Letter: Tor Software Vulnerability

HJL,

A recent article detailed the FBI using secret software to exploit vulnerability in the Tor Browser. The government set up a child porn site in the dark web and nabbed some folks that were using Tor. Agents used a “Network Investigative Tool,” or NIT to identify information from people who logged into the porn site. This is found in an article in the Seattle Times paper of Dec. 14th. The government refuses to detail the workings of the secret software. – D.C.

JWR Replies: The editors of SurvivalBlog certainly don’t condone child pornography, but the case that you cite provides a good illustrative teaching point.

  1. Anyone who believes that anything they do via the Internet is “private” is fooling themselves. Even if someone uses both Tor and VPN, there is still the risk that law enforcement or intelligence agencies could uncover their location and identity. Encrypted e-mail is similarly at risk. This recent case in Washington should be a lesson for preppers. Illegal activities, or even legal activities that might be deemed illegal at some future date, should never be discussed via e-mail. Nothing on the Internet is either safe or secure.
  2. There is no such thing as a “private” Internet purchase, even if it is paid for via Bitcoin. Some books and some varieties of ammunition should only be bought face to face with cash. This is just another reason to attend gun shows and to visit independent used bookstores when you travel. Likewise, some communications should never be trusted to ANY electronic means (radio or Internet.) There is no secure substitute for face to face meetings or hand-delivered hard copy letters.

HJL Adds: An important point to note is that “secret software” wasn’t necessary used here and may well just be a red herring. The article in the Seattle Times details how the FBI actually seized and ran the server that people were logging into. With that level of access, there is no “secret software” necessary to track users down.