Question About TOR

Discussion in 'privacy technology' started by Hungry Man, Jun 15, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I've heard before that large downloads and/or uploads can cause information leaks or allow for attacks. Can anyone confirm and explain this?
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm not aware of any correlation between download/upload size and information leaks. It might matter if the adversary or snoop has the ability to view traffic from very large areas of the web (NSA for instance). I am assuming that this information is HTTP(S), going thru a properly configured browser, not a torrent or P2P app.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Does torrent/p2p matter if it's routed through TOR?

    And don't .onion sites use their own protocol? Is it encrypted?
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The biggest problem with torrent and P2P apps is that they leak identifiable data, often your IP addy. There's no realistic way to make certain that they don't send identifiable data.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Right, right, makes sense. Perhaps that's where I'd gotten confused.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Just run your sharing app in a VM, with Tor running in the host, or in another VM. Route Tor to an internal network, which the sharing app VM sees as it's only Internet access. All traffic from the sharing app VM either goes through Tor, or gets dropped. For example, torrent clients can find other peers, and can download normally. But they cannot be found by other peers, so they only upload to other peers that have found them.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's not torrenting I'm interested in. Large direct downloads specifically.
     
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    The Tor project specifically warns against using Tor for torrenting. So, no, there is no way to do it reliably that I am aware of.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you're downloading the files with a properly "Torrified" browser using http(s), you should be fine, save for the lower speed and potential reliability issues. Your speed will be limited by the slowest node in the chain, plus each nodes traffic load. I'm not sure how Tor treats ftp.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    In that case, there shouldn't be leaks, as long as Tor is set up properly. That is, leaks shouldn't be more likely for large downloads than for small ones. However, download managers might cause leaks, so test first.

    Another issue is that large downloads stand out from the crowd, increasing vulnerability to traffic analysis. But you have other problems if you're attracting interest from attackers with such capabilities.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Thanks.

    Are .onion sites encrypted though? I guess they use the 'TOR' protocol or osm esuch thing and it would be.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    :)

    Yes, traffic never leaves Tor, so it's end-to-end encrypted.

    What's the "osm esuch thing"?
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    *some such thing
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Ah! English :eek:

    Edit: ... or o_O I see in -http://itsmyweddingafterall.wordpress.com/the-wedding-list/ , which seems SE Asian.
     
    Last edited: Jun 16, 2012
  15. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    If OP is talking about 1-1 direct file sharing, then yes that is possible to do safely with Tor.

    What I am talking about is Bittorrent. Because of the way that protocol works, it makes using Tor very risky. Here is the Tor project's take on the whole matter.

    Here's a quote:

     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's true. But you can also do what I said, and force a VM to use Tor as its ONLY Internet connection, so NOTHING can leak (except for malware that calls home later when you might not be using Tor). Traffic that Tor can't handle (UDP basically) just gets dropped.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That's what I said in posts 4 and 9.
     
Loading...
Thread Status:
Not open for further replies.