Is using Tor by itself enough to stay anonymous?

If I disable scripts, don't give out personal info and use a different username on .onion sites than I do on the clearnet, am I perfectly anonymous with Tor? Yes or no? I simply have all scripts disabled, don't give out personal info and use a different username on .onion sites than I do on the clearnet. Is that enough for staying anonymous whilst using Tor?

 

"Perfectly anonymous" is rather an absolute, so the answer must be no.

But Tor is the best option available. Using Tor, you are more anonymous than you would be using JonDonym alone, and far more anonymous than you would be using VPN services alone.

Although Tor is a much larger anonymity system than JonDonym, it's still too small. Anyone with the financial resources and expertise to wield large cloud server clusters (such as AWS cluster compute instances) can be a strong relay (Sybil) adversary, at least for limited periods of time. Over time, one of their relays may become your entry guard. Then they wait for one of their exit relays to end one of your circuits. Now they've linked you to a destination.

There is some good news, though. All of that depends on waiting for your Tor client to make random choices. Adversaries can't focus the attack on particular users or destinations. Network correlation attacks are apparently much harder, even for the NSA.

Anyway, your best bet is combining VPN services, JonDonym and Tor.

 

So by having a VPN behind Tor would increase my anonymity right?

 

I'm not sure that I understand "VPN behind Tor". If you mean to access Tor through the VPN, it's not so much that it "increases" anonymity. It just adds a step for an adversary that manages to compromise some of your Tor circuits. Now if that's the NSA, you're hosed anyway. But if it's a small group renting lots of cloud servers, maybe they don't have the resources to get logs (if they even exist) from your VPN provider, or compromise its ISP, or whatever.

If you mean routing a VPN through Tor, I don't think that it helps much. But if you're hitting sites controlled by an adversary that's especially interested in Tor users, it might be helpful.

 

You can be anonymous when browsing. But the way you describe is not a (secure) way (its more how a noob would do it).

It will fool many. But its not a secure way at all, search some and you can find smarter ways.

 

How exactly is the NSA going to get logs that don't exist? And if logs don't exist, how is the NSA going to identify you through the VPN?

 

Right, the NSA isn't going to get logs that don't exist. But they are good at intercepting stuff. If the NSA owns one of your Tor entry guards, they know the VPN exit IP. And from that they know what data center the VPN server is in. Unless it's very unique, they probably already have intercepts in their systems. Then they ask your ISP.

Anyway, if the NSA knows your VPN exit IP, you're hosed. Maybe not historically, but certainly moving forward.

 

Maybe I'm missing something, but what you're saying doesn't seem to make sense.

What do you mean "unless it's very unique"? Unless what is unique? The VPN provider?

And what do you mean "intercepts in their systems"? Are you seriously suggesting the NSA has direct access to every VPN provider's network, allowing NSA to determine every single originating IP address connecting through the VPN? (Unless the VPN provider is "unique," whatever the heck that means)?

And even then, how in the heck are you proposing the NSA is determining which originating IP is associated with which VPN traffic? With VPN exit IPs being shared between hundreds (or thousands) of clients simultaneously, what you're saying would have to literally amount to the NSA virtually owning the VPN provider's entire network. (And then this would have to be multiplied out to literally every VPN provider worldwide.)

I'm just not buying it. The NSA is not magic, nor do they own the Internet, which they would essentially have to do to accomplish the kind of reach you're talking about.

I really don't know what you mean by "if the NSA knows your VPN exit IP, you're hosed."

 

By unique, I mean a VPN provider with traffic that's not being intercepted. I'm not saying that every data center and ISP is intercepted. I'm just saying that the NSA arguably intercepts ALL Internet traffic somewhere. The safest bet is they have thousands of interception setups, in a global grid, so that they work in parallel.

Yes, they have the data, at least a days worth of everything, based on what I've read. But they haven't yet learned how to analyze it well enough to be fully available to their analysts.

They're working on that

Individual VPN servers don't have hundreds of clients. Look at AirVPN's server stats.

Traffic correlation for a VPN server's input and output is trivial, even with many simultaneous users.

Nobody ever expects the Spanish Inquisition

If they know the exit IP, they can correlate entry-to-exit streams. Then they contact the ISP.

 

Even if that were the case (which..."ALL" is a pretty encompassing term...I don't think that's possible), no one has the resources to decrypt it all. And even trying to pinpoint specific traffic so you'd know where to focus your decryption efforts would be quite a task.

Source?

Did you really just use a single VPN provider's stats to support a blanket claim about every single VPN provider in the world?

I'm not sure what that's supposed to mean.

This is still assuming a few things. For one, this requires specific targeting. You would have to be singled out for correlation, and they would have to have some way of zeroing in on your specific activity. You keep saying "if they know the exit IP"...It's not exactly hard to determine the IP addresses used by VPNs. Anyone can "know the exit IP" of VPN services. It sounds like you're suggesting NSA can simply monitor the entire Internet and run a simple Boolean function and match every single proxy/VPN to it's originating IP.

Honestly if that sort of thing were possible, I doubt you'd see all the complaints of the sort we keep hearing, such as how they collect so much that they literally don't even know what all they have...let alone have a way to make it all useful.

 

IMO, we have to assume that they're doing traffic analysis on VPNs and that they can compare and correlate the inbound and outbound traffic. Adding a VPN to Tor makes it more labor intensive and expensive to track you but it doesn't make it any less possible. The real question becomes "are you worth the added effort and cost?" That question you have to answer.

 

Look, at this point you're safer if you simply assume the NSA, GCHQ etc owns TOR nodes, is hooked into every internet pipeline, has special intercepting rooms in every telecommunications station and knows how to get past troublesome annoyances such as VPNs ((and assume that VPN companies hand over data without thinking twice)). You can't rely on what you think math can and can't allow nor what is financially or technically feasible or not. You're dealing with nearly limitless budgets, little oversight and thousands of the most gifted scientists and mathematicians in the world involved with global operations with known and very likely unknown tech advances at their beck and call. What does it matter really if they have an overwhelming amount of data? That just means they are working hard to intercept and collect every ounce of data they can. There's nothing simple about it all, but that's why there is nearly unlimited money at their disposal.

 

It also seems to snowball the more privacy and security you get into.

Level 1: Household only browses top 100 sites like Facebook, Google, Youtube, news sites.
Level 2: Interest in Linux.
...
Level 22: Interest in Tor, VPN, or EFF.
...
Level 70: Encrypted email service that isn't a top 10 email.
...
Level 135: CONFIRMED DOWNLOAD OF TOR
...
Level 200: You browsed a Muslim site.
...
Level 432: You're an Afghan interpretor who's come over to the USA to avoid getting your head chopped off by the Taliban. Service men consider you as a brother in arms, the government says you're a threat.

(I'm trying to be a bit comical with the list, but the gist is what I'm trying to get across) We're all affected by the automated NSA, but I feel the more steps we take to circumnavigate it the more you start getting actual breathing people taking interest. That's why the EFF, while also not perfect, keeps trying to normalize the few tools we do have. I feel like VPNs protect us from what we all know exists, which is automated logging at the ISP level, but beyond that, I don't know.

https://en.wikipedia.org/wiki/The_Masque_of_Anarchy

Ye are many — they are few

I'm not at all saying you're wrong, you're right. I just like to think there is some hope though.

 

Look, we don't know the NSA's capabilities.

We do the best that we know how to do, and we hope.

Assuming that "XYZ" is enough, so we don't need "A", is maybe foolish, if "A" is readily doable.

No?

 

A little paranoia has never hurt (actually it saved a few people). Tor has many theoretical weaknesses (tho we lack evidence of concrete hacks).

Personally I would not trust it, there are better ways to stay anonymous if that is the goal with less theoretical weaknesses. Just do some reading, don't be lazy.

 

There are many published exploits, most of them by Tor developers. Check out http://freehaven.net/anonbib/topic.html

 

This is the kind of FUD that isn't helpful at all. Nothing wrong with being cautious, but just throwing your hands up in the air and saying it's hopeless is not only worthless, it's not even realistic.

The one common theme experts like Bruce Schneier keep reiterating that we've learned from the Snowden documents is that "the NSA is not magic." They can't break Tor, and it ~ Snipped as per TOS ~ them off. They can't break encryption to anywhere near the extent that was once thought. Their exploits are much more predictable than what was originally thought. The entire TAO catalog didn't really contain anything profound, it was basically commonly known exploits but simply with a budget.

You literally just said "You can't rely on what you think math can and can't allow." As in, they NSA can defy the laws of mathematics and physics. If there's one thing we've learned in the past year, it's that no, they can't.

https://youtu.be/N8Sc6pUR1mA?t=8m39s

Even Snowden himself made it a point to emphasize that "cryptography works."

This is not to say that NSA can't break something. They probably do have some more efficient method of factoring prime numbers, for example. That's totally reasonable, as factoring gets better every year anyway, and you can assume NSA is ahead of academia since they get everything the academic world publishes, plus what they generate internally. It's also certainly possible that they can break some elliptic curves to a greater extent than the academic world. RC4 has been close to being broken for some time now, so maybe they can break that.

So it's not like they can't do anything, but you're basically saying assume they can do anything...including break the laws of physics and economics.

You literally said "you can't rely on [..] what is financially or technically feasible or not. You're dealing with nearly limitless budgets..."

And the fact of the matter is, that is just simply not true. We have a pretty good idea what their budget is. The NSA is one of at least 15 intelligence agencies, and combined the total U.S. intelligence budget in 2012 was $75 billion, with an estimated 14% of that (~$10 billion) going to NSA. They have around 30k-40k employees, 1000 of which are sysadmins.

They obviously don't have "nearly unlimited" money and resources at their disposal, which is why they can't handle the data they already collect. Seriously, it's nearly 15 years after 9/11 and they didn't even stop the Boston incident where you had one guy with a sloppy Facebook trail and the other was already on a terrorist watchlist.

You'd be better off arguing that they are complicit, than all this omnipotent hooha. (In fact, you kind of have to argue that, because the only alternative is that you're giving them way too much credit, i.e. you're simply wrong.)

 

Such as...?

 

Are you not aware of black budgets? Neither the military nor intelligence agencies publicly announce their total budgets. You can call me silly all you want and say I'm spreading FUD, but when it comes to operating in the black I have the experience to talk about the financial and technical possibilities. Do I know all the secret toys there are to play with now at Langley and Ft Meade? I most certainly do not. But neither does anyone else without the proper security clearances. What we've learned from Bruce Schneier and Snowden is that these agencies are just as terrible at "bookkeeping" as they were back when we had agents roaming the streets of Moscow instead of sitting behind a computer while the information flowed in like water for them. Of course cryptography works, or else the agencies themselves wouldn't use it. But you're forgetting that our encryption methods aren't getting any better, while their encryption breaking most certainly is. They don't have to defy any mathematical or physics laws to break the methods available. They just have to keep trying, searching every last inch of the code using computing power that is almost certainly a few steps ahead of known systems. Does that mean they've already broke them? No. But for one thing that certainly doesn't mean they can't. And, for another, we wouldn't even know it until it was too late.

It's quite fine if you don't agree, and you're right that there is no Harry Potter stuff going on. We are merely humans after all. But not giving them enough credit or thinking these agencies can't do something is a mistake. Remember, we once thought they weren't embedded in nearly every communications we use. Then Snowden showed up.

 

You mean the budgets of the intelligence community (such as the NSA) that aren't officially reported with specific numbers? You mean the kind of "black budget" info revealed through high level leaks from people with names like "Snowden" and "Drake" and "Binney"? No never heard of it.

Or someone with root access.

Oh? Would you like to provide evidence of this? Is that why we didn't just have another open NIST competiton to create a SHA-3 standard? Is that why we never hear about new methods? lol

Well they certainly don't seem to have any other way of doing it. Again and again we see that they simply can't break the crypto we have...they have to develop ways around it.

And I'm not the one who said "You can't rely on what you think math can and can't allow," implying that they can defy universal laws of mathematics.

You did.

It's statements like this that reveal the ignorance of people who talk over their own heads. "Searching every last inch of code" is not what cryptanalysis is. That doesn't even make sense. It's no wonder you think all it takes is computing power and smart people and all of a sudden you have to worry about things "math can't allow."

I know that. I'm the one who said it. Again, you were the one who said we "can't rely on what you think math can and can't allow, or what is financially or technically feasible or not."

I am the one who has been saying all along they are bound by the same laws of mathematics, physics, and economics as everyone else. It's people like you who, forgive me, are in a little too far over their heads who end up treating government agencies like something out of a James Bond film, with some kind of deus ex machina that allows pretty much anything you can imagine (or saw in a movie).

No, it's called making educated guesses. Risk assessment. Intelligent estimation. You look at the info you have available, and then draw conclusions based on that info and some basic assumptions. That is how wise people navigate in these kind of waters.

Simply throwing your hands up and screaming "assume they can do anything!!!" is the mistake.

I'm not trying to be rude, but this again just reeks of ignorance. Even guys around here will tell you almost none of the Snowden revelations are all that surprising. They simply confirmed most of what was already suspected. (At least by people who pay attention.) It's obvious you've never heard of Room 641A, or ACLU v. NSA, or Thinthread and the Trailblazer Project. You're not familiar with Russ Tice or Thomas Drake or William Binney. And all of that is basically a decade old already.

If the Snowden docs revealed anything surprising, it was the fact that the NSA lacks capabilities we thought they'd have.

 

That's just how it went down with Heartbleed. Nobody (we know of, anyway) went through the code well enough. That bug was sitting in plain sight for years!

I totally agree.

Well, that is one canonical adversary. It's never good to underestimate adversaries. One makes conservative assumptions. One example is "computationally unbounded".

Much of Snowden's stuff is 3-6 years old.

 

Are you kidding? This is a joke, right? Heartbleed was a simple bug in OpenSSL's implementation of a TLS/DTLS extension (an extension called "heartbeat", as a matter of fact, which is where the cool name comes from.) It was a minor oversight which basically allowed an attacker to grab 64kB of random memory from a server.

This has absolutely nothing to do with cryptanalysis and certainly has nothing to do with doing things "math can't allow."

If anything, Heartbleed only supports my point that the crypto (i.e. the math) is the strongest link in the security chain. And breaches of security are almost always going to come from somewhere else.

I didn't say it was.

That's what I said.

Depends on how you're measuring. Yeah PRISM launched in 2007, but it's been going on (and growing) ever since. But for that matter I'm not even sure what's your point there anyway.

My point in mentioning those revelations from the early/mid-2000s was to illustrate that Dave is simply over his head and basically has no idea what he's talking about. Maybe he was completely oblivious and "then Snowden showed up," but as I said, anyone who actually pays attention wasn't surprised at all. I mean seriously, all that stuff I mentioned was literally national news the better part of a decade ago already.

It's almost like saying "Remember, we once thought no one could get to the President. Then Reagan got shot."

 

OK, whatever

The point re OP's question is that we don't know whether "using Tor by itself [is] enough to stay anonymous".

Recall Tor's startup warning: "This is experimental software. Do not rely on it for strong anonymity."

 

lol that's pretty standard "cover our own ~ Snipped as per TOS ~" disclaimer language, wouldn't you say? It's not as if you'll ever see any software claiming "You're totally secure now. The software is 100% unbreakable and you have nothing to worry about. I guarantee it."

 

Actually, don't some VPN services more or less claim that?