Ideas to encrypt TOR entry and exit nodes

Discussion in 'privacy technology' started by danielspencer2, Jun 3, 2009.

Thread Status:
Not open for further replies.
  1. danielspencer2
    Offline

    danielspencer2 Registered Member

    We all know with TOR that the weak points are that the initial connection to a TOR entry node is not anonymous, and that TOR exit nodes are unencrypted so the exit node operator can view all the traffic.

    I was brainstorming for days and i cannot think of a solution to this problem so I would like to ask if anyone here knows how TOR could encrypt exit and entry nodes?
  2. JokersWild
    Offline

    JokersWild Registered Member

    In theory at least, here's how Tor works:

    Tor is designed to disassociate the content of your traffic from your IP address.

    Thus: A Tor entry can know your originating IP address, but only knows it is passing an encrypted chunk of data along to another Tor node. The entry node does not know the ultimate destination of your traffic.

    The Tor exit node can know the contents of your traffic, but only knows it has received an encrypted chunk of data from another Tor node.
  3. danielspencer2
    Offline

    danielspencer2 Registered Member

    but there is a way for authorities to trace the original ip address to it's source if a person examined the exit node logs then went backwards until they reached the entry node right?

  4. SteveTX
    Offline

    SteveTX Registered Member

    Tor nodes are not "allowed" to keep logs. If they find out you keep logs or do injecting, they put you in a "badnode" list. So presumably, if every link in your circuit (3) kept logs they could find out who you are.

    However, that doesn't really matter. It is easier to find out who you are than by asking nodes for logs. Aug 1, deanonymizer will be released, and will unmask virtually all tor users as an example of the results of poor implementation.
  5. caspian
    Offline

    caspian Registered Member

    God that will be a spooky thought for a lot of people, I would think. I even read about some international government agencies being exposed once, just as an experient.....and that was a long time ago.
  6. danielspencer2
    Offline

    danielspencer2 Registered Member

    will deanonymizer unmask people using tor thats included in xb browser?

  7. SteveTX
    Offline

    SteveTX Registered Member

    It won't defeat the new xB Browser we release by Aug 1. :)
  8. danielspencer2
    Offline

    danielspencer2 Registered Member

    So if i use the current xb browser to be anonymous on june 10th, are you saying when the deanonymizer is released that it would be able to find some info about me? Or does deanonymizer work in real-time so if a person has a tor exit node and they ran deanonymizer could they see my real ip?

  9. SteveTX
    Offline

    SteveTX Registered Member

    They are independent projects. I don't know if DeAnonymizer will currently work against the legacy xB Browser but our bug finders are terribly clever. Our replacement xB Browser will be very modern and defeat nearly every possible attack including those by DeAnonymizer (because of superior implementation and leakproofing).

    DeAnonymizer does run in real time. So any Tor exit node or wordpress blog will be able to deanonymize you with our plugins, or you can visit deanonymizer and test yourself directly. There will be great wailing and gnashing of teeth.
  10. snowdrift
    Offline

    snowdrift Registered Member

    Be careful, Steve. Your deep South fundamentalist Baptist roots are showing! ;-)
  11. caspian
    Offline

    caspian Registered Member

    Could I have a side order of locusts to go with that?:D
  12. arran
    Offline

    arran Registered Member

    Do you have to use xB Browser for xerobank ? or can you use firefox for xerobank services?

    what are the benefits of using xB Browser Versus Firefox with, Cache disabled, No script, Global cookies blocked, adds ons disabled, history disabled, Java disabled and referrer disabled ?
  13. SteveTX
    Offline

    SteveTX Registered Member

    No, you don't have to use xB Browser for XeroBank. XeroBank is a full VPN, meaning all your existing programs, browser, applications, games, etc are fully anonymized and encrypted through the XeroBank network. However, you can continue to use the xB Browser in addition to XeroBank's anonymous service to help you avoid phishing and evil websites, but it isn't required for anonymity if you already have xB VPN running.

    xB Browser is significantly more complicated than any setup you can do with firefox. In addition to all those simple plugins, It is preconfigured to block all mime types, to disable hidden and rogue plugins, has external profile management, search and destroy flash cookies, profile protection to prevent users from compromising their own anonymity, awareness of firewalls and networking, threat model management for both VPN and Tor access, built-in tor and VPN process management, and lots more.
  14. arran
    Offline

    arran Registered Member

    how do you get the trial to work? what pin number do I enter here?

    Why isn't there a separate down load for the browser?

    Attached Files:

    • hmm.JPG
      hmm.JPG
      File size:
      57.4 KB
      Views:
      2,055
  15. SteveTX
    Offline

    SteveTX Registered Member

    Just enter in your access account number you were emailed. It won't ask you for a PIN if you entered it in correctly. Why would there be a separate download for the browser? It's all contained in the single installer.
  16. kareldjag
    Offline

    kareldjag Registered Member

    hi,

    In fact there is a way to harden Tor, and i am really wondering why StevTX has not talked about it before...maybe that he was not aware of it, that makes me doubt of his level of expertise, or maybe he has censored himself for interest conflicts reasons...bad points in both cases...
    With OnionCat it is possible to build VPN connections on Tor hidden services.
    OnionCat has been presented at the begining of the year at the Chaos Computer Club Congress:
    http://events.ccc.de/congress/2008/Fahrplan/events/2828.en.html
    http://www.cypherpunk.at/onioncat/

    OnionCat hardens Tor agaisnt a few issues (http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html ) like DNS leaks ( https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS ) for instance.
    As i i use a cable ISP with a fixe IP i sometimes use Tor, and i guess that services like Xerobank will be more and more used in France after the HADOPI law:
    http://www.edri.org/edri-gram/number7.10/france-three-strikes-voted
    Except for those who want a fast surf, and then downloads, paid anonimity services like Xerobank are not necessary: i trust more Tor than Xerobank, and who knows? what proves that this last one is not a trojan of the NSA?

    Of course, as for anyone who takes seriously into consideration its privacy, OnionCat is for those who begin FIRST by forgetting Windows...
    And of course, an hardened Tor configuration only protects internet activities, and since crime has any relation and echo in real world, there is therefore many ways to catch those who have illegal things to hide...

    rgds
  17. SteveTX
    Offline

    SteveTX Registered Member

    You should read what the user asked before you start making ad hominem attacks. This isn't a question of hardening tor, or tor hidden services. If we were talking about hardening tor, i would suggest JanusVM or TorVM, which were both developed by two folks, one of whom is on the XeroBank team, and which was developed a 1+ years later than XeroBank's xB Machine VM which runs on both Tor and XeroBank, which is 2+ years before OnionCat. You've been enlightened, enjoy.
  18. kareldjag
    Offline

    kareldjag Registered Member

    Funny... a Xerobank self advertising reply to a Xerobank anti marketing post...i could not expect more from SteveTX.
    Sorry but i am quite boring with SteveTX spam advertising campaigns on this board, especially for a stinking business.
    i just wanted to tell it by ABC.
  19. SteveTX
    Offline

    SteveTX Registered Member

    :rolleyes: If I could keep users from asking these questions on wilders and send it to xb forum, I would. The fact is that someone asked, i gave them the exact answer, no more no less. You walk in, talk trash and have an off topic post about hidden services which neither addresses the original topic or the current thread. If you just wanted to be acrimonious, you didn't need a pretense about onioncat.
  20. danielspencer2
    Offline

    danielspencer2 Registered Member

    so why hasn't tor included OnionCat inside it or developed their own OnionCat?

  21. danielspencer2
    Offline

    danielspencer2 Registered Member

    So just to confirm, here is a scenario:

    1)Person using current version of xb browser makes an anonymous comment in a wordpress blog today. Currently blog owner will not be able to trace the original ip address the comment came from.

    2)When deanonymizer is released later this year, the blog owner can use deanonymizer to trace the original ip address of the comment that was made a few months ago?

    Is this scenario true or false?

  22. SteveTX
    Offline

    SteveTX Registered Member

    DeAnonymizer will only work if the blog owner used it to scan the commentor while the commentor was on his website.
  23. arran
    Offline

    arran Registered Member

    If that's the case then it would be very difficult to use DeAnonymizer. Because
    after the Blog page has been downloaded to your browser isn't the Connection broken? The only time there is a physical connection is when your browser is loading a page which is only for what 1 or 2 seconds?
  24. SteveTX
    Offline

    SteveTX Registered Member

    Yes and no. The blog plugin has a mode where it can be set to start scanning using a hidden iframe that will stay open across the site regardless of navigation, or can start scanning while the user is writing a comment (to keep out spammers).

    It will quickly do an IP scan for network detection (instant) and can ban based on proxy detection, then it loads up about 25 proxy-breaking tests which take a half second to 3 seconds or so to complete each but can be run concurrently.

    The point is not to be some evil tool but to demonstrate to everyone that they aren't as anonymous as they are being led to believe. This will change the game and put nearly all "anonymity" (privacy) services and networks to shame.
  25. arran
    Offline

    arran Registered Member


    FF no script blocks IFrame. would this prevent it?
Thread Status:
Not open for further replies.