Comments on: TOR may actually reduce your privacy

By: Anon Tor

Anon Tor — Thu, 21 Oct 2010 01:07:29 +0000

I mean what wikileaks did would be more difficult on a private network. (Damn, just when I thought I would get through a complete note without a typographical error.)

By: Anon Tor

Anon Tor — Thu, 21 Oct 2010 01:02:19 +0000

Both Lance and Rodmar make points which are valid with their own limitations.

Theoretically, one important point in favour of tor is as the traffic is routed from server to server each node only sees one sender and one recipient. Some servers keep a log, some servers to do not keep a log. The one big advantage for tor over a proprietary network is that in a proprietary network all the nodes are known, use some what more complex security protocols, but in the end are still known and tangible and theoretically a log can be created linking the actual user to the content accessed or sent. In a network like tor that chain may not exist and the system tends closer to being theoretically more anonymous.

I think Rodmar makes the important distinction between being secure and being anonymous. A piece of information or communication can have different meaning depending on the source and the recipient.

In fairness on Tor’s website it does not paper over these issues and in fact distinctly gives the example of transferring information which is important regardless of context and information which becomes sensitive only because of context and generally advises against using the network for content which is absolutely, rather than relatively, sensitive.

The users who still use the network for such content tend to fall in two categories one who do not understand the distinction and the other who are relying on security in obscurity.

As far as user information is concerned it does not make sense using Tor if one only wants to access his/her email (unless the person is accessing it from a geographical location where direct access is not possible). One can use it to access anonymous or off the record accounts and keep such access private and without a tangible connection with the end user.

For the users who are relying on obscurity one good work around would be to periodically switch networks and use new identities if they are transmitting sensitive information. That way even if one of the nodes is performing traffic analysis, it will receive incomplete information and considering the alternative, the damage will be lesser for the end user.

Traffic analysis is something which can be performed in any setting. On a public network like Tor one only has to focus on the analysis. On a private secure network, one has to solve the problem of cryptography and the traffic analysis.

The wikileaks case was a rather simple task where all they had to do was route traffic and look for keywords in the data being transmitted. From the perspective of intelligence it was more of a scattershot and they were looking for something, anything which is of value. Although if the users were using a private network, wikileaks would have to know what they were looking for and the network which the users were using, who was using it, trace the data through the various nodes all the while breaking the cryptography at each point as servers in such networks tend to use different algorithms and finally look at the data. Both the tasks are equally tedious computationally. So if someone is monitoring a specific individual a private network would be less anonymous that a public one as given the absence of logs there would always be culpable deniability while using the public ones. Rather it would not be anonymous at all and the only thing standing between the intruder and the information linked to the user is the encryption.

Any intelligence gathering exercise would have four categories
1. Known user, known nature of data.
2. Known user unknown nature of data.
3. Unknown user known nature of data.
4. Unknown user and unknown nature of data.

There will also be variation of the data being context specific or not.

If the information is context and user specific then tor is a very good alternative. But

In fairness it would be relatively easier to do what wikileaks did and something like that would be more difficult on a public network. But again, even in the bust up Tor succeeded in retaining the anonymity of the actual users who were transferring the information and given the absence of logs at nodes it can never be traced using only data mining and will have be solved in the good old fashioned way.

In the end as I always believe, it is a knife one can cut a fruit one can cut another person, the knife does not change. The context does.

Anon

By: Clair Linstrom

Clair Linstrom — Fri, 25 Jun 2010 00:31:31 +0000

the post is pretty informative. it actually provide me what im searching for. Thank you for Posting

By: lance

lance — Sun, 06 Jun 2010 18:45:38 +0000

I think we will have to agree to disagree. I think that if it encourages (in actual practice) behavior which creates significant risk then it is a flaw, even if it is fully disclosed. It is like an attractive nuisance. Even though there are safe ways of using lawn darts (and the risks were disclosed), it is now illegal to sell them because too many kids got them embedded in their heads anyway.

By: rodmar

rodmar — Sat, 05 Jun 2010 15:00:21 +0000

You don’t need to setup a Tor node for that. You don’t need to prove anything. There is no lie in what was said. If you setup a Tor exit node you will be able to read any traffic that comes in plaintext. But this is a problem like any other. A client could for instance go to a website with a piece of js code that would obtain its ip address and the only way to protect from this is to disable javascript in your browswer. That does not mean that it is a flaw from Tor

By: lance

lance — Sat, 05 Jun 2010 13:26:17 +0000

It may not be new, but I know for a fact that it is little known out side of the small privacy / security expert community.
I suppose the only way for me to really prove this would be to set up some Tor nodes and intercept and analyze the traffic.

By: rodmar

rodmar — Sat, 05 Jun 2010 02:27:19 +0000

This type of news are almost as old as Tor
http://www.schneier.com/blog/archives/2007/09/anonymity_and_t_1.html

By: rodmar

rodmar — Sat, 05 Jun 2010 02:15:46 +0000

I don’t understand your view on Tor. Tor is what it is and there are no subtleties. It is a p2p overlay newtwork who’s goal is to anonymize TCP streams. As any other solution it as pros and cons. Tor project people warn about this problem in a dozen different places in their documentation, faqs, etc… And I believe that most of the people using Tor are aware of this problem.
At most and article like this may help create awareness about what Tor does and doesn’t do.

By: lance

lance — Fri, 04 Jun 2010 19:53:26 +0000

I absolutely disagree. This argument only makes sense from a pure engineering perspective. “It is not part of the requirements so it is not my problem.”
I am interested in actually protecting people in the real world. Most users don’t understand these subtleties and use Tor incorrectly. They are vulnerable and exposed. This is a problem. What they “should” do hardly matters. Reality is what is important.

By: rodmar

rodmar — Fri, 04 Jun 2010 19:18:54 +0000

That’s true but that is not the goal of Tor. Although the payload can be seen in plaintext, the packet itself is anonymized. Now if the client sent a plaintext packet into the Tor network he will get a plaintext packet at the exit of the Tor network, and if the payload contains identifiable or critical information too bad. That’s a matter of security not anonymization.