A short reasoning for sharing leaked data


There have been plenty of times I have received personal abuse, deaths threats and other forms of harassment online in response to my efforts hosting leaked data, most recently in the case of Patreon. As a result, I thought I would take some time out of the day to explain why I do what I do, and what I hope to accomplish with it.

Hosting the leaked data is a risky business. I accept the fact that one day I may be arrested for handling the data if it is alleged to have been stolen. As a result, my legal team are aware of my actions and we already have legal challenges to such an arrest should it be made. However, my reason for doing so is that there is a public interest whenever such data is leaked, both from journalists in established outlets and independent forms of media.

The alternative of not sharing the data is also rather grim. Frankly whether or not I make it available, that data will still be on the internet, and it only takes a quick Google search to reveal this. Most of the other places to obtain the data, however, are from unknown sources and are very difficult to verify the authenticity of the data. Not to mention, I have come across plenty of these sources where said files have malware attached to them, designed to work as people scramble to fulfill their curiosity and download the material without any form of scrutiny as to their origin. So regardless of who hosts it, that data shall always be available. By taking the responsibility to host a copy, it allows journalists and others to focus on the work of analysing the data and leaving the management of that source to me.

The exposure of the information further allows the public to vet what procedures are in place at companies to protect data. The unfortunate reality is that their security is already bypassed at the point of the leak, but that isn’t the end of the story. Passwords for example in the Patreon leak used bcrypt, a hashing algorithm designed to be extraordinarily difficult to brute force and reveal a user’s true password. This is an example of a very good security measure that other organisations and businesses should take note of, especially the many who still store passwords in plain text. It also allows people to identify vulnerabilities, such as how although Ashley Madison employed bcrypt as well, but this was negated thanks to them cutting corners and using MD5 in the process of storing the login tokens (see Joseph’s article on Motherboard here).

Using leaked data allows us an understanding of the true state of affairs of how companies handle your personal data and emphasises to the corporations that personal data is not just another commodity. An organisation with strong password hashing policies like LastPass or indeed Patreon, means they have plenty of time to warn users to change their login credentials. Furthermore, a timely disclosure can repair the company image much better than trying to ignore the problem, as HackingTeam found out (and who still hold a grudge against me to this day for). All in all, the only way to avoid a major catastrophe is for companies to start adopting better ways they collect, use and dispose of data. If they do not need to store some information, then it should be disposed of, a fatal flaw in the operations of Ashley Madison. One of the reasons I support the use of bitcoin is that with no fraud risk from chargebacks, personal information does not need to be collected in the very first place.

Like many of the data breaches this year, it is not what happens once the data is leaked that is a problem, but what you do before it that matters. Taking the proper precautions and maintaining minimal user information, is the only way to safeguard against misuse either from the legal forces in play, or the rogue hackers looking for their next victim.

I stand with Lauri Love


Further information:

I have known Lauri for a while now, and we have both talked at length of our own struggles, shared some comforting advice and helped one another progress through difficulties as they arise. Today it deeply saddened and enraged me to hear his extradition has been demanded by the United States of Assholes.

Lauri Love is a British citizen. He lives in the UK. Therefore following this assumption, any alleged wrongdoing must fall within British laws. I, therefore, question why the need for extradition must exist when the frameworks for his prosecution in the UK are already in place if he was indeed guilty of any offense. Should he be found guilty of any offence then he should also be punished under British law, which is where he resides.

The only thoughts that cross my mind on why an extradition would be necessary are as follows; the US knows what evidence it has will not stand up to scrutiny in British courts. Protocols exist where evidence gathered overseas can be used against citizens in a UK court, and so it would seem logical to prosecute a person in their home country as it would be quicker, easier and cheaper for everyone involved. Furthermore, to prosecute Lauri in the UK would at least show some respect to British sovereignty and that British laws must rule the actions of it’s citizens.

Instead, the US has again sought to bring a person into their own territory for prosecution. I find this deeply insulting. Unlike many countries in the world, the US attempts to force the laws of its nation upon all people, irrespective of where they reside and assume their laws reign supreme over all others. If the UK or any other country where to make such an assumption, it is likely that the US would refuse to comply or kick up a fuss about the matter seeing it as an insult to them, without regard to their hypocrisy.

So I feel it is time to use this phrase, despite my hatred of it: If the US has nothing to hide in prosecuting Mr Love, why are they not using established protocols for the presentation of evidence in British courts? “Nothing to hide nothing to fear” huh? If the US has material that they feel is in some way privileged and thus cannot be handed over the UK, then this would be a clear violation of Article 6 of the EU Convention on Human Rights. In that case, the extradition request should be denied immediately.

On this matter, I stand firmly by Lauri’s side. So to the US government I would like to remind you that I am not a member of Anonymous, nor do I agree with many things that they do. But I do not forgive or forget either. You should perhaps look into your sins very deeply because new alliances are forming against you daily, and I am firmly within their ranks on this matter.

Today we have lost a friend


I, like many today, was shocked to hear that our friend Caspar Bowden has sadly passed away. He was a man of passion and conviction, a force in the privacy debate that never waned nor held back. Everyone who knew him can certainly testify to his moral courage to stand for what is right and just, regardless of who he was facing.

I first met Caspar a few years ago and talked to him on many occasions. One conversation that stood out to me is during the Tor Project summer developer meeting in Paris in mid-2014. Little did I know what started as a small matter would soon turn into a pattern of me becoming a surveillance target of the UK government, followed by a campaign of intimidation and bullying. Throughout my ordeal, Caspar was there for me with his vast reserves of expert knowledge, patience and care, like a father to us all. He never cared for what somebody stood accused of or who they were, he was willing to stand there for everybody equally.

He was a friend, a mentor, a teacher. If the time ever came where you had lost all hope in the fight against tyranny and injustice, along Caspar came to pick you up with a new found drive to continue.

RIP Caspar Bowden. You will be missed.

Update on Current Projects


I have to apologise first for the lack of follow-up to my previous posts (they are on the way – I promise!). I have been focussing on a new project that I have had in the works for some time now and have been planning that out quite extensively. With lots of potential for hidden services and a  complete lack of transparency in the ecosystem, starting a new project that is designed to scale massively is a rather unique challenge.

As a quick overview of them all, I wanted to update those who follow my projects on some of them.

First is the shared hosting project. Most of us remember Freedom Hosting and the stir that caused over a year ago. It was one of the few places in the hidden service ecosystem that people with very little to no technical ability could maintain their site without having any knowledge of command lines, web servers and hardening. With that now gone, it puts the entry barrier to hidden services ever higher. Despite my previous post designed to make is quite painless, the fact of the matter is that using a command line is still intimidating to many people who have never even ventured away from Windows.

Making a shared host is a much harder job than one would imagine, particularly with the prevalence of them on the “clearnet”. Most shared hosts on the DNS system rely on a small set of tools to achieve this, usually cPanel WHM, Plesk and WHMCS. While there is nothing particularly wrong with these tools, they are simply not designed for hidden services and licensing issues could pose a real problem to widespread deployment. This is what made me decide that I need to create a custom solution from scratch.

Scaling on the hidden service is also a very difficult problem, especially with high traffic. In addition, I don’t want to be redesigning this system every few months as it drastically increases workload over time, and so getting this right the first time will make things way easier for me. Here are some of the problems I am thinking about when building this system:

1. Tor can only use one core of a CPU to process traffic and perform crypto operations. That means I must load balance between several tor processes. What are the best means by which to monitor this and automate the process of load balancing hidden service keys across the processes – in particular if the virtual machine isolation is used between them.
Solution: Using a single core virtual machine on another server, and then pointing the HS at another dedicated server means the CPU is dedicated to that process for maximum throughput. Then, using a machine on the control server, it can use SSH keys to distribute the private keys and hostnames based on their load readings and shuffled as required.

 2. If a DDOS is performed, it will likely max out the CPU core before saturating the traffic or guard. How can I mitigate this?
Solution: Creating a separate virtual machine from the rest that has more stringent resources allocated to it. This means the DDOS will only exhaust a small pool of resources and leave the others to perform normally, serving the existing hidden services. This does not prevent or stop a DDOS, but it does limit the damage that is caused by a single client being the target of an attack.

3. How can I prevent the system being overloaded by the tor process, the web server, the database and the file storage all on a single server?
Solution: Split them. One server shall handle the tor processes, split into smaller virtual machines for isolation and pseudo load-balancing. The Tor server will also have an Nginx reverse proxy installed on it locally with a large SSD cache, perhaps 240Gb that will store frequently accessed disk material. This reduces the intra-server network load and reduces requests and connections between the frontend and the web server. Plus using an SSD over a hard drive reduces the latency between the request being made and replied to, so larger files like images or constantly accessed text files are read at lightning speed. Using hardware to their specific tasks is also useful; so for the Tor process machine a high CPU clock rate and small SSD storage is best. For the webserver, multiple cores are better with large storage pools in a RAID array for redundancy. The database server must have a good CPU, but large amounts of RAM and a SSD storage pool, that performs better under a large amount of small read/write requests than disk-based drives, will make increase performance substantially.

4. How can I scale the storage pools? Ideally I would like to point the webserver to a single backend storage mechanism so it can grow seamlessly, but I cannot use a cloud solution due to the inherent privacy risks.
Problem: I haven’t fully thought this part through yet, but redundancy and the ability to scale it to many TB’s is very important. Please feel free to write in if you have any suggestions!

My aim in this project is to bring hidden services to the masses. This is critical to me as with every new revelation from the Snowden leaks; I am losing faith constantly in traditional security models. Tor hidden services provide end to end encryption by default and offer privacy for both the user and host. But to make a technology come to a larger audience, we have to lower the barrier to entry so that anybody can easily throw up their own blog. We can work together to break the dogma that privacy is only for “bad” people.

Another, probably more controversial project, is a file/image hosting service.  Now there is the stereotype that all image hosts are simply for the purpose of child porn on the “dark net”, but I differ. The only reasons tor hidden services have a reputation for child porn is because nobody bothers to challenge the stereotype. We need more challengers, who want to shift the landscape. We can’t wipe out child porn, but what we can do is bring the layman to hidden services and spring up legitimate services to drown out the notion that such technology is only for criminals. We can only change the world when enough good people stand up and challenge whatever negativities or reserves people may have.

An image/file host has many of the same challenges, minus the databases, so that project is somewhat straightforward and shall be a great primer to optimising the full web hosting service.

If you have any thoughts on what sort of hidden services you’d like me to launch, please do let me know! My 2015 goal is getting hidden services to the masses and so I’d always love to hear your suggestions, or perhaps feedback on my plans above.

Proof of Knowledge & Disclosures


Copies also kept at the following paste locations:
Hash: SHA1

Please keep a copy of the following checksums for future use. I am not
at privilege at this moment to divulge anything further about what these
checksums may or may not verify other than to state they are a proof of
foreknowledge about events which are about to unfold. I hopefully will
never need to release these, but if I must it is crucial the
authenticity can be verified by as many people as possible. The context
of these and who it concerns at Tor hidden services.

On Twitter:

On Twitter:

At this moment (3rd Feb 2015) I am under no compulsion to write this
message and I have not been served any gag orders in relation to the
exact text above. Should for any reason I become unable to disclose the
above information myself, another person will step forward to do so.
Thus gagging orders aimed at myself, my legal team, my known associates
or any other form of restraint against me will not prevent the release
of this information. Should my enemies test my resolve on this matter –
you will fail.
Version: GnuPG v2