- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.
The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn’t mean you can’t defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.
Based on what was in the article and what’s in the history books, I’m not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn’t contradicted by what’s in the article?
Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.
Nope, just a summary that this is just old news. There is nothing new in the article.
Redesign being I2P
I2p has issues that can more easily lead to deanonymization attacks. It says it on the FAQ
Confirmed the troll.
From the FAQ:
Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.
It may be dangerous to use I2P in what the project calls “Strict Countries”
Most I2P peers are not in those strict countries and the ones that are, are placed in “Hidden Mode” where they interact with the rest of the network in more limited ways, so that they are less visible to network observers.
Unlike Tor, “exit nodes” - or “outproxies” as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these.
There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.
If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort.
I2P has defenses available against this like multihoming or Tahoe-LAFS
I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination.
In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels (“shared clients”).
In theory, if you’re accessing the clearnet, then it is no better or worse than TOR. It is a little better if you’re stay in I2P land.
Don’t listen to me or him. If you’re reading this, go to the FAQ (https://geti2p.net/en/faq) and make your own decisions.
I2p lacks the ability to mask your traffic. It is obvious that you use i2p and someone could identity you from analyzing the network for long enough
TOR is obvious too to someone snooping on your network, unless you’re using bridges (and that’s hit or miss). If you don’t want someone to know you’re using I2P, use OpenVPN and mask your traffic as HTTPS.
You’re going to have to explain better about “I2P not masking your traffic” and especially about “someone identifying you” - timing attacks are possible in both cases and the I2P Devs have mitigations against it. Please provide sources which define how I2P is weaker and more susceptible to TOR against network forensics
Not true. I2P actively tries to mask the traffic
Nope, I2P is still vulnerable to timing attacks. https://en.m.wikipedia.org/wiki/Garlic_routing
You linked an article that doesn’t say anything to back up your claim. Why do you say i2p is vulnerable to timing attacks?
Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]
First sentence. Check up the linked article as source.
Ok, technically still vulnerable in the sense that if you transfer a huge file in excess of other parts of the bundle, it might be identifiable by a bad actor, but that’s really misleading, since i2p has a lot of built in logic that makes that scenario pretty unlikely.
Not only huge files. At the end of the article the author goes on about changing the load or manipulating the timing of the traffic.
For both you need to be part of the network and (to some degree) the traffic you want to trace needs to go through a node you are controlling if i understand it correctly. With increasing size it becomes more difficult.
isn’t it less vulnerable, though?
it has higher latency, even variable latency if you set up variable hops, and everyone routes the traffic of a lot of other users, so a lot of data they can gather from timing info is noise by default
Yes it has better defenses against timing attacks. Just alone the fact that multiple packets are bundled together makes it harder to identify the route a single package used.
Also, it seems that I2P is more vulnerable against deanonymization when leaving the hidden network, i think the official I2P faq has some info about that, but have not read up upon it myself.
Also, it seems that I2P is more vulnerable against deanonymization when leaving the hidden network, i think the official I2P faq has some info about that, but have not read up upon it myself.
on a quick look I did not find such a mention, but in any case in addition to that, I2P users often don’t have such a fortified browser as Tor users do, so that’s also something to count with.
and maybe it’s not a good idea either to just reconfigure a Tor browser profile for I2P
I would also like to see prove for your claim.
Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]
First sentence. Check up the linked article as source.
The TOR network itself is safe - at least assuming the TLAs don’t control at least half of the nodes, which is far from impossible. But let’s assume…
The weak point comes from the browser: that’s how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that’s the problem: it disables so many unsafe functionalities that it’s essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that’s how they get caught.
My understanding is that Tor Browser works fine, there’s just some dumb website owners that block Tor traffic by IP address.
And … guess what … www.bleepingcomputer.com, the source of the story, is one of those.
Maybe email them and let them know about the misconfiguration
Let them know that tor users can’t read their article about Tor
CRhode
Done!
I mean, the advice I’ve heard for one who’s threat model is “the feds are actively trying to identify me” is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)
Do you think it’s better to use a VPN if you aren’t using TOR Browser?
All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.
ISPs definitely keep records. At least some VPNs claim that they don’t, and that their networks are set up in such a way that they can’t. Some organizations claim to validate the claims of the VPNs, but it’s unclear if they’re trustworthy.
So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don’t/can’t.
Yes, and there’s also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.
You can pay anonymously, but if you regularly connect from your home IP address, it hardly matters.
I think the point here is to deny ISP data to sell.
Yeah I use mullvad for mostly that reason myself.
The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center…
As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you’re gonna do something incriminating, then I guess you should create a new account each time.
That’s true but it also depends what attack vector you’re trying to defeat. If someone is doing a timing attack and you’re running through a VPN, it might be harder to work for them, depending on where they sit.
Yeah, VPN at the very least adds another hoop they have to jump through.
I mean, you could set up your own VPN on a VPS and ensure it doesn’t keep logs. You could also get a VPS in a different legal jurisdiction from where you’re at.
Depending on what you’re doing, that probably wouldn’t be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.
And that’s a very good thing too.
It depends on whether you believe that people should be allowed to use narcotics or not. I tend to believe that people should be able to make that choice for themselves–as it’s their own body–and ordering narcotics online decreases violence in the drug trade since there’s no longer obvious fights over territories, etc.
The same interagency cooperation that makes it easier to track down one groups of people and punish them also makes it easier to track down other groups of people that you might agree with.
That’s exactly the reasoning I did for choosing a VPN. I know that VPNs are falsely advertised as “anonymous black magic” but better Proton or Mullvad than my ISP which definitely sells data to advertisers
As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.
How do you get an anonymous VPN? I see mullvad has a pay in cash option. Is that how?
Yes exactly and some providers also accept crypto.
You literally put the money + a piece of paper with your account number into an envelope and mail it to them
Mullvad accepts monero, that’s probably the most convenient way to pay for it anonymously.
I forgot about that.
First, randomize your mac, shutdown anything that can “dial home” (updates, sync, logged in apps, etc) then connect to internet then anonymous VPN, then connect to the tor network, use an anonymized browser with NO java enabled, never download anything -copy paste text, and screen cap images-, if your network drops the popo’s are trying to do a “reconnect” attack to see if they can get an unprotected connection to the material you were looking at. Use a livedisk on USB and you likely won’t get bios level attacks, as live disks make it harder to access your bios. Source: a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.
This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.
It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.
a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.
I also prefer my feds to earn their keep, I pay them good money for it.
If I understand correctly, stream isolation will route different connections through different circuits. If you’re doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess
whonix docs is very good to learn about this stuff
Heh, whonix docs for privacy have become the arch wiki for Linux
PGP? That’s for email and isn’t great
That’s for encrypting text, regardless of the medium. Explain “not very good”?
Well it’s not very good, it’s just pretty good.
Possiblylinux127 seemed like he had founds faults in PGP’s encryption which got me interested
Oh, I was just interested in making a pun based on the name. 😂
To be perfectly honest I was under the impression that we had collectively bailed on PGP in favor of GPG, but based on the Wikipedia article it seems like PGP is still getting updates so maybe that’s not the case?
PGP is the protocol, GPG is the implementation. People tend to use GPG because it is FOSS.
Thank you for distilling that down, cleared up all of the confusion I had. Cheers.
It uses the same public key unless you manually change it. You don’t get the rolling keys provided by other systems
I don’t think I understand what you’re implying. Are you arguing that PGP implements less secure operations because it doesn’t have perfect forward secrecy? As far as I know there’s not much out there in terms of encryption schemes for data at rest which includes PFS. Even AGE didn’t have it last time I checked. If you know about something that does provide PFS for data at rest, let me know
https://en.m.wikipedia.org/wiki/Signal_Protocol
https://en.m.wikipedia.org/wiki/Double_Ratchet_Algorithm
https://en.m.wikipedia.org/wiki/Elliptic-curve_Diffie–Hellman
The signal protocol works on double ratchet that works on Diffie Hellman
This is a good read. I think it’s a good solution if it can be implemented properly. Are there applications you know of that allow you to personally (manually) encrypt text and communicate with another person like GPG does?
You should not be doing manual communications as that opens the door for human error and is time consuming. Also these cryptography protocols are far to complex to easily be used for text.
I have considered Tor safe for illicit activities for at least half a decade. Luckily, there’s no need for me to be on there. But this is bad news for people living in places where speech is heavily regulated plus journalists and would-be whistle-blowers.
What else you going to use?
I wish more people would try out I2P as a result. AFAIK, garlic routing makes this kind of attack impossible.
AFAIK it only makes it harder not impossible.
At least they can’t utili’e the applied tactic to host their own node.
Insane 2lown Posse?
We use it but it doesn’t have the same protections or reliability as Tor
Really? Care to explain?
Check the FAQ
Also it lacks the more advanced features of Tor
Please mention the “advanced features” it lacks compared to TOR. I have read the FAQ
You can’t use snowflakes and it can’t pretend to be https
Use OpenVPN configured to look like HTTPS if you really need it. I2P is meant to be its own network, not a gateway to the clearnet. I still do not see how it has less measures in place for privacy and anonymity.
I’ve tried to use it, but have not managed to get it to work. Which is a bummer.
I should probably try again now that I have a new computer. My old computer was so old that a lot of stuff wasn’t working correctly.
Remember that you need to let the server run for a bit, so it can establish , the routes.
I have a service constantly running on my server. When I want to browse, I tunnel the ports to my laptop.
What are you going to use instead?
Tor is the best tool you just need to know how to use it
I think the only still secure network is i2p. In there you don’t have the exit node