Silk Road forums

Discussion => Security => Topic started by: Diamond on October 11, 2011, 02:59 am

Title: Local privacy with Tor
Post by: Diamond on October 11, 2011, 02:59 am
Hello all! I've got a simple question regarding where privacy on Tor "starts"; I'm hoping some of you security/privacy minded people might have the answer.

Essentially, what I want to know is if an attacker on the same network as me (someone tapped into my WLAN or LAN for instance, or maybe a public WiFi if I have no other alternative) can see:
 - That I'm using Tor
 - Can see my traffic to and from the Tor network (both the destination and data)

When my Tor configured application or browser sends a data or request, what can someone on the network see? I *think* that the browser sends the request to the localhost as a proxy, and the data is then routed through whatever application made the Tor connection (like Vidalia) and then the request gets bounced through to the exit node (where data is NOT safe). I would *think* that they would a request from my machine to the first node, if anything.

This assumes, of course, that my machine is not compromised. I'm thinking, for example, of attacks from network admins, the FBI party van connected to my WLAN, or a public WiFi snoop.

I understand the concept of Tor, just not the exact path of the data before it gets encrypted and leaves for the first node.
Title: Re: Local privacy with Tor
Post by: CrunchyFrog on October 12, 2011, 05:47 am
Quote from: Diamond
...if an attacker on the same network as me (someone tapped into my WLAN or LAN for instance, or maybe a public WiFi if I have no other alternative) can [s/he] see:
- That I'm using Tor...
Possibly, if the attacker is capable of performing deep packet inspection [ https://secure.wikimedia.org/wikipedia/en/wiki/Deep_packet_inspection ] and knows what to look for.  The Iranian government is believed to have done this recently in an (ultimately unsuccessful) attempt to block Tor traffic [ https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix ].

Quote from: Diamond
...- Can see my traffic to and from the Tor network (both the destination and data)...
If everything is working as intended, they would see only the address of the first relay (of three) and encrypted traffic flowing between it and you.
Title: Re: Local privacy with Tor
Post by: CrunchyFrog on October 12, 2011, 06:17 am
One other thing that I forgot to mention: lists of Tor relays are published and continuously updated by the Tor Project and others [ https://torstatus.blutmagie.de ], so seeing you connect to an address on that list would be pretty much a dead giveaway.
Title: Re: Local privacy with Tor
Post by: Paperchasing on October 12, 2011, 06:45 am
https://www.torproject.org/about/overview.html.en
 
Best solution to connecting to tor is using a prepaid throwaway usb tethered to your system (preferably a laptop that you drive around with while your using tor or go to some other place than your home)  I can hear them now - "Sir...  ummm we tracked them down, their everywhere..."  Change throwaways now and then based on your threat analysis (how bad you think they may be looking to find you)

Paperchasing
Title: Re: Local privacy with Tor
Post by: Diamond on October 12, 2011, 05:44 pm
Quote from: CrunchyFrog
Possibly, if the attacker is capable of performing deep packet inspection...
Thanks, that's something I will keep in mind. I actually started reading about that last night on Poly|Front, I understand that DPI is a capability of many attackers, just not sure how it works (and understanding how it works is the first step to circumventing it!) I'm not TOO concerned with that regarding my activity yet, but it's on my list of potential holes.

Quote from: CrunchyFrog
If everything is working as intended, they would see only the address of the first relay (of three) and encrypted traffic flowing between it and you
Ok, that's good to know and it's my main concern for now. Just wasn't sure what traffic looked like when it exited my machine into the network.

...lists of Tor relays are published and continuously updated by the Tor Project...
Good to know. Is it just me or does that seem like a big potential flaw in the system? What's to stop Iran from just blocking that IP list? (Not that I know a better way to do it.)
Title: Re: Local privacy with Tor
Post by: Diamond on October 12, 2011, 05:52 pm
Best solution to connecting to tor is using a prepaid throwaway usb tethered to your system ...

I've considered this as well. I have a a "throwaway computer" in a sense that I can use for all of my Tor activity as well (itself running through an encrypted sandbox), if it ever come to something so drastic.

Thanks for the help guys!
Title: Re: Local privacy with Tor
Post by: CrunchyFrog on October 19, 2011, 04:06 am
...What's to stop Iran from just blocking that IP list?...
Nothing at all.  But that's where "bridge" relays come in handy; only a very few of them are publicly known at any given time.  Many are operated by people with friends living in repressive countries and would be known only to those friends.
Title: Re: Local privacy with Tor
Post by: Diamond on October 19, 2011, 06:30 pm
Nothing at all.  But that's where "bridge" relays come in handy; only a very few of them are publicly known at any given time.  Many are operated by people with friends living in repressive countries and would be known only to those friends.

Oh ok, I didn't quite understand how those worked. So the bridge relay acts as a sort of secondary entry into the Network.