Silk Road forums
Discussion => Security => Topic started by: BigEasy on September 24, 2012, 01:46 am
-
More great resources of info to share, I'd re-post it here but its long:
Tor Operations Security - Operational Security - Great Resource of Information
http://cryptome.org/0005/tor-opsec.htm
edit - I've re-posted the start of it...
====
Date: Tue, 13 Dec 2011 18:39:22 -0500
From: wakeupneo555[at]Safe-mail.net
To: tor-talk[at]lists.torproject.org
Subject: [tor-talk] Tor OPSEC - Operational Security - Great Resource of Information!
What began as a simple reply to a Tor user on the subject of downloading PDF files through Tor, turned into a wealth of information on Tor OPSEC. I am adding this post to the list because others might find it as useful as I have. Cheers.
Origin of discussion:
http://ubuntuforums.org/showthread.php?t=1890619
@querent:
"First, I want to use TOR to download .pdf files"
First, how have you setup Tor? (it's not TOR btw, it's Tor)
Have you installed the Tor Browser Bundle? (TBB) It contains a (limited) preconfigured Tor environment (you need to reconfigure the included Noscript properly as by default it is set to allow everything, which is bad) and includes Vidalia, a Tor GUI front-end. If you have, you can right click on most .PDF file download links and select your local destination for the PDF to download to and it runs through Tor without leaping outside of the Tor client. Some PDF file downloads are caught by Tor button for unknown reasons, it thinks you're trying to load it directly and not download it when you're trying to download it. This may be a bug which appears at random. TBB's preconfigued Tor environment does not modify files like wgetrc (more on this later) or other application's files outside of the applications it provides.
My preferred method of handing PDF files when using Tor is to load them remotely via this free web service:
http://view.samurajdata.se/
I don't see that website as having any ads, but I block ads anyway, nor are there any posts begging for money, nor do they push an application to download in order to view the PDFs. It's the most simplistic layout I've seen for loading PDFs remotely and safely so they don't touch your system (your web cache should be disabled and is disabled if you use TBB, your swap and home partitions, if not your whole system should be encrypted). But does the admin track PDFs and IPs? Simple, always use Tor with that site with nothing personal.
It should be noted the moment you begin using your real name and playing about on Facebook with your friends or acquaintances via Tor, you've lost the plot. Do not mingle your personal Internet use with your Tor Internet use. Do not use Tor while at the same time accessing your personal e-mail outside of Tor (you shouldn't load it inside Tor, for that matter, either). Don't boast through Tor to one of your chums that you're using Tor.
The PDF files (at view.samurajdata.se) are transformed into single paged graphics which you may navigate through easily. 99% of the time it works, some PDFs it chooses not to load and spits out an error. It doesn't
require Flash and works without cookies or javascript enabled. I don't know who runs the site or their privacy and data retention habits, but I recommend it above all other sites offering to convert PDFs on-line. I have not tested uploading local PDF files to that service so I cannot suggest others do so, I don't know whether or not there would be any privacy leaks in doing so, so just copy/paste urls into that service.
In using that free PDF converter website, I can preview the document to determine beforehand whether it is worth the time, space, and effort in manually downloading the PDF and storing it for future access. Should you access PDF files on your system, I would recommend burning them to a CD or DVD, a read only medium, and accessing them from a non-networked environment such as a Linux LiveCD with the network cable unplugged, using an open source PDF reader, never use the proprietary PDF reader from Adobe, unless you're reading off-line from read only media, in addition to pulling the network cable prior to booting from a fresh and verified LiveCD and pulling the cable and power plugs from any hard drives (before you turn your system ON), to eliminate any possible contamination. Remember, you're downloading PDF files through Tor, and unless you verify each file through checksum verification (like MD5 or GPG) there's a chance they could've been trojaned by a rogue exit node, or contain phoning home instructions or any other type of malicious "feature". No amount of open or closed source virus/trojan scanners can convince me a file is entirely free of malware.
If you're booting from a LiveCD to use Tor, I heavily recommend pulling the plug/power cord from any hard drives just in case, before you start your LiveCD session and before you've powered the system ON, so no data is transferred/shared through the use of the LiveCD sessions. I strongly recommend against using a preconfigured Tor LiveCD, not limited to but including the recent, "Tails LiveCD". You have no method to inform you on whether or not the binaries have been modified to whatever end. While not pointing the finger at any one such project, I can imagine the temptation would be great for a malicious user or project team to poison the well, so to speak, with compromised binaries naive users would trust their security/privacy to.
If you're running a system with sufficient memory, you should be able to download a Linux LiveCD of your choosing, verify it with MD5 or GPG, verify it with the bootable option to, "Verify This CD", extract the previously downloaded TBB into the home directory, disable all extra network services, configure a few files like hosts.deny and others as well as changing the password on the LiveCD user account. Since the LiveCD user runs with elevated privileges, you should consider creating your own LiveCD for TBB use, stripping it down to only the basics to minimize bugs in some packages in the repositories which could compromise your Tor operational security/privacy.
There are free tools like remastersys which allow you to put together a LiveCD with packages of your choosing. You may configure a proper limited user account beforehand and use this with TBB from your customized LiveCD. I'm not recommending remastersys or any other LiveCD creation tool as I have not audited their source
code nor do I blindly trust binaries, but it's an option.
It would be wise to consider all binary transfers via Tor as potentially trojaned by a rogue exit node, modifications to data by a rogue exit node AND sniffing of plain text traffic occurs and is well documented. Some good preventative methods for browsing in Tor:
1. https://www.ixquick.com/ offers encrypted searches AND proxying of web content, you may surf in Tor
through Ixquick's web proxy for excellent SSL protection.
2. https://ssl.scroogle.org/ offers encrypted searches but offers no secure web proxy. Using Scroogle or Ixquick over Google or Yahoo among others is encouraged as you don't hit a brick wall with an error message (Yahoo) or a message saying you have to verify you're a human (Google). By default Torbutton will redirect you to one of a few alternative search engines. Ixquick may require javascript to yield more search results than the first page presented to you, so I suggest Scroogle for web searches and Ixquick's free SSL web proxy for browsing. Do not, under any circumstances, enable the use of Javascript without Noscript loaded and configured properly. There are many ways to decloak and otherwise poison Tor traffic with javascript enabled and no Noscript plugin.
Flash: Don't install the plugin, don't try alternatives, they won't be torrified. Some have claimed, on Tor's or-talk mailing list discussions, to have enabled YouTube's HTML5 option and, without the use of a Flash plugin, enabling the content to be shot through Tor but I haven't tried it. There are methods of downloading flash videos through Tor, such as through a third party website or by using clive or youtube-dl, both are listed in the Ubuntu repositories but each must be configured to use a proxy with Tor like Polipo or Privoxy.
Second, if you haven't installed Tor via the TBB, you've opted to install and configure Tor with a proxy like Polipo or Privoxy. If this is so, it's easier to download PDFs as you don't need to accomplish this through the browser, instead you modify your /etc/wgetrc file with a proxy configuration matching the proxy port you're using with Tor.
$cat /etc/wgetrc | grep proxy
(default wgetrc displays as follows):
#https_proxy = http://proxy.yoyodyne.com:18023/
#http_proxy = http://proxy.yoyodyne.com:18023/
#ftp_proxy = http://proxy.yoyodyne.com:18023/
#If you do not want to use proxy at all, set this to off.
#use_proxy = on
sudo nano /etc/wgetrc
or
gksudo gedit /etc/wgetrc
You would specify the proxy as http://127.0.0.1:proxy port number here
If you're using a proxy port of 12345, for example, it would be http://127.0.0.1:12345
I don't know what port Polipo and Privoxy use, but use whatever value they specify.
With wgetrc configured properly and proxy lines uncommented, you can test it by using wget in a Terminal to manually download the PDF files, copy/paste the url into the Terminal following the wget command, and I recommend using the -c option in case the download fails somewhere during your download:
wget -c
https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.34-3-dev-en-US.tar.gz
This would download the TBB for Linux (current as of 12/12/2011). While on the subject, please verify every Tor package you download using GPG, instructions are on their site, as well as instructions to torrify your gpg key fetching if you don't wish to grab gpg keys in the clear.
I haven't tested wget while using the TBB, I don't know what would be required here, installing Polipo or Privoxy and appending the proper local address with port within Vidalia and giving it a go or by some other method. All this rests on the belief you're downloading legal PDFs.
"or .torrent files"
I can't help you with that and it's considered bad etiquette to run torrent traffic through Tor.
"An external application is needed to handle:
file.pdf
NOTE: External applications are NOT Tor safe by default and can unmask you! If this file is untrusted, you should either save it to view while offline or in a VM, or consider using a transparent Tor proxy like Tails LiveCD or torsocks.
"Am I OK? Can I proceed safely and anonymously?"
No, not when it pops up with that warning. Don't click on the PDF url, right click on the url and save it locally and the transfer will traverse through the Tor network. As above, I mentioned Tor button randomly pops up with this warning even though I've right clicked on the PDF url, probably a bug but it thinks you're trying to view it
directly. You should see that Tor button warning most of the time for when you're trying to access non-torrifyed content directly. Always click CANCEL when this warning appears.
My best suggestion would be to use wget with a properly modified wgetrc file, this likely means you'll have to download and configure Polipo or Privoxy. If you're using the TBB, you're on your own, I haven't explored it.
"Also, I want to use a web-based email service via TOR so as to have anonymous email capabilities. Gmail worked for a while, but just asked me what city I usually log in from, cause it thought my account was hijacked. Know any web-based email providers that will work with TOR?"
There are several options, you may google for a result or post to Tor's or-talk mailing list, see the Documentation page on Tor's official website for instructions on signing up and posting to the public
list, which consists of Tor developers and users. I cannot advise you here as some TOS for free web-mail
may stipulate you may not mask your origin of transit with their services, which is just what one would be doing by using their service. G-mail is not recommended, you want to look for a web service which maintains a constant SSL connection from the beginning to the end of your session. In addition, one which does not require the use of javascript, cookies, or any other of the privacy busting potentials.
@Dangertux:
"Hushmail might work with Tor pretty well"
Does Hushmail not require Java installed to function? Java is a big no no when using Tor, for many reasons not limited to rogue exit nodes manipulating your traffic to unmask or otherwise poison your Tor session and possibly exploit the java user's system. In the ideal Tor setup, no plugins should be installed, this is where the TBB for Linux works well, it has no plugins by default, it does have some extensions, such as Tor button, Noscript, and eff.org's HTTP-Everywhere, but no plugins. Hushmail also has a checkered history, in my opinion,
concerning privacy and I don't approve of their methods of encryption or use of Java.
-
what's the website about? I'm wary of clearnet links without further description.
-
I've posted about the first 1/3 of it in my original post. It's a detailed article about safe use of Tor in staying anonymous and technical details on how to do such.
-
If you're booting from a LiveCD to use Tor, I heavily recommend pulling the plug/power cord from any hard drives just in case, before you start your LiveCD session and before you've powered the system ON, so no data is transferred/shared through the use of the LiveCD sessions. I strongly recommend against using a preconfigured Tor LiveCD, not limited to but including the recent, "Tails LiveCD". You have no method to inform you on whether or not the binaries have been modified to whatever end. While not pointing the finger at any one such project, I can imagine the temptation would be great for a malicious user or project team to poison the well, so to speak, with compromised binaries naive users would trust their security/privacy to.
Is he saying tails is not safe? or is he talking about something else?
-
Yes he is saying that for the truly paranoid you should not trust any pre-rolled privacy/anonymity Live-CD. He is sayig you should roll your own Live-CD if you want to be most certain it is safe.