All the recent dark net arrests seem to be pretty vague on how the big bad was caught (except the IM admin’s silly opsec errors) In the article they say he clicked on a honeypot link, but how was his ip or any other identifier identified, why didnt tor protect him.
Obviously this guy in question was a pedophile and an active danger, but recently in my country a state passed a law that can get you arrested if you post anything the government doesnt like, so these tools are important and need to be bulletproof.
He most likely had bad OPSEC.
Secondly, he took this imagery he had created and then “turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see.” In other words, he created fake AI CSAM—but using imagery of real kids.
This probably didn’t help much either.
The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera “tried to access a link containing apparent CSAM.” Presumably, this “apparent” CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it.
It looks like a combination of bad opsec and clicking on a download link.
I know there has been some back and forth whether it’s good to use a VPN with tor and feel like this is just going to open up that conversation again.
I’ve been looking into this myself recently and it’s definitely an interesting conversation.
It might depend on the VPN provider. If it’s someone like Google, no way.
But Mullivad that has a proven track record of not keeping logs, that might be worth it.
I’ve also heard tor over i2p but don’t know enough about the latter to have an opinion
Bad opsec and illusion of anonymity will likely render all the extra steps null, most likely. Case in point, we’ve been reminding people not to torrent through Tor for years.
There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it’s network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.
Going further, don’t deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.
Just some thoughts. Not sure any of this was applicable to the case.
There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.
Mullvad is pretty good in this regard by forcing you to use their DNS. Though of course, you have to trust them.
Does Tor have no protection against such a simple attack? I always thought any clearnet address i type in the browser (along with the dns query) hops 3 times.
The Tor network cannot protect against that, because the attack circumvents it. Certain tools, like the Tor browser, do have protection against it (as much as they can) when you use them correctly, but they cannot keep users from inadvertently opening a link in some other tool. Nor can they protect against other software on a user’s device, like a spyware keyboard or the OS provider working with law enforcement.
It’s unlikely that the Tor browser is configured as the default browser, so when you click the link, it will open in something else
This question gets asked every year and every time it turns out to be an OPSEC mistake instead
And hopefully will continue to be asked, because one day it may not be poor OPSEC.
Hopefully it will be asked by the very smart people who actually develop TOR, and not just paranoid Internet randos like OP.
Honestly i believe there is no point in speculating whether there are backdoors installed in popular privacy and encryption apps; for all we know, the powers that are may already have a digital fortress’esque quantum computer decrypting everything from your signal messages to onion sites in a matter of seconds.
I think(my personal headcanon) that there probably was a Manhattan project like top secret research project that has yielded some very fruitful results, now i guess we have to just wait for some whistleblower or a disgruntled employee to feed it a file that blows it up.
Well OPSEC is the stated cause. Who knows how the person was initially identified and tracked. For all we know he was quickly identified through some sort of Tor backdoor that the feds have figured out, but they used that to watch for an unrelated OPSEC mistake they could take advantage of. That way the Tor backdoor remains protected.
Compromised ? Maybe, but this guy doesn’t provide any evidence one way or the other. He’s using at least 7 other possible vectors (apparently Calculator Photo Vault just hides the gallery, no encryption, so it’s over right there) which is way too many for good opsec.
With Tor the question has always been compromised exit nodes as I understand it.
In that article they provide a list of steps to follow to be safer on Tor. Is that a good list or is there anything else one can do to maintain their privacy?
Tor cant save you from bad opsec.
