Silk Road forums

Discussion => Security => Topic started by: trance9 on June 22, 2011, 08:15 pm

Title: Non-onion sites through tor..
Post by: trance9 on June 22, 2011, 08:15 pm
I keep seeing people say not to go to non-onion sites through TOR. Can someone explain why?

I understand that I won't have the same encryption, but I will at least have my IP hidden to the web server by appearing as that of a tor node, right?
Title: Re: Non-onion sites through tor..
Post by: techlord on June 22, 2011, 09:10 pm
There are attack methods out there can trace you if they control both entry and exit nodes. It's unlikely, but possible.
Title: Re: Non-onion sites through tor..
Post by: CrunchyFrog on June 22, 2011, 10:16 pm
A couple of reasons come to mind as to why people may recommend against doing that:

1. Your traffic is exposed to the (potentially unfriendly) exit relay operator *unless* you're using SSL/TLS (e.g., an https address).

Several anonymity-killing exploits -- *usually* involving javascript and/or Flash -- are known to exist, as are a few dozen exit relays with "peculiar" behavior (like changing https to http automagically).  [1]

2. The IP addresses of exit relays are public knowledge -- they're published, actually -- and by using one you may be self-identifying as a Tor user; some one interested in anonymity (and up to no good?).

Does this matter?  It depends upon what you're doing, with whom you're doing it, whether they give a damn, and whether anyone else (e.g. ISPs, LE) gives a damn.  Probably no one cares if you're surfing for centerfolds.  Banking-, shipping-, and email-related sites -- who themselves seem ever willing to cooperate with LE --  might be of greater interest to a wider variety of parties.  One can easily imagine a reputable firm being asked to report the identity of customers connecting by other than standard means, and the firm being only too happy to comply lest they be publicized as scofflaws or terrorist sympathizers.

3. You are routing through "only" three relays as opposed to six for a hidden site.

Does this matter?  Traffic and correlation analysis are likely the least of your worries compared to compromised/nefarious exit relays, eavesdroppers, and cooperative destination sites, IMO.

That's all I can think of just now.  As for me, I always connect to the clearnet through Tor unless there's a definite reason not to, or it would be ridiculous to do so (as with my own bank, for example).

[1] See xqz3u5drneuzhaeo.onion/users/badtornodes/ for info on avoiding questionable exit nodes.
Title: Re: Non-onion sites through tor..
Post by: trance9 on June 23, 2011, 02:45 pm
thanks for the detail crunchy.. I didn't think about people setting up as tor nodes to watch or modify your requests..

I don't think the node could switch from https to http as they wouldn't be able to alter the contents of the request but certainly they could do things like change links from https to http before returning an http response, or basically inject whatever they wanted into your http response.

It also makes sense that if you are connecting to a clearnet site using tor that you could throw up red flags for suspicious activity.
Title: Re: Non-onion sites through tor..
Post by: CrunchyFrog on June 24, 2011, 04:12 am
> ...they could do things like change links from https to http before returning an http response...

Yup.  I left out one important word in there: links.  Good catch!

Another reason (#4) might be that using Tor encourages a feeling of impunity for some people; the (false) belief that Tor makes you invisible and invincible.