[Cryptography] The attack that broke the Dark Web—and how Tor plans to fix it
jsd at av8n.com
Fri Dec 4 17:23:00 EST 2015
On 11/02/2015 02:26 AM, Darren Moffat wrote:
> For a public news site in not so sure I see why someone would expect to
> have any privacy
I can think of a dozen reasons why people /should/ want and expect
privacy when browsing public sites. These days shopping for a
pressure cooker can get you into trouble.
> If you need that then you should read in private browsing mode
> over Tor (or equivalent)
That is "supposed" to provide privacy ... but how sure are we that
the Tor network is not a wholly-pwned subsidiary of CMU / FBI / NSA
/ GCHQ / Спецсвязь / 总参三部 / et cetera ???
Here's an interesting article on the subject:
 Kashmir Hill
"The attack that broke the Dark Web—and how Tor plans to fix it"
The basic story has been floating around for a while, but that is
the most detailed account I've seen of how the Tor guys detected
the attack. Among other things, it quotes the Black Hat abstract
that was taken down:
A less-detailed article on the same subject is:
 Andy Greenberg
"Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users"
I doubt the details of that incident will remain secret much longer.
Looking forward: It is reported  that Tor ...
>> now has a set, strict procedure for how to respond when it sees a
>> bunch of servers join its network. It will remove them by default
>> rather than taking a ‘wait and see if they do something weird’
That doesn't impress me. It would be poor tradecraft to repeat
the tactic of inserting a "bunch of servers" into the Tor network
all at once. One must assume that a slightly less oafish M.O.
would be used for subsequent attacks. One wonders whether more
a gradual infiltration would be detected.
More information about the cryptography