German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This breakthrough raises concerns over Tor’s privacy as law enforcement targets criminal activities on the Dark Web.
German authorities, in collaboration with several international law enforcement agencies, successfully dismantled “Boystown,” a notorious dark web platform dedicated to child sexual abuse material (CSAM). This happened in April 2021 but the details of it have only been revealed now. What’s even crazier is that according to German media, authorities managed to deanonymize Tor users involved with the CSAM site and successfully arrest them.
With over 400,000 registered users, the site had been operational since 2019 and hosted some of the most severe forms of abuse, with many of the victims being young boys. The German Federal Criminal Police led this operation with support from Europol, alongside agencies from the Netherlands, the U.S., Canada, and several other countries.
Boystown’s administrators, three German men, were arrested, and a fourth suspect was detained in Paraguay, with extradition requested by Germany. These individuals helped users evade detection while facilitating the distribution of illegal content.
The platform was shut down in April 2021, and its chatrooms were also dismantled. This international operation marked a significant blow to illegal dark web activity involving CSAM.
Deanonymizing Tor Nodes
According to NDR’s report, German authorities’ ability to deanonymize users of Tor—a network designed for anonymity—played a crucial role in the success of this operation. Through surveillance of specific Tor nodes, they identified users accessing the site.
However, such breakthroughs have raised concerns about the safety of Tor’s anonymity features, even though the Tor Project insists its network remains secure. In its blog post, the Tor Project acknowledged being aware of the claims made in NDR’s report. However, the organization also stated that it had not received proof of concept (PoC) or documents independently verifying these claims from German authorities.
“The Tor Project has not been granted access to supporting documents and has not been able to independently verify if this claim is true, if the attack took place, how it was carried out, and who was involved. In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users at this time.“
Isabela Fernandes – Executive Director of the Tor Project
Nevertheless, experts suggest that outdated software, combined with increased scrutiny of specific exit nodes, may have led to the identification of Boystown’s users. The implications of this case extend beyond just CSAM offenders. It has raised alarms among those who use Tor for legitimate purposes, such as whistleblowers and activists.
While privacy advocates fear that increased law enforcement surveillance of Tor could jeopardize users’ anonymity, authorities argue that targeting criminal activities like Boystown is a necessary step to protect the vulnerable.
This development indicates that law enforcement agencies may continue enhancing their surveillance of darknet activity. Though Tor remains a vital tool for privacy, these cases show that it is not entirely immune to infiltration, especially when outdated systems or weak links are involved.
If you are on the Tor browser stop illegal activities. For whistleblowers and journalists, here are five tips to help lay users better secure their Tor Browser:
- Keep Tor Browser Updated: Always use the latest version of the Tor Browser, as updates include important security patches that fix vulnerabilities. You can check for updates through the browser’s settings or download the newest version directly from the Tor Project website.
- Disable JavaScript: JavaScript can be used to exploit vulnerabilities and deanonymize users. To further enhance your security, disable JavaScript through the browser’s settings or use the “Safest” security level, which disables JavaScript by default. You can adjust the security settings by clicking the shield icon next to the address bar.
- Avoid Installing Browser Add-ons: Tor comes with privacy-enhancing features, and installing third-party add-ons could weaken your anonymity by introducing new vulnerabilities or leaking information unintentionally.
- Use Bridges and Pluggable Transports: If you are in a country or region that blocks Tor or monitors access to Tor nodes, use bridges or pluggable transports to circumvent censorship and avoid detection. These tools disguise your Tor traffic, making it harder for ISPs and governments to identify that you’re using Tor.
- Don’t Use Personal Information: Avoid logging into accounts that are linked to your real identity (e.g., personal email or social media) when using Tor. This undermines anonymity and could reveal your true identity through cookies or other tracking mechanisms. Consider using pseudonyms or temporary email accounts when browsing.
