ISP and TOR

This is my connection settings on Firefox


http://i51.tinypic.com/2r2r9fd.jpg

I know my ISP will be able to see that information is being sent and recieved from TOR, but will they see exactly what information it is, and it's destination?

 

If you have everything configured properly, they won't see either.

They'll see a connection to the first/entry node. Tor uses three nodes and your data is encrypted three times, so they won't see what data you're sending either.

 

Don't use Tor without Firefox browser enhanced with the add-on Torbutton!

Then you are golden! By default, Torbutton turns off all Firefox plugins when it is activated. Plugins are a potential privacy vulnerability (e.g. Adobe Flash) for any browser as they are implemented in JavaScript afaik.

Tor sessions as described above encript http proxy requests to a Tor entry node, and remain encrypted until the exit node decrypts the request, looks up the DNS address of the destination, and delivers an unencrypted request to the destination.

Note: in Firefox, type about:config in the location (were you would normally type an http address) bar, click on the button and search for the variable: network.proxy.socks_remote_dns - it should be set to true when Torbutton is enabled to avoid using your DNS (a DNS leak to your DNS provider) and instead use the Tor exit node's DNS server for DNS resolution of the destination's IP address.

-- Tom

 

Yes, I checked it and it's set to "true".

I had to ask because some people on another forum said that your ISP can still see what you are doing through TOR, and I wanted to double check.

Thanks very much for your help

 

Your ISP cannot, but there is a distinct possibility that a national intelligence agency could unravel your Tor activities if they already were watching you for some reason (i.e., they could use timing or correlation attacks). Anyone who has access to the backbone and can "see" most of the Internet would have a much easier time.

 

extensions.torbutton.saved.socks_remote_dns is set to False and default.
network.proxy.socks_remote_dns is set to True, and user set.

What does that mean?


I use the "Vidalia Bundle" for TOR and keep the Torbutton in Firefox ON.

 

Don't mess with the tor bundle settings. The defaults are as secure as it gets and DNS is taken care of.

You can install wireshark and check yourself what traffic is sent. All you should see is encrypted TCP.

 

The most your ISP can determine is that you are connecting to a Tor node - if they are interested at all in knowing that (may be dependent on your monthly bandwidth usage). Otherwise, they would have to expend resources to use fine grain packet inspection to see the packets commonly called deep packet inspection (I think), and even then the packets would be encrypted.

Unless your ISP has an excess of computing power that can be directed toward decryption (which I doubt they would be interested in doing), what you are doing through Tor would only be known by your ISP if the exit node (which decrypts your packets) is also using your ISP, and traffic analysis can connect your entry Tor stream to the exit node.

-- Tom

 

Ok thanks. I haven't quite understood, could you go over the exit node DNS again please? I use "Vidalia Bundle", which connects me to TOR, and then use Firefox with the "Torbutton" always switched on. Does using these two automatically protect me from the DNS thing? Because I remember the person saying that the DNS thing only happened if you just downloaded TOR itself, or a different TOR bundle.

 

I can't say it more clearly and simple than:
Yes.

 

Hi FileShredder,

Seconding katio's Yes!

In other words, as you mentioned your setting:

If network.proxy.socks_remote_dns is set to True, and user set and you change nothing else - you are safe with regard to DNS leaks (with or without the Tor bundles, i.e. using Tor).

If network.proxy.socks_remote_dns is set to False, and user set - then if you use Torbutton enabled, your default DNS server is in play and represents a DNS leak - i.e. the Tor exit node's DNS server is not used.

-- Tom