Bitcoiners Who Use Tor – Be Warned!

Bitcoiners Who Use Tor – Be Warned!

70745
20
SHARE
Tor

Bitcoiners love Tor but the FBI has “updated” Rule 41 of the internet that could blacken Tor’s horizon. This means that unless Congress blocks it, using the anonymous browser could become illegal in the near future.

Also read: Blockstack to Help Microsoft Develop a Global ID Platform

Future of Tor in Jeopardy

Bitcoiners love the anonymity of Tor.

torThe FBI hates it even though Tor is run by a government-backed American nonprofit. Even imperfect anonymity cripples the agency’s war on ‘crime’ – especially on victimless crimes like when people mind their own fiscal business. That’s why agents tried to interview one of Tor’s main software developers, Isis Agora Lovecruft (pseudo), over the last Thanksgiving holidays.

Lovecruft jumped a fast plane to Germany to avoid being grilled for information that could have compromised the Tor system. A self-described “anarchist, hacker and physicist,” Lovecruft claims the FBI has been harassing her ever since.

Now a game changer could further blacken Tor’s horizon…and that of Bitcoiners. On December 1, an “update” to Rule 41 of the Federal Rules of Criminal Procedure takes effect unless Congress blocks it. The info sounds dry as dust until you realize the change lets the FBI hack remotely into the phones and control the computers of Tor users. The target doesn’t have to commit a cybercrime; he may even be a victim of crime.

Gizmodo comments:

The new rule would allow the FBI to infect innocent people’s computer with malware in order to investigate cybercrime—even if their only connection to the crime is that they’re the victims. What could go wrong?”

If a person uses Tor, the FBI is empowered to get a discreet warrant that allows them to hack a computer and follow wherever the connection leads. In theory, with a single secret warrant, the agency could grab control of tens of thousands or millions of computers on a botnet.

What specifically is the “update” to Rule 41? Currently, the FBI needs to know the location of a computer suspected of ‘wrong-doing’ and then get a warrant in the proper jurisdiction. If they target a computer in Las Vegas, for example, they need a warrant from a Nevada judge. After December 1, any federal judge in America would be able to issue a warrant to allow the FBI to access an indefinite number of computers regardless of their locations.

All the FBI needs to claim is that the location of the computer has been intentionally concealed through use of technology – aka Tor. Legally-speaking, the agency’s surveillance may be restricted to the States but the ability to hack the globe would be out there, dangling. And when did a technicality prevent the FBI from surveillance? So many justifications are possible.

“Hacking a botnet leads you to unexpected connections; foreigners are committing crimes against Americans; we didn’t know the computer was in Switzerland, honest.”

Beyond US Borders

tor onionElectronic Freedom Frontier (EFF) cautions, “Make no mistake: the Rule 41 proposal implicates people well beyond U.S. borders. This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet. People both inside and outside of the United States should be equally concerned about this proposal.”

Few people know about the “update.” It emerged from an obscure advisory committee that makes procedural changes in the rules governing all U.S. federal courts. For example, it determines the holidays on which the courts close. Then the Supreme Court passes the procedural change and a deadline onto Congress, where it is either blocked in time or automatically goes into effect.

Critics of Rule 41 pounce on the word “procedural.” And rightfully so. Only Congress has the authority to make a substantive change, which certainly describes the “update.” It gives the FBI massive new surveillance power and alters important powers of the court. For example, a court would lose the ability to throw out evidence due to law enforcement’s overreach into outside jurisdictions. There would be no jurisdiction outside the FBI’s reach.

And the grab is not likely to stop at Tor. Google’s legal director for law enforcement and information security warns:

Likewise, the change seemingly means that the limit on warrants is excused in any instance where a Virtual Private Network (VPN) is set up. Banks, online retailers, communications providers and other businesses around the world commonly use VPNs to help keep their networks and users’ information secure. A VPN can obscure the actual location of a network, however, and thus could be subject to a remote search warrant where it would not have been otherwise.

The EFF further explains, “It [the ‘update’] might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets.”

In short, the probable cause is a desire for privacy for a warrant, and no one is sure which software or actions are included because the “update” is vague and broadly worded.

Push Back

torHappily, there is Congressional push back. H.R.5321 – the Stopping Mass Hacking Act (SMH or, in internet terms “Shaking My Head”) – was just introduced into the House. The Senate version, S.2952, is also in play.

The bad news? Congress has only seven months to pass blocking legislation. Those seven months are filled by a need for hearings, summer breaks, holidays, RNC/DNC conventions, and the extreme distraction of an upcoming election.

Meanwhile, Bitcoiners and privacy-lovers should be on notice. Come December 1, a visit to Tor may be followed by a visit from the FBI …whether you know about the latter or not. For all practical purposes, Tor could become illegal.

What are your thoughts on this “update”? Do you think this will pass Congress? Let us know in the comments section below! 


Images courtesy of nbcnews.comsimplyscratch.comtheregister.co.ukgizmodo.com.au

  • Hi all. I will be dropping by during the day to answer any questions or comments people might have about the article. Enjoy!

    • Mark Gunther

      Thank you for your work on this article. Thank you for sounding the alarm. I shall be doing all I can to pass this on.

  • why bother

    Would this affect bitcoin users who do not use tor yet still run full nodes?

    • Get Liquid!

      No it wouldn’t, but running tor shouldn’t be illegal.

      • Jonathan Cross

        It is also good to point out that to have *any privacy at all* when using Bitcoin, you should be using Tor, especially with so called SPV “light” clients.

  • Hi why bother: The “update” is so vaguely worded that no one knows for sure but I believe you personally would not be targeted if you did not conceal your location. A larger threat might be the networks with which you connect — including VPN ones. Their privacy technology might trigger a surveillance that includes your computer through the FBI’s investigative malware. I embedded a fair number of links to analysis, including legal, because I wanted readers to be informed and not merely alarmed. But solid info as to who is vulnerable (other than Tor users) is scant.

  • RobertFl

    Makes the case for dial-up P2P networks, and Bulletin Board Systems to make a come back.

  • Agreed. My household is both Linux and open source but, for all of our “advanced thinking,” we eschew the cloud as much as possible because it is too easily misused and abused, and not by us. There is something to be said the old fashioned P2Ps. That something is…privacy.

  • Fritz Knese

    Hi Wendy! I know very little about bitcoin, tor, or computers in general. But I think that any venue that promotes liberty in any way is seen as a threat by government. So the only surprise to me is that the internet has had so little interference up till now. I imagine that government will be taking de facto control of the internet all over the world within the next decade. I hope that it will turn out to be infeasable, but given the money, power, and incentive government has to control us, I will be surprised if freedom on the internet will last much longer.

    • Hey Fritz: It is really nice to see you posting, my friend. I think there is a race between technology (freedom, personal control) and the state…and I don’t know which side is going to win. Some friends swear it is impossible to stop the blockchain but I know it is possible to stop the people who are its living implementation. I agree that freedom on the internet is poised to take a beating…and from many directions. Not just the “update” to Rule 41, but the pressure for backdoors in most devices, the “right to be forgotten” policies popular in the EU… All I know for sure is the side *I’m* on and where I’m taking a stand. Like I said, very nice to see you here.

      • Fritz Knese

        Wendy, as usual you state what I feel so much better than I seem able. I am fighting against the “freedom lover’s cynicism” syndromn. It is part of the never ending struggle to balance intellect with emotion that my father called “motigration”. In this case my emotions wish to believe that all will remain well with internet freedom. My logic says that governmental money and power will likely win the day. I am happy to see you writing the occasional article. I hope you continue to do well.

  • Terry Hulsey

    Indispensible reporting, Wendy.
    Tor users typically use encryption in addition to Tor’s anonymity. I suppose I should assume that its use does not imply “an expectation of privacy” and is of no legal significance to the FBI.

    • I would not assume “an expectation of privacy,” Terry. The real threat of this proposed policy change, however, is not the FBI’s ability to access any particular Tor usage but the ability to commandeer your entire computer (essentially) without a real warrant. There is an aspect of this proposal, BTW, that I have no idea how to evaluate. The FBI is supposed to notify you in some manner if they target your machine but it is not clear how. An email that can be spoofed by many scammers who will induce you to click on zip files? Nor is it clear that the FBI needs to notify everyone on a network. Of course, I think the notification will be much more honored in the breach.

  • StevenLJones

    As soon as the general media reported the existence of Tor I suspected it had been hacked.

  • David McDory

    People should quit using the Tor Browser. They should use Tor through Whonix. VMs are much more secure, and immune to hacking. Even if hacked, this won’t reveal the users’s IP address.

    • Mark Gunther

      I’d ask for an ELI5 on this but I’ll just start searching and hope. But thank you for the seed idea, good netizen. Thank you.

      • David McDory

        Tor Browser is the hardened version of Firefox. It does its best to direct all traffic through Tor’s SOCKS5 port. However, Firefox, like any modern browser, is a very complex piece of software, and can have bugs in any of its hundreds of modules. So the risk is that some of the modules would still send traffic directly and expose your real IP address. I believe the recent exposure of tor users in CP prosecution case is due to such Tor browser exploit (I don’t support CP pervs, but the case is still that Tor Browser exploit made Tor users exposure possible).

        In case of the virtual machines they are connected to Tor in tgheir entirety through just one pipe (the network connection). It makes it impossible that any browser exploits would expose your real IP, because such exploits would sill face only your Tor exit node’s IP. VM simply doesn’t know its real IP at all.

        The most practical case to have VM connected to Tor today is VirtualBox + Whonix. Install VirtualBox, then add two Whonix VMs to VirtualBox and run both of them and you have the Tor connected VM. You can run your favorite OS in VM in place of one of the Whonix VMs – it will be as secure. Learn these things, they are very useful if you value your privacy.

        On the unrelated note, I recently came across ZeroNet – https://zeronet.io. If you like Tor you will like too. It is a new way of accessing websites. Websites are distributed, decentralized, hosted by everybody. Impossible to surveil or take down. And here is a great torrent website PLAY there: 192.168.5.101:43110/1PLAYgDQboKojowD3kwdb3CtWmWaokXvfp/

        Good luck!

        • Thank you for your response, David. It is precisely the type of information I came to bitcoin.com to absorb. I admit that I am not very literate in cryptocurrencies etc. — although I have a good grasp of the surrounding politics. I thought the best way to learn was to plunge in and start swimming, even if it is a dogpaddle. I will learn as much or more from readers than they will from me. A fair value for both, I believe. Please keep sharing your expertise. It is incredibly useful.

  • So Laura is now going to be an illegal alien in Germany after 3 months? How does that work? She needs to find a German to marry, stat!

  • Que Quotion

    This will give them /perfect/ authority to go after expatriot americans running or using illicit services overseas and I am fairly certian that is what they have in mind.