ISP and TOR

Discussion in 'privacy technology' started by FileShredder, Feb 27, 2011.

Thread Status:
Not open for further replies.
  1. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    This is my connection settings on Firefox


    http://i51.tinypic.com/2r2r9fd.jpg

    I know my ISP will be able to see that information is being sent and recieved from TOR, but will they see exactly what information it is, and it's destination?
     
  2. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    If you have everything configured properly, they won't see either.

    They'll see a connection to the first/entry node. Tor uses three nodes and your data is encrypted three times, so they won't see what data you're sending either.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Don't use Tor without Firefox browser enhanced with the add-on Torbutton!

    Then you are golden! By default, Torbutton turns off all Firefox plugins when it is activated. Plugins are a potential privacy vulnerability (e.g. Adobe Flash) for any browser as they are implemented in JavaScript afaik.

    Tor sessions as described above encript http proxy requests to a Tor entry node, and remain encrypted until the exit node decrypts the request, looks up the DNS address of the destination, and delivers an unencrypted request to the destination.

    Note: in Firefox, type about:config in the location (were you would normally type an http address) bar, click on the button and search for the variable: network.proxy.socks_remote_dns - it should be set to true when Torbutton is enabled to avoid using your DNS (a DNS leak to your DNS provider) and instead use the Tor exit node's DNS server for DNS resolution of the destination's IP address.

    -- Tom
     
    Last edited: Mar 2, 2011
  4. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Yes, I checked it and it's set to "true".

    I had to ask because some people on another forum said that your ISP can still see what you are doing through TOR, and I wanted to double check.

    Thanks very much for your help :)
     
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Your ISP cannot, but there is a distinct possibility that a national intelligence agency could unravel your Tor activities if they already were watching you for some reason (i.e., they could use timing or correlation attacks). Anyone who has access to the backbone and can "see" most of the Internet would have a much easier time.
     
  6. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    extensions.torbutton.saved.socks_remote_dns is set to False and default.
    network.proxy.socks_remote_dns is set to True, and user set.

    What does that mean?


    I use the "Vidalia Bundle" for TOR and keep the Torbutton in Firefox ON.
     
    Last edited: Mar 1, 2011
  7. katio

    katio Guest

    Don't mess with the tor bundle settings. The defaults are as secure as it gets and DNS is taken care of.

    You can install wireshark and check yourself what traffic is sent. All you should see is encrypted TCP.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    The most your ISP can determine is that you are connecting to a Tor node - if they are interested at all in knowing that (may be dependent on your monthly bandwidth usage). Otherwise, they would have to expend resources to use fine grain packet inspection to see the packets commonly called deep packet inspection (I think), and even then the packets would be encrypted.

    Unless your ISP has an excess of computing power that can be directed toward decryption (which I doubt they would be interested in doing), what you are doing through Tor would only be known by your ISP if the exit node (which decrypts your packets) is also using your ISP, and traffic analysis can connect your entry Tor stream to the exit node.

    -- Tom
     
  9. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Ok thanks. I haven't quite understood, could you go over the exit node DNS again please? I use "Vidalia Bundle", which connects me to TOR, and then use Firefox with the "Torbutton" always switched on. Does using these two automatically protect me from the DNS thing? Because I remember the person saying that the DNS thing only happened if you just downloaded TOR itself, or a different TOR bundle.
     
  10. katio

    katio Guest

    I can't say it more clearly and simple than:
    Yes.
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi FileShredder,

    Seconding katio's Yes!

    In other words, as you mentioned your setting:
    If network.proxy.socks_remote_dns is set to True, and user set and you change nothing else - you are safe with regard to DNS leaks (with or without the Tor bundles, i.e. using Tor).

    If network.proxy.socks_remote_dns is set to False, and user set - then if you use Torbutton enabled, your default DNS server is in play and represents a DNS leak - i.e. the Tor exit node's DNS server is not used.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.