the dick pics.

Whatever happened to Snowden, anyway?

 

[VonBudí]

to be clear tor has not been "hacked"

to watch videos java had to be turned on and as we all know java is a piece of treacherous shit.

also vpn + tor great, tor > vpn, using just a vpn for privacy to my knowledge is a dice roll, you choose the wrong one and all your information is being handed over to some agency.

Wonder if there would any interest in a sub forum for discussing privacy and safe communications

a subforum with a bit of focus, how to's and best practices, ie vpns, best messaging apps/emails etc

With draconian surveillance laws being passed world wide, more people might post here if there was some guidance.

Investing in icmags future