In case you haven’t heard yet the FBI Operation Onymous managed to identify darknet site owners. Gizmodo has compiled a list of sites that have been taken down. It appears the FBI was able to infiltrate Tor and identify the operators of several popular darknet sites including the well known silk road 2.0.
According to Gizmodo’s list the 400+ sites were actually pointed to 27 darknets. At least that’s the number they’ve been able to confirm so far. The sites are all accused of illegal activities. The legality of the sites in question isn’t our concern though. It’s whether or not Tor is safe to use if you want to stay anonymous.
From what I’ve read so far it appears that Tor was compromised in some way. It may have been infiltrated by a denial of service attack, SQL injection, backdoor, or any of the other theories being shared. Regardless of the method it seems clear that Tor users have reason to be concerned. Especially those most at risk.
I think the joint Europol FBI operation has made it clear that governments around the world can work together to fight criminal operations that use Tor for anonymity. The part that scares me is how far these and other countries might take the ability to break Tor. What about journalists covering a protest, the activists involved and political dissidents in general.
I’m a fan of any technology that helps people stay secure and anonymous online. With that said I have serious concerns over the future of Tor and whether or not it can be relied on by those who are risking their lives using Tor to keep them anonymous.
What can be done to help make Tor more secure? The Tor project team has shared some ideas in a blog post they published after the recent events. They explain how hard it is to improve the security of hidden services without any funding. They are asking for help in this area as well as reviewing new code.
I would like to personally wish the best to the Tor team. They are in a tough position and I’m sure they have an uphill battle ahead given the shear size and resources of the opposition. Hopefully the public can band together to help them revamp code and make any necessary changes to help secure users anonymity.
Back to the original question. Can activists and journalists trust tour to protect their privacy and anonymity? Given the recent site takedowns and promise of more to come I would err on the side of caution. While the FBI and Europol may be after criminal operations like the silk road 2.0 site now it doesn’t stop other agencies from using the same security holes to find the identities of others using Tor. Hopefully we’ll learn more from the Tor team in the days and weeks to come. Until then I would suggest you seek other means to protect your online privacy.