81% of Tor users can be de-anonymised by analysing router information, research indicates

Discussion in 'privacy problems' started by MrBrian, Nov 17, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://thestack.com/chakravarty-tor-traffic-analysis-141114:
    Related thread: good stuff about low-latency anonymity networks.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    That was a good read. If anyone runs into a slightly more "tech" overview of this I'ld love to read it through. I have an interest in learning what (if any) pre and post TOR circuit configurations might be used to impede this "attack".

    MrBrian, your title mentioned router information stuff but the linked article sort of leaves me hanging on that. Did you mean "routing" information or the physical router software on the victim client's network? It appears to be routing and not router but I am kind of dense so I am asking? LOL!
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Thanks. Now that will be some reading.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It's funny that they've focused on his Netflow stuff. I find his LinkWidth tool to be far more disturbing. Basically, you can remotely measure traffic on any accessible server :eek:
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    That title is the title of the linked article. I don't have any additional information except that, in case you missed it, the link in the first post links to a paper.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    But I guess using a VPN would complicate matters. What if you had one VPN on your real machine playing videos onliine while a VM is connected to a different VPN and the the TBB?
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Paper author's purported comments from the first link in post #3:
     
  9. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I would guess so as well. And using 2, 3 hops first would complicate matters even more.
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    "But I guess using a VPN would complicate matters"

    I don't think it would complicate it a lot. Except that it would require the cooperation of your ISP for the final hop (and your IP address).

    It's not only Netflow that's the issue here (although that might be the most useful for the last section), their other probes are probably more dangerous because they can be active as well.
     
  11. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    This interesting to hear.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK so even TOR users are not completely safe. I do wonder though why regular users would want to use TOR, is it purely about privacy?
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Clearnet users (non-TOR) cannot even see 10% of the world net. Admittedly you miss the super bad don't need to see it stuff, but you also miss lots of other stuff.

    btw - the article in this thread has seen much rebuttal. I've read about it in the Airvpn forums and elsewhere. Middle thread MrBrian also posted a comment by the author lowering the out of proportion response to this information.

    I don't want to sound gullible either though. I still keep TOR on a leash with vpn's and encryption past the exit node.



    Rasheed187 - yes for me its all about privacy in the sense that even if someone was standing next to me, there would be no major crime to grab me for. And as I said above; I cannot access outside of clearnet unless I use TOR.
     
  14. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    So what's on the other 90% that I'm missing. Seriously I am intrigued. Please explain in detail.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I'm not sure if I understood you correctly, but personally I don't see the need to hide all of my tracks, when I'm not even doing anything illegal. On the other hand, I do sort of care about privacy, I'm already using script/tracking blockers (mostly for speed) and I would also like to hide my IP, so that people can not locate you. Always handy if you get into some argument online. But I've read that "proxies" will slow down browsing, so I passed.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    One never knows ;)
     
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    :thumb:
     
  18. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Isn't this a typical timing attack of matching traffic flows coming out of exit servers and comparing it with traffic going into entry nodes? I thought this problem has always been there and isn't new
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    What's new is the capability to do it remotely, without local network access, using tools like LinkWidth and public Netflow data.
     
  20. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Well Netflow's been around for ages, I'd say what's really new (assuming this is the way it's being done, at least in part) - is the scope and industrial scale of these kinds of possibilities - IOW, the mastering/subversion of the internet.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It seems that many network engineers don't care much about privacy and such, and just want better tools for analysis and management :eek: And then there are clever folk who subvert such tools :shifty:
     
  22. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I did a major Netflow project for an ISP - for legitimate analysis and management reasons - in the late 90s and was acutely aware of privacy issues associated with it. AND - color me naive - I never ever thought they would be so stupid as to go down the road of mass surveillance using these techniques or with probes. I suppose that makes me the fool, no?

    I still think it is extraordinarily stupid and shortsighted actually (as well as hugely scary), because, within 5-10 years, it's more or less guaranteed that products and services will become available that will be very hard for the security services to inspect. As you sow....
     
Loading...