October 03, 2013

"Silk Road, the underground website where dealers sold illegal drugs, was supposed to be safe."

The Verge "The site was nestled deep in the dark web, accessible only through the anonymizing network Tor. All transactions were done in the anonymizing virtual currency Bitcoin. Its owner-operator, Dread Pirate Roberts, was said to be a criminal mastermind and technical wunderkind who never left a trail. It was all very hackerish and clandestine." by Adrianne Jeffries

'And yet, today the FBI shut down the site and arrested Dread Pirate Roberts. "This is supposed to be some invisible black market bazaar. We made it visible," an FBI spokesperson told Forbes after the bust. "No one is beyond the reach of the FBI. We will find you."

'This was all very alarming for the community of Silk Road users who believed that technology was keeping them safe. Actually, it was alarming for anyone who uses the Tor network for privacy — which includes journalists, activists, and even law enforcement. How could FBI take down a site protected by Tor, the gold standard for anonymity?

'Tor stands for The Onion Router, a reference to its layers of security. Tor has two main functions: one for users, one for website operators. First, Tor protects users who want to mask their activities on the web; connect to Tor, and your data will be bounced around, making random stops, until its true origin is nearly impossible to identify.

'"The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints," according to the nonprofit Tor Project, which leads development on the open source software. Users who bought and sold on the Silk Road were all signed into Tor at the time.

'The second use case for Tor is to protect websites by requiring that all traffic to the site be untraceable. These "hidden services" are only accessible through Tor, creating a second, secret internet that some call the "dark web." These sites are invisible to Google's spiders, and there is no search engine for the dark web. Users must be signed into Tor and must know the exact address of where they're going. In theory, assuming other precautions are taken with the actual software running the server, Tor should protect websites from revealing the location of their servers.

'The FBI managed to locate the server that was hosting Silk Road, however. So does this mean Tor failed?'

more here

No comments: