Silk Road forums
Discussion => Newbie discussion => Topic started by: SirNomDePlum on July 19, 2013, 12:04 pm
-
Questions:
Can the exit nodes be spied on when I use Tor? Specifically, can my plain text passwords be figured out if someone is spying on the exit node I am going through? If not, what do I have to be worried about?
From https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd *Clearnet link*
From the site:
Anonymity and Security
What protections does Tor provide?
Internet communication is based on a store-and-forward model that can be understood in analogy to postal mail: Data is transmitted in blocks called IP datagrams or packets. Every packet includes a source IP address (of the sender) and a destination IP address (of the receiver), just as ordinary letters contain postal addresses of sender and receiver. The way from sender to receiver involves multiple hops of routers, where each router inspects the destination IP address and forwards the packet closer to its destination. Thus, every router between sender and receiver learns that the sender is communicating with the receiver. In particular, your local ISP is in the position to build a complete profile of your Internet usage. In addition, every server in the Internet that can see any of the packets can profile your behaviour.
The aim of Tor is to improve your privacy by sending your traffic through a series of proxies. Your communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver. More details on this process can be found in the Tor overview. Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes.
Generally speaking, Tor aims to solve three privacy problems:
First, Tor prevents websites and other services from learning your location, which they can use to build databases about your habits and interests. With Tor, your Internet connections don't give you away by default -- now you can have the ability to choose, for each connection, how much information to reveal.
Second, Tor prevents people watching your traffic locally (such as your ISP) from learning what information you're fetching and where you're fetching it from. It also stops them from deciding what you're allowed to learn and publish -- if you can get to any part of the Tor network, you can reach any site on the Internet.
Third, Tor routes your connection through more than one Tor relay so no single relay can learn what you're up to. Because these relays are run by different individuals or organizations, distributing trust provides more security than the old one hop proxy approach.
Note, however, that there are situations where Tor fails to solve these privacy problems entirely: see the entry below on remaining attacks).
Can exit nodes eavesdrop on communications? Isn't that bad?
Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the Internet.
This is why you should always use end-to-end encryption such as SSL for sensitive Internet connections. (The corollary to this answer is that if you are worried about somebody intercepting your traffic and you're *not* using end-to-end encryption at the application layer, then something has already gone wrong and you shouldn't be thinking that Tor is the problem.)
Tor does provide a partial solution in a very specific situation, though. When you make a connection to a destination that also runs a Tor relay, Tor will automatically extend your circuit so you exit from that circuit. So for example if Indymedia ran a Tor relay on the same IP address as their website, people using Tor to get to the Indymedia website would automatically exit from their Tor relay, thus getting *better* encryption and authentication properties than just browsing there the normal way.
We'd like to make it still work even if the service is nearby the Tor relay but not on the same IP address. But there are a variety of technical problems we need to overcome first (the main one being "how does the Tor client learn which relays are associated with which websites in a decentralized yet non-gamable way?").
What is Exit Enclaving?
When a machine that runs a Tor relay also runs a public service, such as a webserver, you can configure Tor to offer Exit Enclaving to that service. Running an Exit Enclave for all of your services you wish to be accessible via Tor provides your users the assurance that they will exit through your server, rather than exiting from a randomly selected exit node that could be watched. Normally, a tor circuit would end at an exit node and then that node would make a connection to your service. Anyone watching that exit node could see the connection to your service, and be able to snoop on the contents if it were an unencrypted connection. If you run an Exit Enclave for your service, then the exit from the Tor network happens on the machine that runs your service, rather than on an untrusted random node. This works when Tor clients wishing to connect to this public service extend their their circuit to exit from the Tor relay running on that same host. For example, if the server at 1.2.3.4 runs a web server on port 80 and also acts as a Tor relay configured for Exit Enclaving, then Tor clients wishing to connect to the webserver will extend their circuit a fourth hop to exit to port 80 on the Tor relay running on 1.2.3.4.
Exit Enclaving is disabled by default to prevent attackers from exploiting trust relationships with locally bound services. For example, often 127.0.0.1 will run services that are not designed to be shared with the entire world. Sometimes these services will also be bound to the public IP address, but will only allow connections if the source address is something trusted, such as 127.0.0.1.
As a result of possible trust issues, relay operators must configure their exit policy to allow connections to themselves, but they should do so only when they are certain that this is a feature that they would like. Once certain, turning off the ExitPolicyRejectPrivate option will enable Exit Enclaving. An example configuration would be as follows:
ExitPolicy accept 1.2.3.4:80
ExitPolicy reject 127.0.0.1/8
ExitPolicyRejectPrivate 0
This option should be used with care as it may expose internal network blocks that are not meant to be accessible from the outside world or the Tor network. Please tailor your ExitPolicy to reflect all netblocks that you want to prohibit access.
Although Exit Enclaving provides benefits, there is a situation where it could allow a rogue exit node to control where a client may exit. To protect against this, your services should provide proper SSL authentication to the clients, and then things will work as expected. How this works is that a Tor client picks an arbitrary circuit to resolve hosts (e.g. example.com). A rogue exit node could spoof DNS responses for example.com to be the IP address of the rogue node, rather than the correct node where the service actually runs. The Tor client would then attempt to use that rogue node as an Exit Enclave. This is only possible for the first access attempt for example.com; after the first attempt a circuit is established with the Exit Enclave IP address directly.
While useful, this behavior may go away in the future because it is imperfect. A great idea but not such a great implementation.
So I'm totally anonymous if I use Tor?
No.
First, Tor protects the network communications. It separates where you are from where you are going on the Internet. What content and data you transmit over Tor is controlled by you. If you login to Google or Facebook via Tor, the local ISP or network provider doesn't know you are visiting Google or Facebook. Google and Facebook don't know where you are in the world. However, since you have logged into their sites, they know who you are. If you don't want to share information, you are in control.
Second, active content, such as Java, Javascript, Adobe Flash, Adobe Shockwave, QuickTime, RealAudio, ActiveX controls, and VBScript, are binary applications. These binary applications run as your user account with your permissions in your operating system. This means these applications can access anything that your user account can access. Some of these technologies, such as Java and Adobe Flash for instance, run in what is known as a virtual machine. This virtual machine may have the ability to ignore your configured proxy settings, and therefore bypass Tor and share information directly to other sites on the Internet. The virtual machine may be able to store data, such as cookies, completely separate form your browser or operating system data stores. Therefore, we recommend disabling these technologies in your browser to improve the situation.
We produce two pieces of software to help you control the risks to your privacy and anonymity while using the Internet:
Torbutton attempts to mitigate many of the anonymity risks when browsing the Internet via Tor.
The Tor Browser Bundle is a pre-configured set of applications to allow you to anonymously browse the Internet.
Alternatively, you may find a Live CD or USB operating system more to your liking. Now you have an entire bootable operating system configured for anonymity and privacy on the Internet.
Tor is a work in progress. There is still plenty of work left to do for a strong, secure, and complete solution.
Where can I learn more about anonymity?
Read these papers - http://freehaven.net/anonbib/topic.html#Anonymous_20communication *Clearnet link*
(especially the ones in boxes) to get up to speed on anonymous communication systems.
What attacks remain against onion routing?
As mentioned above, it is possible for an observer who can view both you and either the destination website or your Tor exit node to correlate timings of your traffic as it enters the Tor network and also as it exits. Tor does not defend against such a threat model.
In a more limited sense, note that if a censor or law enforcement agency has the ability to obtain specific observation of parts of the network, it is possible for them to verify a suspicion that you talk regularly to your friend by observing traffic at both ends and correlating the timing of only that traffic. Again, this is only useful to verify that parties already suspected of communicating with one another are doing so. In most countries, the suspicion required to obtain a warrant already carries more weight than timing correlation would provide.
Furthermore, since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic (http://archives.seul.org/or/talk/Dec-2004/msg00086.html) *Clearnet link*
at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications.
Questions:
Can the exit nodes be spied on when I use Tor? Specifically, can my plain text passwords be figured out if someone is spying on the exit node I am going through? If not, what do I have to be worried about?
Thanks.
-
Yes.
-
Yes.
lol well put.
-
yes but too difficult to execute in practise, this is strictly a theory.
-
"Just a theory"? That's a lot of faith to be putting in some random exit node operator not to turn around and fuck you in the ass. Use PGP for everything. Don't trust shit. Even on these forums, post under the assumption that everyone besides you is a police officer waiting for you to slip up and say something that pins you down to a physical location.
-
Fuck that's a long read! I've been very interested about this though. Think I might have to muscle through it tomorrow. I had imagined that one could rent a VPS from a bulletproof hosting provider in China for instance, then communicate via an encrypted connection and enter tor from there. Unfortunately, I'm better at growing pot than I am at figuring this stuff out.
I think that you might need to be more concerned with what your isp can see as they are the ones closest to your machine and where (as I understand it) the tor secrecy is thinnest.
-
bump