Advertisement

Carnegie Mellon may have ratted out Tor users to the FBI

Reporter

Updated Thu, Nov 12, 2015, 10:28 AM·2 min read

In a story that may become an acid test for internet privacy, the operators of the Tor network have accused Carnegie Mellon University (CMU) of taking up to $1 million to help the FBI bust illegal sites. If the allegations are true, the defendants in question certainly had it coming -- they include the drug market Silk Road 2.0 and a child pornographer. However, Tor director Roger Dingledine questions the university's ethics in the attack. "We think it's unlikely they could have gotten a valid warrant ... [since it] appears to have indiscriminately targeted many users at once," he said.

Carnegie researchers reportedly planned to present the exploit at a Blackhat conference last year. In a deleted synopsis, it said "a persistent adversary ... can de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months [for] just under $3,000." However, the talk was cancelled at the last minute, and the team never gave Tor itself details about the bugs to help it patch them -- normally a no-no in the security community.

Researchers were puzzled by the pullout at the time, but Dingledine thinks law enforcement convinced it to keep the details private. "We have been told that the [FBI's] payment to CMU was at least $1 million," he said. Several months after the cancellation, the feds made several high profile busts on the Silk Road 2.0 and other big drug sites, saying those were just the tip of the iceberg. (The Tor group has since patched the security hole, and promised to further toughen security in the near term.)

When contacted by Wired, a CMU PR spokesman said he's "not aware of any payment," and added "I'd like to see the substantiation for their claim." The university didn't issue an outright denial, however. To back up its claims, Tor said it identified Carnegie Mellon servers during the attack, which promptly disappeared when it questioned the school.

Dingledine emphasized that he's not against law enforcement going after illegal Tor sites, but rather the manner in which the FBI did it. "The mere veneer of law enforcement investigation cannot justify wholesale invasion of people's privacy," he said. If that tune sounds familiar, it's similar to complaints about the NSA sifting through the private data of millions of people in order to catch a few criminals or terrorists. In this case, though, the negative effects could wash off on legitimate researchers. "If academia uses 'research' as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute," wrote Dingledine.

[Image credit: Bloomberg via Getty Images]

Engadget
An iPad version of the Delta game emulator is officially on the way
Developer Riley Testut shared an update on Threads this weekend revealing that an iPad app for the Delta emulator has been in the works and is "near completion." The emulator supports a slew of Nintendo systems.
2h ago
Engadget
Apple’s OLED iPad Pro may come packing an M4 chip and an emphasis on AI
According to Bloomberg’s Mark Gurman, the much-anticipated OLED iPad Pro may arrive not with the new M3 chip, but the next-gen M4. He also says it may be positioned as Apple’s ‘first truly AI-powered device.’
5h ago
Engadget
Budget doorbell camera manufacturer fixes security issues that left users vulnerable to spying
Eken Group has issued a firmware update to resolve major security issues with its doorbell cameras that were uncovered by Consumer Reports. The cameras are sold under the brands Eken, Tuck, Fishbot, Rakeblue, Andoe, Gemee and Luckwolf.
23h ago
Engadget
Google asks court to reject the DOJ’s lawsuit that accuses it of monopolizing ad tech
Google filed a motion on Friday in a Virginia federal court seeking summary judgment for the Department of Justice's antitrust case against it. The DOJ sued Google at the beginning of 2023 for alleged monopolistic practices.
1d ago
Engadget
Some Apple users say they’ve been mysteriously locked out of their accounts
Apple users reported starting Friday night that they were signed out of their Apple IDs and in some cases made to change their passwords. It's unclear yet how many users have been affected or what the underlying cause of the issue is.
1d ago
Engadget
I played Fire Emblem Engage on easy mode, and it got me back into gaming
"Sure, winning battles and matches in more difficult modes will feel more rewarding, but not every gaming experience has to be a challenge."
1d ago
Engadget
Apple has reportedly resumed talks with OpenAI to build a chatbot for the iPhone
Apple has resumed talks with OpenAI, the maker of ChatGPT, to build an AI-powered chatbot into the iPhone, according to a new report.
2d ago
Engadget
The FTC accuses Amazon of using Signal’s auto-deleting messages to erase evidence
As part of its antitrust suit against Amazon, the FTC accused the company of using Signal’s disappearing messages feature to conceal communications.
2d ago
Engadget
Drake deletes AI-generated Tupac track after Shakur’s estate threatened to sue
Drake apparently learned it isn’t wise to mess with Tupac Shakur — even nearly three decades after his death. Tthe Canadian hip-hop artist deleted the post with his track “Taylor Made Freestyle,” which used an AI-generated recreation of Shakur’s voice.
2d ago
Engadget
Aaron Sorkin is working on a Jan. 6-focused follow-up to The Social Network
Aaron Sorkin has announced that he’s currently writing a followup script to The Social Network. The original was his take on the initial years of Facebook.
2d ago
Engadget
Samsung's Galaxy S24 Ultra falls to a new low, plus the rest of the week's best tech deals
This week's best tech deals include a new low on the Samsung Galaxy S24 Ultra, Apple's MacBook Air M3 for $989 and Anker's Soundcore Space A40 earbuds for $49, among others.
2d ago
Engadget
Nikon’s Z8 is a phenomenal mirrorless camera for the price
Nikon's Z8 is one of the highest resolution full-frame cameras with 45 megapixels, but is also one of the fastest and has incredible video capabilities too.
2d ago
Engadget
Some of our favorite Bose headphones and earbuds are back to all-time low prices
Amazon has some of the highest-rated Bose headphones on sale for record-low prices. That includes the Bose QuietComfort Ultra headphones, which have best-in-class active noise cancellation (ANC).
2d ago
Engadget
Apple's 13-inch MacBook Air with the M3 chip has never been cheaper
The latest Apple MacBook Air with the M3 chip is down to a new low price at Amazon.
2d ago
Engadget
NHTSA concludes Tesla Autopilot investigation after linking the system to 14 deaths
The National Highway Traffic Safety Administration has concluded a lengthy investigation into Tesla’s Autopilot system. It found 13 fatal crashes due to misuse and software that doesn’t prioritize driver attentiveness.
2d ago
Engadget
Wacom's first OLED pen display is also the thinnest and lightest it has ever made
Wacom's latest pen display model is called Movink, and it's the company's first with a OLED screen. It's also Wacom's thinnest and lightest option ever, while still offering 13 inches of work space.
2d ago
Engadget
It doesn’t matter how many Vision Pro headsets Apple sells
This week, there was a lot of back and forth about Apple Vision Pro production numbers. Here's why they don't matter.
2d ago
Engadget
The Google Pixel Buds Pro are back on sale for $135
Google's Pixel Buds Pro are on sale for $135 at Wellbots, which is the lowest price we've seen this year.
2d ago
Engadget
Dell XPS 13 and XPS 14 review (2024): Gorgeous laptops with usability quirks
Dell’s XPS 13 and 14 are stylish, portable and powerful. You’ll have to get used to some of its design quirks, though, and it’s far pricier than older models.
2d ago
Engadget
OpenAI's Sam Altman and other tech leaders join the federal AI safety board
Sam Altman, OpenAI's CEO, Microsoft chief Satya Nadella, Alphabet CEO Sundar Pichai are joining the government's Artificial Intelligence Safety and Security Board, according to The Wall Street Journal.
2d ago