Ask HN: Can we have a discussion about Tor?

[eof]

I tried (https://news.ycombinator.com/item?id=5843524) to do this before but it flopped.

I get that the government funds Tor; which doesn't really matter to me. The government also makes guns but I can still shoot a government official with it, if it came to that. What I want to know is whether or not, if I am using Tor correctly, can I be identified.

By correctly I mean:

- Only use Tor from bootable live, generic distro.

- Never use plugins

- Never use any identifying information

- Always use PGP for sending any personally identifiable information

- Never access any of my 'real' identities stuff.. like logging into my reddit account or gmail or something that I would do on the 'clearnet'.

If I, hyopthetically speaking, were going to engage in an illegal activity, such as clicking a hypothetical felony button on a hypothetical Tor hidden service; and I did it from my home network which I pay for with a direct deposit out of my bank account; from a technical and likely reality situation (regarding who controls Tor nodes), what are the situations that would lead to me being able to be convicted of said crime.

Further, what if I add a VPN, and which VPN do I need to add? I do get that a VPN is theoretically adding a layer of security, but it appears I have to trust the VPN itself; which is less than ideal, cus I may get unlucky and pick a honey pot.

It seems, in light of recent revelations, that some discussion surrounding this would be interesting and/or beneficial to many people.

[Tombar]

From http://grugq.github.io/blog/2013/06/10/good-luck-with-that/

The publicly available tools for making yourself anonymous and free from surveillance are woefully ineffective when faced with a nationstate adversary. We don’t even know how flawed our mental model is, let alone what our counter-surveillance actions actually achieve. As an example, the Tor network has only 3000 nodes, of which 1000 are exit nodes. Over a 24hr time period a connection will use approximately 10% of those exit nodes (under the default settings). If I were a gambling man, I’d wager money that there are at least 100 malicious Tor exit nodes doing passive monitoring. A nation state could double the number of Tor exit nodes for less than the cost of a smart bomb. A nation state can compromise enough ISPs to have monitoring capability over the majority of Tor entrance and exit nodes.

Other solutions are just as fragile, if not more so.

Basically, all I am trying to say is that the surveillance capability of the adversary (if you pick a nationstate for an adversary) exceeds the evasion capability of the existing public tools. And we don’t even know what we should be doing to evade their surveillance.

[rlpb]

Here's one scenario:

You can be identified that you are using Tor, at your ISP end. If it is acceptable for your ISP to provide information about the connections you are making (the metadata) to the authorities without warrant, then the authorities can gather a list of citizens who use Tor. They might then convince a kangaroo court that using Tor is enough cause to suspect criminal activity such that the court issues a warrant for further direct surveillance, or to seize your computers. Then you could be jailed until you reveal your encryption keys, or the direct surveillance could catch you in the act.

All this could happen even if you're doing nothing illegal on Tor.

Does this seem far fetched? Given recent events, it seems that potential adversaries don't have a problem with:

1) Gathering data en-masse without warrant (eg. this recent event). 2) Convincing courts that you're doing illegal things based on tenuous information that they've gathered, without any further oversight (eg. IP addresses participating in a BitTorrent stream). 3) Arranging for your computer equipment to be seized on trumped up charges, even if you're in a different jurisdiction (eg. Kim Dotcom). 4) Forcing you to reveal your encryption keys, under threat of jail (law in the UK; precedent set in some jurisdiction in the US, although AIUI the Supreme Court may eventually overrule).

[420365247]

I think the biggest fear with using Tor, Onion Routing and the Darknet is that it was all sort of developed by the Navy. I think it provides pockets of government pretty easy access to treasure troves of data.

If you are doing everything bootable, javascript turned off, pgp, encrypted hard drive...I would imagine you would be "okay"...I am no expert. However, I have done a significant amount of research on Tor. It seems that as many here mention, the Exit Node can potentially be identified. Also, if someone was determined, had enough resources, they could also "possibly" "sort of" trace the traffic route. But this is very very hard to do (according to what ive read), and would require a vast amount of resources.

SWIM has been on Tor a few times and found it to be a neat, very useful tool, in and of itself. The ability to essentially obscure your traffic on the ClearNet (regular internet) has alot of potential uses, both good and bad. That said, if you access the DarkNet, there is alot of things on there that people should question who is putting it there. Seems like a very easy way to find people who want to access that stuff, especially if you can only access it using something like Tor. Makes it very clear who is seeking that stuff.

[bifrost]

Tor doesn't really help you a ton, but its useful for avoiding local surveilance. It doesn't help you a ton if you go to a known endpoint a lot. All you need to do is go to the known endpoint while not on Tor and you're revealed.

As for VPN providers, there are YC companies who do security so they're known and ideally trustable. Rather -> The chain of trust is easily verifiable.

[mkautzm]

A lot of Tor is filed deeply in 'Internet Black Magic™" for me, but my understanding of it is such that if someone who wants to identify you happens to have access to the exit node you are connected to, you can be identified.

That is about the best I can do.

I'm actually curious as to what others say about this as well though!

[mike-cardwell]

That's not quite true. The exit node is capable of seeing what the traffic contains, and where it is destined for, but not where it came from. So as long as the traffic it's self doesn't contain anything that identifies you, eg posting your name on some non-https forum, then you're fine.

Unless the attacker is able to observe the entry node and exit node at the same time, and perform a timing/correlation attack.

[drostie]

You could potentially affiliate with social networks in such a way as to leave a clear fingerprint; that is, you could be, both in your 'anonymous' and 'real' life, the only person who connects 20 different social groups together. This could be as simple as quoting song lyrics. If you tried to deliberately avoid this, then you could potentially be identified simply based on that -- "these two people have too similar interests to not know each other" or so.

Your very manner of speaking can reveal a lot about you. I vaguely remember hearing a cold reader say something like, "the first thing I get to know about someone is their hands." Similarly, your word and spelling choices can inform others about your country of origin, and can potentially do much more than that.

Tor could have security issues, especially if you don't keep it up-to-date. Even if it doesn't have security issues, you could accidentally choose an entrance and exit node which are in cahoots and can thereby de-anonymize you. This applies less to hidden services, but still does apply. That is, the government could have compromised the hidden server, and thus might be able to correlate your activity.

Speaking of that, the times of day that you're active can already narrow down what countries you may live in, and may reveal roughly when you go to work and when you come back. So, for example, if you're using IRC over Tor, people could probably get a lot of information about you. Supposing that law enforcement has narrowed your real-life persona as a likely target, for example, they might just see if you join and part only when you're home.

If you were, say, browsing Hacker News or some other site, this could possibly be identified simply by looking at the size of the chunks of incoming traffic. This would be more and more common for larger and larger files -- I would not recommend downloading large videos over Tor, and images could probably offer a similar fingerprint.

You could use an insecure application over Tor -- sending BitTorrent tracker requests over Tor (while downloading in the clear) is one of the most common. So, if you tried to start up your IRC client before the Tor proxy was up, and your client happened to detect that its proxy wasn't working and tried to connect without one, that could compromise your identity pretty fast. For that matter, someone could potentially use an exploit against an out-of-date browser or operating system to turn on your webcam and take some pictures. For that matter, someone could hide a camera right behind you. You might consider only using Tor from within a bedsheet fort if you're suitably paranoid.

More realistically, the fact that you're using a bootable live distro could potentially be used to identify you; there aren't so many people doing that and your Referer string might well be unique. For that matter, the fonts installed on your machine might be probed and unique. It's worth checking this with EFF's Panopticlick. If your use of Tor hidden services reveals "he's a Welsh male Debian and Tor user who likes this obscure band," you might be identifiable solely based on that, and it's hard to be 100% sure that you have masked the fact that you are Welsh or male.

[s_baby]

I can't recall the study but it claimed around 2 dozen bits of information are all you need to identify any person in the world.

Sort of like a binary search on people with a Log(8,000,000,000) performance.