Tor users increasingly treated like second-class Web citizens

Thanks so much. This is really cool!

 

But a 2.4GHz parabolic antenna is ca. 60cm by 100cm. Pretty obvious You could hide it behind plastic, I suppose

 

A very n00b question, because I've never looked or checked on this, but, is it illegal to connect to the DW?

 

Most places, no. But some places, for sure. In North Korea, it's probably punishable by death. But that's probably also the case for the regular Internet

 

Mirimir, thanks for the follow up on antenna's. Those are good places to start Caspian! Do you remember the American Greed episode with "Max Butler"? If so you saw the antenna he used, just as an example!

Caspian, regarding the battery: those wearing tin foil hats have always assumed that its possible to remotely turn on communication between the laptops/computers and designated local listening devices (van on street, etc..). I am not saying they can mount your OS remotely, especially if its encrypted, but something stored in a "chip" and handed to your wifi nic would be possible in theory. That would take something completely unproven yet so take it for what its worth as a precaution.

I thought about breaking the trace on the circuit-board to the battery and installing a physical switch to easily and fully remove the power source without pulling the battery. Because I have procrastinated on this simple project, I still manually end up pulling the battery.

Still the absolutely easiest thing would be a faraday bag to drop the laptop in when it isn't being used. Now how simple would that be?

 

No I haven't seen that. Maybe I'll search that episode out. Sounds like a fun story.

That's pretty interesting. I would think that someone would have to want you really bad to go to those lengths. But if that kind of thing becomes easy to do then who knows who might do it and for what reasons? Thanks for the explanation.

 

LOL. I can just imagine sitting in my car with a big antenna like that. I could buy one of those FBI shirts or an NSA shirt and wear it.

 

Right, but in the back of a van with a plastic panel

 

Another n00b question for the patient experts here. Tails is supposed to facilitate safe use of Tor https://tails.boum.org/index.en.html Will it indeed? Or can I expect trouble with my ISP, LEA, etc.

Edit: Hey, I am not doing anything illegal, LOL
I am just referring to the title of this thread about Tor and second class netizens

 

@NonGeek - I prefer to hide my Tor connections from my ISP, using VPN services. The Tor party line has been that this is stupid and pointless. However, more and more, I'm seeing advice that it's a good idea. Maybe it's those FBI exploits in the news

 

I don't see how they can say this is stupid. Someone posted an article here about some kid who called in a bomb threat at his college. They looked to see who on campus was connected to Tor at that time. Ta da! (busted!) And there is the case of that crazy guy who use to be some kind of head of cybersecurity who was talking about doing horrible things on Tor. They had an idea where he might be so they watched Tor connections in his area and matched them up. Ta da! (drum roll/cymbal crash). So although those are two cases of criminal activity, criminal activities are the only examples that we will ever hear. It doesn't mean that they can't or don't happen otherwise.

Then there is the likelihood that just using Tor throws up a red flag and places you under some kind of scrutiny that would never happen otherwise. Plus, if some kind of security flaw allowed someone to bypass Tor and see your real IP, they would see the VPN. That's at least another step away. And as for this idea that the VPN might be a honeypot or whatever, what would that make your ISP? They are a pretty darn good honeypot by default, in a sense. Maybe honeypot is not a good term but they log everything about you. I think most of the reputable VPN's want to do their best to keep their customers anonymous because it's in their best interest, financially. And of course there are some in the privacy industry who sincerely believe in a right to privacy/anonymity. Who would give HideMyAss money now for their service? Not a good business model.

 

This is bringing back memories from 10 years ago. In an urban location, a cantenna alone will work wonders. In more rural spaces, I once had a homemade cantenna mounted on a satellite dish normally used for TV reception. For added range, a 2.4ghz inline amplifier and all connected to a wireless repeater to make a distant hotspot work like a local one. It could easily do 5km and 7-10 wasn't out of the question if the line of sight was good.

 

Right

I was referring to CMU's canceled Black Hat talk from last year. They exploited a bug in Tor that allowed relays to signal each other. Running relays with entry guard and exit flags, they were able to deanonymize circuits, and get IP addresses of users and onion services. Then the FBI subpoenaed the data. And many people got busted. If they had been accessing Tor through VPN services, they would likely have stayed safe. Unless their VPN retained logs, anyway.

 

Having read the information on their "selectors" and what they do and do not keep, it's my opinion that any use of Tor will have your "rating" increased and it will be logged in perpetuity (by the spooks).

What is more uncertain, but I would expect it to happen based on the US's behaviour and the UK's current attempts to legalise "equipment interference", including in bulk, is that you could easily have an industrialised response to the use of Tor which is an automated Quantum Insert attacking your IP address to have a look at all the hosts on your network. Given that that is a bit less likely in the case of VPN, it's worthwhile.

 

So how can they match up the connections that come into an entry node with those coming out of an exit node?

 

So you think the "spooks" have access to all VPN traffic already?

What is an "automated Quantum Insert attacking your IP"? Do you mean something built into the the hardware of a computer?

 

That was only for entry and exit nodes that they controlled. Basically, they came up with a hack that let one node signal the other, using an otherwise useless circuit flag. But that bug has been fixed

 

It's known that they had compromised quite a few organisation's certificates (they hunt sys admins). Or they may have access to the VPN company's servers, and their logs (whether temporary or not). Or a mole in the organisations. Whatever.

However, what I was saying was that VPN use, of itself, would be less of a reason for automated investigation than use of Tor - your "rating" would not be as high, whatever criteria they use. For sure, they would log any use of Tor directly from an ISP.

What is an "automated Quantum Insert attacking your IP"? Do you mean something built into the the hardware of a computer?

Quantum Insert is where the spooks set up a fake social media site which responds quicker than the real one, and has the user nailed by compromising their machine. This is, for example, how they hacked Belgacom.

The problem with it (from this point of view) being that they are/have set it up so that it is possible to use it on a mass industrial scale, and triggered by other selectors. So, for example, if your IP was using Tor, they might think it worthwhile to automatically attack traffic coming from your IP (not on Tor), and subverting the machine - at which point, a lot of your defences are breached, even if you operate a completely distinct machine for the purposes. Plus, it would be much easier to correlate with destination Tor traffic if that were the game.

 

How susceptible is the Tor browser to drive-by malware?
It is one of those things that I fear the most.

 

It's probably less susceptible than stock Firefox. Maybe even than other browsers. But

Here's what I do. I use Whonix. I use a different instance for each project. And they don't exchange anything. So as long as I don't get hit by something that breaks out to the host, damage would at least be limited. Also, the host is dedicated to privacy stuff, and is on a separate LAN from my meatspace stuff. So damage would still be limited. Unless something pwns the pfSense router, anyway

 

It has noscript installed with javascript disabled by default. Flash is also disabled. Those are the most common vectors for drive by installations and most drive by installations would be dead in the water at the browser level. Using it in a Whonix VM would be almost bullet proof due to OS incompatibility and host/guest isolation being added to the browser level security. Privacy and security aren't always at odds and disabling Javascript and Flash for privacy will also enhance security.

 

Thanks for the comments, I am learning a lot! Back to the second class issue, how do you download all these attention-drawing software? All via VPN? Moreover, how do you patch/update all these attention-drawing installations? Do they all have proper built-in patch/update utilities?

 

It is imperative that you download updates on a secure anonymous connection if you want to keep the fact you are using TOR in any fashion from your ISP.

Regardless of how you update TOR/Whonix you need to learn how to verify the signed updates using gpg or openpgp. Its very simple to learn and once you have it down (with the signing keys on your system and verified/trusted) the process takes a few seconds when you grab a new update. Please don't skip this step as it eliminates MITM attacks and corrupted files from a bad connection node.

 

Agree it has gotten to the point where people are more afraid of protecting their privacy than they are of being spied upon.

 

And it's a rational fear in jurisdictions where doing so will have you on some unaccountable database, with the added thrill that maybe you'll have your computers automatically attacked by the spooks.