Comment by john_strinlai
4 hours ago
>We have seen multiple cases of people getting caught on there
as far as i am aware, no one has been caught due to something technical in relation to tor.
it's always something dumb like logging into an email that has the person's real name in it, using a credit card, leaving javascript on, or otherwise making some opsec failure.
There is another angle not a lot of people consider. There was a Defcon video I recall watching from 10-15 years ago where the speaker referenced a case where police managed to arrest someone because the Tor traffic on the network (maybe a university) was so unusual as a one time event at a specific location, the police managed to tie the individual to specific Tor activity. The speaker's conclusion was essentially we should all be using Tor to create and normalise a higher volume of Tor traffic which can in turn help protect other Tor user's anonymity.
i believe that case is this one from 2013: https://www.informationweek.com/cyber-resilience/fbi-traces-...
"Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat, [...]"
"The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess," Schneier wrote. "Tor didn't break; Kim did.""
It's increasingly difficult to accomplish much on the Internet without JavaScript, though. This is an era where literal image hosting sites won't show you an image without it; where it's used to reinvent <details> tags, forms, even ordinary hyperlinks.
On the other hand, it's never been easier to design a place that doesn't need those things, or be confident the javascript is on your side.
javascript, like tor, is powerful in both directions depending on what it's used for.
This could be true. But law enforcers lied how they found evidence in other cases.[1] They could have lied in Tor cases.
[1] https://en.wikipedia.org/wiki/Parallel_construction