Surfing Anonymously (Tor & SSL)

Discussion in 'privacy technology' started by spider_darth, Dec 26, 2008.

Thread Status:
Not open for further replies.
  1. spider_darth

    spider_darth Registered Member

    Dec 30, 2006
    I'm rather new to surfing anonymously and so, did some reading up and had many doubts. I know it's a rather long list but I do hope you'll can help in clarifying them. Thanks in advance! :)

    Let's say if I use Tor to surf anonymously, what is visible to my ISP? It knows my real IP, it can see that I'm connecting to Tor nodes but since it is encrypted, it can't see the contents?

    It also doesn't know the final destination where I'm connecting to?

    But, can they trace my connection to the exit node and sniffed the unencrypted data there?

    Also, if I use Tor only as a client and not as a relay, does it mean that no connection exits through my node and so others won't be able to send their data through me?

    What's the difference between using Vidalia (Tor, Privoxy, Tor Button in FF), Xerobank (Tor) and Incognito? Are there any advantages of using Xerobank (Tor) over Vidalia, Tor & Privoxy?

    And are there any benefits of using Tor with a SSL proxy? Is it redundant?

    Let's say if only SSL proxies alone are used, if the SSL proxy is encrypted, is it true that my ISP can only see me connecting to a SSL proxy and does not know my final destination?

    What if the connection is unencrypted? What are the contents that my ISP can see? My final destination?

    And if the proxy server does not encrypt the connection from the proxy server to the final destination, if intercepted, can my real IP be easily traced?

    In FF, there's a feature which says 'Use SSL 3.0', does this mean that all internet connections go though SSL?

    Are there any recommended SSL proxies which encrypts twice? From my computer to the proxy server and from the proxy to the final destination I'm surfing.

    Lastly, does end-to-end encryption = anonymity? Contents transmitted is encrypted from one end to the other. But, is it anonymous? For example, can the ISP or those who intercept your connection know your real IP?
  2. SteveTX

    SteveTX Registered Member

    Mar 27, 2007
    Correct. Your ISP can only see that you have an encrypted connection to what is listed as a Tor node. After that, they can't see anything unless the Tor node is part of their network as well.

    Correct again.

    That cannot be trivially done by an ISP. That would require either state powers, IX access, or employment of one of many secret Tor sidechannel attacks via an exit node.


    Vidalia is a bundle of software that is cobbled to be a tor controller, module that converts http traffic to socks traffic, and to stop scripts. xB Browser is all of those things in one software, and does a few things noscript/torbutton doesn't do. The advantage to using xB Browser for tor access is that you don't have to manage anything, there are fewer components to fail. It can also be upgraded at anytime to run on the high-speed XeroBank network, or any other OpenVPN or SSH connection. The advantage to using Vidalia bundle is that you can control more advanced features but failure of any of the components will end your anonymity.

    Incognito is a tor virtual machine, that means it is virtually attack-proof to nearly every 0-day attack imaginable. Unfortunately, it is very primative, and for most people, they download it and it doesn't work. XeroBank has an alternative called xB Machine which does typically work, is bootable, or runnable as a CD on the operating system you already have. Another alternative is the Tor VM or Janus VM, both written by Kyle Williams, who is a security guy at XeroBank as well (fancy that?). They are endorsed officially by the Tor Project.

    Depends. Is the SSL proxy before or after Tor? The reason is, Tor is vulnerable to evil exit nodes, which can read your traffic and inject malicious code into it. If you have a SSL server you are connecting to afterwards, you have 1) anonymized your traffic, and 2) encrypted your traffic end-to-end.

    If it is before, that is virtually useless unless your network blocks tor connections but allows the ssl connection.

    Of course you're going to slow your connection down to virtually nothing by chaining such low-quality nodes together, and you aren't increasing your anonymity above using the Tor network.

    Depends on the SSL proxy, and the quality of your connection. If you are just using SSL for http traffic, then your ISP knows your destination 100% of the time. Why? Because you weren't directing your DNS requests down the SSL line. This is like trying to hide your travel destination, but going up to your ISP to ask for directions there.

    Another question is who else is using the SSL proxy, and what network is it on? There is no one-man anonymity system, so if it is your own proxy, then all traffic leaving it defacto is yours, 100% correlation. If the ISP or an ISP in the same or a friendly jurisdiction is running the servers connection to the internet, you might as well not have used the proxy at all.

    The fact is that you can trivially avoid tracking by your own ISP on a state level perhaps, but if you want to avoid the country or superlarge ISP from tracking you, there aren't enough SSL proxies and tor nodes in the world to stop that. You need crowding, you need multiplexing, you need traffic padding, you need true anonymity technologies, not just hops. Hops are easy to track by watching something called netflows. It is like putting a rubber duck in the river of internet traffic and watching what way it flows and where. You could have 100,000 hops (tor has 3 hops) and you traffic is still easy to track, because we just trace the direction of the netflows back to your machine, or start with your machine and watch where the netflows.

    Good anonymity is not a simple proposition.

    In that case your ISP can see everything. You have no anonymity at all except from the destination website. They don't know who you *really* are, except they can inject traffic to break your anonymity if they so choose, but you aren't hiding anything from anyone who wants to discover you.

    1. If you aren't using end-to-end encryption, such as https, then the proxy can never encrypt your traffic to the destination. 2. Does that make it easy to trace? That depends entirely on the quality and design of the network. If it is a single hop system, then it is very very easily traced. If it is on the Tor network, they can insert a bug into your unencrypted traffic and use that as a tracer.

    No. It just means it supports SSL 3 protocol for sites that present that type of certificate.

    The short answer is Yes, but again nobody can encrypt to your final destination for you, especially if you destination doesn't support encryption. For the least expensive solution for good anonymity, you want a full VPN connection, not just a simple SSL proxy. I would recommend for full VPN ($10/m). You could also try SecureTunnel, as they have a solution but it isn't a vpn so your traffic may leak :( . If you want stronger anonymity, I suggest XeroBank's Internet Privacy or's Road Warrior package. The latter two are very fast multihop networks, distributed encrypted servers, outside US/UK/EU jurisdictions, highest quality money can buy. In the interest of full disclosure, I am an advisor for XeroBank, and that is how I know where the holes are, and who the good competitors are.


    Wow. Great questions. NO. encryption != anonymity. encryption == content obfuscation, anonymity == context obfuscation.

    If I send you an encrypted message, you know it was me who sent it. Other people can't read it, but they can see who sent it. The content of the letter is a secret, but not the context of who sent it and under what circumstances.

    If I send you a plaintext message anonymously, anyone can read it, but they don't know who sent it, and neither do you. The content of the letter is not a secret, but who sent it and under what circumstances is a secret.
    Last edited: Dec 26, 2008
Thread Status:
Not open for further replies.