Tor discussion thread

Discussion in 'privacy technology' started by MrBrian, Dec 17, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users:
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    From the article:
    This demonstrates how important it is to have control over the outbound traffic on your PC, not just whether an application can or can't have internet access, but how and where it can connect to.

    Configuring a browser to use the Tor socks proxy doesn't guarantee that it has to do so. That's why they're called exploits, because they cause applications to do things they're not supposed to. Always assume that your applications can be exploited into performing unwanted behavior. Assume that your browser can be made to leak, especially ones used with Tor. For leaks created by undesired connections, there's no better tool than an outbound firewall.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599

    Additionally, advanced users have stressed all along that you should garner ISOLATION via VM's NAT'd to a secured host(preferably linux). If the host is tunneled and locked to vpn tun0 there is NO way out except through that route. In other words the surfing activity in the isolated VM cannot see any conventional IP data/connection. In essence TOR has no idea or way to determine your ISP or what your IP is.
     
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I think having a VPNed router would do this as well. Whatever is connected to that router has to go through the tunnel.
     
  5. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Again, browser or plugin exploits are the main attacks against, well, the browser using Tor. I don't get how a Adobe Flash exploit actually worked- the TBB or other bundles have always advised against plugins for that reason, and have been for years. (Plugins in ANY browser are the weakest security link)

    I get why they offer TBB for Windows/Mac, cause most people aren't savvy yet need the Tor network for various things- but at the same time, it's incredibly dangerous. People should take a course in the same level of discipline as they would a fire arm, cause if you shoot yourself in the foot it hurts in a big way. And even if used perfectly, you'll never beat that arms race of browser exploits. This is true for everyday vanilla web browsing.

    The reality of "Were any innocent users ensnared" is another issue. Nothing stops people from spamming known malicious .onion sites on a chan board or the like, for the very purpose of either adding noise or setting others up. And no one knows what's going to load when you click a link.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I still don't use it regularly enough outside of downloading TBB on my RAM disk.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's several methods described here, but they all accomplish one thing. They restrict the browser from connecting out via any other means than the one that's specified. It isn't just Flash that's used to coerce a browser to bypass or ignore its proxy settings. These exploits/vulnerabilities don't just affect Tor users. Any service, proxy, VPNs installed on the same PC, etc that utilizes localhost connections can be affected. I have seen several instances where the browser ignored the proxy settings and tried to resolve DNS directly. My firewall rules blocked and logged those attempts. I've altered those rules recently so that the firewall will also alert me when it happens. This way I can hopefully find the code that's triggering the bypass attempts and write a Proxomitron filter for it.

    For me, the multiple virtual systems and VPNs isn't really an option. Nothing that I do requires maintaining separate identities or profiles, and I doubt that my old hardware would be capable of powering such an arrangement. For me, the situation is almost completely reversed. Since my IP is also a Tor exit, the majority of traffic leaving here looks like the Tor browser. My traffic will stand out if I don't fake the user agent and other details.
     
  8. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    I'm not sure how it works either but I am suspicious of Adobe because acrobat installs its updater as a Windows service which means it can use svchost to bypass other firewall rules. I have long been suspicious of MS and their svchost for this reason.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I haven't used Acrobat in ages, but their flash player also installs that service. The flash player will work properly without that service but will need to be updated manually. I question and distrust the need to make the updater a service. There's no need for an updater to run 24/7. I don't see why it would need the level of privilege that comes with running as a service. If someone found a way to exploit that updater, how bad could it get? Fortunately I don't have to worry about their updater. The flash player itself works fine on the rare occasions that I allow it, but the updater service won't run on my system.
     
  10. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Not only that, it rarely EVER alerts or updates with what's the current version in a timely fashion. Be lucky if it's ever within a month's released, current version.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    An update service that doesn't reliably update its applications or tell the user that updates are available. It begs the question, what does it really do?
     
  12. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Well I have always had a problem with svchost, in my opinion it is a big hole in Windows architecture. If a malware developer wanted a way to ensure his malware could always phone home he couldn't ask for something better than svchost. As long as he can get his malware to install as a service he can mingle in with all the other svchost connections to the internet that most people allow because they want Windows Update etc to work.
    I feel quite sure MS do this stuff on purpose.
     
  13. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Sucks up them resources! :p
    But yeah, I agree. Windows/Mac has a less than perfect method of updating third party programs. Even if the Adobe Updater isn't backdoored, I'd say a lot of software in general is held together by bits of string, or less than perfect- so it's not far fetched that anything and everything running can be exploited (it's why these forums exist).

    I'm subscribe to the https://en.wikipedia.org/wiki/KISS_principle method with computers. Take away as many things as you can live without.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What do you recommend as an outbound firewall for Windows?
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't know which firewalls give fine grained control over loopback traffic and internet access for services on Vista and newer systems. On XP and earlier systems, Kerio 2.1.5 works quite well provided that the user has a basic understanding of internet protocol.
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    This is just the latest of Thomas White's problems with Tor exit nodes that he runs. So it's probably more about unwanted attention on him than about the possible seizure of Tor directory authorities.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From On the new Snowden documents:
     
  19. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm starting to think that the current leaks are deliberate and full of misinformation. I doubt that they're as incompetent as those "leaks" would lead us to believe.
     
  20. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    I believe there's plenty of spin going on an and the core of it is intentional and controlled. It's done that way for a purpose. Reactions to the latest tech are monitored by the PTB so they can gauge when to implement the next invasion of our privacy.
     
Loading...