Silk Road forums

Discussion => Security => Topic started by: bobbykorn on February 08, 2012, 06:11 am

Title: Can your ISP see that you use TOR?
Post by: bobbykorn on February 08, 2012, 06:11 am
Is your internet service provider or anyone else able to see if you use TOR and if so can they tell how often?
Title: Re: Can your ISP see that you use TOR?
Post by: a_blackbird on February 08, 2012, 06:52 am
I'm fairly certain that the answer to that is yes, if they wanted to, your ISP could see that you're using Tor (DPI - Deep Packet Inspection - would be one way).  Doesn't mean that they know *what you're doing* on Tor, though, nor that it's necessarily any cause for suspicion.
Title: Re: Can your ISP see that you use TOR?
Post by: Holly on February 08, 2012, 06:56 am
If your using it in a remote location perhaps.. really all depends.
Title: Re: Can your ISP see that you use TOR?
Post by: CrunchyFrog on February 08, 2012, 06:56 am
Quote from: bobbykorn
Is your internet service provider or anyone else able to see if you use TOR and if so can they tell how often?
Yes.  ISPs can see what IP addresses you connect to.  The IP addresses of Tor relays are published and continuously updated.  The same applies to published Tor bridges, although it may take an adversary longer to discover that you're connecting to one.  (Using unpublished bridges would likely increase the time required still more.)  By observing when you have connections open to Tor relays / bridges -- and by watching the amount of data moving across them at various times -- they may be able to make some general guesses as to your activities.

Then there's the whole subject of packet inspection, which would require more resources than simply observing connections.  This is how Iran is believed to have blocked Tor traffic [ blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix ] back in September, 2011.  Check out to the blog entry if you'd like a brief overview of what that's about.  I'd think it unlikely that many (any?) ISPs would inspect your packets as a matter of routine unless they were forced to by a warrant or LE coercion.
Title: Re: Can your ISP see that you use TOR?
Post by: wxevkexi on February 08, 2012, 07:17 am
See this: https://www.torproject.org/about/overview.html.en#thesolution

They can see that you are connecting to a TOR entry node (relay). As someone else mentioned, these are well known (or easily discoverable).

I don't think they can do packet inspection. At least not at the point of entry, because that link is encrypted. They can look at traffic at the exit node, but then they cannot correlate it to you (originating node). Which is why TOR folks suggest SSL (https) services, which would encrypt data end to end between you and the SR servers. But far as I can tell, SR does not use SSL (https).
Title: Re: Can your ISP see that you use TOR?
Post by: supersecretsquirrel on February 08, 2012, 08:53 am
They can see that you are connecting to a TOR entry node (relay). As someone else mentioned, these are well known (or easily discoverable).

Correct. The ISP and network administrator can see that you are connecting to the Tor network. If you want to hide this a bit more, use a bridge as your first hop (you can set up one in the Amazon cloud for next to nothing).

I don't think they can do packet inspection. At least not at the point of entry, because that link is encrypted. They can look at traffic at the exit node, but then they cannot correlate it to you (originating node). Which is why TOR folks suggest SSL (https) services, which would encrypt data end to end between you and the SR servers. But far as I can tell, SR does not use SSL (https).

The Tor client will automatically encrypt all traffic between you and the first hop, and all traffic within the Tor network. When you browse a hidden service, such as SR, your traffic never leaves the Tor network and is never on display for a relay operator. SR does not use HTTPS because it doesn't make any sense, it just adds extra work for the administrators. When browsing normal websites over Tor, please do make sure that you're using HTTPS.
Title: Re: Can your ISP see that you use TOR?
Post by: QTC on February 08, 2012, 02:57 pm
Yes, it's possible for your ISP to see that you use Tor. This is of importance to vendors because they're vulnerable to a deanonymizing intersection attack. When you ship product, you're revealing your rough geolocation. If you also live in Bumfuck, Nowhere, you are likely one in a very small crowd of people using Tor in your area, possibly the dreaded crowd size of one, and your ISP can reveal this. Combining these two pieces of intel will fuck you. Using bridges (particularly, a bridge you control) is the solution but opens you up to other sorts of less severe attacks too.
Title: Re: Can your ISP see that you use TOR?
Post by: bobbykorn on February 08, 2012, 04:43 pm
Yea I've been using tor a lot and was just wondering if they could tell. I guess its not really a big deal to them though now that I think about it.
Title: Re: Can your ISP see that you use TOR?
Post by: germanicus on February 08, 2012, 05:46 pm
^^ We got some knowledgeable people up in here.  This is a good thread.
Title: Re: Can your ISP see that you use TOR?
Post by: jimvisa on February 08, 2012, 10:01 pm
here's a pretty great watch on the arms race between tor and china and other oppressive governments. if i remember correctly, the content should be mostly accessible for most people on here, especially if you're curious about this stuff, i'd totally recommend it to OP and others
youtube.com/watch?v=GwMr8Xl7JMQ

but i mean, like, i can't imagine most first world ISPs care if you are using TOR any more than if you're using HTTPS (although some ISPs in some countries might care if you're hosting a node, but that's a separate issue)
i suppose if you were suspected of using tor for illegal purposes they could in theory determine that you have/are using tor in an attempt to decrease the plausible deniability that your hidden truecrypt volume provided? but i'm kinda really grasping at straws here
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 08, 2012, 10:06 pm
See this: https://www.torproject.org/about/overview.html.en#thesolution

They can see that you are connecting to a TOR entry node (relay). As someone else mentioned, these are well known (or easily discoverable).

I don't think they can do packet inspection. At least not at the point of entry, because that link is encrypted. They can look at traffic at the exit node, but then they cannot correlate it to you (originating node). Which is why TOR folks suggest SSL (https) services, which would encrypt data end to end between you and the SR servers. But far as I can tell, SR does not use SSL (https).

Encrypted Tor packets stick out like sore thumbs (for one they are all padded to 512 bytes + headers). Technically an ISP could detect that you are using Tor by looking for streams of packets like this (and various other things). It is kind of an arms race. So far no government is known to be fingerprinting Tor traffic in this specific way, although some governments have located Tor users via various traffic fingerprinting attacks. It is harder for this sort of attack to be done than detecting Tor users via the IP addresses they connect to. It might not even be feasible to scan everyones traffic arbitrarily looking for some of the fingerprints associated with Tor traffic. In other cases it can be done though, as has been shown by various governments. When governments find a way to detect Tor traffic that they can actually implement large scale, Tor tries to take counter measures.
Title: Re: Can your ISP see that you use TOR?
Post by: jimvisa on February 08, 2012, 10:37 pm
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect
Title: Re: Can your ISP see that you use TOR?
Post by: bobbykorn on February 08, 2012, 10:41 pm
Great info guys... so what I've gathered from all of this is that as long as your not a target of LE and you live in a fairly densely populated area you should be good using tor as much as you want?
Title: Re: Can your ISP see that you use TOR?
Post by: jimvisa on February 08, 2012, 10:52 pm
yeah, i mean, a buyer in america or EU shouldn't have jack shit to worry about. tor is a legitimate service and perfectly legal

but sellers living in rural areas? maybe it would be prudent to not merely use the browser bundle, QTC made a pretty interesting point
Title: Re: Can your ISP see that you use TOR?
Post by: QTC on February 08, 2012, 11:28 pm
Great info guys... so what I've gathered from all of this is that as long as your not a target of LE and you live in a fairly densely populated area you should be good using tor as much as you want?
If you use bridges you will not be susceptible to the one attack I described, no matter where you live.
maybe it would be prudent to not merely use the browser bundle, QTC made a pretty interesting point
You can use bridges with the browser bundle, the option is labeled pretty badly though (I believe it's something like "my ISP blocks connections to Tor" or something). I don't like the browser bundle either but that's not really a knock on it.
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 09, 2012, 02:24 am
yeah, i mean, a buyer in america or EU shouldn't have jack shit to worry about. tor is a legitimate service and perfectly legal


It is perfectly legal to drive a particular sort of car as well, but that doesn't mean LE wont check DMV records when they make one of their suspect set sizes, if a certain type of car is frequently spotted near a certain type of crime scene. The rarer your car is the more prone you will be to being identified in this way. The less people who use Tor near where you ship from, the more prone you will be to being identified in this way.

After you are identified in this way, you will likely be put under various degrees of surveillance until they build a case against you from it. They will probably also watch your mail extra closely. They may manuever agents in their human intelligence networks (snitches and undercovers) closer to you and try to get you to do little illegal things. Then they might get your connection tapped and do a website fingerprinting attack to find some % probability that you are a certain user on SR (sites loaded through Tor, even though they are encrypted, have been identified with 60% accuracy with traffic classifiers, chaos computer club made the best one so far). They could bug your computers or what the fuck ever.

The thing is the more people who use Tor in your area the less likely they are going to put all of them under this sort of scrutiny. If you are the only person within a hundred miles of where the pack was sent from who is using Tor, you are an easy low hanging fruit. If there are fifty Tor users in the same radius, it will cost them a lot more to do targetted attacks against fifty people to find one person. If they go to this effort or not will depend on how valuble of a target you are : how much resources will it cost to do these attacks / surveillance etc

another thing to take into consideration though is that they are fairly effective at filtering out noise via various strategies. If they identify fifty Tor users in an area they may do other things. How many are on parole? They are easy targets and have little legal rights against search. How many have criminal records for drug charges? How many fit this profile or that profile. This isn't a perfect strategy but its one of their techniques. You would also be surprised how much profiling data is already available to LE on you, if you use facebook you pretty much make your entire social network open source intelligence. Have a lot of friends who were busted for drug charges? I wonder in your extended social network how many people have been busted for drug charges versus the extended social networks of these other fifty Tor users in your area and their social networks. Better call up a datamining company and do some database processing. Or they can add other data points to the intersections.

the intelligence is just to help them narrow in on evidence, see where to best focus their resources until they have enough resources to focus on a target. How much they are willing to put into it depends of course of the specific target. The use of intelligence often will not even come up in court. They don't need to say why they knew to target you as long as they follow the law when they go about gathering the needed information. And some times they are just crazy fanatics anyway and will break the law because they are crusading against the devil as far as they are concerned. Or they are just crooked for whatever reason. I still think the majority of LE are "law drones" though, and will act in accordance with the law, unfortunately regardless of how fucking corrupt the law happens to be. IMO they are just as bad.
Title: Re: Can your ISP see that you use TOR?
Post by: nicehs2 on February 09, 2012, 06:56 pm
Im not sure this is really much more secure, Im pretty new to this myself but this is something Ive been doing (for other reasons tho) that seems to work for this. I dont think my ISP will have any idea my traffic is going thru any of the TOR servers this way-

If youre a bit into technical stuff (basic linux commands,can learn with few hours reading, if you dont find any tutorials to do only these specific things-) you can rent a cheap VPS server (few dollars per month) and setup TOR and Privoxy software on it to relay proxytraffic thru TOR.
Takes like 5min to setup on a new VPS once you know how, just a few lines of commands to install and edit a few characters in a config file and ready for use.
Im now using TOR by setting proxy settings to my VPS's ip/port in the browser, and now the only connection appearing in my Windows's netstat is the connection to the VPS's IP. I dont have TOR installed on my main computer either, and I can use TOR from any other computer without installing anything by entering the proxy ip/port I have memorized into the browser. Like any other normal proxy except its relaying traffic further to TOR

I think an encrypted VPN connection would also work so that your ISP would not see any connection to the TOR servers, and may be an easier way to hide TOR usage than setting up and configuring a VPS server with Privoxy & TOR..
Title: Re: Can your ISP see that you use TOR?
Post by: supersecretsquirrel on February 09, 2012, 07:01 pm
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect

Running an exit relay would give you plausible deniability for normal web traffic, but traffic to and from hidden services never leaves the Tor network.
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 09, 2012, 09:21 pm
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect

Running an exit relay would give you plausible deniability for normal web traffic

Not from a local passive attacker
Title: Re: Can your ISP see that you use TOR?
Post by: Horizons on February 09, 2012, 10:02 pm
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect

Running an exit relay would give you plausible deniability for normal web traffic

Not from a local passive attacker

And yet this thread is about ISPs, which aren't local.
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 10, 2012, 07:55 am
i wonder if running a tor relay on your network would effectively mask personal tor use... i think it probably would do a pretty good job, but not be perfect

Running an exit relay would give you plausible deniability for normal web traffic

Not from a local passive attacker

And yet this thread is about ISPs, which aren't local.

Actually, your ISP is a local passive attacker.
Title: Re: Can your ISP see that you use TOR?
Post by: CaptainSensible on February 10, 2012, 10:49 pm
Running a Tor relay at home would have the effect of blending your Tor connection with all the other Tor connections that are made through your Tor relay.  There's no way to tell what originated from your network from what was relayed through your network.

The down side is you have a steady stream of Tor traffic going through your home network, which your ISP will notice sooner or later (especially if you let your Tor relay hog all your bandwidth, which it just may do).  This will give you the kind of attention you may not want.

I still say if you're really paranoid about your ISP & local LE making a connection between Tor use and orders from SR then use another access point.  Go to a wireless network far away from where you live & connect there, or borrow a PC somewhere that will let you boot from USB & run Tails.  Or at least have your orders sent to another address that doesn't have a connection to the Tor network.
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 11, 2012, 08:55 am
There's no way to tell what originated from your network from what was relayed through your network.

Sure there is. Who is the attacker (ISP, node, a few nodes, website, etc)? Are you a relay or an exit?

Quote
The down side is you have a steady stream of Tor traffic going through your home network, which your ISP will notice sooner or later (especially if you let your Tor relay hog all your bandwidth, which it just may do).  This will give you the kind of attention you may not want.

The down side is that you have no membership concealment and make yourself significantly weaker to a lot of serious attacks (and yet more secure from others...although imo it is totally not worth it). I encourage people to run Tor relay nodes. Don't run a relay on the same machine you use for your client though. Or even the same internal network. VPS nodes are cheap. I highly suggest that you contribute to the Tor network by buying a cheap VPS and setting it up as a Tor relay, exit or semi-public bridge. But if you run a relay, exit or bridge on your home PC you are going to be reducing the anonymity you get as a client.

Title: Re: Can your ISP see that you use TOR?
Post by: respect on February 11, 2012, 10:12 am
The VPS suggestion has a lot of other advantages too. But, for the purpose of hiding the fact that your using tor from your location, VPN or the even more popular ssh tunneling options suffice just as well. Of course, your VPN or ssh end point ISP would then have the knowledge that tor is being used from there. And administrative access to that network could easily reveal the true source of the connections. So, don't forget that you can also chain these methods through multiple hops. Finally, ideally, at one of these hops, you would have the ability to either prevent / subvert logging or assure removal of any logs connecting you to the system.
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on February 11, 2012, 11:20 am
I would just use a private or semi-private Tor bridge personally. Look into obfsproxy too, that will help a lot. Tor is about to become a lot more membership concealment friendly via bridges and soon using bridges will be the clear winner when it comes to membership concealment. It already is one of the best options.
Title: Re: Can your ISP see that you use TOR?
Post by: Angelology on February 11, 2012, 01:24 pm
Is your internet service provider or anyone else able to see if you use TOR and if so can they tell how often?
Yes.
Title: Re: Can your ISP see that you use TOR?
Post by: lilith2u on February 11, 2012, 11:19 pm
This is really a fascinating thread. As a not very tech savvy person this is most helpful and interesting.......thanks! this is off topic, but do you know if there's any spyware other than the usual that can tell if your computer is being compromised or watched?
Title: Re: Can your ISP see that you use TOR?
Post by: Holly on February 12, 2012, 02:10 am
There should be a guide to setup one of these D:
Title: Re: Can your ISP see that you use TOR?
Post by: respect on February 13, 2012, 07:06 am
Actually, we're talking rather high end security. 99% of the people here, I'm sure, just download the latest (hopefully, lol) version of the tor browser and fire it up, and they get along just fine. But the rest of us, yea, this is what we do regularly, just because we can, and because technically we're correct and stay on top of the game. More particularly, if you want to vend, you should know and practice this sort of stuff. Like kmfkewm has said time and time again, if you're one of 100 people using tor in your area, and say I'm LE and I order a package from you, see the source area, then check with the area's ISPs for tor usage (super easy), and bam, I got a list of 100 people to look at and you're gonna be one of them. If you live out in some small township, chances are you're the ONLY one using tor in the area. Bingo.

As far as a tutorial... for what? How to use a proxy? How to setup a VPS? How to use a bridge? Ok, I'll make this real short and sweet.
SSH Proxy: At a minimum, this is what you should be doing. SSH is an industry standard communication protocol and not suspicious in the slightest.
Get a $5/ month webhosting account that includes shell access.
Download PuTTY. Setup an SSH tunnel in putty under "Connection" > "SSH" > "Tunnels". Source port 8080 (could be anything), Destination select the "Dynamic" radial option. This is essentially a SOCKS5 proxy. Under "Session" put in your webhosts server info, give it a name under "Saved Sessions" and "save" it. Then "Open" the connection. Put in your username and password for the webhost account. You can further automate this by putting your username in the saved session under "Connection" > "Data" > "Auto-login username". And you can setup key-based authentication so you don't even have to type a password, check out pageant and puttygen in the putty folder, google putty tutorials, I won't go into that. Anyway, at this point you should then be connected to your SSH account on the webhost and have an established SSH tunnel waiting to be used on your localhost, 127.0.0.1 port 8080. To get Tor to use it, Vidalia Control Panel > Settings > Network > "I use a proxy to access the internet" >  address: 127.0.0.1 port: 8080 Type: SOCKS5. To verify that it works. Close the SSH session and you'll see Tor no longer works. Open it up again and tor will be working again :)

To use a tor bridge: Vidalia Control Panel > Settings > Network > "My ISP blocks connections to the Tor network" > Add a Bridge: IP address of a Tor bridge, and click the +
Done.
Note, you can actually do both. You can use a Bridged connection through an SSH tunnel for double the protection. Just setup both options.

To setup a VPS / get your own private Tor Bridge:
This is actually amazingly easy now, thanks to the Tor Project foundation and Amazon Web Services. They already have tutorials in place and you can actually get a years worth of service for free with the micro plan, which the tutorial walks you through setting up. Check it out, cloud.torproject.org

After you get your VPS setup, the tor bridge is already up and running, it's a pre-configured Ubuntu server with tor installed and automatic updates turned on so it's basically self sustaining. It'll update your operating system and tor automatically. You will have to figure out the key based authentication though, because that's how it comes configured, and actually that's the only kind of authentication SSH servers should be accepting these days anyway. The tutorial includes all that except how to actually preform the connection from your end. Again, for using putty, you will download a .pem file from Amazon as part of the tutorial. This is your standard private key file. Unfortunately, putty uses it's own special format for key files, so you need to convert it. You open up PUTTYGEN, import the .pem file, and then "Save Private Key" as a .ppk file (This is the format putty uses). In PuTTY, "Connection" > "SSH" > "Auth" > "Private key file for authentication", Browse, select the .ppk you saved from PUTTYGEN. And you're good to go. You can use it as a straight up Tor Bridge directly, or you can use it as a bridge tunneled through your SSH connection, just like I've already covered.

Have fun :)

Title: Re: Can your ISP see that you use TOR?
Post by: beatle66 on May 07, 2012, 04:20 pm
i only joined silk road last week , how can i have all these messages ?
Title: Re: Can your ISP see that you use TOR?
Post by: Bridgehead on May 08, 2012, 09:09 am
Is your internet service provider or anyone else able to see if you use TOR and if so can they tell how often?

yes absolutely 100%
Title: Re: Can your ISP see that you use TOR?
Post by: TreyWingo104 on May 08, 2012, 10:54 am
yeah, i mean, a buyer in america or EU shouldn't have jack shit to worry about. tor is a legitimate service and perfectly legal


It is perfectly legal to drive a particular sort of car as well, but that doesn't mean LE wont check DMV records when they make one of their suspect set sizes, if a certain type of car is frequently spotted near a certain type of crime scene. The rarer your car is the more prone you will be to being identified in this way. The less people who use Tor near where you ship from, the more prone you will be to being identified in this way.

After you are identified in this way, you will likely be put under various degrees of surveillance until they build a case against you from it. They will probably also watch your mail extra closely. They may manuever agents in their human intelligence networks (snitches and undercovers) closer to you and try to get you to do little illegal things. Then they might get your connection tapped and do a website fingerprinting attack to find some % probability that you are a certain user on SR (sites loaded through Tor, even though they are encrypted, have been identified with 60% accuracy with traffic classifiers, chaos computer club made the best one so far). They could bug your computers or what the fuck ever.

The thing is the more people who use Tor in your area the less likely they are going to put all of them under this sort of scrutiny. If you are the only person within a hundred miles of where the pack was sent from who is using Tor, you are an easy low hanging fruit. If there are fifty Tor users in the same radius, it will cost them a lot more to do targetted attacks against fifty people to find one person. If they go to this effort or not will depend on how valuble of a target you are : how much resources will it cost to do these attacks / surveillance etc

another thing to take into consideration though is that they are fairly effective at filtering out noise via various strategies. If they identify fifty Tor users in an area they may do other things. How many are on parole? They are easy targets and have little legal rights against search. How many have criminal records for drug charges? How many fit this profile or that profile. This isn't a perfect strategy but its one of their techniques. You would also be surprised how much profiling data is already available to LE on you, if you use facebook you pretty much make your entire social network open source intelligence. Have a lot of friends who were busted for drug charges? I wonder in your extended social network how many people have been busted for drug charges versus the extended social networks of these other fifty Tor users in your area and their social networks. Better call up a datamining company and do some database processing. Or they can add other data points to the intersections.

the intelligence is just to help them narrow in on evidence, see where to best focus their resources until they have enough resources to focus on a target. How much they are willing to put into it depends of course of the specific target. The use of intelligence often will not even come up in court. They don't need to say why they knew to target you as long as they follow the law when they go about gathering the needed information. And some times they are just crazy fanatics anyway and will break the law because they are crusading against the devil as far as they are concerned. Or they are just crooked for whatever reason. I still think the majority of LE are "law drones" though, and will act in accordance with the law, unfortunately regardless of how fucking corrupt the law happens to be. IMO they are just as bad.


What if you pwnt a neighbors WEP Key, speaking hypothetically, would using their connection to access the internet be better?  Assuming you did so with a strong antenna that could access networks within a 50m range (like the ones someone is selling on SR) and using openbsd and pfsense/snort on a stripped down cpu that hasnt touched facebook and cant be linked to any PID.   would the ISP for whichever network you used , whether open or cracked open be alert to the fact that a new instance was suddenly running, (new machine I mean?) , obviously they would/could see Tor traffic just like if you use your own wifi but would this provide better security or be more likely to raise a red flag on that network....? all this assuming you live in an area where there are a multitude of wifi networks close to one another, like a city....
Title: Re: Can your ISP see that you use TOR?
Post by: Tittytwister on May 08, 2012, 05:43 pm
respect respect  :)
Title: Re: Can your ISP see that you use TOR?
Post by: CaptainSensible on May 08, 2012, 07:51 pm
For a more authoritative answer I'd thought I'd reference the torproject.org website.  The following is an answer to the question of whether or not a Tor user gets better anonymity by running a relay (and as is usually the case with all things Tor, the answer is "it depends."):


"Yes, you do get better anonymity against some attacks.

The simplest example is an attacker who owns a small number of Tor relays. He will see a connection from you, but he won't be able to know whether the connection originated at your computer or was relayed from somebody else.

There are some cases where it doesn't seem to help: if an attacker can watch all of your incoming and outgoing traffic, then it's easy for him to learn which connections were relayed and which started at you. (In this case he still doesn't know your destinations unless he is watching them too, but you're no better off than if you were an ordinary client.)

There are also some downsides to running a Tor relay. First, while we only have a few hundred relays, the fact that you're running one might signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you're running a relay -- for example, an attacker may be able to "observe" whether you're sending traffic even if he can't actually watch your network, by relaying traffic through your Tor relay and noticing changes in traffic timing.

It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it's a smart move. "



 hxxps://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#DoIgetbetteranonymityifIrunarelay
 
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on May 09, 2012, 12:34 am
it's a closed research question now, the benefits don't outweigh the risks. And even the entry guards can tell if you are relaying or originating a given stream in most cases, after all they can count the number of extend cells you passed through them and Tor almost always uses three hops. Two extend cells means you are the originator. Nodes need to be able to see the number of extend cells to limit how long your path is, I believe Tor is network limited to 8 hop paths although 3 and very rarely 4 is the default behavior of the default client. Otherwise you could construct a circuit with 3,000 nodes on it and cost each Tor node a kb for every kb you send into the network, would be a big DOS weakness since having enough bandwidth to DOS the most sturdy node would then be enough to DOS the entire network.

If you are shipping product out and run as a relay it is especially bad since they could get lucky and decide to put everyone who runs a relay in your area under surveillance, if you are the only one you could really stick out as a potential suspect. Plus it makes you vulnerable to down time correlations between the relay and the online presence.

That section of the Wiki was written many years ago obviously since it claims Tor only has a few hundred nodes, today it has 3,000 nodes and has had thousands for several years.
Title: Re: Can your ISP see that you use TOR?
Post by: nothing on May 09, 2012, 01:09 am
KMF,  I learn a lot from your replies makes good sense.........so as buyers maybe we should burden LE with faints running some exit and relay?  Obviously someone is going to have to pick up running this service or else LE will just make their own relays and none legit ones left......or are we suppose to just milk off legit people?  It makes a lof of sense the LE is pressuring new internet laws as they want simple easy click button tyranny at the click of the button.....the fools are too stupid to do anything else but be a drone.......

Anyway.....what I wanted to do is ask your opinion about running a wired VPS router........would setting up multiple connects keeping one computer running a relay 24/7......if you wanted LE to be baited what would be the best setup to throw them off in your opinion.....using a wired router system.....just curious before I go that route......
Title: Re: Can your ISP see that you use TOR?
Post by: kmfkewm on May 09, 2012, 02:02 am
If you want to contribute to Tor I would highly suggest using a cheap VPS to do so , preferably anonymously registered at that, if you are anything other than a small time customer. This is especially true if you plan to run an exit because multiple people who ran exits have been raided after dumbass police traced some other person to them.
Title: Re: Can your ISP see that you use TOR?
Post by: nothing on May 09, 2012, 02:20 am
Yes I was not intending to run a exit off my ISP IP address only would do a relay 24/7 from my ISP on a clean computer.......setting up multiple computers using a wired router VPN and or using Mullvad which allows up to 3 computers......no doubt many different ways can be done, I guess it depends on each individuals own circumstance.......
Title: Re: Can your ISP see that you use TOR?
Post by: nothing on May 10, 2012, 02:46 pm
Also it is difficult and dumb to get a Tor Bridge relay that actually works......using a https proxy or socks5 as your first hop would be simple.....lots of free lists for proxies who knows if they are good or not though......just go to settings and click on I use a proxy to connect to the internet in vidalia settings.......