Some of the technical points of this article are simply wrong...
> The exit node IP address of the user was easily obtained using the two different methods discussed briefly above.
This is really not a vulnerability but simply how tor, and the internet at large, works - hidden services by design protect the service not the user (the user is protected by tor by default) - what the author actually did here was "leak" their non-hidden services IP.
> and true external IP address (see partial data example to the above). And to answer the second question, “no”, this did not involve the placement of malicious malware. Read on…
The author then goes on to state that they gave the users malicious malware to run which revealed their ip address. They justify that this was not malware by stating:
> It should be noted that this was not malware per se. It did not replicate and was run voluntarily by the user. The user was notified that a “security scan” was going to be run on their machine and they freely chose to run the scan.
The author then goes on to publish a list of tor exit nodes with tor user agents...which they could have gotten directly from the tor directory services...
And, as pointed out by others, the author never really goes on to state why they think Tor is the devil - they built a honeypot and were disgusted by the flies it attracted....I'm not really sure what they were expecting...
The author appears to believe that "Tor is the devil" because "4,000-5,000 hidden services are running at any given time. Secondly, the content served by these sites is almost universally illegal or immoral (by my definition anyway). A conservative estimate would be maybe 1 out of 200 or so hidden service websites contain content I would deem worthy of the protection an anonymous network provides. Sites featuring free speech dumps or libraries of hard-to-find underground literature are few and far between on the Dark Web."
Except that the approach the author used is in my opinion completely flawed.
The author states he started from 1 (one) seed URL, and then crawled the sites, visiting links. But that's not valid, as you'd only ever come across a possible fraction of what exists.
To be able to make any authoritative claim, he would need to scan the entire IP-space, like an actual search engine would.
I'm not condoning pedophelia or anything like it, but I think it's naive to take a simple approach and then make authoritative claims about the entirety of the TOR network.
But I also think that there were flagrant abuses that could be pursued under the CFAA. Just because something isn't "per se" malware doesn't mean it wouldn't fit the legal definition.
You used to be able to set yourself up as an HSDir server, and sniff the outgoing hidden service descriptors, but the author has clearly not done this given his level of technical expertise and domain knowledge.
Appreciate the comment RedditorThrowaway. My parenthetical headline that “tor is the devil” was facetious and apparently a failed attempt at dry humor.
Their argument doesn't appear to be "Tor is bad because it can be used for bad stuff" but "Tor is bad because it is overwhelmingly used for bad stuff today". That seems to be a meaningful distinction to me.
(I don't really care about the argument/premise itself, I just find your sloppy attempt at a counter-argument to be weak)
Since we're talking about the devil: The biblical standard for acceptable collateral damage is kind of interesting. God in the old testament said he wouldn't smite a city if there are at least 10 righteous people in it. /theologynerd
There's a much different notion of God in that passage (and much of the Old Testament) than most have now. The number 10 is arrived at after Abraham persuades God to lower the standard from 50. There are at least a few stories where mortals persuade God to change his/her mind.
Of course, him being God he would've probably known the exact amount of righteous individuals in the city. Not to mention being able to define 'righteous'.
That said, I've always been very fond of the passages in the OT where individuals managed to 'change' God's mind, as well as the general human emotions he appeared to have.
No, it argues that the Tor hidden services that the author knew about were overwhelmingly used for bad stuff. This is problematic in two ways: the methodology of gathering addresses was pretty suspect, and it glosses over the fact that the VAST majority of Tor traffic is headed to the open Internet, not a hidden service.
If you're looking for a shoddy metaphor you should probably use swords instead, because the legitimate uses of knives vastly outnumber the killing-people uses of them but swords have it the other way around.
Honest question - what examples are there of literature that can only be obtained on the dark web? Perhaps I'm closeted but I'm unaware of such books.
For example right now I'm reading a sci-fi book that remains unpublished in Russia, but it's available in the west. Or the other day had a browse of "steal this book".
A straightford way to find many of those who profit from its distribution would be to use a bot to locate forum threads that go on for hundreds of pages.
> the author never really goes on to state why they think Tor is the devil
According to the comments section, the author says "My parenthetical headline that “tor is the devil” was facetious and apparently a failed attempt at dry humor."
Maybe it's just me but I don't really like the tendency to treat pedophiles as if they are the devils themselves.
Let there be no doubt. I have two kids and there is probably no limit to what I would do to someone who did anything to my kids. But it's not as simply as just condemning pedophiles for being that and I ultimately think there is something morally or ethically questionable about this approach.
It's fairly well established that many pedophiles where in fact victims of pedophilia in their childhood themselves and so I would like to see a less hysteric and more balanced response to the issue.
Just because he is helping catching the bad guys does not give him the moral upper hand as he seem to think he has. Too bad such a complex issue gets treated with such brushing generalizations.
Maybe I am reading too much into what he writes, but these honeypots to hit random people just feels wrong to me. Like snooping on someone else life.
I agree. I think people hate pedophiles in much the same way they hate(d) gays. Because it's disgusting and perverted, not because it harms people. The fact that some children do actually get harmed and that many people have children themselves that they feel very protective of fuels the emotion of labeling all pedophiles as "evil".
If viewing an image of child abuse is wrong. Isn't viewing an image of ISIS beheading someone also wrong? In both cases the crimes were committed and the images produced to satisfy an audience. But one is illegal because it's perverted while the other is legal because presumably far more people have blood-lust than a minority sexuality.
In Australia it's especially bad, with somebody being convicted for possessing hand-drawn Simpsons porn. There might be a copyright case there, but it's hard to make the connection between that activity and actual harm to any children. The defense argued that they weren't humans because they had 4 fingers and misshapen faces. This kind of case is what happens when the "evil pedophile" mindset overwhelms people.
You could go a step further and ask what's the difference between a parent taking photos of their naked child playing in the bath, and somebody doing the same thing but then having a wank with the photo later? I think the difference is that one is "normal" and the other is "perverted", so we make one legal and the other illegal. I probably appear in some baby bath photos and I certainly wasn't scarred by it. If they got onto the internet and people got some pleasure from them, is that really going to scar me for life, assuming I even know about it?
I've posited that the only law required is prevention of child abuse. Viewing/possession of an image as a crime seems inherently misguided - especially if criminality is going to be defined by assumed intent.
However I have never been able to avoid the counter argument that by allowing (implied consent) a market for cp imagery you may increase demand which will increase the incidence of child abuse in order to satisfy. The bath photo is simply one end of a spectrum.
Of course there's a market - people barter images to get access to more images.
This is one justification used to stop a paedophile from working with all children even if their particular interest is strictly not all children. If the paedophile is only interested in boys under 11 you still need to be careful when he's working with girls over 13 because he can use his access to those girls to get photographs which he then uses to get access to photographs of his target group.
Devil's advocate: if we accept that, then in effect the ban on child pornography could either be massively proliferating child abuse, or massively proliferating the collection of child porn. Maybe both.
> It's fairly well established that many pedophiles where in fact victims of pedophilia in their childhood themselves
This point is oftentimes overlooked. Also, the word "pedophile" is oftentimes conflated with "child molester", which makes it impossible to distinguish the individuals who are pedophiles but have not (and have no intentions to) act on those desires.
The war on drugs didn't work out as intended. The war on pedophilia seems much safer.
Except of course for teenage sexting. Where the legal system has ruined lives for no reason. Or the weird edge cases it introduces. Such as a theoretical case where someone wearing Go Pro comes across a pedophile actively abusing a child out in the wild. The good samaritan Go Pro wearer is now guilty of both production and possession of child pornography. The laws do not leave any room.
800,000 people in the US are now on the sex offenders registry [1]. I think it has become clear to at least half the nation that the laws have gone too far on things like teen sexting or getting put on the registry for public urination.
A friend of mine, her boyfriend is a trucker. He had pulled over to urinate along the side of the highway late at night, in the shadow cover of his truck. A state trooper had pulled over a speeding vehicle, a distance behind him along the road. The trooper proceeded to then pull in behind the trucker, and threatened to put him on the sex offender's registry for public urination; the trooper spent 10 minutes reaming him out for it before letting him go.
> The war on drugs didn't work out as intended. The war on pedophilia seems much safer.
We don't have a war on pedophilia. We have a war on "child pornography". I put "child pornography" in scare quotes because it's abundantly clear that many of the laws that aim to target child pornography really only use it as a bogeyman to obscure some other agenda.
Also, as for "safer", whatever we're doing now is clearly putting children at risk. In many countries (including the US), pedophilia is exempt from typical confidentiality laws regarding mental illnesses[0]. This makes pedophiles less likely to seek professional help, and I can only imagine that this means that they are more likely to harm or abuse a child.
Yes this has long been my concern. Is pedophilia something that can be rehabilitated? Is it mental illness? A sexual orientation? By providing people with no choices are we creating underground networks? To me there are echoes of drug prohibition here. I go fucking crazy thinking about my kids getting taken. When I watched true detective i was seriously ready to throw up. Particularly chilling was the last line: "we'll never get them all". Since law enforcement can never possibly eradicate a problem, and since we provide no way for someone to get help without being incriminated, aren't we just leaving the opportunity wide open for this to fester under the surface?
BBC Panorama had an excellent episode exploring these very questions. At least I think it was Panorama. I tried searching for it but all I get are hits about Jimmy Savile.
They found a young man who selfidenties as a pedophile, who was actually willing to go on camera and talk about his desires and urges. It was quite fascinating, and I do see many parellels not just to the war on drugs but to homosexuality as well.
We aren't treating these people in a humane way, and IMO we are making the problem worse by perpetuating a Wich Hunt.
That you can read the law such that your hypothetical Go Pro wearer is guilty of those things, doesn't mean that prosecutors would ever bring such a case. Laws are drawn more broadly than they're enforced, and even an overzealous prosecutor has to get through a judge and jury.
> even an overzealous prosecutor has to get through a judge and jury.
No, what they do is threaten you with some hypothetical 30 year term if they were to charge you will all the broad interpretations of the law. This fear of hard time is then used as a carrot to get you to plead guilty to lesser charges that you may not have even done.
They get around the "judges" by the minimum sentencing laws: "sorry, my hands are tied, I have to lock you up for ____ years because I have to follow federal sentencing guidelines."
Furthermore, there is a huge incentive to prosecute "sex crimes" because that's a gold star for the prosecutor/judge. At the end of the year, or at election time they can say "We locked up N sex offenders this year for a combined total of X years".
Jury's often make immoral rulings because the law is the law as they're following instructions. Prosecutors are notorious for being overzealous shitbags. So that leaves the judge. They probably react fairly more often than not. Maybe even in the vast majority of cases. I wouldn't wager a single dollar, much less my freedom, on a judge acting fairly or rationally. Far too risky.
Even if a prosecutor wasn't going to bring a case (and I've seen other just as stupid situations involving prosecutors going full force that I am not convinced they wouldn't), it still ends up having a chilling effect.
This meme is repeated a lot about posession of child pornography, and is absoluely incorrect. Perhaps this is because in the UK the law had to be amended to include an exception, so that deliberately 'making' otherwise illegal images solely for the purpose of law enforcement was allowed as a defence. But (again, in the UK, but true for most other common law jurisdictions) there is still a 'mens rea' (that is, guilty mind, or intent) requirement, as with any crime.
EDIT: Also, there are no 'edge cases' in regard to sexting, at least in the UK at present, as the law allows the obvious defence that the images are of ones partner.
What's interesting is that most people these days would agree that sexual orientation is not a choice. This is fine when we are talking about equal rights for homosexuals, but for some reason is abhorrent when we are talking about a orientation that is undesirable for society. (And thus classified as a mental disorder).
Even if there is no crime involved, and there won't ever be. I blame the media for misusing the word "pedophile" to mean child molester.
Could you yield that the potential for one party getting abused is alot higher if it's a 10 year old and a 50 year old vs two 50 year olds? Seems pretty obvious to me but trying to be specific for the sake of argument.
> Maybe it's just me but I don't really like the tendency to treat pedophiles as if they are the devils themselves.
People don't know what the prevalence of paedophilia is, or the ratios of paedophiles that never act on that vs paedophiles who do act on it.
If someone commits multiple offences it's easier to catch them, so the statistics of convicted offenders are probably skewed towards frequent offenders. That may make paedophile offenders appear to be riskier.
It's important to remember that child abuse does cause very real, often severe life-limiting, harm. We've come a long way from the 1970s thinking of "making a fuss is what causes the harm" to recognising that it's the abuse that causes most of the harm.
I disagree, and I think the problem is the framing. Call it rape porn, because it is. What would you think of someone trading files like "REAL video of ISIS soldiers gang raping and beheading girl!" Child porn, especially the "hard core" sort alluded to here, is in the same category.
I do dislike the OP's guilt by association and vigilantism though. There's a reason we have a proper justice system. Imagine if someone like this was mistaken about one of those email addresses. You could sue him to hell but the damage might be done.
I support the fight against child pornography - but I can't support making certain types of media illegal to possess or watch. For one (small) thing you get into the absurd case were the court will have to commit the same crime to verify a crime was committed.
> For one (small) thing you get into the absurd case were the court will have to commit the same crime to verify a crime was committed.
That doesn't seem like a strong argument, because it applies to a lot of other things as well, like illegal drugs. (And if the court relies on witnesses to establish that drugs were possessed, they could technically do the same by cp.)
Haha, photographs of consensual sex between high school seniors is rape porn I guess. Good thing high schoolers never have sex, since it would be rape.
What do you feel is the important distinction between "touching" and "actual penetration"? I'd think they both would fall under the same category of "child molestation".
A kid touching a mans penis maybe barely aware that the man is getting aroused vs. a man penetrating a little kid.
They both fall under the same category but they are two very different things.
Also don't forget that a big part of the issue with pedophilia is actually society which because of the tabu and inability to distinguish between the different types of them ends up making the experience even worse and further adding to the problem.
And again I am not in any way defending this behavior, I have kids myself. I just believe that the very thorny subject requires more careful thinking than just calling evil.
I agree. Pedophilia is a sexual preference for pre-pubescent children, not an act. The vast majority of pedophiles are likely sad and lonely people condemned by a freak of nature to live with the burden of a sexual preference that in Western society carries the ultimate stigma.
Even discussing pedophilia calmly and reasonably opens one to the charge of being a pedophile or a "pedophile apologist." Taboos can reveal a lot about a society but I'll leave that discussion for another time.
I don't completely trust the motives of guys like the author of the linked article. Others have already pointed out technical errors in the article and questioned the soundness of his methodology. His irrationally labeling Tor as "the devil" is a bit odd too (and highly illogical), to say the least. He even admits he has an irrational hate-on for pedophiles.
What is this guy actually achieving with his "honeypot" other than wrestling with his own demons (more on this later)? He set out to entrap ostensible pedophiles and gather their IP addresses etc. Not child abusers or child pornographers but people that clicked on his link offering a "community of like minded individuals." He explains in detail the technical aspects of his operation and what he learned about the people he interacted with and draws some very dubious conclusions. (Such as "Many visitors to the site were active pedophile predators." Maybe this is the case, but he offers no compelling evidence other than a few lines of a chat room transcript. Not once does he mention even contemplating contacting the FBI or his local PD or any other LEA. Rather, this seems to be mostly about him.
There have been a few high-profile cases over the years where crusaders dedicated to fighting things they found morally reprehensible (e.g. prostitution, narcotics, pornography, homosexuality, child pornography) were outed as being voracious consumers and/or practitioners of that which they vehemently opposed in public at every opportunity. One of them was a DA who made a name for himself with his aggressive prosecution of alleged prostitutes and child pornographers. There is a term for this in psychology which I can't recall at the moment. Basically, there are some people who deal with the cognitive dissonance and the associated shame and guilt of being attracted to something society or their religion condemns morally by venting against it publicly while indulging in it privately. A guy who has an anti-porn website, say, and publishes anti-porn literature for distribution in schools who travels the country speaking out against porn and attending and organizing anti-porn conferences while fapping himself raw to internet porn every night after work.
I am *not saying I think the guy in the article is a pedophile or harms children. I am saying that I don't think his prime motive for doing this project is empathy or compassion for victims of child abusers and predators. He sets up a "honeypot" that serves no practical purpose. No suspected child abusers were investigated, no children saved from harm, police and LE don't even get a mention. Nothing new and useful was brought the table.
Yet based on his two-week escapade "Tor is the devil." That seems like a very odd statement, especially coming from an engineer. Is his computer the devil's sidekick? He does admit that he is motivated by personal reasons and it very much shows. After reading his piece I don't know what the take away is supposed to be. Pedophiles use the internet? Tor is used for illegal activities? Anyway, it's late and this is going in circles. I mean no disrespect to the author but I am left feeling very puzzled.
You can turn on showdead in the settings. As far as I'm aware it's also not downvotes that make posts disappear: It's them getting flagkilled, which happens when a lot of users click the flag button.
You guys crack me up. It was a facetious parenthetical comment that seems to have become the focal point. I run Tor, operate a legit hidden service, run an anonymous proxy on several of my machines, and use encryption all over the place. In no way whatsoever do I think Tor should be shut down. It has a purpose - but is being abused by criminals which is disappointing and potential detrimental to those that use if for a legitimate purpose.
As for LE, I mentioned in the article that I contacted them, as a courtesy, twice during the project. The last time was a few days before the hidden services were shut down. I let them know that I had a pedo honeypot running and was about to take it offline, giving them the opportunity to take over the VM or scrape the data gathered.
As for personal demons - we all have them and I won't argue that I may have more than most - it's all a part of life experiences. I've dealt with LE and CPS on child abuse issues for years and it has certainly tainted my view. Then again, I have a vantage point that most do not have - a much closer, clear view of the problem.
It's another of those causes like clean water or treating people equally.
Who wants dirty water? Who wants to create second-class citizens? Who likes pedophilia?
As humans we love these issues where you'd be either an idiot or extremely asocial to oppose. We like slogans. We like to feel superior. We do not like nuance, or having to think a lot about things.
Just as heterosexuals don't rape people all the time, most pedophiles probably don't either. I think an estimated 2% of the population are pedophiles. I feel sorry for them.
However, if they prove to be a danger to the kids, they have to be locked away or something. It's just because we don't know a better way to treat the issue.
Ah, but I believe that they do often act on their impulses. Mayo reported that more than 3/4 of persons who were arrested for child pornography were found to have molested a child. A federal prison study actually estimated even more.
> It's fairly well established that many pedophiles where in fact victims of pedophilia in their childhood themselves …
Wouldn't that mean, that he is not only trying to catch pedophiles but actively curing pedophilia?
I think what is going on in the US with the public shaming of offenders in databases is wrong, but I am fine with honeypots to catch them. Legally he is in no position to do so, of course.
There is no "just be watching". If you watch a child getting raped, you are committing a crime and better have a very convincing argument why you had to do it. It is in fact that simple.
Of course they need help, too. We need both prosecution and prevention.
If you're watching game of thrones, you are watching people kill each other. You are committing a crime.
See how that's silly?
There are people who watch animated child porn and they are ruled as criminals even though no actual child was directly harmed.
There are people who watch snuff films, where people actually are killed, and the viewers are not breaking the law in most states.
Perhaps you would argue that snuff film viewing should be illegal, or that watching Game of Thrones should be illegal because it portrays rape, violence, murder, etc.
To me, it's clear that there is a distinct difference between watching that content and in producing it. Sure, if you actively encourage it to be produced you're breaking the law (same as if you try to convince someone to make a snuff film, you're breaking the law).
It's really not that simple and the laws are not consistent here.
Having done a small amount of volunteer work with children, I've had some exposure to child protection issues. Often, its a spiral downwards (IIRC its typically called the spiral of abuse), where the person in question erodes mental barriers so that they see the behaviour as normal. I don't accept the "just watching" argument - it is child abuse.
What you must understand is that it normalises the behaviour in that persons mind and then we're onto other barriers to be eroded - i.e. the person moves onto physical acts.
The blasé attitude on this thread is beyond belief.
Good reasoning is not a blasé attitude. It's an approach of setting aside personal feelings and instead having a discussion to get to the root of the problem and discuss the merits of opinion.
The fact is that anyone who simply goes around arguing that something is morally good or bad better have solid reasons for doing so.
~No, no, no. That's not what ancestor post was saying at all.~
~Watching Game of Thrones leads to playing Grand Theft Auto, and doing that will make you a murderer. When you're sliding down the slippery slope, you have to hit every rock on the way down.~
The theory reverses the arrow of causality.
If the Army uses simulation and gaming as part of its psychological conditioning program to not only get its soldiers to fire their weapons, but also aim at and kill the enemy, that does not imply that those games or simulations, used in isolation, will necessarily result in desensitization to violence.
I seriously want to design a contagion that imparts to individuals an intuitive understanding of conditional probabilities, and how to reverse one.
If you know that 99% of child abusers viewed images of child abuse prior to engaging in that activity themselves, you only know P(A|B), where A is viewing photos, and B is taking action. You do not know P(B|A), which is the likelihood that someone that someone who has viewed photos has done abuse, unless you also know the unconditional probabilities for P(A) and P(B). You can probably infer those two from crime statistics and investigative activities like those described in the article. But given the existing legal prohibitions and resultant secretive behaviors, I doubt you could determine either with a great deal of precision.
If (hypothetically) P(A|B)=1.0, P(A)=0.001 and P(B)=0.0001, then P(B|A)=0.1 . That means that even if you know that everyone who did A also did B, you can't assume that everyone who has done B has necessarily done A.
We could more easily calculate for the Game of Thrones and murder hypothesis.
Let's say A is "committed murder in 2014" and B is "watched GoT in 2014". From crime statistics, I estimate that P(A)=0.000045 . From ratings estimates, P(B)=0.063 . Now, I'm not entirely certain how many new murderers in 2014 had watched GoT, but I'll guess that P(B|A) = 0.063 . That makes P(A|B)=0.000045 . Huh. It looks like I assumed they were independent events....
If you went and did an actual survey of 2014's murderers, and discovered that P(B|A) was actually 0.12, that's a great find, but it still only means that P(A|B)=0.000086 . That's not a convincing argument that watching GoT causes actual murder. It just means that 0.0086% of GoT watchers committed murder. That might be explained by GoT inducing violent behavior in its viewers, but from the numbers, it's not bloody likely.
It's based on his work with child abusers - he's one of the leading academics in the UK on this issue, I don't know what kind of evidence your expecting.
Really? I understand the point you're "attempting" to make, but to claim that what is acted on TV is the same as what actually occurs is such a stretch I didn't think anybody would attempt to make it.
I don't equate animated child porn with actual child porn, much in the same way I don't equate the beheadings in GoT with the beheadings of IS. But to insinuate that the poster above would extend their 'committing a crime,' in the case of actual child rape, to something that is acted out for TV is an injustice to what they actually said. In essence, you just threw up a strawman and attacked it as a way of validating your final point (which, by most accounts, I agree with).
> If you're watching game of thrones, you are watching people kill each other
No, you're watching fictional people pretend to kill each other.
You would have an argument if you used snuff films as an example. And yes, if watching a child being raped is illegal, than watching a real murder should be.
You are assuming that just because the prefrontal cortex sometimes knows the difference between reality and fiction, the rest of the brain must as well.
If the argument is that seeing murders causes someone to become a murderer, I'm not certain you can exempt fiction. If you outlaw depictions of murder on the presumption that it would lower the actual murder rate, you have to go whole hog.
_O \O/ ...meaning this ASCII art of
' |\+-@- one guy stabbing another guy
/ \ /| with a sword would be illegal.
Believing in such suggests that Ludovico's Technique from Clockwork Orange is real, it works, and that humans can be effectively reprogrammed by presenting the appropriate images to the visual cortex and somehow zapping the limbic system, in exactly the same manner that Pavlov's dog was reprogrammed to salivate at the sound of a bell.
So where are the televisions that shoot tiny darts of cocaine into its viewers whenever someone is killed on-screen? At least a violent video game provides some virtual reward for virtual murders, such as glowing green stacks of cash, or mission advancement, or some stupid little thing that produces a squirt of dopamine.
That part of our brains does not know the difference between reality, dreams, and Hollywood trickery. Certain mirror neurons in the brain will fire whether you are actually doing yoga, thinking about doing yoga, or watching a yoga instructor do yoga. Your reward center doesn't really care if the image is a product of good photography or good GPU rendering. It doesn't even care that it is a 2D image rather than 3D reality.
Fortunately, there appears to be no causal link provable flowing from watching something done to doing the depicted act yourself. Instead, it appears that those who are predisposed to do something, or have already decided to do it, will very often model, simulate, and practice that action--using whatever means they have at their disposal--before going on to do it. If any one tool or strategy becomes unavailable, another would be substituted.
> So where are the televisions that shoot tiny darts of cocaine into its viewers whenever someone is killed on-screen?
Rather than direct chemical triggers that stimulate the brains reward system ("tiny darts of cocaine"), they typically use other triggers to the reward system, like music. Same effect, less additional machinery.
But simulated CP is illegal too. In many jurisdictions you can get locked away for drawing something on a piece of paper. This is probably what OP is addressing.
If watching a crime is a criminal offence, you better lock up the viewers of CNN, Fox News, and the BBC.
I do think their ought to be laws against the distribution of this kind of material (there probably are?), and there is no question that producing it is a criminal offence, and should be prosecuted to the fullest extent of the law.
Watching a report about a crime is not the same as consuming a product that was produced and shared or sold by the criminal that committed the crime. You are actively supporting the criminal, either through money or through community.
On a different note: There is nothing wrong with regulating how footage of crimes can be shown to protect the victims and even the offenders. I know this argument is hard to make on HN, because free speech, but I think privacy is an important right, too.
ISIS produces their beheading videos specifically for them to be shared and viewed by as many people as possible. By watching these videos, you are actively supporting ISIS by paying any attention to what they are doing and therefore granting them legitimacy. If videos of rape are illegal,then videos of murder should be too.
> There is nothing wrong with regulating how footage of crimes can be shown to protect the victims and even the offenders.
Right! That's how it starts. In the end we have "there's nothing wrong with censoring 28 pages of a 9/11 report to protect the security of all Americans because it doesn't really matter who funded it, the government told us who the bad people are so we don't really need to keep the government on check on this".
That sort of thinking ends really well. /s
Remember, the citizens hire the government. They work for us. Would you allow your employees to censor some parts of your financial reports?
Grow some principles. If people are sick that they need to look at sick images then offer to help them. Enabling tyrants does not help keep children safe. Incidentally, not spanking them does. If you really care about protecting children, get off your bureaucrat high horse and start helping educate people on the impact of spanking.
The "this is how it starts"-narrative is not necessarily true. While Germany has strict privacy rules for victims and criminals - media cannot show their faces or their last names and so on - I do not see that it is the country that has problems with its agencies and military-industrial complex being out of control and censoring stuff on their behalf.
If there were photos of me being raped as a kid I would want to see the rapist get punished and like-minded people forbidden to watch them. I do not think that it is moral to hurt people in concrete cases because of an abstract (debatable) threat to the values of a society. What do these values even mean if you do not have the mercy to grant victims this right?
You can still inform people about the crime without showing the victims face or the actual explicit imagery.
> You can still inform people about the crime without showing the victims face or the actual explicit imagery.
Let's say society makes a fund for people that were abused as kids (horribile dictu). Those funds are there only to benefit those people so we'd better be able to prove they were really victims of what they say there were, otherwise people can just say "yeah that happened to me" and collect the money without ever proving they were victims.
You may want to forbid people from seeing the evidence for your abuse but then you can't expect people to believe you. When we believe in tales of rape without proof we smear the name of the accused.
You will get quite a different punishment for watching child porn than from raping a kid. So yes there is "just watching" That doesn't make it less disgusting but it's not the same.
You might be surprised. I'd say that child pornography is often punished more harshly than child rape.
The justice system weights the crime of consuming child pornography by the number of images the defendent is in "possession" of. I guess laws vary, but at least in my jurisdiciton, you can be sentenced to years in prison per image. It would be easy for a single wank session to result in -- potentially -- life in prison.
The issue is confounded by widespread lack of techical acumen among judges, prosecutors, defense attorneys, and even the forensic "experts" who investigate and testify (on both sides). For example, would you consider it reasonable to charge someone with a separate crime for every copy of the exact same digial file present on a hard disk? For both an image file and an automatically-generated thumbnail image of that same file? Do you meaningfully posess a file in your browsers temporary cache? How about a file deleted from the filesystem, but still present in residual form on the disk? Some of the issues are nuanced, and it's difficult to even have an intelligent conversation about the evidence.
I am normally a pretty level dude, but in this case I really do believe we are dealing with something supernaturally evil. This isn't snooping on randoms, it's exposing demons for what they are. (Atheist, but science just doesn't have the words for this.)
A a fellow atheist, I agree that evil is a real thing, but I still don't see the need to call it "supernatural".
Evil is the opposite of good, so if we agree that actions to promote life, liberty and happiness are good, then actions that promote death, slavery and misery are evil. Simple as that.
Evil and good are not real things, those are abstract, subjective and high level concepts that exist only in our brains. You can easily reprogram a human ("teach" or "brainwash" using the subjective terms) to classify death, slavery and misery as either good or evil.
All that matters in nature is whether something works or does not work, not whether it's good or evil.
Recently I noticed that most people I would consider evil, are actually people doing what they think is right but with the wrong information - as well as people giving into basic animal instincts that as a society we aim to rise above.
Saying that, I have definitely met people with malicious intentions, who are definitely 'evil' (or lacking a severe amount of empathy for their fellow beings). I am not sure people with challenged sexual instincts are these people, however I am sure there are people with a combination of both behavioural traits.
I consider a modern, secular definition of "real" evil to be based in the malicious or intentional "taking" of something from someone else for your own gain. That could be stealing for profit or taking life for non-defensive reasons or it could be forcible rape or other coercion that takes away someone's right to control what is done to their person.
Not a complete or concise definition but the general theme I notice when I think about what I personally consider "evil" is the elevation of your own desires over the safety or well-being of others. In a way, evil (for me) is based on what helps humanity/society or hurts it. It's based in our natural instincts for empathy and the ignoring of those "higher" motives in favor of more primitive drives to take, hurt, kill, rape, or enslave.
For me, good versus evil is not so much about religious or Hollywood ideas of light vs. dark or god vs. devil but the more familiar battle between our "animal" side and our "human" side.
"pedophiles use encryption, so encryption is the devil." seems to be where this is going. That's a slippery slope and a bit unethical to use pedophiles to push an authoritarian political agenda. I bet it's fun to call all his critics pedophile sympathizers and sit upon a moral high-horse of self-righteousness while pushing his authoritarian ideology under the guise of social justice.. That's the thing about these people, they take on social issues for which they can't be criticized without the criticizer looking like a pedophile, racist, or a misogynist. I guess it gives them a sense of power.
Also terrorism and hackers (of the black-hat kind.) I've even been called one when I tried to argue against the proliferation of closed, walled-garden systems that seem so common today.
That reminds me, Freenet has an interesting stance on this:
To be clear, Tor does not provide encryption but anonymization. While your comment is valid (and something I personally agree with) nonetheless, I feel this distinction is important.
For that purpose of anonymization it provides encryption, but with significant exceptions (non-hidden, non-HTTPS services) (when you use Tor correctly and can trust the PKI) (if I understand correctly).
Is it just me, or the rhetorical question in the title ("why I now think Tor is the devil") never got answered?
Also not clear whether the Dark Web spider project was just to later seed the honeypot sites to appear legit, or was it a project on its own? The quote "The reports are published nightly on a hacker-related Dark Web site that I am involved with" hints at the latter, and then I'd double don't understand why Tor would be the devil, if for other uses (hackers) the author is happy to take advantage of it?
I'm a bit confused about what good does it do to reveal the exit node addresses? It has nothing to do with the actual Tor user, and could be even considered "public info" the way Tor is used, doesn't it?
Yeah this is clearly by someone who doesn't really understand how Tor works. Revealing exit node IP addresses is completely useless—this is a fundamental tenant of Tor's security. In fact, I believe that at any given time you can easily query the network for a list of all Tor exit nodes.
I think the "why I now think Tor is the devil" question is answered in the opening—because it has illegal/immoral stuff on it. I'm not sure why anyone would be surprised about this though...
EDIT: In fact, I don't think that the security scanner was even that effective: "around 5-10% of the registered users chose to run the scanner" (later, he changes this to 4-7%) and that "some of the users who opted to run the software appeared to be government or private researchers". I don't know what percentage of people using Tor for illegal activity would be incautious enough to run some random program on their computer, but I would be surprised if it was very high.
I don't know what percentage of people using Tor for illegal activity would be incautious enough to run some random program on their computer, but I would be surprised if it was very high.
I think it would certainly depend on the type of "illegal activity"; it's quite plausible that those looking for drugs or counterfeiting are going to have much higher suspicion and opsec than porn-driven pedophiles, leading to the difference in number of registrations at each honeypot.
Another thing is that Tor is global. People might not think twice about their security when they are effectively within the law or at worst may get a fine.
It was 4-7%. I pre-wrote the article estimating the final numbers and then shut down the site two days early. Traffic dropped suddenly leading me to believe something was up.
The exit node IP is not totally useless. It's enough to prompt a knock on your door by the authorities. Granted, once they recognize you're running an exit node there's nothing they can do (otherwise Charter could also be held liable) but still, it can prompt an action by the authorities.
My guess that they some were researchers: at least one came from a university IP address while others were very bare-bone machines with minimal running services, possibly virtual machines or test boxes.
The Tor project does a lot of work to make operating an exit node safer and less likely to prompt the authorities to intervene. This is good, because even if the authorities did want to talk to exit node providers, those people _couldn't_ provide any useful logs.
But the traffic between nodes is encrypted. All they may get is the previous node's IP address....then they have to start over. Go find that node operator and get them to do the same.
But most Tor users, especially the ones who are using it for disgusting purposes don't run an exit node, so I don't think I understand your point? In addition, Tor exit node IPs are basically public info already.
The exit node IP is run by an unrelated third party. Unless they're logging all of the traffic going through the exit node they have an extremely limited idea of what the exit node is doing.
The crawler project was a project on its own but after discovering that the many of the discovered sites were pedophile-related, I started to shut down the spider. Then I figured, what the heck, maybe I can hack around on Tor and see how close I can come to determining their real identity. For those that chose to run the scanner, their identity was revealed (name, IP, and enough of a hardware footprint to identify their machine).
I think the implication is its the devil because mostly Tor is used for pedophilic reasons - drugs, counterfeiting or political protest (I'd assume) are almost insignificant in comparison to pedophile traffic.
This is just based on what he said, which was based on what he observed from the traffic to his honeypots. Understandably you probably cant create a honeypot to gauge political activism so that might be hard to measure :D
To expand ontokenizerrr's point, I read this as a big victory:
> First, the pedo site saw magnitudes more traffic than the counterfeiting or drugs websites – in the order of 100 times more traffic than the other two combined.
DNM users do not start at a random .onion because that is a recipe for being the latest victim of 'Drug Market' and other longstanding onion scams.
OP appears to have made no effort to get his honeypot into any of the standard sources of DNM info, and accordingly, he got no traffic. This is exactly as one would hope, and says more about how badly he bungled the drugs honeypot (and conversely, how pathetic the security of the pedo community is) than about any ratio of pedos to drug buyers.
(This is a similar problem as the paper which counts .onions and argues that pedophiles are 99% or whatever of hidden-service traffic; the differing communities using hidden-services simply don't work the way that OP or that paper assumed for ease of making wild claims. Counting onion addresses does not work because the pedo sites tend to change onions constantly while the huge blackmarkets like Agora stick at a single onion like agorahooawayyfoe.onion for months or years; counting visits to a lame honeypot like OP's does not work because with no advertising, vetting, or sellers, no one would bother with his honeypot when they could use Agora, Nucleus, Abraxas, or other established markets with broad offerings.)
It did seem a bit strange with "I created a pedo honeypot and gasp horror it attracted a bunch of pedos!!"
The biggest thing he demonstrated is that a percentage of pedos would run an executable from some guy on Tor if he asks nicely. How can it be hard for the FBI to catch those guys?
It seems like the author is emotionally invested in this topic:
> Given my circumstances, I have seen first-hand, the psychological damage a pedophile’s actions cause. The damage done to these children is permanent and no matter how much counseling and assistance they seek – the experience is forever embedded into their self, shaping (and sometimes limiting) what they become as adults.
I can't pretend like I really get this because I've never dealt with pedophiles or pedophilia first-hand but I can agree, however, that people that hurt children are doing something morally wrong. With that said, this kinds of vigilante-esque behavior can be (and often times is) the absolute antithesis of justice.
> On two different occasions I contacted the FBI about the project and offered to provide full sets of data that I had collected.
Since OP tried to approach the FBI on two different occasions, it doesn't really seem to me like this was merely an innocuous "security" experiment (like this one: http://www.tomsguide.com/us/spoiled-onions-tor-network,news-...). It seems like OP really feels a deep hatred towards pedophiles and was, in a sense, out to get them.
Thankfully, we have the justice system that handles this for us. These are people that try to be impartial, fair, and just. When accused, we have the court system -- a system that values innocence until proven guilt. I hope I won't be taken out of context here. I'm not defending pedophilia (or drug trafficking or murder -- a few other Tor commodities). Do you really feel compelled to "get the bad guys?" Great. Go to a police academy or go to law school. Real life isn't like a superhero graphic novel. The law, for the most part, works. More importantly, it provides some boundaries for those that enforce it.
I had to read Mill's On Liberty in a Philosophy of Law class I took a few years ago and Chapter IV, Of the Limits to the Authority of Society over the Individual, really stuck with me. I would strongly suggest OP give it a good read: http://www.bartleby.com/130/4.html.
I couldn't really finish reading the article. I hope the original author will realize that hanging on to his anger will only perpetuate the crimes committed against his daughter. His characterisation of permanent damage done to his daughter makes me wonder if she will ever be able to escape the trauma in his eyes. Will he be able to provide a safe place for her to go where people know about her past but care only about her present? If he thinks of her as having limited potential for the future, how will she escape that past? She needs a father, not an avenger.
It's amazing the damage people can do chasing justice.
So your argument is that, because this guy says that child rape does permanent damage, you can tell that his parenting probably hurts his daughter more than being repeatedly raped did?
Disagree - in many cases they are permanently impacted, even if they are not aware of it. Who were are is a product of our life experiences and a child, especially one that is molested repeatedly during extend periods of their youth, are permanently changed. They form an especially deep distrust of adults and may lose the ability to utilize all the subtle clues we all incorporate when forming an opinion of a person.
For any who don't read the article, the writer explains their emotional investment:
"However, I have adopted a beautiful daughter who was abused in the most unimaginable ways (physically and sexually beginning at age 5). Her abuse was doled out via multiple pedophiles while she shuffled in and out of the child protective services system (which repeatedly failed to protect her)."
As a father of a little girl, this is a depressing read for me. Yes in the back of my mind I know this stuff is going on but it's really sad seeing the collection of data showing people who are partaking in this stuff.
Also this gave me a nasty flashback of looking at filenames (never content) of deleted files in the process of gathering evidence against a family member who now sits on the registered sex offender list...
Tell me about it. Awhile back as a reason to learn some new things I setup a Tor hidden service/page crawler and a basic search engine. For troubleshooting purposes (and to see how popular the site was) I was logging what was being searched for. After about a two weeks of having the site up I shut it down because 90% of the searches were for child porn. As a Tor supporter it was kind of eye opening. I guess though if you had the logs for Google you might see something similar...
I suspect this is where the myth of 99% of the Internet is made out of porn comes from. It is very easy to get misleading statistics, especially if you have small sample size or where a minority of users are creating the majority of the collected data points.
Add to this the amount of bots out there, and "false" data generated by police, federal investigators and interest groups doing the very thing people pay them to do, and you would really have to design the data collecting system in such a way that it identified who is doing the searching and what their usage patterns are.
For example, If they return every hour on the hour, such result would likely be made by a bot, or if every search is extremely specific, it could very likely be an investigator doing work in a specific case. If I did this kind of research, I would contact professional investigators in order to work together and to collect search patterns so to exclude that kind of traffic.
An interesting point I heard here I think, long ago...
The fact that tor is full of stuff like kidporn is actually a positive commentary on our society. It means that almost everyone, even people with wildly unpopular views, feel comfortable discussing them in the open. Tor isn't full of manifestos and political texts because people don't feel the need to hide that stuff.
I am sort of glad tor exists in spite of the nasty uses some put it to. It's like the modern equivalent of what having a well armed militia around was once supposed to achieve. It's like a backup system.
> Had I been the FBI, they would have been caught.
Considering that no actual files were made available for download, and many of the visitors were likely researchers, there wouldn't be enough to prosecute, but given the implied level of security the actual pedos were using, the FBI could just search their computers and would likely find enough evidence.
>For instance, pedophiles form their own communities and within those communities, a sense of trust is developed.
Or, pedos aren't drawn from the same population that knows how to do stuff securely, they just read a guide or two on how to use Tor. I'd assume you could get "4-7%" of many groups of people to download something and run it, that doesn't show that pedos necessarily are more trusting. (In fact, I'd expect higher numbers from random internet users, thus implying that pedos are less trusting, which I'd expect at a minimum given the fact that they can access Tor).
Numbering hidden services is something you publish papers on, and most researchers arrive at much larger numbers than 4000. But just as the author pulled numbers out of thin air (20 out the 4000 are deemed worthy of anonymity), 9 out of 10 paedophiles caught by him would turn out to be other researchers (or "researchers"). They are much more likely to run the spyware he offered.
At any time, Tor is frequented by many like him. Some law enforcement, some working for child abuse organizations, some academia, and a lot of regular people with the same ambitions. Advertising a high child porn site is the best way to attract them. Most likely many of them have an unhealthy interest in this stuff, and line between "researcher" and paedophile is not always clear. The law does not make a distinction.
Wait... Is anyone else seeing this? The guy ran a crawler that visited many such illegal sites, then used stats on the number of visits that his honeypot got to draw conclusions about TOR. What is the standard of evidence that he is using? Seems like some weird methodology.
So with pedophilia being a deviant behavior, yet relatively common through the ages, it doesn't seem like it's going away any time soon. Wouldn't legal computer generated child pornography be a potential solution?
One could argue that this type of pornography would encourage pedophiles to seek out real girls, but then the same would apply for married men looking at porn. Do most of them seek out women in bars or escort services? I doubt that.
Technically, because of how hidden services work in the tor architecture (both the service AND the user are hidden from each other) there's no "exit ip" when connecting to a hidden service, it just happens somewhere in the intermediary hops. (with the hidden service pretending that its just getting a response from somewhere up the chain)
so what the author of this article was actually doing was just leaking his own IP. lol
Firstly, so - the writer is geek_slop? - let me get this straight about you?:
· You adopted a girl at some point.
· You are not law enforcement, and are not authorised by them in any way.
· You disclose, here in this webpage, that you ran a hidden service site, via Tor, explicitly for paedophiles.
· You have admitted the above, to the FBI.
· You haven't considered what child protective services' post-adoptive services might think of your doing this?
Um, I am a trifle concerned that you may have let your emotional investment get in the way of good research, or good sense, thinking this vigilantism through to its logical conclusion.
Secondly, I think I'm enough of an expert on the topic of malware to say that the software, designed to cause a privacy breach upon whomever runs it and to disguise that purpose so that they may be tricked into running it voluntarily, is definitely malware: what is technically known as a "Trojan Horse", essentially doing the same job as the FBI's "CIPAV", but worse.
Thirdly, I've spoken with law enforcement on this topic before, in the context of discussing anonymous networks like Tor. They are frequently displeased about vigilantes ruining their operations by doing shit like this - it makes the paedophiles more paranoid and careful, actively disrupting ongoing law enforcement investigations.
Fourthly, it's not valid research. geek_slop doesn't appear to be familiar with how Tor actually works, in fact, they actually list the wonderful exit nodes they got, apparently unaware that the list of exit nodes is public and by design doesn't tell you anything at all about the visitors to your site. Web crawlers (including "Dark Web" - a wording which is another sign that the author does not have a strong background in anonymous networks - it's correctly "onion site" now, formerly "hidden service") naturally find related sites that link to each other, if you're going by links, which they might have done. If they're neutrally HSdir crawling, most of them are dead (because they're ephemeral services created by a P2P chat app?). We know all that from previous research (Dr Gareth Owen, University of Portsmouth, Tor Hidden Services and Deanonymisation, 31C3 https://www.youtube.com/watch?v=oZdeRmlj8Gw ).
Finally, this crawler might in fact be the exact same "dumb crawler" I previously identified as doing repeated HSdir directory service lookups (instead of caching) while refreshing paedophile sites, causing disproportionate load on the Tor network's HSdir services and strongly skewing Dr Owen's results on this topic (if it's not yours, it's probably IWF's). So, um, thanks for that.
Excellent points. Regardless of the intent here, geek_slop may have only succeeded in getting the FBI and others to start an actual investigation of geek_slop.
I must say, even reading the article made me feel quite uneasy. I can't imagine doing this myself, but if it leads to the capture of some pedophiles then I tip my hat to this person.
Personally I'm glad some random guy can't hand off a whole bunch of IPs to the FBI and tell them they're all pedophiles. I'm sure it would cost thousands of dollars to sift through the data too, and would be pretty useless seeing as the guy wasn't hosting child porn.
Besides, taking down these pedophiles might be "fun" to some people, but if you really want to help children you need to go after the people producing/hosting child pornography.
> In this particularly disturbing case, a father of three hints that he is willing to share pictures of his children.
> npt@hotmail.com: hi im a married dad of 3, i prefer girls from pt to jb. I’m looking forward to joining in and sharing in the community
A little later in the article there is an entire section devoted to his findings that many visitors of the site were predators seeking to do more than look at photographs. In addition,
> Many visitors offered photos from their “private collection” as a means to bribe me for entrance to the website. They took care to note that the material they were offering me was original.
Isn't that pretty much what the author was doing? Offering child porn to people on tor? How do we know the people contacting him weren't trying to honeypot him?
> None of the websites contained any illegal content. Since I am not a legal authority (nor an expert in the law), I had to scale back the content. No illegal pictures nor files existed on any of the sites. In fact, each site contained exactly one image – a decorative background image to give the site a bit of flair (hidden service sites are notoriously lean). None of the honeypot sites explicitly offered to provide illegal content and instead, served to lure the user in by a vague promise of what may be found behind the locked door. Admittedly, this was a huge disadvantage over a FBI-driven honeypot and likely the reason why many visitors did not register and quickly moved on after landing on the home page.
Later on he explains,
> Scans on the server dropped and some of the users who opted to run the software appeared to be government or private researchers.
If he wasn't explicitly offering child porn then how can he assume people who visited his honey pot were looking for child porn if they didn't explicitly state it? Sure the guy offering pictures seems like a pedophile, but what about the others?
More than one offered pictures and in fact, according to other sources, seems to be a frequent method for pedos to prove to the hidden service operator that they are indeed "legit".
"full sets of data" seem to include Tor exit node IP addresses (public information that you can obtain from the Tor directory service) and a few possible real IP addresses—but not ones he can directly tie to any actual CP. As he says, "Admittedly, after introducing the security scanner, traffic patterns changed. Scans on the server dropped and some of the users who opted to run the software appeared to be government or private researchers. Most visitors were reluctant to run the security scanner." Later he says that between 4 and 7 percent of his registered users ran the scanner. He never says how many registered users he had, and never said how many uploaded child porn or could be directly connected to it (and how many of those ran the scanner)
I have already shut down the VM but I believe there were around 550-650 registered users in 14 days. Around 40-60 new registrations per day. Total registrations for counterfeiting+drugs sites: 8. Since the article went out, someone pointed out to me that one popular pedo .onion site has 90,000 registered users.
If a person contacts the FBI to say they have evidence of terrorism, pedophilia or money laundering, the first thing that happens is that the snitch gets put on the watch list and gets a wiretap.
Probably condemning myself to eternal down-voting here, but some of the reactions here are depressing as fuck.
There is no world in which this content is acceptable. The presence of this on TOR is not "good for society" in any way shape or form, and reveals that society can't be trusted with anonymous speech...
Which is a really big problem, because there are a shit-ton of other problems that require anonymous speech.
> The exit node IP address of the user was easily obtained using the two different methods discussed briefly above.
This is really not a vulnerability but simply how tor, and the internet at large, works - hidden services by design protect the service not the user (the user is protected by tor by default) - what the author actually did here was "leak" their non-hidden services IP.
> and true external IP address (see partial data example to the above). And to answer the second question, “no”, this did not involve the placement of malicious malware. Read on…
The author then goes on to state that they gave the users malicious malware to run which revealed their ip address. They justify that this was not malware by stating:
> It should be noted that this was not malware per se. It did not replicate and was run voluntarily by the user. The user was notified that a “security scan” was going to be run on their machine and they freely chose to run the scan.
The author then goes on to publish a list of tor exit nodes with tor user agents...which they could have gotten directly from the tor directory services...
And, as pointed out by others, the author never really goes on to state why they think Tor is the devil - they built a honeypot and were disgusted by the flies it attracted....I'm not really sure what they were expecting...