Greetings. I have recently become interested in issues of privacy and annonymity. At the moment I am using PortableTor in conjunction with my two main browsers: portable Opera and Firefox. My question is:

Is there any other piece of software/something else I could be doing to complement this set up to gain greater annonymity?

Yes. Stop using PortableTor, as it is vulnerable to many side-channel attacks. If you have to use Tor, use either TorVM or JanusVM or xB Machine and not anything else.

Thank you for responding.

-{ Quote: "Yes. Stop using PortableTor, as it is vulnerable to many side-channel attacks." }-
What does this mean for me as a casual user of the net? Is it significant?

What is it about TorVM, JanusVM and XB Machine that makes them more annonymous? Do you recommend one over the others and why?

I have tried TorVM but I get the error in the attached picture. Any ideas? It also created a separate TorVM network connection so not very clean. If possible I do not want evidence of extra network connections to be left. That's part of the reason I was using PortableTor before. Sorry, maybe I should have made it clear. I was just reading about the distinction betwee privacy and annonymity lol

I also dl Janus but I don't know what to do with the files. It looks quite involved and creates separate network connection too d'oh. I have a feeling this is going to be one of those situations where I have to choose between leaving tracks in the form of separate network connections and greater annonymity.

Damn XB Machine is > 300MB. Maybe I try that one later when I clean our some drive space. I prefer small like TorVM @ 16MB ;)

-{ Quote: "not anything else." }-
So that is the best we can get if not willing/cannot afford to pay for a dedicated service?

-{ Quote: "Thank you for responding.

What does this mean for me as a casual user of the net? Is it significant?
" }-

There is nothing casual about anonymity. It is hard to achieve, and resource intensive. The problem with running Tor in an open implementation is that you are subject to all the attacks from tor node operators as well as regular attacks from the internet.

-{ Quote: "
What is it about TorVM, JanusVM and XB Machine that makes them more annonymous? Do you recommend one over the others and why?" }-

These are locked-down implementations of Tor, which make them much more leakproof and relatively invulnerable to attack.

-{ Quote: "
I have tried TorVM but I get the error in the attached picture. Any ideas? It also created a separate TorVM network connection so not very clean. If possible I do not want evidence of extra network connections to be left. That's part of the reason I was using PortableTor before. Sorry, maybe I should have made it clear. I was just reading about the distinction betwee privacy and annonymity lol " }-

The extra connection does not hurt anything, it make a much cleaner connection than simply running tor out of the box.

-{ Quote: "
I also dl Janus but I don't know what to do with the files. It looks quite involved and creates separate network connection too d'oh. I have a feeling this is going to be one of those situations where I have to choose between leaving tracks in the form of separate network connections and greater annonymity." }-

If your worried about creating "tracks" on the machine you are running these programs on, your biggest threat is not anonymity.

-{ Quote: "
So that is the best we can get if not willing/cannot afford to pay for a dedicated service?" }-

Yup. Or... get a JanusPA device.

Is the XBMachine site ever going to get fixed?

-{ Quote: "Is the XBMachine site ever going to get fixed?" }-

No. It will disappear shortly and be replaced by our new micro browser, which is faster and more secure :)

double posted

Can you elaborate on the side channel attacks you think tor portable is vulnerable to? I imagine you mean things like flash, java etc; but if someone has everything configured properly that isn't much of a worry is it? I pass all the tests at www.decloak.net which is by far the best tor breaker I have ever seen. How can someone trace me down short of poisoning the network with nodes and hoping for a statistically promised partial view of the network, or ISP analysis (which I imagine is NSA style tracking, or do you think lesser powers would go to those extents?). What about with WiFi thrown in, how could someone be traced if they are using a random WiFi location and properly configured Tor that passes the decloak test. I imagine even by the time someone capable of international traffic analysis traced the entry point back the person connecting would be long gone, no?

Also a question about xerobank: how does it withstand against international adversaries? What's stopping someone from just going to the ISP of the xerobank nodes, regardless of if xerobank will cooperate or not I am sure eventually they will find someone up the chain who will. For example, tor is often illustrated like this:

Client ----> Entry Node ----> Relay Node ----> Exit Node ----> Target Website

and people are always focusing on an attacker controlling the three nodes. But a more accurate portrayal of what is happening would be:

Client ----> ISP ----> Entry Nodes ISP ----> Entry Node ----> Relay Nodes ISP ----> Relay node ----> Exit Nodes ISP -----> Exit Node ----> Destination website

Whats to stop someone from trivially just going to the ISPs of each node and demanding cooperation? Especially if they are all based i nthe same jurisdiction or in places which are friendly with each other? What are the chances of an organization short of the NSA being able to, or more specifically likely to, do such an attack? Also, how does xerobank defend against it. I know that mixmaster networks defend against it by mixing traffic but they are high latency....if you can show me how a low latency network can defeat that attack I might just buy a Xerobank account =).


The way I see it is there are three main attack styles against anonymity networks:

Side channel (Flash, Java, ETC, plugin exploits that go around the actual network instead of break it). I see these attacks as likely to be done by local police level agencies, copyright enforcement corporations.

Node Poisoning (Trying to get a statistical view of the network by controlling a large percent of the nodes): I see this attack as on the level of federal agencies. I imagine FBI etc own at least several dozen is not hundreds of Tor nodes. Oddly enough if FBI does so does Russian Feds and Chinese Feds and I doubt they cooperate, so this attack isn't likely to do a whole lot really. Also, local law enforcement and copyright groups are unlikely to go to this much trouble, local law wouldn't likely have jurisdiction over any crime and copyright people have so many easy targets they don't likely bother much trying to break Tor.

ISP analysis: This I see on the level of Military intelligence agencies, where they cut out the actual nodes and focus on the ISPs of the nodes. I don't know if non-military specific federal organizations would necessarily have this ability, certainly there are a wide variety of jurisdictions with ISPs that are running Tor nodes, and I find it unlikely they are all friendly with each other. A possibility is a combination of node poisoning and ISP analysis, which would make me thing the FBI would mostly buy tor nodes and set them up on servers in russia and china (why would they in usa, they can trivially get ISP records of any tor node using an American ISP right?). This is still mostly a statistical attack though, but much more devastating than simple node poisoning. Is that on the level of federal agencies, or do you think thats military also?


Do you think I am accurate in my "attack model" ?

Also, the reason I use police agencies as the likely adversary is simply because I am trying to evaluate the network from a realistic and pure point of view. Realistically 99% of people using Tor (including myself) are using it just because we are privacy minded. But I like to look at it not as it applies to me, but in an objective sense. Objectively, who is most likely to be trying to compromise Tors anonymity? LE aka intelligence agencies. What is the goal of an anonymity network? Privacy. The battle is between privacy and intelligence, not necessarily criminality and justice (whatever those concepts may be wherever you live ;-) ).

-{ Quote: "I pass all the tests at www.decloak.net which is by far the best tor breaker I have ever seen." }-
Oh damn. When using PortableTor with Opera I fail the External NAT (Flash) test. ie it reveals my true IP address! Does that mean that we can't use Opera and PortableTor to view flash without revealing true IP? Is there anything I can do in Opera to remedy this? Portable Firefox passes all the tests since I have scriptblock, flashblock etc I presume.

-{ Quote: "

Also a question about xerobank: how does it withstand against international adversaries? What's stopping someone from just going to the ISP of the xerobank nodes, regardless of if xerobank will cooperate or not I am sure eventually they will find someone up the chain who will. For example, tor is often illustrated like this:

Client ----> Entry Node ----> Relay Node ----> Exit Node ----> Target Website

and people are always focusing on an attacker controlling the three nodes. But a more accurate portrayal of what is happening would be:

Client ----> ISP ----> Entry Nodes ISP ----> Entry Node ----> Relay Nodes ISP ----> Relay node ----> Exit Nodes ISP -----> Exit Node ----> Destination website

Whats to stop someone from trivially just going to the ISPs of each node and demanding cooperation?
" }-

Heh I actually just thought of a way to solve this. Hundreds of machines in a local area network, with only some having access to the internet, that anonymize within themselves.

Client ---> ISP ---> Entry Nodes ISP ----> Entry Node <><><><><> Relay Node on LAN but not on the internet <><><><> Exit node on Lan -----> ISP ----> Entry nodes ISP ----------> Entry node <><><><> Relay node on LAN <><><><> Exit Node on lan ----> Website

That would essentially be a two hop anonymity network (Two LAN networks taken into consideration) but due to the anonymizing that takes place off the internet on a private LAN it should be fairly immune to ISP traffic analysis if proper mixing takes place. I would suggest a constant crypto stream between the exit node of lan one and the entry node of lan 2, to allow for mixing. Hell, could make it a three hop network and the additional LANed nodes wouldn't slow it down much, you can get blazing fast speeds on a LAN for next to no cost.

I would also suggest that no logging be kept on the LANs (obviously) but I would take it a step further and design an end to end (within the anonymity network) crypto based routing mechanism that takes user input into account for path selection on the LANs (each LAN should have many many computers). To try and make it so the administrator of the network couldn't even do live traces.

Does Xerobank do something like this? I know Tor doesn't.

-{ Quote: "Can you elaborate on the side channel attacks you think tor portable is vulnerable to? I imagine you mean things like flash, java etc;" }-

Not just those. I mean everything you can't think of either. I mean any way to leak your true information.

-{ Quote: "
but if someone has everything configured properly that isn't much of a worry is it? I pass all the tests at www.decloak.net" }-

No, they should worry. Decloak.net is neither sophisticated nor designed to test anonymity.


-{ Quote: "How can someone trace me down short of poisoning the network with nodes and hoping for a statistically promised partial view of the network, or ISP analysis (which I imagine is NSA style tracking, or do you think lesser powers would go to those extents?). What about with WiFi thrown in, how could someone be traced if they are using a random WiFi location and properly configured Tor that passes the decloak test." }-

Unless you are using a VM or CryptoRouter, deanonymizer will get your real IP address. Wifi is not relevant, that's just a game you play with yourself.

-{ Quote: " I imagine even by the time someone capable of international traffic analysis traced the entry point back the person connecting would be long gone, no?" }-

No. Tor circuits last about ten minutes. We can trace you in 30 seconds without NSA power, or relatively instantly with NSA power since they have the ability to look back at net flows.

-{ Quote: "
Also a question about xerobank: how does it withstand against international adversaries? What's stopping someone from just going to the ISP of the xerobank nodes, regardless of if xerobank will cooperate or not I am sure eventually they will find someone up the chain who will." }-

Lets say you had both the entry node and exit node fully monitored. Unlike all other services, XB does channel multiplexing. We take thousands of sessions, break them apart by packet, and reorganize them into a single session to the other node. It's like sending data through a blender and then encrypting it. It won't be trivial to try to 1) decrypt it 2) reassemble it back into streams 3) correlate the streams of entry and exit nodes.

-{ Quote: "
Whats to stop someone from trivially just going to the ISPs of each node and demanding cooperation? Especially if they are all based i nthe same jurisdiction or in places which are friendly with each other?" }-

For Tor? Nothing. For XeroBank, it won't work.

-{ Quote: "
What are the chances of an organization short of the NSA being able to, or more specifically likely to, do such an attack? Also, how does xerobank defend against it. I know that mixmaster networks defend against it by mixing traffic but they are high latency....if you can show me how a low latency network can defeat that attack I might just buy a Xerobank account =)." }-

We do both mixing and multiplexing between nodes.


The way I see it is there are three main attack styles against anonymity networks:

-{ Quote: "Is that on the level of federal agencies, or do you think thats military also? " }-

Statistical analysis can and is being performed not just by military and gov, but by big corporations who run IXs and centralization systems. They are live datamines, filled with useful client information. These are run by corps like Google, IBM, Fujitsu, Nokia, et al. If we get to present at blackhat, we will be covering exactly how this is done, and exactly what the costs are.

-{ Quote: "
Do you think I am accurate in my "attack model" ?" }-

Sure, except that statistical analysis is possible by much smaller orgs than Gov/Mil.

-{ Quote: "Heh I actually just thought of a way to solve this. Hundreds of machines in a local area network, with only some having access to the internet, that anonymize within themselves. " }-

Sadly it won't work. Not enough crowding unless the LAN has thousands and thousands of users with sessions to the other lan, and vice versa. otherwise a simple profile analysis of who uses the lan will render your information with high probability. LAN access means you are part of a very small pool, so it is the weakest link to attack.

-{ Quote: "No. Tor circuits last about ten minutes. We can trace you in 30 seconds without NSA power, or relatively instantly with NSA power since they have the ability to look back at net flows." }-

I still lurk around these parts and there hasn't been anything too out of the ordinary to speak up about --- until now.

Steve Topletz is once again falling back on his FUD and self important bull&%^*$. He has obviously been watching one too many episodes of CRIMINAL MINDS and thinks what Penelope Garcia does on the show is believable. Do you all realize what Steve just said in the post above? Concerning tracking a person using TOR, he wrote, "We can trace you in 30 seconds..." Okay, stop laughing. Steve gets a little carried away at times and this is definitely one of those times.

I can't remember which thread it's in but somebody called Steve out on his constant promises of what's coming out "soon" and what he's about to unveil "soon" and how Xerobank is doing something extraordinary "soon" and he's even gone to the trouble of telling everyone to remove UltraSurf, but can't tell us why. He says maybe in months, maybe years or maybe - never! This is the fearless Xerobank leader who acts like they will stand so strongly in the face of government authority and SuperSteve will save the day by thwarting their efforts. But - he can't tell us why UltraSurf is so bad.

He even says that using random wireless hotspot locations do no good in his ability to track. you. down.

He's made some wild claims lately and I've touched on only a couple. Steve, track me down in 30 seconds while I'm using TOR and we'll be lifelong friends. I'll wash your feet each morning.

Don't get me wrong, some of what Topletz says has some value, it's when he rushes in with wild claims for Xerobank and wild promises for services that never show up and his superhuman abilities to track. you. down. His deanonymizer will cut right through anything and track. you down.

Earth to Steve: snap out of it. You are not Penelope Garcia.

DeAnonymizer will be released August 1st. Get your foot salts ready, I've been wearing sandals today.

-{ Quote: "
Unless you are using a VM or CryptoRouter, deanonymizer will get your real IP address. Wifi is not relevant, that's just a game you play with yourself.

" }-

What if you are using XB2 without XB Machine or cryptorouter. Can deanonymizer get your real IP then?

No, it won't be able to defeat XeroBank because our design is solid.

How does deanonymizer work?

You visit the site, tell us your network and begin the test, then the site performs a bunch of side-channel attacks, then tells you your results.

What side channel attacks are used, I want to defend myself against them now (Screw waiting till august 1st to be safe....).

Is is the CSS based attack where it calls to high ascii characters or whatever? I have heard a bit about that...also any suggestions how to defend against it? Is there a way to disable cascading style sheet functionality with firefox?

Also, you know about the project I am working on where it is a forum with a client and server side component. Since we are cutting out the browser fully, and using only our two program components, will it still be weak to these attacks of yours? I mean like could deanonymizer trace me down over pidgin, or does it require that I be using a web browser? If it requires web browser (or other **** bogged down with plugins) then hopefully people start to stream line anonymity functionality into applications (like pidgin, or the secure forum project) and understand that web browsers are just not designed with security or anonymity in mind but with glitz and glammer and flashy little buttons ;-).

I already am of the opinion that trying to be anonymous with a web browser is similar to trying to hide an elephant by dressing it inconspicuously.

So xerobank solves most of those problems by being in a virtual machine. But would Xerobank really make me that much more anonymous on pidgin for example? I see Xerobank is very good against side channel attacks from its very design, but is it significantly better when being used by people who know enough about what they are doing to defend themselves against side channel attacks (or who cut out side channel attacks with task specific applications?). Obviously it is better security because every node is trusted, but when end to end encryption is already implemented that additional feature doesn't really come as an advantage or a disadvantage. And even though Tor is weak to node poisioning, arn't ALL xerobank nodes held under the authority of one company? Even if it is multi-jurisdictional, it isn't wise to rely on inconvenience equaling anonymity. I want to be shown HOW xerobank will keep me safer than Tor, not against side channel attacks which I am not particularly concerned with (but most people should be!). I want to see how xerobank compares with Tor on an actual NETWORK level. Tor is easy to go around if people who don't know what they are doing are using it, but the "abstract" networks how do they compare with each other? It is hard to go around xerobank, easy to go around Tor. How hard is it to break Tor or Xerobank is what I want to know, not just go around them. Because I trust Xerobank, but I don't trust the "adversary" from not being able to force Xerobank to do whatever the heck they want. In that aspect I trust Tor more, because then the adversary needs to force three people to do something instead of one person. Panama is awesome for security, but I wouldn't trust my anonymity to a single node in Panama. If it comes down to trust, I am not sold. What is possible concerns me, not just what is probable.

I will admit right now that I think Xerobank is by far the better option for the vast majority of people seeking anonymity, especially for Torrents, banking, support groups, etc...

but what I am having a hard time to figure out, is, for the true anonymity seeker, who sees anonymity more as a fine art than something to necessarily be applied, what is better Xerobank or Tor? How can Xerobank provide more anonymity, in the pure sense, all side channel attacks aside, with the trust of all nodes being made irrelevant, than Tor? And can you show me detailed specifications of how Xerobank works compared to Tor, and what makes it better from a pure anonymity perspective? And preferably peer review too, I trust you Steve but anyone after serious anonymity would be foolish if they use trust as part of their equation.

When it comes down to it, Tor is a game of statistics. It will hide X percent of internet use from an adversary with Y percent of nodes. There are mathematical statistics formulas that can work out those numbers when supplied with node rotation times and total amount of nodes in the directory. An adversary like the NSA doesn't even play the statistics game, they essentially own the ISPs of the nodes so they essentially own Tor when it comes down to it. I don't think other agencies can do this, and I certainly don't think any non-government organization can, short of the actual ISPs themselves. For anonymity against that a very high level of mixing is needed, but thats mixmaster high latency style networks: not compatible with what most people are using tor for (web browsing).

What I want to know is, how can xerobank possibly offer me a better statistical forumla than Tor, when its already known that all Xerobank nodes are owned by one person / cooperation.

Cuz I am interested in anonymity, I have security covered on my end =P.

-{ Quote: "Sadly it won't work. Not enough crowding unless the LAN has thousands and thousands of users with sessions to the other lan, and vice versa. otherwise a simple profile analysis of who uses the lan will render your information with high probability. LAN access means you are part of a very small pool, so it is the weakest link to attack." }-

Thats why I suggest a constant stream of encrypted information rotate between the LANs. It can be dummy traffic with start and stop sequences. Essentially mixing the real users traffic with a metric **** load of fake randomly generated traffic.

-{ Quote: "Yes. Stop using PortableTor, as it is vulnerable to many side-channel attacks. If you have to use Tor, use either TorVM or JanusVM or xB Machine and not anything else." }-

Hey Steve, when will xB Machine work properly on my Vista?

Any new release coming out? Every version I have tried, never wants to connects and just times out.

What is going on?

-{ Quote: "Thank you for responding.


What does this mean for me as a casual user of the net? Is it significant?

...." }-

A better question you need to ask yourself is... why on Earth do you need to be anonymous on the internet?

If you are downloading or accessing anything illegal or inappropriate, then no anonymous program will save you.. only a matter time before you are caught. Don't be fooled, don't be gullible, there is no such thing as having 100% anonymity, ask Steve, he will admit that is near impossible, and even someone wants to monitor your activities, they can and they will.

But if you are like me, and just playing around with it our of boredom, then that's ok :)

-{ Quote: "Oh damn. When using PortableTor with Opera I fail the External NAT (Flash) test. ie it reveals my true IP address!...." }-

I defeated it by using www.hidemyass.com to surf :argh:

It said my External NAT (Quicktime) is 67.159.44.138 which is NOT my true IP :)

-{ Quote: "Can you elaborate on the side channel attacks you think tor portable is vulnerable to? I imagine you mean things like flash, java etc; but if someone has everything configured properly that isn't much of a worry is it? I pass all the tests at www.decloak.net which is by far the best tor breaker I have ever seen. ...." }-

I achieved everything you have done by doing nothing and just using www.hidemyass.com :argh: Simple as that :argh:

Now all we must do is cross our fingers and hope that nobody is monitoring and recording that website :)

-{ Quote: "A better question you need to ask yourself is... why on Earth do you need to be anonymous on the internet?

If you are downloading or accessing anything illegal or inappropriate, then no anonymous program will save you.. only a matter time before you are caught. Don't be fooled, don't be gullible, there is no such thing as having 100% anonymity, ask Steve, he will admit that is near impossible, and even someone wants to monitor your activities, they can and they will.

But if you are like me, and just playing around with it our of boredom, then that's ok :)" }-

Let's see someone trace back an E-mail sent on Mixminion to me =). I don't think ANYONE can trace back super high latency anonymity networks.

-{ Quote: "Let's see someone trace back an E-mail sent on Mixminion to me =). I don't think ANYONE can trace back super high latency anonymity networks." }-

So what if they did? It's not like your email contains any illegal or criminal activity does it? :argh:

-{ Quote: "I achieved everything you have done by doing nothing and just using www.hidemyass.com :argh: Simple as that :argh:" }-

Meh, worthless anonymity.

-{ Quote: "So what if they did? It's not like your email contains any illegal or criminal activity does it? :argh:" }-

It used to be illegal to be Jewish in Germany. The law can change any day. Maybe some day the mean old democrat socialists of America will make being republican illegal 0_0.

Snide political 'humor' aside, the law is fickle morality is a constant.

My communications are perfectly moral in every way.

And legal, but unfortunately that requires a timestamp ;-).

Besides, can communications be illegal in America? I don't send any pictures, or files (torrents for that). Can words be illegal or criminal? I mean, I know a series of binary bits can be illegal (and regardless of my agreement or disagreement with the nature of this legal and philosophical problem, I don't involve myself at all in this), and I know someone can "own" a string of binary bits and "license" it making the transmission illegal. But can a string of non copyrighted binary bits that turns into ascii text be illegal or criminal? I don't think so, at least not in places that respect freedom of speech right? You do respect freedom of speech don't you?

-{ Quote: "...You do respect freedom of speech don't you?" }-

Yes, as long as it doesn't contain any motivation for hatred, crime or killings etc.

-{ Quote: "Yes, as long as it doesn't contain any motivation for hatred, crime or killings etc." }-

I don't hate anyone and certainly don't condone killing. Crime is too broad of a topic for me to take a stance for or against it. What is a crime is decided by a third party I don't trust. What is moral is decided by objective reality (or God, I suppose).

Besides, I think people have the right to express hate all they want. As for killing, that brings up an issue. Usually I would say the crime is in the action, not in the planning. But if you wait for someone to kill someone before you arrest them, thats bad. Even if you wait for them to try and kill someone and get them on attempted murder, thats still probably a bad idea. I would say that I support freedom of speech in all cases where it doesn't IMMEDIATELY put someone at REAL risk.

-{ Quote: "Meh, worthless anonymity." }-

Well I agree, trying to gain anonymity is worthless and a waste of time, especially as I have nothing to hide and don't access anything illegal on the internet.

But all I am saying is that when I use www.hidemyass.com I achieve what others are trying to achieve by simply using that website :argh:

And it also passes all the tests at www.decloak.net which is by far the best tor breaker someone said they have seen.

-{ Quote: "Well I agree, trying to gain anonymity is worthless and a waste of time, especially as I have nothing to hide and don't access anything illegal on the internet.

But all I am saying is that when I use www.hidemyass.com I achieve what others are trying to achieve by simply using that website :argh:

And it also passes all the tests at www.decloak.net which is by far the best tor breaker someone said they have seen." }-

Decloak is a good Tor breaker. Hide my ass is a single hop network though, whoever runs it can see what websites you are going to, and see who you are, as can anyone who can compromise it.

So you are of the opinion that absolutely nothing will keep a person anonymous online? Tor is a waste of time and as easy to cut through as butter with a hot knife.

And you can stop reminding everyone how law abiding you are in every post, no one cares. I don't see people jumping up and down saying they are criminals or anyone but you jumping up and down saying how law abiding they are lol. Not trying to be a dick keep it up if you like but its rather annoying.

-{ Quote: "Decloak is a good Tor breaker. Hide my ass is a single hop network though, whoever runs it can see what websites you are going to, and see who you are, as can anyone who can compromise it......" }-

The point is.. it defeats Decloak :)

And it wasn't very hard for me to figure out and do ;)

N33m3rz, there is no answer to your question from Steve.

You got it right I'm afraid. You shouldn't trust commercial VPN more then you trust Tor.

Actually, it might be significantly easier to get you if you are only relying on commercial VPN (desn't matter how good it is). All that needs to be done is to locate Steve for an example, and point the gun to his head. Authorities can torture him, make threats or even capture his family. They can force him to let them takeover his network silently. And Steve is not anonymous. He's not here incognito. He can be located fairly easy.

Don't you think that the above scenario is significantly more probable then controlling half of Tor network?

Leonid, Your reply is false and full of shoddy assumptions. First and foremost, I do not have the power to reverse the XeroBank network to correlate clients and their data. It takes multiple admins and live session tracking. Further, if I was put under pressure, XeroBank would be covertly notified without alerting anyone by my taking of a non-action, which would revoke what little access to internal systems I do have (like support tickets/forum/svn).

You need to realize this isn't our first rodeo like all the other services you are familiar with or that crop up overnight with some VPN offering.

Further, VPNs are significantly better to trust than tor because of the profit incentive/disincentive relationship. Free public participation networks are generally less safe (http://xerobank.com/support/articles/top-10-anonymity-myths/Myth-4-you-dont-have-to-trust-anyone-in-an-anonymity-network/) than privately controlled networks. Giving away something for nothing is suspicious, and tor traffic is always interesting to hackers and trivial to eavesdrop.

I will publicly offer 70% correlation of the tor network traffic to real live users, for sale, at $30,000 - $50k per month. Anyone can achieve that, legally, quickly. Tor integrity is for sale because anyone can participate and collude, thus defeating it entirely. Our network integrity is not for sale at any price. Can you think of any intelligence agency with the resources that would like to buy the integrity of the tor network? Now ask yourself if they have the resources, capability, and motivation, why wouldn't they... ... or have they already?

Sure intelligence agencies have nodes. The cool thing about intelligence agencies is that every country has many of them. One thing I know about intelligence agencies is they are extremely fraternal organizations and they do not like to share information between themselves, in country even, much less outside of the country. Do you think Chinese intelligence is going to cooperate with American intelligence? Hell, most intelligence agencies inside the country are not going to share much information between each other.

So if an American intelligence agency has a hundred nodes, its likely that a Chinese agency does as well. Also a Russian agency. Other countries are likely to have a significant number as well although China USA and Russia seem to have the most dedicated intelligence operations. I am sure Germany federal government also has a ton of nodes. All the intelligence agencies combined probably have an equal amount of nodes as non-affiliated individuals who just want to contribute to Tor. Then there is probably a minority of people who are running exits to sniff unencrypted data, and do other malicious things.

It's a statistical game for sure, but the wonderful thing about it is that no one organization has a monopoly on the things people would want to break Tor for, and the organizations are on similar footing.

I don't care if all three nodes in my path are run by intelligence agencies. FBI can run one, Chinese intelligence can run another and some carder can run my exit for all I care. They are not going to cooperate together, and the carder isn't going to find **** because all my communications are end to end encrypted. I don't think trust matters much for an anonymity network, at least in the pure sense. I don't trust the people that are running my nodes. But I do trust that the people running my nodes, the majority of the time, are not colluding together to try and break my anonymity. Although they may be trying to break my anonymity by themselves, the statistical fact of the matter is even someone with 50% of the tor nodes isn't going to be able to trace me back 50% of the time.

2000 total nodes would result in 1,331,334,000 possible circuits (that does assume every node can exit though, so the math isn't totally right).

1,000 compromised nodes would result in 166,167,000 possible circuits that are totally compromised.

1,331,334,000 /166,167,000 = 1 / 8 circuits are compromised if 1 / 2 of nodes are compromised.

for hidden services with 2,000 total nodes there are

88,224,108,612,632,992 possible circuits (And that holds true as exit nodes are made irrelevant).

Someone with 1,000 nodes will = 1,368,173,298,991,500 compromised circuits.


88,224,108,612,632,992 / 1,368,173,298,991,50 = 1 / 644 circuits are compromised when hidden services are accessed, and that assumes someone owns HALF the Tor network.

So I guess the moral of the story is use hidden services, heh.

Tony, I think you're suffering from bad logic.

You wrote:

"Well I agree, trying to gain anonymity is worthless and a waste of time, especially as I have nothing to hide and don't access anything illegal on the internet."

"A better question you need to ask yourself is... why on Earth do you need to be anonymous on the internet?"

To say "I have nothing to hide my life is an open book. Anonymity is for those who are doing something illegal."

That's totally flawed. Anonymity is like a gun. A gun is neutral. It's usage depends on the intent of a user. A gun can be used to commit robbery or murder. A gun could also be used in defense of one's life and property. A gun may be used in the noble defense of one's country under attack from an evil marauding army. Banning all guns is certainly not the answer.

Consider the situation where one lives in a politically repressive country. The need to keep your identity a secret in sensitive communications is a matter of life and death. Opposition to the state is a crime and illegal. During the uprisings in Burma a few years back, many correspondents and bloggers used Tor. Communications were under severe state censorship. Opposition to the state meant certain death or imprisonment.

Many such as myself, really DO have nothing to hide. But I resent wholesale state surveillance. My communications are legal, but by God, they are mine and they are private. I give no consent to my emails being scanned, the web sites I visit being tracked and my phone calls being monitored. There may be little I can can do, but try I will.

Nothing in life is foolproof or secure. There are no guarantees.
Death is certain in life, but does that make life futile?

Anonymity may be a slippery slope, but please do not think breaking anonymity under certain anonymity schemes is a trivial matter.

In McIntyre v. Ohio Elections Commission the US Supreme Court wrote:

"Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society. "

It is a noble cause, a worthy endeavor.

Steve, it's a matter of trust. I don't trust you when you are claiming that your network can't be taken over by cops.

On the contrary, private networks are able to monitor their customers much more easily.

At least Tor has published its own weaknesses. Tor developers are even encouraging users to read about it. While you are making claims that your network is unbreakable.

Leonid, it's not that I am saying our network is unbreakable, but that I am saying it is much harder to break, and we know it because we've broken those other networks, so we're defacto experts on that subject.

It is not analagous to other networks, so drawing analogies to other networks isn't going to be a good comparison. Because it is a private multi-hop mixed/multiplexed VPN, it's very different than other VPNs, Tor, and JAP. Tor is a project first of all, and public network that runs on monetary and resource donations, and depends on the kindness of others to participate in their network by routing traffic for others. It's socialistic. So they have an academic and fiduciary responsibility to explain themselves. You want the same from a private corporation, but typically you won't find any business who wants to tell you how they do what it is they do. But I think you're more interested in the properties of the network, and a threat assessment, yes? You're right that it would help to have a whitepaper to discuss the threats and benefits of the network. I would like to write that up with Mr. Herzog, our CSO.

NOTE: I started writing out what the threats were and this quickly became a 2 page long entry. I think I'll start writing the threat-model whitepaper.

Sorry guys, but since I started this topic do you mind helping me answer my question in post#3 about why TorVM gives me that error? I'm using Win2K pro sp4

sorry

208729