Updated on:

This is going to be a short post about a mistake we can all learn from when a Harvard student emailed a bomb threat to his school while using tor to avoid a final exam.


…the student “took steps to disguise his identity” by using Tor, a software which allows users to browse the web anonymously, and Guerrilla Mail, a service which allows users to create free, temporary email addresses.

Despite 20-year-old Eldo Kim’s goal of anonymity, his attempts to mask his identity led authorities right to his front door. Does that mean that Tor failed a user looking to delay his “Politics of American Education” exam? Not in the slightest.

While the Harvard student did indeed use Tor, it was his other sloppy security measures that led to his arrest. The complaint says the university “was able to determine that, in the several hours leading up to the receipt of the e-mail messages … Eldo Kim accessed Tor using Harvard’s wireless network.

What Kim didn’t realize is that Tor, which masks online activity, doesn’t hide the fact that you are using the software. In analyzing the headers of the emails sent through the Guerrilla Mail account, authorities were able to determine that the anonymous sender was connected to the anonymity network.

Using that conclusion, they then attempted to discern which students had been using Tor on the Harvard wireless network around the time of the threats. Before firing up Tor, Kim had to log on to the school’s wireless system, which requires users to authenticate with a username and password. By going through network logs and looking for users who connected to the publicly-known IP addresses that are part of the Tor network, the university was able to cross-reference users that were using both Tor and its wireless internet around the time the bomb threats were received.

There is not much for me to add other than the fact that, if you are planning on doing some freedom fighting, activism or just using Silk Road, make sure that you are able to do so where using tor is not going to raise some flags.

In the case of this student, he was likely the only student at Harvard using tor at the moment this email was sent, and when the authorities came to his dorm he quickly admitted he was responsible.

He likely never would have been caught, but remember when you use tor, others can be aware that you are using it.

Your TOR usage is being watched

A better idea for him would have been to connect to another computer remotely and have that computer connected to tor to send the email.

This way, they never could have seen his computer connected to tor.

I would not worry about using tor on a regular basis from your home, because there are hundreds of thousands of tor users, but it is again, something to be aware of. tor will not cover your bad OpSec mistakes like in the case of Eldo Kim.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


  1. van

    So should he have used Bridges or a VPN to remotely connect to another comp ?

    • Anonymous

      No 100 percent on this but I think TOR + Good VPN > TOR only

  2. Anonymous

    Hmm, what makes me wonder, why didn’t Kim simply deny sending the mail? After all, if LE can ONLY prove he used the TOR-network at the time the bomb threat was received, then that doesn’t prove he was the one sending the threat. Sure the odds were against him, but it could have been someone else.
    I guess Kim didn’t know how to handle and respond to police (scare) tactics, so he admitted..

  3. Anonymous

    The dark web is known for containing porn

    • Anonymous

      thank you for that brilliant insight.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.