Is it true that you are not anonymous with Tor if you are using Windows 7 or 8?

Yes or no. My host OS is a Windows 7. Even though I'm running Linux Mint and Fedora in a virtual machine, the fact that my host OS (Windows 7) is already back-doored might already compromise my anonymity on Tor. Is this correct or not?

I have another question. Is Windows 7's backdoors so extreme that whenever you visit Tor, Microsoft and the NSA already know that you are using Tor and what kind of sites you are browsing? I'll like some privacy in my browsing because I don't want Microsoft and NSA to know everything I'm doing.

 

The existence of a backdoor in Win 7 and 8 hasn't been proven but many suspect that one exists. Since the suspected bacdoor hasn't been found, it's abilities are unknown. Backdoor aside, Windows keeps extensive logs of what you do, what you use, and where you browse. Windows probably can't log the specific activities that were performed on the virtual linux systems but the internet traffic leaving those systems did go through Windows and is probably logged somewhere.

The newer the version of Windows, the more user activities it logs, and the harder it gets to find, control, and delete those logs. If privacy is a priority, Win 7 and 8 are not good choices.

 

I don't know about the NSA or what they can do. But I am willing to bet that if this were a real problem that there would have already been all kinds of child porn busts if they could just casually know all of the Tor users and what they were doing, just simply because they were using Windows 7.

 

Your ISP is going to know you're using Tor, it just isn't going to see what you're doing on it. The NSA might though, after all they are known to hijack nodes. Also, be mindful of where you disconnect from TOR, exit nodes can see the traffic just fine. I at least think they can see last visited sites, perhaps I am wrong. Windows doesn't need backdoors for the NSA to see you, they already can if they want to.

 

No. I highly doubt that there is such a backdoor, so I would say that from this point of view you are safe.

 

Where is the traffic being logged? I need to know this.

I guess I should start using Tails. Could someone teach me how to use that?

 

What if I used Tor on the Windows 7 host OS? Do you think I would be affected by such a backdoor? I'm sorry for asking you some many questions. But what makes you think such a backdoor is "highly unlikely"?

 

The Privazer discussion thread will contain a lot of the info you're looking for. The thread regarding LastActivityView will have more. Other tools that can identify stored user data are ShellBagsView and MUICacheView.

 

That is correct answer. Even though there are no backdoors on Windows or whatever other OS you are using, the fact that NSA controls a significant number of Tor exit nodes, significantly weakens Tor's anonymity.

They could conduct timing-correlation attacks against you with greater ease, the more Tor nodes they control. That's because the chances of you landing on bad nodes increases, the more nodes they control.

If they only control the entry point, they can only see you entering the Tor network. If they only control the exit node, they can only see the unencrypted traffic that's exiting the Tor network. If they control BOTH the entry and exit nodes, then they can use timing-correlation attacks to discover that you are a part of the same circuit. And thus figure out your real ip (from the entry node) belongs to the same traffic exiting the Tor network.

Of course the above scenario is highly hypothetical. And most people would agree that even the NSA doesn't have the resources to conduct timing-correlation attacks, let alone an entity far-less powerful than the NSA.

Tor doesn't protect you from a nation-state level adversary, like the NSA.

 

That may be true.

But even if that's true, what else might?

High-latency remailer networks?

I wonder if there's some way to convert high-latency to apparent low-latency? Say I wanted to write this response, but delayed and spread over a day or two. There could be some Tor hidden service that collected a few characters at a time, sent via remailers, and then made the post.

I'm thinking of the Mailman, as I write that

 

Tor might not be complete protection from the NSA, but it is one of the most effective tools we've got.

MilkyNine,
As you mentioned, one of the biggest vulnerabilities with Tor is nodes that they control. The thing that many don't realize is that the people have more control over the odds of using a compromised node than the NSA does. The best way to reduce the risk of using compromised nodes is creating more good nodes. No matter how many the NSA can create, users can create many times that amount. I can't think of a better example of where strength in numbers applies. It's one thing to monitor the traffic on the 5000 relays and 900-1000 or so exit nodes running at any given time. If those numbers were 50,000 and 10,000, they'd be overloaded, even with the new data centers.

 

A better way to avoid bad Tor nodes is to use Torrc to edit out the suspected bad nodes. If you combine these two strategies together, the chances of you jumping onto a bad node are significantly decreased.

 

In this day and age unless you have evidence that a platform is not compromised then you must assume that it is compromised.

 

And because you really don't have any real evidence about any platform, that means that you are not going to use a computer device any more? I don't think so. In real world, you operate with risk management concepts, not with certainties.

An intelligence agency (like NSA) would like to gather data about you. If you are not a specific target, they would not know in advance what to look for, so it would make almost no sense for a Windows backdoor to target only TOR. In this case, a generic backdoor would give the most benefits to a 3-letter agency. If you are a target, a Windows backdoor won't help them too much either, because they can use other (more effective) methods to track you down.

 

Hi MilkyNine,

There may be a way to alleviate your concerns if you use a hardware based cryptorouter that interfaces with Tor - there is one such device known as Paparouter plug and play anonymity router.

I have just contacted them for more information and will post it in the hardware subforum thread in the above link after I receive a reply. One of the unique features of their equipment is that they filter out all USA and related conuntries that collaborate in their dragnet as possible exit nodes in Tor - which is to say that we may not know if they are entrenched elsewhere with regards to Tor.

-- Tom

 

Before I posted, I was expecting this sort of reply. If I do want something to stay 100% private, I keep it offline. Even this has been speculated to be problematic due to Intel being in bed with the NSA.

In such case U.S. based companies have been shown through Snowden leaks and Lavabit to bend over backwards for the U.S. government. So going from highest to lowest risk, Windows is most risky because it is US based/closed source while Linux is less risky because it is not US based and open source.
If I was going to use Tor to do something that I don't want any government (not only US) to find out then I would probably going with Whonix as my operating system.

So going back again to risk management I would go with something like this:

high risky - U.S. based closed source software
medium risk - unaudited open source software
low risk - fully audited open source software

So going back to OP's question. I think you are less likely to be anonymous on Windows 7/8 than Whonix or Free BSD or even properly configured Windows XP (noone particular does this).

As far as I am concerned the U.S. government might have backdoor to every single Windows 7/8 machine, creating the biggest bot net in the world with real time access to any information entered into the computer. Would it be possbile with Linux? I don't know Linux well enough, but I assume that it would be much harder to hide and much more cost intensive.

For me personally switching from Windows to Linux fulltime was more of a personal statement rather than a need for staying anonymous. Same goes for switching from Gmail to Runbox as my primary email account.

 

What criteria would you use to determine which nodes are bad? Tor's criteria for bad exits doesn't include NSA suspects. There's no realistic way to determine which nodes are safe and which are not. The country the node is located in is not reasonable criteria. The NSA's reach is global. Unless the data you send is personally identifiable, using one compromised node isn't enough to de-anonymize you.

I hope that the information they send can clarify that statement further. If they exclude all exits in the US and in countries that "collaberate" with them, they're excluding the majority of the exits. If that's the case, it could increase the chances of your traffic being tracked and de-anonymized.

 

Hi noone_particular,

They list each country that is filtered out on the website www.paparouter.com including:
LIST OF EXCLUDED COUNTRY EXIT NODES, The big ones, and Friendly countries to US/UK intelligence, which it claims leaves about 140 countries otherwise.

-- Tom

 

I find it odd that the only european country on that list is the UK. This thread contains examples of other european nations collaberating. Nigeria, the home of the internet scam, is considered "friendly" to the NSA? I question the criteria used for their country choices. I also question excluding exits solely on the basis of country. That's just plain paranoid. There's no way that the NSA and their cohorts gained physical access to every exit in their respective countries. If we consider the possibility of exploiting nodes remotely, why would national borders be a factor at all? Unless the country in question is censoring or blocking Tor traffic, I don't see where location has any influence on the chances of a node being bad or compromised. These could be set up anywhere by anyone.

Tor was designed so that one compromised node isn't sufficient to de-anonymize a user by itself. With an adversary that has global access, limiting your choices might actually help to de-anonymize you. IMO, they're trying to profit from peoples fears. I also disagree with a hard coded blacklist. How do you add or remove a country when things change? Buy a new router?

 

I'm satisfied with the answers in this thread. So I know that my anonymity is not compromised by the fact that I'm using Windows 7. However, there is still the possibility that my anonymity could be compromised by the fact that many Tor nodes could be controlled by an adversary (i.e. the NSA).

On the bright side, the chances of me jumping onto BOTH a malicious ENTRY and EXIT node are quite slim. And even if the Tor circuit, I'm currently using has an ENTRY and EXIT point both controlled by the NSA, it is still unlikely they have the resources to successfully conduct a timing-correlation attack against me, to "figure out" my real ip address.

 

I think that if there is one, BitLocker would be the most likely place. And that the chances are greater of there being one in Win8 than 7. And on raw hunch alone, I believe there is one. This plays into why I'm going with Win7 Pro x86 and continuing to use TrueCrypt.

 

Hi noone_particular,

I asked the following question at the paparouter website:

Is it possible to add or remove a country from the blacklist?

What was the criteria used to blacklist countries, was it one single reason
or a variety of reasons and what were they other than what the website
mentions?

Given that a smaller list of countries are available, with a global
adversary, since that decreases the set of Exit nodes available for a user's
choices of EXIT nodes, might that not contribute to the global adversary's
efforts to de-anonymize the user?

The answer was:
The reasoning behind who got blacklisted was based on NSA's program
ECHELON. It's no secret that the NSA has a program with New Zealand,
Australia, the UK and Canada. Of course if the UK's GCHQ wants to turn
over data to NSA all they would have to do is set up their taps in one
of the friendly Commonwealth countries who would be more than happy to
assist. Even MORE happy to assist are countries that are desiring
Commonwealth status such as Namibia and would assist the UK just to
curry favor.

The idea behind making it an exit node exclusion is because the last
hop is where the traffic leaves to its target and it does so
unencrypted so it makes spying on it very easy.
If the exit node happens to be Germany, Iceland, or some other country
not friendly to US intelligence (that leaves more than 150 countries)
it makes tapping the unencrypted traffic tougher, if not impossible
given the US's reputation in those countries.
This doesn't stop the data from actually transiting ECHELON friendly
countries because it is encrypted but given the recent revelations
about NSA weakening RSA, I am going to undertake testing to see if
it's an appreciable decrease excluding those countries as transit hops
as well.

-- Tom

 

Exactly. The NSA or some other three-letter agency doesn't need a backdoor on Windows or Mac to track you down. They can simply set up a lot of honeypot Tor nodes. If they control a significant percentage of the Tor network, they can seriously compromise Tor's anonymity.

I don't think timing-correlation attacks are feasible in real life. Timing-correlation attacks require too much resources and money to conduct. So a three-letter agency's best bet is to control as many exit nodes as possible. And then inject malicious scripts into the Tor browser's of anyone (who has scripts and Javascript enabled) to expose their real ip address.

I think that's the most realistic way for a three-letter agency to compromise Tor. They have more than enough resources to control as many exit nodes as possible. And from there on, they can inject malicious scripts into your browser to expose your non-Tor ip address.

Like I said, timing-correlation attacks are unfeasible in real life. Controlling a bunch of exit nodes and injecting scripts into your browser (if you have scripting and javascript enabled), is the most feasible way to attack the Tor network.

That's why you must have javascript and all forms of scripting disabled at ALL TIMES when you are using Tor. Otherwise, you risk exposing your real ip address, if the exit node is controlled by a three-letter agency. And this three-letter agency can inject malicious scripts into your browser to expose your real ip address.