ISP question - regarding anonymous browser

Discussion in 'privacy general' started by Jim Verard, Jun 14, 2007.

Thread Status:
Not open for further replies.
  1. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    I am using Torpark/Xerobank browser, and until now there are a few past reviews explaining how he works, and saying the network is slow, that sort of things. Reviews about the software.

    But never I see a single review from someone who have tested the security of the encrypted data, by having a Internet Service Provider trying to decrypt their logs from a single user who was using Torpark. Like someone from China trying to prove you were acessing forbidden sites.

    Something like that.

    This question was answered before. Here, some posts from Torpark's creator:

    "When not using Torpark, your ISP can store all of your web surfing that is not encrypted. When using Torpark, your ISP cannot see any of your web surfing, except you are connected to the Tor network, but it is encrypted."

    "Anything going through the tor network, your ISP cannot see."

    "Using Torpark, your ISP can NOT see what websites you visit."

    "The only thing the ISP can see is encrypted traffic heading to a tor server, so they can tell your using tor, but the data that is sent is totally encrypted, and they cant see it. also the exit node routes the encrypted website data back to you through the tor network, so the only node that your isp can see that you received data from is the entry node."


    Now, the explanation about what Torpark/Xerobank does exactly from another user:

    Torpark uses tor like a local proxy, you point your browser to use a port on the loop-back address for it to get and send data, because this is on your local machine, its not going out to the net.

    Tor gets the data, encrypts it using TLS, then tunnels its connection to the tor network through your Internet connection, to its first randomly picked Tor server, that server doesnt even look at the encrypted data, it just forwards it to the next tor server that was again, randomly chosen, this happens again and it reaches the exit node.

    The exit node then uses its key to decrypt the encrypted TLS data, looks at the request, grabs the needed data (for a web page or whatever) and encrypts it again bouncing it back through the tor network until it reaches your entry node which it forwards to your IP ENCRYPTED before it reaches your local machine where tor again decrypts it and sends it on to your Web browser.

    Basically, your ISP cant see where your going, and cant sniff your data without brute forcing the packets to see whats inside (which anyone who uses PGP can tell you, takes a looooooooooooooooong time unless your a world supercomputer with a Beowulf cluster of supercomputers waiting to do your bidding) only knows your accessing a tor server, and nothing else, not what your sending, or watching, or buying via tor.


    What I want to know is, there is no chance at all for a single ISP these days to bypass everything you have done using TOR and finally have the information they need: all websites you visited, all things you done using this anonymous network?
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Greetings. I wrote Torpark/xB Browser. I can answer your question directly.

    The data about what websites you visited never resides with your ISP.

    Unless they are somehow hacking into your own machine and spying on you (which is not what they do or care about), it isn't going to happen.

    What you have is a 128bit encrypted connection to the Tor network. The ISP certainly can't break that, and do not have the capability or inclination to do so. The people who could break 128bit encryption are the NSA, and it would take a few days to crack it using their massively parallel supercomputers. And then when they break that encryption, there are two more layers of the same underneath it. I don't think they have much interest in committing all their computing power to crunching your encryption to see where you go or what you do. They have much bigger fish to fry. And anyone trying to hide from the NSA has no chance anyway. So you are either wanted by them and are a dead man, or if you aren't on the list to be abducted on sight, very little to worry about. If you aren't on the shoot-on-sight list, you probably don't have to worry about your encryption being broken.

    Regards
    Steve Topletz
    XeroBank Administrator
     
  3. llista

    llista Registered Member

    Joined:
    Apr 23, 2007
    Posts:
    19
    Location:
    European Union
    I do not know if this vulnerability works on Tor or not, but I do know that if you do SSL port forwarding using a shell account, although the connexion will be encrypted there is something called DNS leakage that could reveal to your ISP what sites you visited.

    To correct this vulnerability you need to tweak some setting in Firefox, there is a tutorial somewhere on the net, and I haven't got a clue how to correct this DNS leakage on other browsers (anyone?)

    This is not to say that Xerobrowser has this problem which I hope not, but if you use something else, beware!
     
    Last edited: Jul 5, 2007
  4. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    ilista, I found it some info about Torpark/Xerobank. See the DNS description.
     
    Last edited by a moderator: Jul 6, 2007
  5. llista

    llista Registered Member

    Joined:
    Apr 23, 2007
    Posts:
    19
    Location:
    European Union
    Thanks for the extensive info if I understand correctly as long as you have Privoxy installed there should be no DNS leaks.

    Regarding webservertalk.com, that is not an internet board, they merely provide a web interface to read Usenet, Steve's post is in alt.privacy group, also accessible via Googlegroups
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    xB Browser does NOT need Privoxy nor does it leak DNS.
     
  7. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    I've been searching for NSA and it's controversial how much time they need to break this kind of encryption. Some sources says it's gonna take too much time, not single weeks. Whatever.

    What I am not getting from your answer, Steve: who is responsible for this 128-bit encryption. It's a newbie question: who is in charge of this encryption?

    Since XeroBank is Firefox modified, and Firefox alone is not sending/receiving encrypted data, I assume Tor.exe and/or Torcircuit.exe are not only required to redirect all connections through TOR/XB servers, but also encrypt all data. Is that somehow correct?

    Are you sure? Like you said on former Torpark board, all ISPs will be forced to provide logs from user activities in Europe on the year 2009, or at least retain for some period.

    Here where I live all ISPs maybe will be forced to notify authorities if some illegal activities are being detected, if some computer laws criticized by a lot of people and presented by one senator are validated someday (the same fella who give the stupid idea to force each one of us to identify every single one of our activities on internet).

    How can you say we are not being recorded by our providers?

    http://en.wikipedia.org/wiki/Data_retention

    They have a record of every page you visit, how long you spend there and what downloads you make. Your email activity is logged too and the addresses you correspond with are recorded. All your incoming mail may be backed-up - copied for security reasons and stored elsewhere.

    This is my first concern: to not let my ISP know what I do on the internet.

    And then, I may rest in peace, and be sure my privacy is safe. Otherwise, it's worthless to spend time thinking no one can track you down for any stupid reason, while your own ISP can see what you're doing.
     
    Last edited: Aug 31, 2007
  8. acknsyn

    acknsyn Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    27
    Since the word administrator is used, I'am guessing your talking about Windows, one can install Privoxy using limited user account.

    If someone doesnt want to use Privoxy to avoid DNS leak, you can set firefox to network.proxy.socks_remote_dns to TRUE.

    I dont care if someone is recording or sniffing me, but for every 1MB of traffic, I want $1K in return. My time is valuable.
     
  9. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    Just for the record: I checked this option on XeroBank and it was enabled like you said. Just type about:config on the navigation bar and you will see it. :)
     
  10. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
  11. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Any foundation?

    Do you have any foundation for these statements? Insider information, perhaps? Otherwise, it seems quite unfounded and something born of a misunderstanding about just how much security 128-bit security really is. It's certainly enough for most applications I can think of.
     
  12. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Re: Any foundation?

    Help me here, isn't it a matter of processing power?
    Or is it mathematically impossible for todays computers?
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Re: Any foundation?

    Absolutely _none_ whatsoever. Let us just assume the VNL wasn't an issue, there was a weakness found in the cypher somehow, and there were enough parallel processing/qbit machines to make it happen.
     
  14. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Well, it's a couple of things.

    You'll hear a lot of arguments that address both the computational and physical limitations - some practical and some theoretical.
     
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Re: Computing: The Paranoid Version

    I wanted to understand how a computer can be compromised after being infected. I thought about this for quite some time after being a pawn in an infection/hacking. I was oblivious to computer security. It was not a thought in my head that carried importance. I knew people recommended virus scanners and firewalls but had no idea how they worked.
    I made improvements as I learned, adding to or improving my current security set up. The problem was who ever was inside my box learned as I learned. As I included a new addition it was already ineffective or very shortly corrupted. I was being managed and I don't like being the pawn of another.
    Having security apps and not being able to achieve confidence in there ability to protect me from the boogyman was disheartening. This was a game of chess and they always had the upper hand, playing like Bobby Fischer, and me still learning the ways the pieces still move, like pinning and forking. I was and still am behind. What I have come to realize is the level to which an amount of control has been built into the computing infrastructure. The purpose of which is the gathering and control of information.
    How does this compromise occur? 1. By infiltrating an existing company that has the greatest amount of market share, in a position of development and design, and add backdoors or vulnerabilities. This company contains your assets, so you are protective of it, and help to increase its market share. More users equals a greater potential for better information and or control of the information. 2. By creating competing companies that offer features and benefiets at least equivalent to the competition but with built in vulnerabilities. 3. By franchising what is successful for the markets you are involved in and by creating new franchises in markets that your are not yet in. 4. By destroying or damaging the competition you are not a part of.

    What does this mean to me? That the current level of technology is corrupted at its various points.
    Home computers, laptops and servers, routers, nodes, os's, browsers and other considered nescesary software. I feel that the level of corruption is sufficiently complete enough that no matter how much security you have, someone else has the upper hand.

    I would like to add this point to my opinion. The NSA, who only answers to the president, had been assessed by consultants, at the insistence of the president. There findings were that they were inadequate technologically, still having 486 computers on the desks of a large part of the agency. They are aware of the level of corruption of the computing infrastructure and may maintain these older systems for their lack of built in corruption. Also, the DOD stated that they no longer invest their resources in protecting computer resources through firewalls, they focus on detection and tracking now.

    One tree short of a forest,
    Crackers :D

    It is the Front and back that is still vulnerable, no matter how secure the middle. You are only as strong as your weakest point, link..anyway, enjoy the Sci-fi.

    Cracking 128bit encryption:ZDnet
     
    Last edited: Jan 21, 2008
Loading...
Thread Status:
Not open for further replies.