Tor: Not So Anonymous

Discussion in 'privacy technology' started by KeyPer4Life, Feb 13, 2015.

  1. KeyPer4Life

    KeyPer4Life Registered Member

    Dec 18, 2013
    Security now video on subject of Tor anonymity starts at around 40 minutes.


    Written transcript of the show can be found at -
  2. driekus

    driekus Registered Member

    Nov 30, 2014
    Big fan of Security Now and great episode.
  3. RockLobster

    RockLobster Registered Member

    Nov 8, 2007
    I think it is far more likely a much simpler form of attack is what they are using.
    Tor is open source anyone can examine the source code and modify it. When you connect to Tor how do you know you are connecting to a node running the proper Tor code ? Compromised entry nodes could direct traffic through an entirely fake and fully compromised Tor network. Governments could easily set up thousands of these masquerading as real Tor nodes and capture the traffic or even take down the real ones with DOS attacks to ensure users will connect to the phoney ones. This is the trouble with using internet anonymity services it always depends on trusting remote servers without ever knowing who is really in control of them or what software is really running on them.
  4. mirimir

    mirimir Registered Member

    Oct 1, 2011
    Nine directory authorities are hard-coded into the Tor client. As I recall, the client won't connect to anything without a consensus comprising at least five of them. Each Tor client creates its own circuits, using nodes that it knows about from the directory consensus. While malicious nodes can participate, until they're removed from the directory consensus, they can't misdirect circuits from clients, except potentially to malicious clones of listed nodes. However, such malicious clones would need correct credentials, which would require compromise of the corresponding listed nodes.