Europol Is Worried About Child Pornographers Using Tor on Mobile

Using mobile data on the go has never been easier or quicker: with 4G networks, video and other data types can be downloaded quite painlessly while out and about.

Now Europol, Europe's law enforcement agency, is concerned that child pornographers will take advantage of faster 4G connections to make more use of the anonymity network Tor on mobile devices.

"The full implementation of 4G will give more bandwidth to mobile connections; therefore, more possibilities to exchange or download files," a Europol spokesperson told Motherboard in an email.

4G—commonly used interchangeably with Long-Term Evolution (LTE)—is the latest iteration of consumer mobile data networks, and allows quicker downloads of video, high quality images or other data. It's already been around for a few years in the US, but service providers are steadily churning out 4G functionality to more of their customers. Tor can visibly slow down a user's browsing speed, so using the network with 4G connectivity might speed up the process of transferring data.

"Access to Tor through mobile devices will give more anonymity [to] the users of this technology," Europol said. "The spread of anonymisation technologies to mobile devices will entail a new layer of difficulty for the investigations and the capacity to identify offenders."

The comments were in response to questions following the publication of Europol's European Cybercrime Centre's 2015 VGT Child Sexual Exploitation Environmental Scan, a report on the methods and techniques used by child pornographers to offend and avoid detection that also highlighted the difficulties posed to investigators by Tor.

"Following the implementation of 4G it is envisaged that Tor users will also be in favour of accessing the network through mobile devices in the future," the report read.

The Guardian Project's Orbot app for Android is the most popular way of using Tor on mobile; The Tor Project, the non-profit that maintains the Tor software, directed Motherboard to the app makers when asked for numbers on mobile usage. To use Orbot, a user boots up the app, starts Tor by hitting a big button, and the traffic of certain apps is funnelled through the Tor network.

Nathan Freitas, founder of the Guardian Project, told Motherboard in an email that the app has just over 6 million total installs from the Google Play store, and around 1.2 million current active users. "We know nothing more than that these people have the app installed and have used it recently," Freitas said.

The Guardian Project's Orweb browser, which adds other security and privacy benefits, has been installed around 4 million times via Google Play, has around 900,000 active users.

But using Tor on a mobile device for criminal purposes might not be the best idea.

Phones don't just leak data; they spew it out like a fountain. While a mobile user might be browsing the internet through Tor and therefore obfuscating their original IP address, other data trails for investigators are likely being fired out in all directions. This could include the phone's location as it calls out to nearby cellphone towers to get signal, or data transfers from apps on the phone that haven't been configured to route through Tor.

The former is easily obtainable by law enforcement with a legal request to the user's phone company. That data might not reveal which websites a user was visiting, but it provides an avenue for investigators to build up a picture of a suspect's movements or actions.

Additionally, as functional as mobile Tor clients are, Orbot has been pretty buggy. This reporter came across an issue in Orbot back in April of last year, which would leak the site a user visited to an internet service provider when using the VPN feature of the app (that feature was experimental at the time).

Freitas wrote that that issue has been fixed in Orbot v.15.1 which is in alpha now and will likely be pushed as beta to the Google Play store today. He also recommended that people use the Orfox browser with Orbot wherever possible (Orfox is a separate browser app, which the developers plan to encourage Orweb users to migrate to).

It's clear that criminals will make use of whatever technology they can. Whether that's encryption to hold a computer hostage until a ransom is paid, or sophisticated, home-brewed CCTV networks built by Mexican cartels, entrepreneurial crooks are never far behind developments in tech.

But while law enforcement agencies may have concerns with criminal activity moving onto anonymity networks, it seems unlikely that combining 4G and Tor is going to be the looming threat that Europol paints it as.