Silk Road bust unmasks our misconceptions on anonymity

Oct 09, 2013 by Catherine Flick, The Conversation
You’re going to have to try a bit harder if you want to be really anonymous. Credit: moirabot

The US National Security Agency and the UK's GCHQ have upped the stakes in the battle for internet privacy by targeting users of Tor.

Not only have the NSA documents leaked by Edward Snowden up until this point given us a window into secretive US and UK government activities but they have raised some serious concerns for everyday users. Widespread surveillance of internet and phone use, including email, video, and voice-over-IP systems has led to a remarkable increase in the number people turning to the open-source Tor Project, an anonymising network service that has been used to enable private internet use for over a decade.

How Tor works

Tor is most popularly used through its packaged Tor Browser Bundle, which runs a customised version of Mozilla Firefox along with its own software that sets up the Tor connections for the user. Users are then able to reasonably easily anonymise their internet use – though there are some drawbacks, including slow speeds.

Tor works by bouncing a connection through several routers in the network, obfuscating the origin of the connection along the way. The net result is that the end server doesn't know where a request is coming from and the message is encrypted until it leaves the Tor network. Theoretically, that means that adversaries are not able to monitor the connection. The user is technically anonymised by the software, with only a minimal amount of information (the fact the user is using the Tor Browser) "leaked" along the way for snoopers to pick up.

Within the Tor network alternatives to public internet services exist. These "hidden services" include email, forums and chat channels and can be used without requiring the user to reveal any information about themselves. The flip side of the hidden services capability of Tor is that it can allow for some less than savoury activities to be carried out anonymously. One such example was the Silk Road – a forum which was used to buy and sell drugs.

Silk Road has been called the worst-kept secret in hidden services. It's probably not surprising, then, that worldwide law enforcement were interested in, at the very least, breaking it up, if not also arresting those responsible for aiding drug sales. And last week, that's precisely what happened.

Two types of anonymity

Alleged founder Ross Ulbricht was arrested and charged with carrying out various conspiracies under the Princess Bride-inspired pseudonym The Dread Pirate Roberts. The charges levelled against him range from narcotics trafficking, computer hacking and money laundering to soliciting murder. It is probably no surprise, either, that the FBI has also gained access to the content of the Silk Road database, including mailing addresses and other potentially identifying information about those involved in the system.

How the FBI located the Silk Road servers is still uncertain. But what has become clear is that Ulbricht had become complacent about his identity anonymity – the very type of anonymity that Tor does not protect. Even the most secure anonymising service cannot prevent a user saying precisely who they are through it. And you don't even have to be this obvious – profiles can be built of users who leak out tiny pieces of information about themselves over a long period of time, or correlated with public internet use. Ulbricht, for example, posted to public internet websites using an email address linked to his real name. Another user has been charged after apparently being traced through return addresses when posting drugs.

The important message in all of these revelations is that all the technical wizardry in the world can't save you from yourself. The Silk Road bust and subsequent arrests; the taking down of various other hidden services through a major malware attack perpetrated by the FBI that occurred last month taking with it Freedom Hosting and its child abuse image sites: it all shows that despite the superior technical anonymity provided by the Tor Project (zero-day vulnerabilities aside), nothing technical can prevent complacent users from giving their own information away.

If you want to remain truly anonymous, you must constantly assume that someone is watching exactly what (and when) you're writing, and take appropriate measures. As we saw with Lavabit, governments have the ability to pressure companies to provide them with "back doors" into their otherwise secure environments. This is where identity anonymity comes in. It is not enough to simply use a secure service – you have to assume that the information you send through it may eventually be traced through some means back to oneself.

This scenario has implications not just for those small minorities of users wishing to trade drugs or child abuse images, but has huge implications for whistleblowers like Edward Snowden (who used Lavabit), journalists, people in oppressed countries wishing to speak out or organise against their governments, and many other legitimate uses of such technologies – and even for those who just wish to carry out everyday activities with proper privacy from snooping government agencies.

The increase in use of Tor after the NSA revelations shows that these everyday are on the rise – it's important for them to be educated in both technical and identity anonymity so they know the risks. Perhaps this is impossible though – humans are naturally social creatures who enjoy sharing about themselves to feel part of a community. Our very nature makes being truly anonymous a monumental task.

Explore further: Tor and Bitcoin promise online stealth

add to favorites email to friend print save as pdf

Related Stories

Tor and Bitcoin promise online stealth

Oct 02, 2013

The Silk Road website that was shut down by US authorities, who branded it a black market for drugs and other illicit wares, relied on Tor and Bitcoins to protect the anonymity of users. ...

Police arrest 8 in international Silk Road busts (Update)

Oct 08, 2013

Authorities in Britain, Sweden, and the United States have arrested eight more people following last week's closure of Silk Road, a notorious black market website which helped dealers to sell drugs under the cloak of anonymity, ...

Next question: can the NSA crack Tor keys?

Sep 09, 2013

(Phys.org) —"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH [DH refers ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0