Discussion in 'privacy technology' started by Searching_ _ _, Dec 23, 2009.
How does Xerobank protect against router compromise MITM situation?
Connections to XeroBank are authenticated to the client, as well as the client authenticated to XeroBank using preshared keys, and a TLS cipher, preventing MITM between your connection to XeroBank.
XeroBank controls all entry and exit nodes to maintain communication integrity, so there is no MITM opportunity on our nodes, as opposed to Tor which has a MITM threat because they do not control the integrity of exit nodes.
I assume that it is up to me to ensure the security of my PC when it comes to malware.
How does malware on the host in a Xerobank session affect the session if the PC is infected?
It is very likely that the outbound malware will go through the XeroBank tunnel like all other software, as malware is typically ignorant of networking considerations.
We have proof to verify this, through upstream complaints thinking our unix machines were infected by some microsoft bug (laugh).
I am interested in reducing leaks in my game.
How can Xerobank improve my security for playing online poker, PokerStars or FullTilt as examples?
So anything occuring at the router, MITM, eavesdropping, traffic logging is no longer effective while using Xerobank?
Correct. When you've got XeroBank it's essentially just you, and your destination website.
Could a rogue DHCP server circumvent the Xerobank service?
A rogue DHCP server? No. We disregard DHCP and create a VPN connection.
If Xerobank controls entry and exit what is the point in having a relay? What is the point in even having it multihop? Timing attack can be carried out easily by Xerobank in that case.
Xerobank has a MITM threat too, hackers could hack the Xerobank exit nodes. And rouge Xerobank employees can MITM as well. What you should say is "With Tor, there is a MITM threat from random exit node operators and hackers. With Xerobank there is a MITM threat from Xerobank and hackers."
Just because you are the MITM does not mean it isn't a threat.
A timing attack cannot be performed on XeroBank's consumer network without the opponent being a global adversary. If you as the client are so hot that you are against a global adversary, you need to be using our corporate Onyx network, which is the only network in the world that is immune to timing attacks.
I dare say they cannot. The machines that run our systems are designed beyond FIPS-140 military security spec, with extreme defense in depth and countermeasures. It would require physical and digital access to the machines, and would likely be noticed. We receive over 30 million hacking attempts per month on these servers, including intelligence agencies and rogues groups. About once or twice a month we see sub-0-day attacks of a highly sophisticated nature. They are always disappointed.
Technically they could, but would they? Not ever. We are a trust domain, and if we ever did we would lose all credibility. We would not ever do that, not to mention what a waste of time.
Your quotation would be correct if it said this: Tor allows the participation of anyone in exchange for operational risk of the node operator. Therefore good people are disincentivised from participating in Tor, and evil operators have strong incentive to participate. In the Tor network, you are explicitly decentralize your traffic because all participants have to be considered untrustworthy. Tor is a web of distrust among zero-integrity peers.
In the XeroBank network no participation is allowed by untrusted parties, and all parties involved receive financial reward for node operations. Therefore trusted parties are incentivized in participation, and untrusted parties and not welcome to participate. In the xeroBank network, we do not have to decentralize traffic because we do not distrust ourselves. XeroBank is a trust domain among high-integrity peers.
Lets back up and take a look at what this means: If you have a secret, and you have to tell at least one intermediary, is it better protected by telling many untrustworthy enemies or one trusted friend?
Perhaps you are thinking, "well in the Tor network I don't have to trust anyone" but you would be wrong. You are trusting the Directory nodes, WHICH RECENTLY TURNED OUT TO BE COMPROMISED! The fact is that Tor has been compromised many many many times, and XeroBank has never been compromised.
Do you know what the most amazing thing about Tor is? That their userbase is so passive everytime their network gets compromised. They should be outraged. They should stop using Tor and switch to another free alternative. But instead they are lulled into a false sense of security by the transparency of admittance that they were compromised. This is like a lover who constantly cheats on you, but you stay with them because they admitted it. They are fools in a provenly disasterous relationship.
This analogy falsely portrays Tor. In particular, as detailed on The Tor site, Tor uses multiple, individually encrypted connections through relays in which "each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken."
Thus the actual situation with Tor is that the intermediaries do not know the origin of the information they are transferring, or the final destination of the information. In contrast, the actual situation with Xerobank is that Xerobank knows what information is being transferred, the origin of the information, and it's final destination.
Lets revisit the question of "secrets", "protection", and "intermediaries". For the sake of clarity, let's define what we mean by our "secret". In particular, since we are concerned with anonymity, when we speak of "secrets", we mean the combination of information, it's origin and its final destination. Now let's pose a more accurately analogous question to compare Xerobank and Tor.
Is your secret better protected by revealing it to a single intermediary who says they are your "trusted friend"; or is your secret better protected by a system of intermediaries structured and arranged so you never reveal your secret to any of the intermediaries?
OK. I gotta learn Tor. Perhaps I can run an exit node through some VPN.
Actually, XeroBank documentation claims that it doesn't track connections unless there's some TOS violation to address. However, accepting that requires trust.
I want anonymity and privacy vs attackers. In using XeroBank, I'm assuming that they're not attackers. However, I'm also exploring ways to chain connections from multiple providers through local and cloud VMs. Latency is problematic, however.
I doubt the corporate Xerobank network is immune to timing attacks if it is low latency. And it is silly to say it is the only one that is. Mixminion and Mixmaster are both highly resistant to timing attacks to the point that they are essentially immune from them (although I wouldn't go as far as to say either the mix networks or xerobank are immune to timing attacks).
The fact of the matter is that Xerobank is weak to an attack that Tor defends against. And it is a serious attack that could trivially compromise peoples anonymity.
Servers know the connection is coming from Xerobank (one entity). Xerobank can do live traces on users. Governments could force Xerobank to do passive logging for connections to their servers, and do an automatic live trace if one is detected. This would destroy the anonymity of Xerobank. Tor has thousands more nodes and operators, it isn't like one or even a few governments can force all Tor nodes to do the same thing. And if they tried to they would be noticed in the source code inserting a backdoor.
Also why would intelligence agencies bother hacking Xerobank servers? They can control the links between nodes they are not going to bother trying to compromise nodes. Xerobank does not do any mixing or time delay considering it is low latency. So with compromised links (easily in the capabilities of intelligence agencies) they can already trace Xerobank users. And they can Tor users as well, although Tor requires them to compromise more links than Xerobank does, so it probably reduces the amount of intelligence agencies that have the capability to compromise it in such a way.
...which would be... (other than JAP which is known to be compromised)?
I2P has more distributed directory servers but is totally weak to correlation attacks.
What are you talking about? The old backdoor issue? By the way, it's JonDonym now.
AFAIK, I2P is a world of its own, isolated and separated from the public web (like Freenet) and not an outproxy to the regular web like Tor.
Correct me if I am wrong.
Although they could certainly block links, I can't imagine that XeroBank would use link technology that could be so readily compromised. Steve?
XeroBank claims to mix traffic, both internally and (I believe) with other Xero Networks AG clients. You may be right re timing attacks, given that it's low latency.
Although anything can be cracked, given time and resources, I've been assuming that Xero Networks' technology is good enough for users like me. As Steve noted recently on Wilders, there's their Onyx offering for hotter targets. Perhaps Steve could say more re resources (time, money) required for compromising each Xero Networks link.
That seems reasonable, although the per-link cost presumably depends on the technologies used in each system.
mesa0k01, you have a serious misunderstanding of our networks and structure.
Then you would be wrong. XeroBank Onyx Network Whitepaper.
Oh? Which attack would this be?
No, they can't. They do not have jurisdictional authority. They do not have administrative access or administrator identities. They cannot control the demulitplexing.
You also seem to misunderstand how tor works as well. Tor can and has (timing, reverse sybil, infiltration, control port, dir node compromise, sybil, etc) and will be beaten, requiring not a single subpoena or "backdoor", and it is even possible to do so without a single tor user becoming aware (Global Passive Adversary attack).
We do mixing and strong multiplexing. Inbetween our nodes, hundreds of thousands of "circuits" are combined into a single encrypted pipe. Tor does not. Observation of our nodes will not reveal a traceable circuit, it requires a global adversary with active correlation attacks.
If you're wanting to go toe to toe comparison on Tor vs XeroBank anonymity technology, Tor is going to lose pretty bad. Tor used to have one advantage, they pushed more traffic per second than we did (1 Gbps to 2 Gbps). XeroBank pushes more anonymous traffic than a large ISP, our node crowding is higher, our anonymity sets are larger, we use multiplexing between nodes, and mix our traffic, our node security exceeds FIPS-140 military spec, and we are not within US, UK, EU jurisdiction.
In Mafia-istic terms, You are within a country ruled by a Leader who was trained at The School of The Americas, a friend of ours, or in a country whos Leader is supported by the communists, a friend of mine.
Is Xerobank thinking of becoming an Internet Service Provider of basic DSL with encryption built into the modem and connects to Xerobank Networks? If Netzero can offer DSL, why not your company?
DSL is the past. WiMax is the future. This conversation never happened.
Really all the security in the world means nothing when Xerobank is still open to a devastating attack that can lead to users being quickly compromised (an attack Tor is not weak to). A server will instantly know if a connection to it is coming from Xerobank. Xerobank can do live traces, and it can be programmed into the exits to instantly do live traces when a connection to a server is detected. All someone has to do to track Xerobank users that go to their servers is force Xerobank to cooperate. With Xerobank your anonymity depends entirely on Xerobanks ability to tell such an adversary to **** off.
Time and time again it has been proven that if you trust a single entity with your secrets, they will betray you if someone stronger than you AND them forces them to. That is what makes the design of Tor so much stronger than a network like Xerobank can ever be. Tor is all untrustworthy nodes, sure. But the thing is, if one malicious group is going to flood nodes so are all of its peers! And they wont cooperate with each other because they are rivals and competitors. If USA gov floods nodes, so is Chinese gov. So is Russia. So are all kinds of other countries that are not going to share intelligence with each other. If one group of identity stealers floods Tor nodes, you can bet so are others. In addition to these groups there will also be groups like EFF, the actual Tor developers, libertarian groups, random people who want to contribute, people that want to protect against the attacks being a relay protects you against, universities, activist groups etc. All of these different groups are mixing together, none of them can be trusted, some of them are malicious and some of them are honest. What matters is that it is a diverse community of people who will largely never have it beneficial for them to cooperate with each other or with the government (or foreign governments in the case of federal agencies running nodes). Xerobank you are trusting Xerobank (one group), they admit they can do live traces, everyone will know you are using Xerobank when you are using it.
Not to mention Tor is constantly changing circuits and is fully open source and well documented. Xerobank is in a much better position to automate live trace back than Tor is. If the Xeroxbank servers had live trace back automation built into them, no one would ever know. If the Tor source code did, someone would notice very fast and unless it was them who did it they would draw attention to the matter.
If you say you are trying to protect against intelligence agencies then recognize that jurisdiction means jack **** to them.
I don't see a Xerobank Question? <shrugs>
Since Xerobank uses FF, how does it fare versus Browser Rootkits?
This isn't a "question", but instead reflects some of my observations and concerns about Xerobank and SteveTX.
On the positive side, I must say that Xerobank's structure seems to offer some significant security and anonymity advantages. Nevertheless it is quite difficult to fully evaluate those advantages given the available information.
In evaluating any product or service, I look for full disclosure. I want to know weaknesses as well as strengths. And I want to believe that I can trust a company's statements to be complete, accurate, and fair. I may be overreacting. But I do have significant concerns with Xerobank's level of disclosure, and with what seems be a tendency towards exaggeration and partial truths.
As an example, earlier in this thread mesa0k01 stated his/her belief that Governments could force Xerobank to do passive logging, and live tracing. In response. SteveTX made a series of flat out denials; "No, they can't. They do not have jurisdictional authority. They do not have administrative access or administrator identities. They cannot control the demulitplexing."
Nevertheless, from a legal standpoint these absolute claims and assurances are nonsense. The field of law is characterized by shades of gray. What might happen with Xerobank and a request for logging, tracing, or the like, will depend on the particular facts and circumstances of the case.
There is no question but that a court with personal jurisdiction over Xerobank could order Xerobank to conduct logging or tracing on servers used in Xerobank's business even though such servers might be located beyond the court's territorial jurisdiction. Refusal by Xerobank could result in seizure of all of its assets and/or imprisonment of its officers. Moreover, courts outside of Panama could issue similar orders to Xerobank officers and owners who are subject to that court's personal jurisdiction, based for example, on a finding that the Panama corporation is merely a legal sham in the court's opinion. These are merely examples of numerous avenues that could be pursued by courts and/or legal opponents.
I also have similar concerns over various technical assertions, and competitive comparisons, made without limitations, exceptions, or documentation. Although Steve seems quite competent technically I just keep having the feeling that I'm not getting a complete story.
Separate names with a comma.