Someone Is Running Lots of Tor Relays

Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network:

Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.

The actor’s servers are typically located in data centers spread all over the world and are typically configured as entry and middle points primarily, although KAX17 also operates a small number of exit points.

Nusenu said this is strange as most threat actors operating malicious Tor relays tend to focus on running exit points, which allows them to modify the user’s traffic. For example, a threat actor that Nusenu has been tracking as BTCMITM20 ran thousands of malicious Tor exit nodes in order to replace Bitcoin wallet addresses inside web traffic and hijack user payments.

KAX17’s focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as “non-amateur level and persistent,” is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it.

In research published this week and shared with The Record, Nusenu said that at one point, there was a 16% chance that a Tor user would connect to the Tor network through one of KAX17’s servers, a 35% chance they would pass through one of its middle relays, and up to 5% chance to exit through one.

Slashdot thread.

Posted on December 7, 2021 at 6:25 AM46 Comments

Comments

Winter December 7, 2021 7:24 AM

There was a suggestion that the balance towards the entry and middle nodes compared to the small number of exit nodes[1] pointed towards an entity that wanted to de-anonymize users of hidden services.

[1] A Slashdot comment even suggests that the exit nodes might not even be part of the same network.

Peter Knoppers December 7, 2021 7:28 AM

I know this is probably naive, but can we totally rule out the possibility that some benevolent party is donating these nodes to the TOR network for the common good?
What (if anything) would distinguish a benevolent donating party from a malicious party intent on deanonymizing TOR traffic?

Peter December 7, 2021 7:47 AM

@Peter Knoppers

What (if anything) would distinguish a benevolent donating party from a malicious party intent on deanonymizing TOR traffic?

Keep in mind that the “benevolent party” is attempting to turn TOR into a VPN under their control by doing this. Your traffic is still anonymized, but the VPN knows everything.

If you want to hide your traffic by routing actions through a trusted VPN, that’s fine. But you probably wouldn’t choose a VPN that has no publicly available information about itself.

Hannah Stern December 7, 2021 7:50 AM

@Peter Knoppers: I’d think that it could be a risk for the Tor network even if a benevolent party runs a too high percentage of nodes.

Ted December 7, 2021 8:22 AM

@Peter Knoppers

can we totally rule out the possibility that some benevolent party is donating these nodes to the TOR network for the common good?

Did you see Nusenu’s response to The Record on why this was not thought to be an academic project?

Here was some of that thought process:

  • Researchers do not get involved in weakening anti-bad-relays policies on the Tor mailing list.
  • Researchers do not fight against their removal and do not replace removed relays with new relays.
  • Research-based relays usually run within 1-2 autonomous systems, not >50 ASes.
  • Research relays usually run [less than] 100 relays, not [more than] 500.

Clive Robinson December 7, 2021 8:40 AM

@ ALL,

@SpaceLifeForm brought this up over on the Friday “Squeeze the Squid” page.

I pointed out there is actually a lot more behind the story than “Nusenu” either knew or was revealing, and yes it has been going on for quite some time, and it’s probably a non Five-Eyes Nation State or larger trying to redress the actual geolocation and historical advantages the Five-Eyes have.

It’s a lengthy explanation so rather than repeate it here,

https://www.schneier.com/blog/archives/2021/12/friday-squid-blogging-squeeze-the-squid.html/#comment-395568

Clive Robinson December 7, 2021 9:01 AM

@ ALL,

As it’s mote than a decade and a half ago, and ICTsec as an industry has a lousy memory for even “living history”

If people are doubtful about the power of “Choke Points”, have a look back at the shock that the revelation of “AT&T Room 641A” known internally as “The Study Group Three(SG3) secure room” caused,

https://en.m.wikipedia.org/wiki/Room_641A

It is still very unclear nearly twenty years later who knew what within AT&T and even if they are still around. Similar can be said for the UK BT and Securicor companies. Oh and don’t get people started on Australia it’s said that “every roo hop, is seen” by some who work in their telco industry.

Ted December 7, 2021 9:17 AM

Nesenu has blogged pretty extensively about this. This excerpt was from 2019 and he’s done more posting since then.

The open mode of operation was fine until probably somewhere around 2017 but after that so much non-attributable guard capacity was added that it no longer appeared like a natural growth. Two and a half years ago Roger Dingledine gave a talk at DEFCON 25 where he mentions that he knows 2/3 of the Tor network by capacity. This was probably somewhat true back then but the Tor network changed significantly since then.

https://nusenu.medium.com/the-growing-problem-of-malicious-relays-on-the-tor-network-2f14198af548

A link to the talk is in the blog post, plus other research.

Ted December 7, 2021 9:20 AM

Also from that post:

In April 2018 a Tor core member — the most active Tor Project person on that closed mailing list — made an attempt to initiate a “do not do” relay requirements list to improve and streamline the handling of malicious Tor relay reports. (I’m not mentioning his name since he does not want to be publicly associated with bad-relays handling for safety reasons.)

Peter A. December 7, 2021 9:40 AM

One problem with the exit nodes is that their owners/operators/hosts/ISPs get all the heat from various entities opposing people pseudo-anonymously accessing less-than-innocent sites via TOR. All that takedown notices, threats, law enforcement actions etc. Few have balls of steel to keep doing that “in the name of the community”, so exit nodes will always be scarce. It is much less problematic to run the middle nodes.

Winter December 7, 2021 9:44 AM

@Peter A
“All that takedown notices, threats, law enforcement actions etc.”

I have run an exit node for some time (months, not years) a long time ago. I stopped because I could not access services anymore (e.g., Skype) that I really needed. My IP address was consistently blocked as a Tor node.

Jasmine December 7, 2021 10:22 AM

@Winter

I have run an exit node for some time (months, not years) a long time ago. I stopped because I could not access services anymore (e.g., Skype) that I really needed. My IP address was consistently blocked as a Tor node.

A common recommendation is to run it from a separate IP. It’s easy if you’re running an IPv6-only exit, whereas not all ISPs give multiple IPv4 addresses. I used to have a cable ISP that gave up to 3 (dynamic, but they rarely changed); and my current DSL provider offers a static IP, while still giving a (wildly) dynamic PPP-level one, so that’s two.

I assume this is one reason so many nodes are in datacenters rather than homes.

I’m kind of wondering whether incidents like this are just meant to scare people away from Tor. Creating FUD doesn’t even require a successful technical attack. We’ve already seen some people suggest avoiding it… but what’s the alternative? Just use nothing and get watched for sure? Use your credit card to pay for a VPN (which, as a group, seem a lot shadier than Tor)? I don’t know another good way to access schneier.com, for example, without Bruce(‘s provider) or my ISP seeing. Even random WIFI gives away my rough home location unless I’m going to drive for hours.

Winter December 7, 2021 11:14 AM

@jasmine
“I’m kind of wondering whether incidents like this are just meant to scare people away from Tor. ”

Obviously, but as the personal information is the income of the service providers, they also do not want to give away their services for free.

Bear December 7, 2021 2:51 PM

When I reviewed Tor, my immediate thought was “this would work if people didn’t want it to work instantly.” HTTP – and especially the kind of pages people have actually built – is just horrible for anything with sufficient latency to make traffic analysis even a little bit hard.

Want to visit a well-known commercial site? Your machine is going to have to toss a sequence of hundreds of messages to that site, and get hundreds of responses, to get all the elements it needs to display what’s there. There’ll be stacks twenty messages deep that have to be linear, where the server won’t send you the next request until it sees your response to the current one.

All of that is a plethora of highly correlated traffic. All those messages and the replies to them have known characteristics: length, sequence, timing, are all highly repeatable. If that plethora of messages comes from (and goes to) an edge node, then it’s tremendously obvious from the POV of the interior node what page someone is accessing. If it goes from (and to) an entry node, it is obvious from the POV of an interior node which entry node the user accessing it is behind. And if each message hop takes the ten or fifteen seconds you’d need to mix the traffic in a way that would be a little bit hard to solve, you’re not going to see that webpage until sometime tomorrow.

It’s just … not tenable. It can provide privacy on the same level as paying cash when you buy a dirty magazine and some hand lotion, or locking your house with a wooden door that someone could break without stopping.

It’s a tool. It can be part of good OpSec. But you can’t use it to cover high-value targets.

And it looks like someone is doing their best to pry it open.

Bear

Impossibly Stupid December 7, 2021 4:14 PM

@Winter

My IP address was consistently blocked as a Tor node.

It’s probably more correct to say it was blocked for consistently malicious activity. I’ve seen plenty of exit nodes get dropped into my firewall for their behavior, but the only reason I knew they were Tor is because the subnet was specifically labeled as being Tor.

@Jasmine

A common recommendation is to run it from a separate IP. It’s easy if you’re running an IPv6-only exit, whereas not all ISPs give multiple IPv4 addresses.

This is poor advice. IP addresses don’t exist in isolation, and anybody with a thoughtful approach to security is going to blacklist hostile networks rather than playing wack-a-mole with individual hosts. Nobody should be under the illusion that using multiple addresses (v4 or v6) from the same ISP is going to safeguard your non-Tor traffic. You are known by the company you keep, and Tor makes it easier to be in the neighborhood of hostile traffic.

I don’t know another good way to access schneier.com, for example, without Bruce(‘s provider) or my ISP seeing.

A number of protocols could be used, but you’d really have to get Bruce to buy into one to make it work well. I’m reminded of things like Usenet, where messages got shared/broadcast throughout the network by default. Sadly, the web has moved us away from those kinds of distributed systems. There are plenty of peer-to-peer networks that could be leveraged to work similarly, or layers put on top of HTTP that allowed content to be served by any number of anonymous/independent proxies. Until the needs of content providers are taken into account, though, things like Tor are non-starters due to their use by bad actors.

SpaceLifeForm December 7, 2021 5:46 PM

@ ResearcherZero

Great Firewall of Russia?

Those in Russia that have been using Tor may want to lay low for a day or two.

It may have had to do with Biden ‘splaining to Lucy (Putin) today.

No.name December 7, 2021 10:19 PM

@Clive

Speaking of chokepoints. Every time subsea data makes landfall it is a potential point of compromise.

QUESTION: what happens to encrypted data when it makes landfall in a country than bans encryption and/or where encryption is not allowed to be exported to? Or stated another way, can encrypted data remain encrypted when it makes landfall in a country that bans it, even though that country is not the final destination? Encryption is banned throughout Asia.

Follow all of the different cables from the US (both coasts) to Southern Asia and see how many times and where the data makes landfall. https://www.submarinecablemap.com

Could someone be hijacking TOR to steal crypto? Is this like an Ocean’s 11 caper? 75% of the Crypto is supposedly mined in 1 country.

JonKnowsNothing December 8, 2021 12:36 AM

@ No.name, @Clive

re: what happens to encrypted data when it makes landfall in a country than bans

Clive may have better info but afaik it’s hoovered up just the same and sent to an equivalent of Bluffdale for their supercomputers to dine on. (1)

Any traffic directed internally would be intercepted before delivery or smudged with honey if the destination was of interest. Otherwise it would be Dead Air 404.

Routing folks in charge of knowing what’s what and who gets stuff and who doesn’t get stuff should set their routes to avoid the Dead Air sites.
Traffic Routing tables all along the pathway know where the packet is headed.
There is probably a percentage of failures for that.

Additionally different types of packets travel along differing routes like SWIFT network. So the wrong packet type would be dropped if it crossed over.

It’s like traveling to an area Not On An Official Itinerary. You have to go around the long way because you can’t get there from here. Plus if you are successful at straight line travel, all sorts of bother happens when you return or attempt to return.

===

1) iirc(badly) The NSA stores all encrypted data on the presumption that someday their supercomputer(s) will be able to unravel it. They are in it for the long haul and years, decades, centuries are all planned for.

Clive Robinson December 8, 2021 1:46 AM

@ No.name, JonKnowsNothing,

QUESTION: what happens to encrypted data when it makes landfall in a country than bans encryption and/or where encryption is not allowed to be exported to?

Your question actually does not make sense even though it would appear to do so.

No I’m not trying to be rude or clever at anyones expense it’s a genuine problem caused by inherently making an asumption an axiom, when it should not be so, and it often shows up as a legal minefield.

Your assumption is that the point of view at the transmission end of the information channel, is the same as at the reception end of the channel. That can easily be shown to be false as information theory and in fact in practical reality they are fully independent of each other.

What “you say” is X at the transmission end, “I see” as Y at the reception end. If they were not different views no information could be transferred covertly (sounds nutty but is true for various reasons).

So you say “encrypted” and I say “unintelligible” which might or might not be “encrypted” or “plaintext” because I have no context to make a judgment by.

But importantly you can say “encrypted” and I say “intelligible”

That is you can take advantage of redundancy at some level within the message to conceal information not just in plaintext by stenography but by actual unbreakable encryption that can not be distinquished from plaintext because I at the receiving end do not have the context to be able to say.

For instance “Hi, how are you?” and “Hello, I hope you are well?” are both fully inteligable and thus to the reciever are “probably” not encrypted.

However it’s easy to see that there could be a two bit covert channel with one bit being Hi/Hello salutation and the other being the health question in two different forms.

Without the proper context or messages in depth you can not say if there is a covert channel as the observer at the reciving end of the channel.

If you at the transmission end alwaysed used Hi=0 and Hello=1 eventually with enough messages a bias would show that could be correlated to discernable events and the context discovered.

If however I encrypted the two bits first then the correlation with discernable events would at best be difficult, to impossible if a correctly used One Time Pad is used.

So the actions of the person receiving any context less message is based on their perception of the message not their knowledge.

So the answer to your implied question is based not on the laws, regulations, or rules, the operator at the receiving end of the channel may operate under, but,

1, What impression your message gives the operator.
2, What sanctions the operators senior might apply to them for getting it wrong.

That is actually the case when ever you send a message across a border.

SpaceLifeForm December 8, 2021 3:20 AM

@ Bear

You get it.

Now, add some servers, that serve really dumb Random sized homepages. Allegedly. Spread them all around the world, like Covid. Call them Allegedly Web Servers.

Next, add some bots, spread all around, that periodically, at Random rates, connect via Tor, via Randomly selected Tor paths to the Allegedly Web Servers.

Combine with already controlled Tor nodes.

Do not even need a human actually visiting a website.

The servers, the bots, and the controlled Tor nodes can all be in coordination. Certainly via a non-Tor channel.

Under this design, it appears to me, that all of the Tor nodes not involved in this exercise, will be easily identified.

SpaceLifeForm December 8, 2021 5:28 AM

@ No.name

QUESTION: what happens to encrypted data when it makes landfall in a country than bans encryption and/or where encryption is not allowed to be exported to?

Wrong question.

Look at it from other angles.

How does one know that the data actually made landfall?

How does one know that the data was not corrupted during transit?

How does one know that the data is actually ‘encrypted data’?

Oh, it looks Random, so it must be encrypted.

Base64 encoded data can appear Random, therefore must be encrypted. Just ask Governor F12 Right Click.

The bag-of-bits (encrypted or not, corrupted or not), only has meaning to the intended recipient. And only if the intended recipient ever sees it.

If there is a filter at landfall, that attempts to block encrypted data, it will fail. There is no way the filter can truly decide.

wiredog December 8, 2021 5:42 AM

Seems that a lot of people have forgotten, or never knew, that Tor started as a US government project.

Peter A. December 8, 2021 8:13 AM

@SpaceLifeForm, @ALL

It is true it’s not possible to identify and block all encryption.

However, the “landing country” can still outlaw or cripple encryption within its borders, making most services run by entities within that country either obviously insecure or worse – vulnerable to ones that know how they are crippled. It can also block known and widely used encrypted services e.g. by blocking well-known ports of services that use TLS or other form of encryption, or use stateful packet inspection to either block or strip out TLS from protocols that start unencrypted and upgrade later.

One example from the past: I have had a .net domain registered at a small registrar, which lost its accreditation. ICANN used its process of selecting a successor and somehow it has chosen a Taiwanese company. I got an email from my new registrar; at first I thought it was a scum, but after checking at ICANN website it turned out to be legitimate. I proceeded to set up account at the new company – and to my dismay it did not offer HTTPS at all! I selected another registrar and transferred my domain as soon as I could, with my heart in my mouth, as both my password at the Taiwanese registrar and the transfer code for my domain were flying in the clear.

Ted December 8, 2021 9:38 AM

@wiredog

Seems that a lot of people have forgotten, or never knew, that Tor started as a US government project.

But where is it now?

A co-founder of the Tor Project – Roger Dingledine – hosts a discussion on “PrivChat #5 – Protection against Pegasus”

https://m.youtube.com/watch?v=4ovmcZtaacY

In this edition of PrivChat, join Likhita and Etienne Maynier of Amnesty International and John Scott Railton of Citizen Lab to discuss:

  • What can individuals, journalists, activists, and human rights defenders can do to protect themselves against sophisticated spyware?
  • What kind of organizations can we support to help stop this abuse?
  • Who is working on safer, more private software that we can trust?

MikeA December 8, 2021 10:52 AM

In Re: speculation on the identity of Clive.

Recently someone suggested that “Clive” is “Bruce, talking to himself”.
More recently, Clive suggests that steganography (aka “stenography”) can be useful in cross-border comms.

Put those together and shake well. I have been assuming the Clive (frequently) uses speech-to-text, while as far as we know, the entity known as Bruce either does not, or has some sort of unicorn application where speech to text actually works.

Is it possible that “Clive” is simply providing a very low bandwidth tunnel for something even more interesting than his(?) normal insights?

Clive Robinson December 8, 2021 11:16 AM

@ Ted, wiredog, ALL,

Who is working on safer, more private software that we can trust?

The short answer is “no one”.

The longer reason why this is so goes into a fundemental set of issues,

1, For encryption to work you need,
1.1, A context.
1.2, A system.
1.3, A root of trust.

2, You can by use of the “equi-probable issue, deny an observer proof of encryption even if “they know the system”. Even with full betrayal by one of the communicating parties.

The second point sounds like fantasy, but it’s not as I’ve indicated before. If two parties have a “context” and the first party takes care to manage it correctly (which is difficult). You can build a “system” around “equi-probable” that makes full betrayal by the second party to a third party “plausably deniable” by the first party. This is because the only “proof” would be the second parties word against themselves.

You can build such a system, I’ve described how to do a basic one on this blog a couple of times in the past. The two issues that make operation “to difficult” for most lazy humans is 1.1 “Context” and 1.3 “root of trust” in both cases causes “managment issues” of a complexity few wish to deal with, even when the very lives of them and their loved ones depend on it.

As long as humans can not manage complexity they can not have that all important “Privacy”.

The “Nation states” relys on “lazy, careless humans” who can not or will not “manage complexity”, and the industrial approach the Nation State takes of “Collect it all” that gives them a “virtual time machine” to look backwards in time for any one of a thousand tiny mistakes that they can then open to full blown cracks, one way or another.

It’s this that realy needs to be addressed and because every one thinks “it’s too hard” nobody bothers trying…

If you doubt me look at “root of trust” managment systems currently around or being developed. All of them give “proof of enctyption” against the first party to a third party by second party betrayal…

JonKnowsNothing December 8, 2021 11:25 AM

@ Peter A. , @SpaceLifeForm, @ALL

re:
Q: How does one know that the data actually made landfall?

Peter: The “landing country” can still outlaw or cripple encryption within its borders, making most services run by entities within that country either obviously insecure or worse – vulnerable to ones that know how they are crippled. It can also block known and widely used encrypted services …

Countries also know who has a router and internet connection. They may not know who has a satellite connection. However, not that long ago it was revealed that the NSA had hooks into most (if not all) commercial communications satellites and was happily hoovering up the data from them.

There are 2 parts of how the comm can stop:

1) How do they know it’s encrypted?

Because the packet and data portion are not using their official approved methods that allow them to peer into the contents.

2) How can they stop a packet from reaching a destination

They don’t allow external connections or connections to prohibited sites. They can pull the plug.

The undersea cables that connect the continents have landing zones that are friendly to the cable owners. The cables are tapped and hoovered of course. They have to be replaced/repaired often. The landing zones often have a cooperative agreement with 5EY for easy hoovering access. Other agencies may have similar arrangements.

The US doesn’t have a direct public cable to Cuba anymore or NK. They go the long way around. Data arriving between those zones may or may not arrive at their destination in the same condition they were sent.

Brazil was building a their own cable to Afrika because their data was being interfered with when it made landfall in Miami, before being pushed along.

iirc(badly) AU was shuttling some of their stuff to an Asian country because that location had fewer data protection laws and a very good relationship was established with the 5EY.

===

h ttp s://en.wi kipedia.o rg/wiki/List_of_international_submarine_communications_cables

Winter December 8, 2021 12:32 PM

@Clive
“As long as humans can not manage complexity they can not have that all important “Privacy”.”

Can you have both privacy and anonymity at the same time?

First of all, all humans are imperfect and make errors. Also, all humans have limited time and capacities. Any systems that require (near) perfect execution will fail. Blaming lazy humans is blaming the victim.

If the bad guys suspect you, even perfect opsec will not save you (aka rubber hose cryptanalysis). Also, Vlad the Poisoner or his equivalent in other countries will simply “neutralize” you if you enter their view.

If you are visible, you need allies that protect you. Compare the fate of Snowden with that of Assange.

Remains keeping our of view, ie, anonymous. Evolutionary the best solution is to hide in the flock, or schoal of fish. Switch identify on a per action basis. Never communicate twice from the same location or the same device.

Will that work? Probably not.

Clive Robinson December 8, 2021 1:17 PM

@ MikeA, ALL,

… while as far as we know, the entity known as Bruce either does not, or has some sort of unicorn application where speech to text actually works.

Wouldn’t that be a “Dragon Application” 😉

P.S. For those that do not have to get into “disability interfacing” have a look at,

https://en.wikipedia.org/wiki/Dragon_NaturallySpeaking

I guess the fact I’m known to make a lot of jokes and puns on this blog, is either realy realy good Hard AI or tentative proof I might be a human intelligence…

Clive Robinson December 8, 2021 1:43 PM

@ Winter,

Can you have both privacy and anonymity at the same time?

Depends on the context, but yes you can even with communications made in public places or ways[1]. As one of my hats is being a communications engineer I kind of do a lot of it…

Any “plaintext code” that is only used once can be shown as having the same security proof as the One Time Pad. That is the “message meaning” is equiprobable in the “set of all messages”.

Obviously being an anonymous recipient of a “Radio Broadcast” is within reason relatively simple, that’s why “Numbers Stations” exist.

The question of being an anonymous originator of a broadcast message is some what more vexed these days but in times past the sending of a telegram was easily done anonymously, as was putting a “personal column” advert in a daily news paper. In fact Charles Babbage and a group of friends were known to get entertainment out of not just breaking amateur codes and ciphers used in personal columns but actually puting in fake messages of their own just to cause confusion to the anonymous people trying to converse privately.

[1] Back in WWII the BBC used to “Broadcast into Occupied Europe” and used to have “And now some messages for our friends…” That were “One Time Phrases” unique to an individual or group.

ResearcherZero December 8, 2021 4:54 PM

Russia is further cracking down on Tor.

if the censorship pattern that we’re analyzing in some Russian internet providers is to be deployed country-wide, we will need many more bridges to keep Russians online. Thanks to researchers, we’ve learned that the default bridges available in Tor Browser aren’t working in some places in Russia – this includes Snowflake bridges and obfs4 bridges obtained dynamically using Moat. Russian users need to follow our guide to use bridges that are not blocked.
https://blog.torproject.org/tor-censorship-in-russia/

Tor blocked in Russia: how to circumvent censorship
https://forum.torproject.net/t/tor-blocked-in-russia-how-to-circumvent-censorship/982

To those willing to try circumvention methods, it is suggested that you start by securing your anonymity in any technical means possible, as the state may soon escalate the enforcement of the censorship by detecting its violators.

https://tor.eff.org/

MarkH December 8, 2021 9:22 PM

@MikeA:

Good try, but the Clive that can be identified is not the Eternal Clive.

If one asks about Clive and another answers, neither of them knows him.

Verbal dialectic cannot encompass Clive’s writings in their entirety.

To let understanding stop at what cannot be understood is a great attainment; those who cannot do so will be destroyed on the Lathe of Heaven.

JonKnowsNothing December 9, 2021 12:12 AM

@ lurker

re: Forty years ago, was that? At least one of the 5eye has pulled out of that game:

Actually I was thinking of the 2014 documentary video from Der Spiegel Chokepoint about the infiltration of satellite communications system companies located in Germany.

2014 didn’t seem so long ago… Tempus fugit…

skordopsomo December 9, 2021 5:12 AM

@MikeA

I have been assuming the Clive (frequently) uses speech-to-text

It looks that way. His spelling mistakes tend to be similar to

“All starter dishes are served with garlic breath”

found many years ago on the menu of a Greek taverna overlooking Souda Bay, Crete.

OTOH, a TTS system producing ‘compleat’ for ‘complete’ or ‘hower’ for ‘hour’ looks rather primitive. It should be easy to avoid that sort of mistakes.

Turmeric December 9, 2021 8:00 AM

Do we all really think that the US Gov would ever let unbiased encryption be used without them being able to break it in short order.

If IRAN,NK,USSR,CHINA have their own Sats, Fiber, Encryption and layed routes, the points of landfall still need to be made accessible for real regular biz transactions, thus trying to fight it with their own home made this and that, becomes abhorrently expensive and a waste of money.

They might just as well use the regular routes and have those receiving, physically have a decoding technique that is portable and one time.

Does anyone remember Cottrell and the ancient 1995 company he built and then was eventually bought by ,guess who!

In the Spy V Spy biz, will there ever truly be a totally unbreakable medium that has 100% assurity that only those in the know are the only ones?

Andy December 9, 2021 11:48 AM

Maybe Tor should be seen as a western govt maintained communication network for western backed subversives and other agents operating in adversary countries with authoritarian regimes?
I remember reading that the Hidden service directory servers (HSDirs) can cost thousands per year just to run. Who has such money, and who is so unconcerned about the risks, beyond universities, researchers and the obvious?

Certain encrypted email providers still urge investigative journalists in the west to use the Tor browser but that seems like terrible advice.

nobody December 9, 2021 3:50 PM

@Jasmine re: paying for alternatives – it is still possible to pay for many services anonymously. For many years I have purchased money cards of various kinds at Walmart for cash, and used those cards directly or through third parties (e.g. Paygarden) to purchase pay-as-you-go phones, VPN services, etc. It is true that one must register those cards, but that is done wasily enough with an anonymous free email servive set up with bogus information. I’ve not yet done any of this using blockchain crypo payments, but that might be even easier.

nobody December 9, 2021 3:54 PM

@Clive re AT&T secret room & other telecom-aided government snooping – wasn’t our good host rather heavily involved with BT at around the relevant period you mentioned?

nobody December 9, 2021 3:56 PM

@may re: typos – mine are honest bad keyboarding, not middling-good covert AI, I assume the same is true for Clive…

Clive Robinson December 9, 2021 7:02 PM

@ nobody,

wasn’t our good host rather heavily involved with BT at around the relevant period you mentioned?

Our host sold his company to BT, who offered him a job. As far as I’m aware our host had very little to do with most of the games BT was upto one way or another. I’m also fairly certain that most of BT managment had absolutly no idea either about some of shall we say the more interesting games.

Which is my point, if an organisation is large enough nobody has familiarity with even a small part of it.

Remember the IBM PC was a “skunkworks project” that next to nobody knew anything about. That sort of hidden development is endemic in the telecommunications industry. Most employees know that “research projects” are kept secret for good and proper reasons (non US Patent systems have rules about disclosure invalidating an application). Likrwise NDA rules etc. Such things that have a “duty of care” provide very good cover for other activities…

As I said I caught Mossad out trying to shelter under IBM’s logo because they did something odd in a dumb sort of way. Ordinarily they would have got away with it without anyone knowing because over 99% of people would not have spotted the “odd” or if they had, not have cared sufficiently to take note of it. Nor follow it up in the right way to see the “dumb” and confirm it with the right people.

The same sort of “dumb” was why on 19 January 2010 an electronic look failed to be reprogramed correctly.

Jon December 9, 2021 7:25 PM

There is a crowd-sourced solution to all this:

Throw around vast quantities of random crap. They’re welcome to waste their time trying to decode nonsense.

J.

blip December 10, 2021 5:37 PM

@ ResearcherZero – December 7, 2021 2:34 PM

torproject.org domain is officially blocked in Russia

https://onion.torproject.org/

On that page, for our Russian (and other) friends, are Tor .onion hidden services. A non-Russian can pass those from that page to the Russian. (because I’m not posting a ton of links here when someone else may assist the Russian)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.