Silk Road forums

Discussion => Security => Topic started by: pannerjack on November 16, 2011, 08:35 am

Title: How anonymous is Tor?
Post by: pannerjack on November 16, 2011, 08:35 am
Hey guys, I've just discovered SR and Tor and have been fascinated with this new ecosystem for buyers and sellers.  It's been a long time coming!  Anyway, I've been just browsing out of curiosity and haven't bought anything yet, but I'm wondering exactly how anonymous is tor?  I have been logging in via Vidalla/Aurora bundle for Mac just at my house, through my own ISP.  Is this stupid?  How dangerous is this? 

Assuming I am a moron for doing this, how far do I need to go to avoid LE detection should I proceed with any transactions?  Do I need to purchase a new computer with cash, since my MAC address is potentially logged somewhere, or is this unreasonable paranoia?  I'm assuming most of you go to public wifi spots to log in to increase your anonymity, or is that necessary?   Can some of you veterans offer best practices?  I did a solid year many moons ago for possesion of just a few speed pills, and have no desire to take any more unnecessary risks.  It seems as a whole though SR could be safer than face to face transactions from a potential LE perspective.  I just want to minimize any and all risk and appreciate any input for newbie recreational buyers.

Thanks,
 
Title: Re: How anonymous is Tor?
Post by: Beastie on November 16, 2011, 11:27 am
TOR is vary secure. TOR hidden services such as SR are extremely secure. You don't need to worry about using tor over your home ISP. That is what Tor is for. You also do not need to worry about your MAC address because TOR operates on Layer 4 and MAC address are on layer 2. What you do need to be concerned about are Cookies, JavaScript, Flash, DNS, and other stuff that may be leaked in the HTTP packets.

First in FireFox go to about:config and find the setting (network.proxy.socks_remote_dns) and toggle it to True. This will make FireFox send all DNS traffic through the proxy. You need to make sure to clear ALL your browsing cache including Cookies before you connect through TOR, and before you disconnect from TOR. You should install Privoxy and add this to the bottom of the privoxy config file {encluding the dot at the end} (forward-socks5 / localhost:9050 . ). Privoxy will scrub out all the leaked stuff in the HTTP packets. It is a HTTP Proxy that runs on 127.0.0.1 port 8118 by default. In FireFox Advanced/Network/Settings set HTTP/SSL/FTP proxys to 127.0.0.1 port 8118 and SOCKS Host to 127.0.0.1 port 9050 SOCKS v5. You also need to run No-Script Firefox plugin (Install Ad Block Plus while your at it). If you connect to a normal  website like Google then you need to keep in mind that the TOR exit node is relaying unencrypted packets to the internet and back into TOR. They can see all the traffic and modify it. So, you will want to make sure you use HTTPS to provide end to end encryption for toughs sites. To make sure this is happening when ever possible install HTTPS everywhere FireFox plugin from the EFF. However, you do not need to worry about that for TOR Hidden services because your connection to them is completely inside the TOR network and encrypted end to end

The bitcoin protocol dose not track your IP address but if someone is monitoring your internet traffic or by other techniques they could trace the bitcoin address to your IP. So, to use bitcoin securely you need to set your bitcoin client to use the TOR proxy SOCKS 5 it runs on 127.0.0.1 port 9050. Your bitcoin client will not make nearly as many connections as it did before but as long as you make a few you will be fine. You can buy bitcoins from people selling them on SilkRoad, or on the bitcoin "Over The Counter" bitcoin exchange on freenode IRC channel #bitcoin-otc. Both of thoughs sources people will ask you to pay with a PayPal refill card called a MoneyPack which you pay Cash for at CVS or Wallmart. Freenode has a TOR Hidden Service server you can use. You can setup WeeChat to use TOR (configuring weechat is a whole nother ball of wax I'll give you links instead of telling you how to use it). You can also buy them from Get-Bitcoin.com. You can also buy them on the exchanges such as Mt Gox or TraidHill. As long as you get them through your TOR tunnel and (the easiest way) then send them to a second computer running Bitcoin through TOR, and then maybe disconnect both computers form TOR and reconnect to TOR (to make sure you get new exit nodes) and send the bitcoins back to the first computer (maybe broken up into a cupple transactions, AND make sure to use a new bitcoin address for every transaction). Then send the bitcoins to Silkroad you should be fine just buying from MtGox with your ID. SilkRoad also dose this tumbling, so it  really is not needed at all. Just do it if you are paranoid.

You will probably also want to setup an anonymous email account too on a TOR hidden service. Tormail.net provides this service and you can even send and receive email from outside the TOR network to "yourname@tormail.net". Only use this email address to talk to people on SilkRoad. You can create another Tormail.net address for other uses if you like the idea of your email provider operating outside the reach of governments.

Next, you will want to setup GnuPG aka GPG. The OpenSource equivalent of PGP. Install GnuPG v1 and v2. Use v2 to create your GPG key and use the biggest key size. You can post your GPG Public key on this forms or just send it to people as needed.

If you do all of that your good to go. Links to everything except the GPG stuff is below.

Core (like google for TOR Hidden Services)
dppmfxaacucguzpc.onion

Tormail.net
jhiwjjlqpyawmpjx.onion

Freenode IRC Hidden Service
p4fsi4ockecnea7l.onion

HTTPS Everywhere
https://www.eff.org/https-everywhere

No Script
http://noscript.net/

AdBlock Plus
https://adblockplus.org/en/

Privoxy (you can also use polipo but I have always used privoxy)
http://www.macupdate.com/app/mac/11923/privoxy

#Bitcoin-otc
http://bitcoin-otc.com/

Get-Bitcoin.com
https://get-bitcoin.com/

Mt Gox bitcoin exchange
https://mtgox.com/

Traid Hill bitcoin exchange
https://www.tradehill.com/

Silk Road Money section to by bitcoin
http://ianxz6zefk72ulzz.onion/index.php/silkroad/category/98

Weechat to Freenode Hidden Service
(These instructions didn't work for me but I am to tired to write more. Ask about it on the #weechat Freenode unencrypted channel first)
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc
Title: Re: How anonymous is Tor?
Post by: hoffa on November 16, 2011, 11:39 am
Great info Beastie, big thumbs up!
Title: Re: How anonymous is Tor?
Post by: Beastie on November 16, 2011, 12:04 pm
Thanks :) That took be about an hour but I had fun doing it.
Title: Re: How anonymous is Tor?
Post by: JackS on November 16, 2011, 12:22 pm
Awesome info man, this will come in handy for people new to TOR as it is in a simple to understand manner...
Title: Re: How anonymous is Tor?
Post by: Beastie on November 16, 2011, 01:22 pm
Awesome info man, this will come in handy for people new to TOR as it is in a simple to understand manner...

Thank you.
If a moderator feels the same I am willing to make it a post for a sticky and refine it a bit more to give links to the "how to setup GPG" threads and stuff. Then maintain it. Then agin, if it gets to long it may not be easy to understand anymore...
Title: Re: How anonymous is Tor?
Post by: pannerjack on November 17, 2011, 07:49 am
Thank you very much Beastie!  Much appreciated...
Title: Re: How anonymous is Tor?
Post by: lazypeepsarebusted on November 17, 2011, 09:10 am
Not the best answer in my opinion.


TOR is vary secure. TOR hidden services such as SR are extremely secure.

Tor hidden services are fairly anonymous, but I wouldn't put much faith in them being untraceable. The primary attack to worry about with hidden services goes as follows:

Add a few malicious nodes to the Tor network. Open thousands of new connections to a hidden service with a malicious client. This forces the hidden service to open a new circuit for every connection request. Send a stream of packets to the hidden service with a particular time modulation in the stream. Look for this modulation at the nodes you flooded to the network. Doing this for a fairly short period of time is enough to enumerate the hidden services three entry guards, nodes which Tor always enters traffic through if they are up. Tor selects three entry guards largely to protect from this sort of attack, so if the hidden service doesn't select a malicious entry guard the attacker can not directly trace it with this attack alone. However, the attacker can quickly locate three nodes that make a direct connection with the hidden service. If they compromise any of these three nodes, either by hacking them, legal orders, or passive monitoring orders (pen register / trap and trace anyone?) they can deanonymize the server. I think that it is a safe assumption that a half competent attacker can currently trace hidden services with little effort.

Quote
You don't need to worry about using tor over your home ISP. That is what Tor is for. You also do not need to worry about your MAC address because TOR operates on Layer 4 and MAC address are on layer 2. What you do need to be concerned about are Cookies, JavaScript, Flash, DNS, and other stuff that may be leaked in the HTTP packets.

Using Tor over your home ISP is probably safe, but there are a large number of potential ways you can still be traced if you use Tor. For example, if any of your three selected entry guards are owned by your attacker (ie: the DEA), and they monitor timestamped posts on SR, they can do a timing correlation attack to link your IP address to your session on SR. The anonymity of Tor from a variety of very serious attacks largely falls on the entry guard, and if any of your three entry guards are compromised or attacker run you can likely be deanonymized, at least in many situations. Additionally, Tor doesn't really do anything to prevent a passive attacker who monitors you at your IP address from determining the servers you connect to, provided the same attacker or someone they collude with is also monitoring streams to the server you communicate with (for example, a honeypot server, or an attacker who can get logs from the server, or an attacker who passively monitors connections to the server at its infrastructure). These are called traffic confirmation attacks, and Tor does nothing to protect against them. Tor does protect from traffic analysis and a variety of other attacks though. When you use Tor, you protect from the following attackers to various degrees:

1. An attacker who monitors your connection and wants to find the servers you communicate with, but who isn't already monitoring the server you communicate with
2. An attacker who monitors the servers you communicate with, but isnt already monitoring you
3. An attacker who adds some malicious logging nodes to the network in an attempt to link communicating parties together

This includes both passive attackers (ISP etc) and active attackers (attackers who add malicious nodes to the network).

Again, Tor does nothing to protect from the following attacks:

1. An attacker who monitors your connection and the connection of the server you are communicating with

This includes any combination of the following: active monitoring, passive monitoring, access to logs from the server you communicate with / timestamped posts / etc

2. Application layer proxy bypass attacks, such as if your firefox is hacked and the attacker gets your IP address in this manner. To protect from this sort of attack the best option is to use VM isolation techniques. You should also be hardening your browser and you absolutely should be using Tor Button.

Tor minimally protects you from an attacker who can force you to open new circuits, such as if you are a hidden service. But Tor is weaker to such an attacker than an attacker who can not force you to open new circuits, for example if you are a Tor client in most situations.

Tor also is weak to this particular attack in regards to our specific threat model:

Tor clients bootstrap at various directory authority servers. I believe there are about eight of them. An attacker who can monitor these points can quickly enumerate all Tor client IP addresses, although they can not deanonymize their streams in this manner. However, since specific users of Tor leak their rough geolocation when they ship product, an attacker who has enumerated Tor client IP addresses can do attacks like this:

Make a radius of fifty miles around the shipping location a certain Tor user shipped product from. How many Tor user IP addresses are in this radius? Chances are very high one of the Tor user IP addresses in this radius is the vendor, and chances are low that there are many IP addresses in the radius. This sort of attack is traditionally called an observability attack, but since observability also describes another unrelated sort of attack I tend to call it a membership revealment attack. Using Tor bridges to connect to the Tor network can offer some degree of protection from this sort of attack, and I personally suggest at least considering it, particularly if you live in a low population rural area versus a densely populated urban area. I think using bridges is probably a good idea for our threat model, it also offers other anonymity advantages, but it also can decrease anonymity from other attacks. It is a tough call but I lean in favor of using bridges. Make sure to use no more than three bridges to mimic Tor entry guard selection.

Quote
First in FireFox go to about:config and find the setting (network.proxy.socks_remote_dns) and toggle it to True. This will make FireFox send all DNS traffic through the proxy. You need to make sure to clear ALL your browsing cache including Cookies before you connect through TOR, and before you disconnect from TOR. You should install Privoxy and add this to the bottom of the privoxy config file {encluding the dot at the end} (forward-socks5 / localhost:9050 . ). Privoxy will scrub out all the leaked stuff in the HTTP packets. It is a HTTP Proxy that runs on 127.0.0.1 port 8118 by default. In FireFox Advanced/Network/Settings set HTTP/SSL/FTP proxys to 127.0.0.1 port 8118 and SOCKS Host to 127.0.0.1 port 9050 SOCKS v5. You also need to run No-Script Firefox plugin (Install Ad Block Plus while your at it). If you connect to a normal  website like Google then you need to keep in mind that the TOR exit node is relaying unencrypted packets to the internet and back into TOR. They can see all the traffic and modify it. So, you will want to make sure you use HTTPS to provide end to end encryption for toughs sites. To make sure this is happening when ever possible install HTTPS everywhere FireFox plugin from the EFF. However, you do not need to worry about that for TOR Hidden services because your connection to them is completely inside the TOR network and encrypted end to end

You should use privoxy over polipo, but Firefox doesn't need an http proxy anymore. Suggestion today is to point firefox directly at Tor. You still need to make the change you mention in about:config though. You absolutely need to use tor button when you use Tor, it hardens firefox from a lot of bad attacks. I suggest using either liberte live or the tor browser bundle. Firefox has some patches that should be applied to it if you don't use the firefox from TBB or one of the live CD distros that already applied the patches for you. I strongly suggest using VM isolation to separate Tor from the web facing applications, if you have the time to configure something like this. It will aid your anonymity from a large set of very worrying attacks (application layer proxy bypass) and is a really strongly suggested practice. Good point about exit traffic being unencrypted, you are also right about traffic to hidden services.


All in alll you had a good post but I think you do over estimate the anonymity provided by Tor. It is the best option for low latency anonymity but it isn't anywhere near as bulletproof as most people think it is. It is still good enough to protect X% of people from given attacker Y Z% of the time though. If attacker Y is replaced with 'DEA' or 'FBI' X and Z are probably still pretty big numbers. If Y is replaced with 'NSA' or 'GCHQ' X and Z are probably pretty small numbers. I think this is largely due to incompetence on their part though. They think Tor is more bulletproof than it really is as well. But again, Tor is the best option for low latency anonymity. High latency solutions blow it out of the water, but they are for message systems more so than streaming systems. For example, mixminion takes hours to deliver an E-mail, but even if an attacker monitors you and the E-mail server you communicate with you can have strong anonymity. High latency can protect strongly from traffic confirmation attacks, Tor cant protect from them at all.