Something is Rotten in #opdarknet

Update 9/9/14 @ 10:30am: This post was originally published on November 2nd, 2011. I altered the date to bury it so I wouldn't have to look at it every time I went to update my site. The memory of this horrible event was discouraging me from writing new content.

Update 11/2/11 @ 4:50pm: I again have experienced a DDoS against fscked.org, again through Tor (though some IPs also appeared to be non-Tor), shortly after posting this article. It seems to have subsided, and was not as strong in intensity as the original attack.


I seem to be the target of a vigilante lynch mob (or a subset of one) who will not dispose themselves of the notion that I run a service called Freedom Hosting (despite having evidence in their possession to the contrary).

I have nothing to do with Freedom Hosting. I have no idea who runs it. I have never even used it.

I assume Freedom Hosting is a Tor hidden service that will host content for money and does not reject clients regardless of content, as long as they can pay the bills. This service has attracted the attention of #opdarknet because it apparently has become a home to child porn hosters.

I am not sure exactly why they are targeting me, but I strongly suspect it is meant as a distraction campaign at a key time in Tor's funding and development cycle.

I don't believe all #opdarknet members are involved in this campaign. Indeed, from what I hear, there are a few camps among them: some of them are rational people who think the campaign against me is distracting them from attacking the actual child porn sites, and they have argued vehemently against smearing me. However, the crazy contingent appears to keep winning out somehow, and the libel against me keeps getting posted to pastebin (and then later revised to conceal exonerating evidence).

My guess: The crazy contingent are the ones who started work at 10am sharp each day for three days in a row (even spanning the Halloween weekend) to harass me on IRC, until I pointed it out, after which they stopped. Who pays their salary, I wonder?

Here's the TL;DR breakdown of their "evidence" so far:

  1. I have an LLC that runs Tor exit nodes
  2. I lead a private life
  3. The Freedom Hosting services run Apache on FreeBSD with nginx (facts #opdarknet removed in subsequent pastebin edits)
  4. I run Apache on Linux, but never on FreeBSD, and never with nginx
  5. My exit nodes apparently cost "a lot of money" (not really)
  6. Therefore, I must be funding my exit nodes with the money from Freedom Hosting.
  7. When they DDoS me (using the Tor network to proxy their attacks), the Freedom Hosting Hidden Service sometimes becomes unreliable
  8. They also have a handful of out of context IRC quotes and unrelated commit message pastes stitched together specifically designed to make me look guilty

I don't want to link directly to their pastebin because I do not want to give them the pagerank, and they are prone to editing it anyway. Here is a local snapshot after they removed mention of nginx, but before they removed mention of FreeBSD.

Now, most of this is laughable on face. In fact, I suspect most of the Internet that read their "evidence" has quietly laughed at it and moved on. This suspicion can be confirmed by viewing their pastebin hitcount of the post about me. Since I am sure they will write a script to push the hit count up artificially as soon as I post this, here's a screenshot (it's the Oct 29th post).

Their original database dumps of Lolita City and the associated chat logs with that admin received over 100,000 views, and their other manifesto posts and other material received tens of thousands of views. But the "evidence" posts against me simply have not circulated at all by comparison. Anyone who knows better seems to know not to retweet, blog about, or forward such trash, and so it's just not getting traction.

Therefore, for the first few days of their assault on my character, I decided this meant I should just ignore their distraction campaign, and continue on with my Tor development work, and not let them accomplish their stated goal of "organizing a major shitstorm" by "doxxing" me.

I soon realized that this would not deter them from calling for people to "pay me a visit", "burn my house down", and other such nonsense on their twitter feed. To me, this seems like one step away from calling for my murder by some Dexter wannabe, which makes me quite glad I do in fact lead a very private life.

So, I believe that despite playing directly into their distraction campaign, I am forced to take time to break down their claims and dismiss them one by one:

  1. I have an LLC that runs Tor exit nodes
  2. Duh. The LLC was the prototype for high-bandwidth low-cost exits that could be funded by donations. Interestingly, the pastebin repeatedly replaces "Formless Networking" with "Freedom Networking". The latter does not exist. They did this merely for effect.

  3. I lead a private life
  4. Duh. I work on an anonymity network and run exit nodes. Sometimes people get angry about what other people post and do through exit nodes. Sometimes people decide they want Tor not to exist (for example: China, Iran, Syria, etc). Sometimes, people even go so far as to organize a smear campaign against you and call for your murder. Sometimes, they do this just because their braincells can't fire well enough to realize you're not their target. Sometimes, they do it because they are running a false-flag operation designed to discredit privacy and anonymity. Sometimes, a group can become infiltrated with actors who have interest in various elements of the above. Sometimes, they just get carried away by witch-hunt fervor.

    All of these are great reasons not to be too public about your personal life. But I also happen to be a private person, as well.

  5. These exit nodes apparently cost "a lot of money" (not really)
  6. People have donated money to the LLC, but it's not terribly expensive, if you actually have a job. (Sorry vigilantes, I guess this does put it out of your price range. Don't hate the player, hate the game). It currently costs $800/mo to run the nodes, and I get about 80% of that from private donors, who donate yearly. However, since these donations are not tax-deductible, the goal was always to get an established 501c3 who would be willing to accept people's donations and allow them to get a tax writeoff. The NoiseBridge Tor Nodes now serve this purpose, but the LLC nodes are still about half that cost per megabit: so cheap that everyone involved has decided to keep them running, in addition to running the Noisebridge nodes.

  7. Therefore, I must be funding my exit nodes with the money from Freedom Hosting.
  8. Right. Hopefully my friends in domestic and international surveillance will have the good sense to pull my banking records before busting down my door. I do have faith that they actually know how to do their jobs though, unlike these vigilantes (who I would guess have no jobs, except for the odd fact that they showed up at 10am sharp to harass me on IRC daily, and even over the Halloween weekend, until I called them out on it, and then they stopped).

  9. The Freedom Hosting services run Apache on FreeBSD with nginx (facts #opdarknet removed in subsequent pastebin edits)
  10. I have never put any *BSD machine on the Internet. I have never used nginx. Interestingly, when I and others pointed this out, #opdarknet edited the pastebin to remove this evidence, which now contains no mention of FreeBSD or nginx. If anyone is actually interested in finding the real Freedom Hosting admin, the phpinfo string that #opdarknet removed was: FreeBSD server 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:45:57 UTC 2011 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64.

    Regrettably, I do not have a copy of the removed nginx info or the other Apache config options that both serve to fingerprint the Freedom Hosting server admin, and to exonerate me from guilt (as they both were different than any server I've ever run).

  11. I also run Apache, but on Linux, and not with nginx
  12. This part was probably why no one bothered to retweet the pastebin initially, and probably why it was subsequently edited. It just was so blatantly obvious once they said the server versions, architecture, and config options didn't match that they were grasping at straws, that the paste just got laughed into oblivion.

  13. If you DDoS my exit nodes and/or my personal website using the Tor network, the Freedom Hosting Hidden Service sometimes becomes unreachable
  14. Right. So let me get this straight: You fuck up the Tor network by using it in a DDoS against me, and then when it doesn't work properly, it must mean I am the Freedom Hoster? Bravo, Sherlock. Way to bring some tight precision science to this one. Flawless methodology.

    They also claim to have DDoSed my exit nodes specifically, with similar disturbances in Freedom Hosting. Since they probably used Tor for this attack as well, and since my exit nodes make up a substantial fraction of the Tor network capacity, it also not surprising that such a DDoS might damage Freedom Hosting's reliability. I did not however notice any evidence of the exit node DDoS, only one against fscked.org, my personal website.

  15. They also have a handful of out of context IRC quotes and unrelated commit message pastes stitched together specifically designed to make me look guilty
  16. I am told that the big thing that allows the crazy contingent to keep winning out over the more rational members of #opdarknet is that they think I made commits involving the hidden service code at some point when someone was talking about having trouble accessing Freedom Hosting, and that I'm the "only one" with the expertise in the Tor community who could possibly run Freedom Hosting. I am not sure what this is about, because the commit they pasted was actually about consensus weights for path selection in the public network, not hidden services.

    If you actually check the available commit records and git blame, you will see I have no interest in the hidden service components in Tor:

    # cd tor.git
    # git blame src/or/rendclient.c  | grep -c Perry
    0
    # git blame src/or/rendmid.c  | grep -c Perry
    0
    # git blame src/or/rendservice.c  | grep -c Perry
    0
    # git blame src/or/rendclient.c  | grep -c Perry
    0
    

    Personally, I find hidden service development to be less important to society than private, censorship-resistant access to the open Internet, and so I have never worked directly on the hidden service components. All of my work is on improving Private Browsing Modes, and on improving performance of the public network. Commit logs prove this, when they aren't pasted in with unrelated conversation.

So why did I bother to write all of this up? Well, be it due to ignorance or outright malice on the part of some of their members, these people are dangerous. They clearly have an agenda, or at least some of them do. They also are claiming to have broken Tor and found 1589 IPs (a number later mysteriously reduced to 192), and if the evidence there is as high quality as what is against me, what we'll likely see is that I will soon have a lot of company in the misery of the wrongly accused. I hope that actual law enforcement knows to take any IP addresses provided by these people with a huge pile of salt, since they quite clearly have developed a (possibly recent?) taste for manipulating evidence and also revising history.

We could very well see them drop the IP addresses of 1589 (or 192 or 12) completely random and innocent Tor users, simply to try to get these people needlessly harassed by the police, too.

A note to the remaining sane #opdarknet members:

I know you're out there, because some of you have contacted me privately. Please do not let this (presumably recent?) contingent poison your ranks! They are destroying everything you're doing. Ask yourselves: why are they putting so much effort into publicly smearing me? Why not just work quietly on gathering real evidence, instead of attacking me personally with bullshit and DDoS attacks, and then altering evidence and pastebin posts after the fact to make me still seem guilty?

Keep up the hard work Mike.

I believe you Mike.

Keep up the hard work on Tor, the people need you.

As far as we know these people could be elements of the Chinese or Iranian gov't, sent to infiltrate Anon so they can start to dismantle TOR for their own gain.

Don't give in to skiptkiddy newfags.

Love, your fave anon.

Thank you for what you

Thank you for what you do.

From another anon.

Laughable x 2

While I might agree their evidence is inconclusive so is your so called counter evidence.

Saying "I have never put any *BSD machine on the Internet." is not evidence of anything. True it should not be needed in the first case but if you really want to debunk them you should come up with something more then git logs and a statement I can not check anyway. I can have multiple accounts on github if I want, I also have multiple emails etc etc and a search for one of my emails on google probably won't turn up anything does that mean I can prove I don't exist?

I hope law enforcement take every IP from them and looks into it to gather real evidence if it exists.

The BSD reply was a joke

Um, the BSD comment was a joke. When I first read their evidence, it struck me as a farce. How am I to reply to bullshit accusations? There was nothing to disprove, so I laughed and mocked them on the tor-talk mailing list with what I thought was a humorous (yet truthful) anecdote about my only experiences with FreeBSD. However, once they kept at it (and edited the pastebin to remove the FreeBSD version string!), I realized I needed to go into more detail "debunking" their dip-shit claims. Hence this blog post.

I admit, even this blog post doesn't "prove" my innocence, either. But how do you prove a negative? There is a reason the US legal system is based on the premise "innocent until proven guilty".

So yes, I guess I *could* still be a mastermind who anticipated all of this and avoided touching FreeBSD publicly for 15 years, avoided working on hidden service code in my real name during the past 5 years as a volunteer and then paid work on Tor, etc etc etc.. But I didn't. The only thing I anticipated was that eventually I would have to deal with the crazy on the Internet, and that I should probably not let my personal life be too visible as a result. I'm glad I had that foresight. It may have saved my life.

Strangely, I have *also* been told that I "doth protest too much" and that I am my "own worst enemy" by denying these accusations too vigorously. But once vigilantes are calling for others to pay you a visit, and burn your house down, you are sort of forced to take it seriously. Very seriously.

anti pedo gets what it pays for

intelligence is, erm, smart enough not to bust open the bugs and release info on attacks on tor. you want people to continue to use compromised services. but law enforcement / vigilante groups dont have the same interest in keeping tor's image nice and shiney. so pedo issues will be at the forefront of the war on tor. probably nothing else *at the level of mere representation* has the power of cp to disrupt. but is it worth it? the trouble is the scales are weighted down by an absolute (the enforced notion of child sexual abuse) which in many peoples minds cannot be balanced by any other concern. so wrecking the reputations of tor button, mozilla, the rep of tor developers and tor itself is perfectly legitimate in the war against the witches. (or, on the other hand, helping them to compromise themselves by their association with an attack that undermines users.) this no doubt is just the beginning of fuller, more sophisticated *public* attacks on tor.

Gotta love smear campaigns

The original idea of Anonymous used to be a wonderful thing, but lately I've been seeing more of these personal and other random attacks by individuals who call themselves "Anonymous"... Except they lack the integrity, technical knowledge or even a valid objective, for that matter.

It was painful to read that Pastebin entry. I wanted to see both sides and that side clearly didn't have a valid point, the conclusions they have come to didn't make a lot of sense. Just a waste of text, no actual claims backed up by proof or even valid reasoning. When I arrived to the point where the word "it's" was used to indicate possession, it was a good indicator that I'm likely wasting my time.

Personally I think the TOR project is something that this world desperately needs especially nowadays and it isn't getting enough attention and appreciation. Keep up the good work and don't let them bring you down. I'm sure this wasn't the last smear campaign.

Wow, they are actually

Wow, they are actually editing the paste. I didn't even realize that was possible.

As someone who has been following this with curiosity and being "on the edge" as for who to believe, even after responses from both sides, having seen with my own eyes the original paste with the mention of FreeBSD and nginx confirms to me that it indeed is a smear campaign. Or a desperate attempt to clear their name by covering evidence of a giant failure. But why would they care, they're anonymous...

Disgrace

Mike, I was a big part of #OpDarknet until the media took off and I ducked out. I am not sure who is running the op at the moment but they are a disgrace to Anonymous, the operation, and what we stand for. I was recruited into the operation for my technical abilities, and I for one never found any evidence that you were involved with Freedom Hosting, Lolita City, or The Hurt Page. I have seen your exit nodes, and pointed out to the general population working on this that they were not running nginx. As to how the finger was pointed at you, I am not sure, and I apologize for your name being dragged through the mud. Again, let me say that I had nothing to do with pointing the finger at you, and I hope that you won't form a bad opinion of all anons, just the ones faking information.

Have a great night,
Arson

Tweeted Threats

Dear Haters and Twerps,
If you take the witch hunt to Farmer's City please make sure to bring along a video camera so you can post what ensues on Youtube...

The "Anonymous" dubious mix of datas

They are both pathetic and dangerous.
They admitted to have accused several innocents!

Mike, today more than ever, Thank you so much for your great work on Tor.

We love you! ^_^

Loveable these Paedonymous

The Paedonymous posted link to lolita city, which show that they are in reality paedophiles who will break hours after they will be catched and put into prison with paragraph of spreading child porn.
They posted a manipulated (there are evidences) list of LC users.
I dont think anyone in prison will like them ("love" on the other hand, surely). Paedophiles wont like them for spreading such a list, and non-Paedophiles will fu..k them in their virgin asses for spreading child porn links. So if they will be catched, they will be fucked anyway.
I hope, the videos will be available on the net.
War against paedophile sites is okay, but what Paedonymous did, is stupid. Who is the leader of #OpDarkNet? a 8-year old?
Treating innocent people is a crime. I was earlier a fan and "member" of Anonymous and own a Guy Fawkes mask too, but after this shit I have one Message to members of Paedonymous #OpDarkNet fags: grow up!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
      _  __  __ __  __  ____     ____ 
| | \ \/ / \ \/ / | _ \ / ___|
_ | | \ / \ / | |_) | | |
| |_| | / \ / \ | _ < | |___
\___/ /_/\_\ /_/\_\ |_| \_\ \____|
Enter the code depicted in ASCII art style.