Silk Road forums

Discussion => Security => Topic started by: snapple on February 01, 2012, 12:28 am

Title: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: snapple on February 01, 2012, 12:28 am
I live in a remote area where there are few fellow tor users, so from a security standpoint would it be better to leave the tor network connected non-stop or just log on multiple times a day and be as brief as possible?

Does it even matter the length of time I'm on the tor network?
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: cloud9ne on February 01, 2012, 02:38 am
Use bridge nodes then your ISP doesn't see Tor being used at all
Bonus points if you make your own bridge :)

Then if anybody asks, you're a security researcher interested in enabling democracy activists in countries with censorship firewalls
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: supersecretsquirrel on February 01, 2012, 04:01 am
Bonus points if you make your own bridge :)

Yep, https://cloud.torproject.org/ is cheap and easy to set up, and it won't cost you much.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: CaptainSensible on February 01, 2012, 08:43 pm
Use bridge nodes then your ISP doesn't see Tor being used at all

As I recall, a bridge node is just an unpublished Tor entry relay. The type of packets used by Tor are readily identifiable by a network administrator who knows what he's looking for.  Using a bridge that you set up is a good way to decrease the chance you can be profiled, since your bridge has not been modified to trace and/or modify Tor traffic.  And the other people who connect to your bridge will also be less likely to be profiled, which means you'll be doing the community of Tor users a good deed.   

Still, the fact that your ISP can see you're on the Tor network is not necessarily a bad thing -- plenty of people are on Tor for reasons other than checking out Silk Road.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: tordemon on February 02, 2012, 12:03 am
The bridge idea sounds pretty good, though I don't entirely understand Tor's terminology there, but I'd think that the longer you've had Tor running, the less likely it is that someone will be suspicious about why it's being used; you could just be running one of the nodes or whatever.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: snapple on February 05, 2012, 12:47 am
So I've finally got the bridge relays working properly in the vidalia console. I don't see any slowdown on the connection either.

You think it's best to just keep the tor running 24/7 so it blends into the rest of the system more?
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 05, 2012, 04:03 am
using bridges is a good idea. anyway it doesn't matter if you leave Tor running or not. I would personally not leave Tor running when you are not using it, because if you do that it implies that you are leaving your computer running with encryption keys in memory while you are not present.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 05, 2012, 04:08 am
Use bridge nodes then your ISP doesn't see Tor being used at all

As I recall, a bridge node is just an unpublished Tor entry relay. The type of packets used by Tor are readily identifiable by a network administrator who knows what he's looking for.  Using a bridge that you set up is a good way to decrease the chance you can be profiled, since your bridge has not been modified to trace and/or modify Tor traffic.  And the other people who connect to your bridge will also be less likely to be profiled, which means you'll be doing the community of Tor users a good deed.   

Still, the fact that your ISP can see you're on the Tor network is not necessarily a bad thing -- plenty of people are on Tor for reasons other than checking out Silk Road.
If you ship me drugs I know you are a Tor user in your city. How many regular Tor users does your city have? People in higher population density areas, and more urbanized areas, may not have to worry as much about this sort of attack. But if you live in a rural area and ship drugs from near by, the fact that you are the only Tor user within a 100 mile radius of where these drug packages are being sent from is not going to turn out very well for you even though there is a Tor user 2000 miles away from you using Tor to look at legal porno.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: Derpasaurus on February 05, 2012, 07:58 am
rent a mini vps
ssh into it and then use tor on your remote desktop/terminal
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: snapple on February 07, 2012, 03:09 am
How many regular Tor users does your city have? People in higher population density areas, and more urbanized areas, may not have to worry as much about this sort of attack. But if you live in a rural area and ship drugs from near by, the fact that you are the only Tor user within a 100 mile radius of where these drug packages are being sent from is not going to turn out very well for you even though there is a Tor user 2000 miles away from you using Tor to look at legal porno.

I've trying to find a way to view the network in my area to see if there are any nearby Tor users, is that possible or would I have to be an ISP to see that?
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: CrunchyFrog on February 07, 2012, 04:06 am
Quote from: snapple
I've trying to find a way to view the network in my area to see if there are any nearby Tor users, is that possible or would I have to be an ISP to see that?
The Users page on the Tor Project's Metrics site [ metrics.torproject.org/users.html ] can give you an estimate of clients by country.  The Tor Network Status page [ torstatus.blutmagie.de ] can show you the *relays* in your region.  Scroll all the way to the bottom and run a query by Region / US State.  You can also query by Hostname to see if there are relays on your ISP's network.

Neither of those is exactly what you're looking for, but they're the closest things I can think of at the moment.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: CaptainSensible on February 08, 2012, 09:25 pm
Using Tor & receiving drugs through the mail don't necessarily go together.  I saw a National Geographic special about Ketamine use the other day & the guy selling K ordered his stuff online.  But from the brief screenshot I saw I don't believe he was using Tor.  There are plenty of overseas clearnet sites selling stuff that's legal there but not legal here. 

If you're really concerned about your local ISP getting too curious about your Tor usage then use another access point.  Like the local library or coffee shop. 
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 08, 2012, 09:51 pm
I actually retract my statement. In some ways, It is better to leave Tor running in a remote location.

It is better to leave it running because if there are not breaks of ~24 hours between Tor sessions, Tor can bootstrap at directory mirrors (of which there are hundreds) instead of directory authority servers (of which there are eight or so). This is good for membership concealment / usage concealment against an attacker who monitors the directory authority nodes.

However if you leave Tor running when you are not using your computer it is a huge indication that you are not properly utilizing FDE. Your computer is vulnerable when it is booted up.

So I guess the best answer is probably that you should use Tor enough so that it doesn't need to bootstrap at directory authority servers (your Tor client gets a list of directory mirrors from the directory authority servers the first time it bootstraps, but the Tor client considers the list stale after some fairly short period of time, I think 24 hours or so), but you shouldn't leave Tor running when you are not using it. Or you could just use a bridge and use Tor as much or as little as you want.

Of course if you use TBB you also directly connect to directory authority servers every time you upgrade. The same may be true for the regular Tor client itself, I am not sure. Also you need to keep in mind that simply by monitoring the Tor download site an attacker can quickly get a list of all IP addresses that have downloaded Tor. Hopefully they are not doing this, with you being the only one who downloaded Tor in the remote location that you ship drugs from.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 08, 2012, 09:54 pm
Using Tor & receiving drugs through the mail don't necessarily go together.  I saw a National Geographic special about Ketamine use the other day & the guy selling K ordered his stuff online.  But from the brief screenshot I saw I don't believe he was using Tor.  There are plenty of overseas clearnet sites selling stuff that's legal there but not legal here. 

If you're really concerned about your local ISP getting too curious about your Tor usage then use another access point.  Like the local library or coffee shop.

No, but if you use an interface that I know requires Tor and ship me drugs from a location that only has one Tor user within a hundred miles of it, even though I can't trace you through the network I can make a pretty damn good guess who you are ;).
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: snapple on February 09, 2012, 01:20 am

However if you leave Tor running when you are not using your computer it is a huge indication that you are not properly utilizing FDE. Your computer is vulnerable when it is booted up.

The computer I use for SR is a burner; nuked hard drive and I run Liberte Linux live distro and nothing else.

Nothing else is even on the hard drive, no bitcoin wallet, truecrypt, thunderbird or anything. It's a 100% empty drive, pure as the driven snow.

I took your advice and connect through a bridge node. With this new info, do you still recommend leaving it run 24/7? Amazing thing about linux is that I never need to reboot it either; steady as can be.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: Oldtoker on February 09, 2012, 09:17 pm
Running TOR doesn't necessarily mean your using/selling/buying drugs.  Hell the US Military uses it.  There are many legal users that use TOR.  Anonymity does not necessarily mean illegality.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 10, 2012, 10:03 pm
Driving a certain type of truck doesn't necessarily mean that you are robbing banks but LE are still going to check DMV records to see who all owns that sort of truck in a certain area, if a certain type of truck is spotted at a bunch of bank robberies. You guys entirely miss the distinction between intelligence and concrete evidence. Intelligence narrows in on evidence and usually it isn't even brought up in court, although you can find examples of it in case studies. We should have an intelligence forum to post case studies in, for all types of crime (since the general techniques hold true between all sorts of crime, even if the implementation details change).

Stop missing the forest for the trees.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: CaptainSensible on February 10, 2012, 11:52 pm
I would assume that most vendors are smart enough to put plenty of distance between the place where they access the Tor network & where they mail their packages.  In fact, I suspect that many of the more successful vendors utilize some sort of remailing system whereby their packages are taken a good distance before being dropped in the mail.  People who have studied the barriers to anonymity in the Tor network understand that Tor users can be pinpointed just by analyzing their connection -- that's a known issue.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: kmfkewm on February 11, 2012, 08:38 am
The thing is that it might need to be quite a lot of space to make a significant difference. Also I wouldn't assume that the vendors here even know about this sort of attack.
Title: Re: In remote location is it best to leave TOR on 24/7 or get on/off quickly?
Post by: Angelology on February 11, 2012, 01:27 pm
Then if anybody asks, you're a security researcher interested in enabling democracy activists in countries with censorship firewalls
Yeah, that excuse won't work. Unless he has his entire hard drive encrypted (Which he should).