NSA slideshow on 'The TOR problem'

An example of javascript filtering with Proxomitron. This filter is part of its default filter set but not enabled by default. Scripts containing any of the items listed in "matching expression" are removed.


A more powerful and versatile filterset is the Andrew Security Filter, now referred to as ProxBlox. This is a partial screenshot of a page showing its filtering and whitelisting capabilities. The whitelist can be applied to the specific page or the host site.

Proxomitron is far more powerful than most people realize if the user takes the time to learn it. There's very little that it can't filter or modify on the fly.

 

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

more details...

 

One of the best tools for those building their own packages using a Mozilla based browser is the Request Policy extension. If you deselect all of the initial whitelist options, you can then build your own, allowing only the connections necessary to see the page. It's quite an eye opener to view all of the links most pages want to open, and just how many of them are Google related.
An example using the Ars Tecnhica home page. Everything in red was blocked. I whitelisted the single green entry.

 

Reading this article about Tor safety is pretty scaring:
http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html

MY QUESTION is, does using a VPN+Tor improve our security? Or if the federal organization controlled all the 3 nodes we are connecting to, we are busted the same, even if we are running a VPN? Please answer thank you guys

 

Dude. As long as you do the following

1) Keep your Tor Browser Bundle updated
2) Disable all scripts with NoScripts
3) Disable Javascripts

I doubt your real ip will ever be revealed.

 

Thank y CR. I disabled all the scripts from the TorBB settings, every single script is disabled (java,flash,font etc etc) but i didnt download NoScripts, is it a Firefox/Tor addon? I only disabled them manually in Tor Settings its the same?.

However i think if they controlled all the 3 nodes a user can be busted the same no? So i was wondering if running a VPN behind Tor this coulded improve our security

 

This.

Run a VPN behind, why would you not do this?

 

Hi Talis, i only had a curiosity about the article i posted before, if im on Tor and all the 3 nodes are controlled by the same agency but im running a VPN they could get my ip or not?

 

You should use NoScripts. It is built into Tor Browser Bundle. It is on the top-left hand side corner of TBB. It is first object left of the address bar on TBB. Use it to disable scripts.

If the NSA is your adversary then they can trace you through Tor. But if your adversary is only law enforcement, they simply don't have the resources to trace you through Tor.

At BEST they can trace you back to the exit node, seize the exit node's owner and then figure out they are at a dead-end (since the exit node doesn't keep any logs). It is virtually impossible for them obtain the logs through all three Tor hops because the Tor nodes are situated throughout the world and the nodes will delete logs before anyone can subpoena them for it.

As long as you use common sense and don't give out any identifying personal info, nobody can find you through Tor.

 

Thank u for the answer, u have been very clear, even if im still quite scared by the article i posted before, in the article it seemed to be quite easy to track a user, however i think that using vpn+tor with no scripts would be fine, thank u again : )

 

No problem I hope I was able to help you out.

 

If your using a VPN you cover yourself from a lot of low level NSA hacking through Tor attempts, so use one anyway always. You should set NoScript to block Iframes as well as they are not blocked by default, you will find that in the NoScript options again (ip-check.info) to find out how secure you have your Tor working.

 

I doubt his adversary would be the NSA, though.

Yes,
ip-check.info
is a GOOD site to check your Tor anonymity.

I don't even think a VPN behind Tor is necessary. I think it is just too much hassle for its worth. I just go with Tor and have all scripting disabled with No Scripts (yes, I-Frames included). As long as HungryToLearn does not reveal any identifying personal info over Tor, I doubt anyone can find out who he really is.

 

Ok thank u i will check this site : )

Thank u C.R i just didnt understand this... if i have all the scripts disabled etc etc but i just go to a normall www. site instead of a https. I could be tracked even if i have all the scripts disabled?

Because Tor advice to only use https sites but most of them dont have this protection, so its dangerous to visit non-https sites?

Thank you guys

 

If you select the Forbid Scripting Globally option on the NoScripts add-on, then your non-Tor IP will NOT be exposed. If you visit an https site, then the traffic you send through the exit node will be encrypted (but the exit node can still see the url of the webpage you are browsing).

For example, if you are sending emails through Tor and the email services use https (i.e. https://www.hushmail.com), the exit node can see you are on www.hushmail.com. But they cannot see the contents of the email you are sending, because the https encrypts the content you send through the exit node.

But if you are sending sensitive info through non-http, the exit node can see the content you are sending through it, but they still cannot see what is your originating ip.

Your originating ip cannot be revealed if you use non-http so don't worry about how non-http can reveal your ip.

 

Thank youu, amazing and clear answer, even if english is not my main language i understood all you explained, thank you for the examples : )