Silk Road bust unmasks our misconceptions on anonymity

Oct 09, 2013 by Catherine Flick, The Conversation
You’re going to have to try a bit harder if you want to be really anonymous. Credit: moirabot

The US National Security Agency and the UK's GCHQ have upped the stakes in the battle for internet privacy by targeting users of Tor.

Not only have the NSA documents leaked by Edward Snowden up until this point given us a window into secretive US and UK government activities but they have raised some serious concerns for everyday users. Widespread surveillance of internet and phone use, including email, video, and voice-over-IP systems has led to a remarkable increase in the number people turning to the open-source Tor Project, an anonymising network service that has been used to enable private internet use for over a decade.

How Tor works

Tor is most popularly used through its packaged Tor Browser Bundle, which runs a customised version of Mozilla Firefox along with its own software that sets up the Tor connections for the user. Users are then able to reasonably easily anonymise their internet use – though there are some drawbacks, including slow speeds.

Tor works by bouncing a connection through several routers in the network, obfuscating the origin of the connection along the way. The net result is that the end server doesn't know where a request is coming from and the message is encrypted until it leaves the Tor network. Theoretically, that means that adversaries are not able to monitor the connection. The user is technically anonymised by the software, with only a minimal amount of information (the fact the user is using the Tor Browser) "leaked" along the way for snoopers to pick up.

Within the Tor network alternatives to public internet services exist. These "hidden services" include email, forums and chat channels and can be used without requiring the user to reveal any information about themselves. The flip side of the hidden services capability of Tor is that it can allow for some less than savoury activities to be carried out anonymously. One such example was the Silk Road – a forum which was used to buy and sell drugs.

Silk Road has been called the worst-kept secret in hidden services. It's probably not surprising, then, that worldwide law enforcement were interested in, at the very least, breaking it up, if not also arresting those responsible for aiding drug sales. And last week, that's precisely what happened.

Two types of anonymity

Alleged founder Ross Ulbricht was arrested and charged with carrying out various conspiracies under the Princess Bride-inspired pseudonym The Dread Pirate Roberts. The charges levelled against him range from narcotics trafficking, computer hacking and money laundering to soliciting murder. It is probably no surprise, either, that the FBI has also gained access to the content of the Silk Road database, including mailing addresses and other potentially identifying information about those involved in the system.

How the FBI located the Silk Road servers is still uncertain. But what has become clear is that Ulbricht had become complacent about his identity anonymity – the very type of anonymity that Tor does not protect. Even the most secure anonymising service cannot prevent a user saying precisely who they are through it. And you don't even have to be this obvious – profiles can be built of users who leak out tiny pieces of information about themselves over a long period of time, or correlated with public internet use. Ulbricht, for example, posted to public internet websites using an email address linked to his real name. Another user has been charged after apparently being traced through return addresses when posting drugs.

The important message in all of these revelations is that all the technical wizardry in the world can't save you from yourself. The Silk Road bust and subsequent arrests; the taking down of various other hidden services through a major malware attack perpetrated by the FBI that occurred last month taking with it Freedom Hosting and its child abuse image sites: it all shows that despite the superior technical anonymity provided by the Tor Project (zero-day vulnerabilities aside), nothing technical can prevent complacent users from giving their own information away.

If you want to remain truly anonymous, you must constantly assume that someone is watching exactly what (and when) you're writing, and take appropriate measures. As we saw with Lavabit, governments have the ability to pressure companies to provide them with "back doors" into their otherwise secure environments. This is where identity anonymity comes in. It is not enough to simply use a secure service – you have to assume that the information you send through it may eventually be traced through some means back to oneself.

This scenario has implications not just for those small minorities of users wishing to trade drugs or child abuse images, but has huge implications for whistleblowers like Edward Snowden (who used Lavabit), journalists, people in oppressed countries wishing to speak out or organise against their governments, and many other legitimate uses of such technologies – and even for those who just wish to carry out everyday activities with proper privacy from snooping government agencies.

The increase in use of Tor after the NSA revelations shows that these everyday are on the rise – it's important for them to be educated in both technical and identity anonymity so they know the risks. Perhaps this is impossible though – humans are naturally social creatures who enjoy sharing about themselves to feel part of a community. Our very nature makes being truly anonymous a monumental task.

Explore further: Tor and Bitcoin promise online stealth

add to favorites email to friend print save as pdf

Related Stories

Tor and Bitcoin promise online stealth

Oct 02, 2013

The Silk Road website that was shut down by US authorities, who branded it a black market for drugs and other illicit wares, relied on Tor and Bitcoins to protect the anonymity of users. ...

Police arrest 8 in international Silk Road busts (Update)

Oct 08, 2013

Authorities in Britain, Sweden, and the United States have arrested eight more people following last week's closure of Silk Road, a notorious black market website which helped dealers to sell drugs under the cloak of anonymity, ...

Next question: can the NSA crack Tor keys?

Sep 09, 2013

(Phys.org) —"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH [DH refers ...

Recommended for you

White House updating online privacy policy

1 hour ago

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Net neutrality balancing act

20 hours ago

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Twitter rules out Turkey office amid tax row

Apr 16, 2014

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

Apr 16, 2014

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Venture investments jump to $9.5B in 1Q

Funding for U.S. startup companies soared 57 percent in the first quarter to a level not seen since 2001, as venture capitalists piled more money into an increasing number of deals, according to a report due out Friday.

White House updating online privacy policy

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Leeches help save woman's ear after pit bull mauling

(HealthDay)—A pit bull attack in July 2013 left a 19-year-old woman with her left ear ripped from her head, leaving an open wound. After preserving the ear, the surgical team started with a reconnection ...

Scientists tether lionfish to Cayman reefs

Research done by U.S. scientists in the Cayman Islands suggests that native predators can be trained to gobble up invasive lionfish that colonize regional reefs and voraciously prey on juvenile marine creatures.