Freedom Hosting, a web hosting provider specifically targeting websites in the Tor community, has been shut down, and its owner Eric Eoin Marques arrested in Ireland on charges of facilitating the distribution of online child pornography. Marques is now sitting in jail, denied bail while the Irish courts determine the validity of an extradition request by the United States. Freedom Hosting was responsible for a large number of major “hidden services” on the Tor network, most notably including the email provider Tormail, and some estimates suggest that up to half of all major Tor hidden services relied on it for hosting. However, the site has also long been known as a hotbed of child pornography; in 2011, Operation Darknet, an anti-child-pornography subgroup of Anonymous, sent a warning to Freedom Hosting asking the service to remove all CP-hosting websites. When Freedom Hosting refused, Anonymous launched an all-out attack, hacking into Freedom Hosting’s servers and shutting down all sites two and a half hours later. Now, the US and Irish governments have taken the provider down themselves – but using the much heavier weaponry of the legal system to do the job.
When US and Irish law enforcement took over Freedom Hosting’s servers, the sites were not simply taken down immediately. Rather, they let the sites keep operating for some time, and some extra Javascript code was injected into the sites’ webpages, to be automatically run by the browsers of users accessing the sites as part of loading the page. The code in question first checks whether the user is running Firefox 17, and if they are it then opens an iframe which loads an exploit from another site, which then takes advantage of a Firefox 17 vulnerability for purposes the precise details of which are not yet known. At this point, the most common hypothesis is that the exploit makes an HTTP request bypassing the Tor protection, revealing the user’s IP address to the authorities.
This event is a serious blow to the Tor darknet, but provides some valuable lessons to members of this fledgling underground community and, largely thanks to Bitcoin, economy. First, just like in the normal economy, centralization poses serious risks. If, rather than one hosting provider having 50% market share, the economy was split among multiple competing services, not only would each invididual shutdown be less disruptive to the Tor community, but there would also be less incentive to attack each one in the first place. With Tormail and email providers there is a parallel situation. Second, personal responsibility and control are paramount. The Tor ecosystem has no legal framework to encourage service providers to remain honest – in fact, the legal framework of the outside world often, as in this case, does the exact opposite. Thus, Tor users must work to put less trust in third parties, and keep more control in the hands of the only person they truly can trust: themselves.
In practice, this means two things: decentralization and encryption. Tor users should spend more time looking into decentralized alternatives like peer-to-peer file sharing, Bitmessage and Osiris, and try to avoid centralized services unless they provide genuine value that decentralized alternatives cannot replace. Ideally, a decentralized alternative would emerge to markets like Silk Road and Atlantis as well. As for encryption, PGP is the most widely-used form of public-key encryption today, allowing users to securely send encrypted messages to each other that no one can read without the private key. With the help of PGP, even centralized services like Tormail and Silk Road can be made fairly secure. With the capture of Tormail, every message ever written over Tormail is now potentially in the US government’s hands. Even without the interference of any government, Tormail’s operator has always had the power to do whatever they wanted with its users’ messages – including selling the data, using it to blackmail users, or even modifying messages in transit to fraudulently organize meetings and business deals. Those Tormail users who use PGP, however, are completely safe.
One conclusion that some would draw is that Tor hidden service operators should be self-hosting their sites. However, self-hosting is a complex and nuanced issue in the world of Tor. On the one hand, just like any other centralized service hosting providers can be shut down or betray their customers. On the other hand, self-hosting hidden services locally is a very difficult task. If done wrong, depending on the site’s function it potentially opens one up to detection, shutdown and even arrest, and having the job of hosting done by experts essentially eliminates this risk – even now, the operators of most of the sites compromised by Freedom Hosting’s shutdown are likely still anonymous. The best solution may be a combination of having more hosting providers, having some hosting providers operating out in the open in data-friendly jurisdictions like Iceland, and more self-hosting where necessary.
Finally, the event reminds us that Javascript injection is a serious problem, and one that Bitcoin users particularly need to be wary of. This time, the exploit potentially reveals your IP address to police. Next time, it might be a Tor-based “secure” online wallet provider inserting some Javascript to send all your money to 1USgoV. The DEA has already shown themselves capable of seizing bitcoins through some unspecified mechanism (likely setting up a fake seller account and fraudulently selling “drugs” with it), so seizing bitcoins with a Javascript injection attack is not much of a further step. All applications relying on Javascript browser cryptography should exist in the form of Chrome and Firefox extensions and not just websites; the most popular online wallet, blockchain.info, has done this for months.
Hopefully, the Tor community will pick itself up from this attack, and services will grow to replace Freedom Hosting and Tormail (although Freedom Hosting’s replacement might want to filter child porn out). The crypto-economy is not just useful for drugs; for the wider society as a whole, it is an economic playground which lacks much of the basic infrastructure that those of us in the outside world take for granted is simply absent, and users are left to figure out for themselves how markets and cooperation can thrive. Most of the experiments that take place there will certainly sputter and fail; others, however, can be the start of something great. Bitcoin itself might be an example; the Tor community and Silk Road were arguably the currency’s first major committed user base in 2011 and 2012, and if it weren’t for them the development of more ordinary applications for Bitcoin like international money transfer and retail might be months further behind today. Economists can analyze crypto-markets and see how communities respond to the presence and absence of fraud prevention, regulation and higher-level infrsatructure in a whole new light. TorBroker and Torwallet are both great examples of this playing out in practice. Ultimately, this takedown too will prove to be a very interesting stress test as we watch just how the community recovers in the weeks and months ahead.