ah, reputation and trust. my favorite crux ---------- Forwarded message ---------- From: france-info@safe-mail.net <france-info@safe-mail.net> Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk@freehaven.net I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do. Since about 5 years, French services are trying to control the "anonymous" French based services. It includes TOR, and some remailers. About 4 years ago (I don't remember exactly, and I am at home now, I haven't my documents with me), we visited the operator of the remailers FROG and AZERTY. We suspected him to be also the webmaster of the website CAMELEON, but it is another story. We seized his computers, disks of course, etc, and arrested the man. Then we told him "You have a choice between 2 options: You accept to work for us, it means concretely to give us your remailers' keys and to forward the remailer emails to us, or you will go to prison for threat against the national security. Just a few months, the time we check all your computers, make an audit on your disks, etc". After 30 minutes, the guy gave us his remailers' keys, and accepted our offer. He then re-installed his remailers, and all the traffic was sent to us too. I remember that we asked him to NOT send us the garbage that the remailers automatically send! Then our computers processed the messages, using the remailers' keys. Of course we could not decypher all, if Frog/Azerty was :"in the middle" we couldn't do anything. But when these remailers where the first or the last one, it was very very interesting... I don't know now if these remailers are still operated, I am working in another service. About TOR now: I MAY not say all what I know, as the case is currently investigated by our services and I don't want to get into trouble! Just know that France's policy is to NOT allow ANY remailer or anonymous service run from France, UNLESS the French special services can control it. This is a NO exception rule. The only recommendations that I can do to the TOR users, is to NOT use any French-based TOR servers in entry ou exit. People here and there are generally against the US gov and say that he "violates their rights". I don't know a lot about the US gov. But what I know about the French gov, and the instructions our services receive a few times by week, make me sure that the French citizens' rights are perpetually violated, about phone tapping and internet.
On 2006-05-15T08:12:17-0700, coderman wrote:
ah, reputation and trust. my favorite crux
Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.
---------- Forwarded message ---------- From: france-info@safe-mail.net <france-info@safe-mail.net> Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk@freehaven.net
I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do.
-- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants.
Oh...seems the same idea corssed your mind too. That guy's english was also suspiciously good... Either way, it bares further investigation... -TD
From: Justin <justin-cypherpunks@soze.net> To: cypherpunks@jfet.org Subject: Re: Fwd: Some legal trouble with TOR in France Date: Tue, 16 May 2006 03:11:47 +0000
On 2006-05-15T08:12:17-0700, coderman wrote:
ah, reputation and trust. my favorite crux
Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.
---------- Forwarded message ---------- From: france-info@safe-mail.net <france-info@safe-mail.net> Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk@freehaven.net
I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do.
-- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants.
Hey, if you're going to feed the trolls, might as well feed them something interesting... Does it bare investigation, or bear it :-) ? And of course there's no need for government FUD in a cypherpunks environment, since there has always been plenty of volunteer work by the private sector. At 07:05 AM 5/16/2006, Tyler Durden wrote:
Oh...seems the same idea corssed your mind too.
That guy's english was also suspiciously good...
Either way, it bares further investigation...
-TD
From: Justin <justin-cypherpunks@soze.net> To: cypherpunks@jfet.org Subject: Re: Fwd: Some legal trouble with TOR in France Date: Tue, 16 May 2006 03:11:47 +0000
On 2006-05-15T08:12:17-0700, coderman wrote:
ah, reputation and trust. my favorite crux
Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.
As usual, i'm late to the party.
Hey, if you're going to feed the trolls, might as well feed them something interesting... Does it bare investigation, or bear it :-) ?
I vote to bar the quesion. :-/
And of course there's no need for government FUD in a cypherpunks environment, since there has always been plenty of volunteer work by the private sector.
Which is a great intro to a few of the first random thoughts I had while reading this missive from the Sooper Sekrit [French] Gub'mint Agent: How convenient that Frog is the example used, as Frog is well known for it's [successful] attack against the system. What better way to get the locals to start nodding their heads than to use this well known and long identified broken node", while implicitly maintaining that 'Le Author" does't know anything about that. "About TOR now: I MAY not say all what I know, as the case is currently investigated by our services and I don't want to get into trouble!" Yet s/he chooses a "safe" remailer like service to "hide" behind? Wait - I thought we just learned that _all_ remailers and their relatives were under hostile control? "About 4 years ago (I don't remember exactly, and I am at home now, I haven't my documents with me), we visited the operator of the remailers FROG and AZERTY." Since when would an agent have the files from a four year old (assumedly Black) "operation" easily at hand? The rest of this latter is just well known crap smooshed together with a Secret-Club Handshake and a warning to 'be careful' - no duh! WTF was the actual _point_ of this in the first place? What would the possible payoff be? The writer is for sure no secret agent, nor likely even playing one in her garage: does he merely get off by posting stupid shit on a public list? Nobody truly familiar with any annonymizing service is going to pay that thing any attention, but newbies *might* (depending on their naivete and gullibility). Even so, standing by itself, it's not even a howl in the wind, it's a whisper on a subway...inaudible, unintelligible, and a waste of oxygen. Like this reply... -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker
On 6/21/06, J.A. Terranson <measl@mfn.org> wrote:
... WTF was the actual _point_ of this in the first place? What would the possible payoff be?
clearly you haven't seen the n3td3v threads in full-disclosure. keep those lip^H^H^Hkeyboards flapping over flippant falafel, a resource consumption attack. pwned! lolz... on a more serious note i am sure there is tor tampering where possible. the reason i had to kill the original peertech node (was this this first non-roger public node or is my dementia/schizophrenia progressing?) is related to this subject, though i'll let dead dogs decompose where they lay(lie?) and avoid another tangent into "apparent paranoia". physical security is a necessary element of trust, along with all the other realms of cypherpunk voodoo (infosec, emsec, trannysecx, etc). i know good security when i see it (hah); the truth shall set you free [or make you crazy]. opportunistic may be popular but active eve waits for the unprepared. http://public.peertech.org/tmp/tapd-01.jpg http://public.peertech.org/tmp/tapd-02.jpg (hey, why you hiding fucker?) a better fed chick this year please, love coderman - your clinically classified canary.
On 5/15/06, Justin <justin-cypherpunks@soze.net> wrote:
On 2006-05-15T08:12:17-0700, coderman wrote:
ah, reputation and trust. my favorite crux
Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders.
i suppose my point was that trusting tor as it stands is a leap of faith. there is little visibility as far as node selection criteria for addition to the directory, the information and physical security aspects of the servers within the directory, and the reputation of the node operators with respect to "rubber hose / threatened incarceration" attacks and the associated trust level to assign in such a context. much better than nothing, but i still consider tor useful mainly for keeping your source IP out of webserver logs. any other government / malicious entity can compromise accordingly. (i know this isn't the situation overall, but i assume as much so i won't be surprised by a worst case) i used to run a peertech node on a dedicated server. this host was compromised by tech staff at the facility with physical access and ever since i've refused to operate a node until i could be sure physical security was assured. i tend to consider any service that relies on host integrity also reliant on a number of other prerequisites like: - physical security to prevent unauthorized access - hard disk encryption to prevent unauthenticated disclosure (esp. seizure of hardware) - infosec best practices to keep attack surface minimal (firewalls, chroot, VM's, POLA, etc) for the situation mentioned in parent thread, i'd like to know that if the TLA comes knockin' my key scrubbing loop-aes turns all disks into large entropy stores the moment power is killed upon any attempted seizure. most services currently assume the disk is private. if you want a private disk, you need full disk encryption (key scrubbing in RAM++) tied to strong authentication.
Just to make sure... Can anyonee confirm or deny that this is in line with French policies? Is this an out-of-band attack on the Tor network? How many French TOR nodes are there? Does the elimination of French nodes make traffic analysis far easier? France has never been part of Echeleon, has it? OK, don't get me wrong: This sounds "legit" but you never know. How many emails with links sent into this list are really just a way to phish for IP addresses? (Also, I never click on a link that I can't confirm would be known via non-Cypherpunk routes.) -TD
From: coderman <coderman@gmail.com> To: cypherpunks@jfet.org Subject: Fwd: Some legal trouble with TOR in France Date: Mon, 15 May 2006 08:12:17 -0700
ah, reputation and trust. my favorite crux
---------- Forwarded message ---------- From: france-info@safe-mail.net <france-info@safe-mail.net> Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk@freehaven.net
I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do.
Since about 5 years, French services are trying to control the "anonymous" French based services. It includes TOR, and some remailers.
About 4 years ago (I don't remember exactly, and I am at home now, I haven't my documents with me), we visited the operator of the remailers FROG and AZERTY. We suspected him to be also the webmaster of the website CAMELEON, but it is another story. We seized his computers, disks of course, etc, and arrested the man. Then we told him "You have a choice between 2 options: You accept to work for us, it means concretely to give us your remailers' keys and to forward the remailer emails to us, or you will go to prison for threat against the national security. Just a few months, the time we check all your computers, make an audit on your disks, etc".
After 30 minutes, the guy gave us his remailers' keys, and accepted our offer. He then re-installed his remailers, and all the traffic was sent to us too. I remember that we asked him to NOT send us the garbage that the remailers automatically send! Then our computers processed the messages, using the remailers' keys. Of course we could not decypher all, if Frog/Azerty was :"in the middle" we couldn't do anything. But when these remailers where the first or the last one, it was very very interesting... I don't know now if these remailers are still operated, I am working in another service.
About TOR now: I MAY not say all what I know, as the case is currently investigated by our services and I don't want to get into trouble! Just know that France's policy is to NOT allow ANY remailer or anonymous service run from France, UNLESS the French special services can control it. This is a NO exception rule.
The only recommendations that I can do to the TOR users, is to NOT use any French-based TOR servers in entry ou exit.
People here and there are generally against the US gov and say that he "violates their rights". I don't know a lot about the US gov. But what I know about the French gov, and the instructions our services receive a few times by week, make me sure that the French citizens' rights are perpetually violated, about phone tapping and internet.
participants (5)
-
Bill Stewart -
coderman -
J.A. Terranson -
Justin -
Tyler Durden