Tor says it’s "still safe" amid reports of police deanonymizing users - eviltoast
  • ShortN0te@lemmy.ml
    link
    fedilink
    arrow-up
    71
    arrow-down
    3
    ·
    2 months ago

    This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.

    • orcrist@lemm.ee
      link
      fedilink
      arrow-up
      37
      ·
      2 months ago

      The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn’t mean you can’t defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.

      Based on what was in the article and what’s in the history books, I’m not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn’t contradicted by what’s in the article?

      • ShortN0te@lemmy.ml
        link
        fedilink
        arrow-up
        7
        ·
        2 months ago

        Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.

        Nope, just a summary that this is just old news. There is nothing new in the article.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        2 months ago

        I2p has issues that can more easily lead to deanonymization attacks. It says it on the FAQ

        • MigratingtoLemmy@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          2
          ·
          2 months ago

          Confirmed the troll.

          From the FAQ:

          Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.

          It may be dangerous to use I2P in what the project calls “Strict Countries”

          Most I2P peers are not in those strict countries and the ones that are, are placed in “Hidden Mode” where they interact with the rest of the network in more limited ways, so that they are less visible to network observers.

          Unlike Tor, “exit nodes” - or “outproxies” as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these.

          There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.

          If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort.

          I2P has defenses available against this like multihoming or Tahoe-LAFS

          I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination.

          In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels (“shared clients”).

          In theory, if you’re accessing the clearnet, then it is no better or worse than TOR. It is a little better if you’re stay in I2P land.

          Don’t listen to me or him. If you’re reading this, go to the FAQ (https://geti2p.net/en/faq) and make your own decisions.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            I2p lacks the ability to mask your traffic. It is obvious that you use i2p and someone could identity you from analyzing the network for long enough

            • MigratingtoLemmy@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              edit-2
              2 months ago

              TOR is obvious too to someone snooping on your network, unless you’re using bridges (and that’s hit or miss). If you don’t want someone to know you’re using I2P, use OpenVPN and mask your traffic as HTTPS.

              You’re going to have to explain better about “I2P not masking your traffic” and especially about “someone identifying you” - timing attacks are possible in both cases and the I2P Devs have mitigations against it. Please provide sources which define how I2P is weaker and more susceptible to TOR against network forensics

        • C126@sh.itjust.works
          link
          fedilink
          arrow-up
          9
          arrow-down
          1
          ·
          2 months ago

          You linked an article that doesn’t say anything to back up your claim. Why do you say i2p is vulnerable to timing attacks?

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            2 months ago

            Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]

            First sentence. Check up the linked article as source.

            • C126@sh.itjust.works
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              Ok, technically still vulnerable in the sense that if you transfer a huge file in excess of other parts of the bundle, it might be identifiable by a bad actor, but that’s really misleading, since i2p has a lot of built in logic that makes that scenario pretty unlikely.

              • ShortN0te@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                2 months ago

                Not only huge files. At the end of the article the author goes on about changing the load or manipulating the timing of the traffic.

                For both you need to be part of the network and (to some degree) the traffic you want to trace needs to go through a node you are controlling if i understand it correctly. With increasing size it becomes more difficult.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 months ago

          isn’t it less vulnerable, though?

          it has higher latency, even variable latency if you set up variable hops, and everyone routes the traffic of a lot of other users, so a lot of data they can gather from timing info is noise by default

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            2 months ago

            Yes it has better defenses against timing attacks. Just alone the fact that multiple packets are bundled together makes it harder to identify the route a single package used.

            Also, it seems that I2P is more vulnerable against deanonymization when leaving the hidden network, i think the official I2P faq has some info about that, but have not read up upon it myself.

            • ReversalHatchery@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              2 months ago

              Also, it seems that I2P is more vulnerable against deanonymization when leaving the hidden network, i think the official I2P faq has some info about that, but have not read up upon it myself.

              on a quick look I did not find such a mention, but in any case in addition to that, I2P users often don’t have such a fortified browser as Tor users do, so that’s also something to count with.

              and maybe it’s not a good idea either to just reconfigure a Tor browser profile for I2P

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            2 months ago

            Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]

            First sentence. Check up the linked article as source.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    54
    arrow-down
    2
    ·
    2 months ago

    The TOR network itself is safe - at least assuming the TLAs don’t control at least half of the nodes, which is far from impossible. But let’s assume…

    The weak point comes from the browser: that’s how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that’s the problem: it disables so many unsafe functionalities that it’s essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that’s how they get caught.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      15
      ·
      2 months ago

      My understanding is that Tor Browser works fine, there’s just some dumb website owners that block Tor traffic by IP address.

    • Trainguyrom@reddthat.com
      link
      fedilink
      English
      arrow-up
      11
      ·
      2 months ago

      I mean, the advice I’ve heard for one who’s threat model is “the feds are actively trying to identify me” is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)

      • schnurrito@discuss.tchncs.de
        link
        fedilink
        arrow-up
        19
        ·
        2 months ago

        All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.

        • HelixDab2@lemm.ee
          link
          fedilink
          arrow-up
          19
          ·
          2 months ago

          ISPs definitely keep records. At least some VPNs claim that they don’t, and that their networks are set up in such a way that they can’t. Some organizations claim to validate the claims of the VPNs, but it’s unclear if they’re trustworthy.

          So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don’t/can’t.

          • communism@lemmy.ml
            link
            fedilink
            arrow-up
            9
            ·
            2 months ago

            Yes, and there’s also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            6
            ·
            2 months ago

            The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center…

            • NauticalNoodle@lemmy.ml
              link
              fedilink
              arrow-up
              8
              arrow-down
              1
              ·
              2 months ago

              As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you’re gonna do something incriminating, then I guess you should create a new account each time.

              • orcrist@lemm.ee
                link
                fedilink
                arrow-up
                5
                ·
                2 months ago

                That’s true but it also depends what attack vector you’re trying to defeat. If someone is doing a timing attack and you’re running through a VPN, it might be harder to work for them, depending on where they sit.

          • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
            link
            fedilink
            arrow-up
            5
            ·
            2 months ago

            I mean, you could set up your own VPN on a VPS and ensure it doesn’t keep logs. You could also get a VPS in a different legal jurisdiction from where you’re at.

            • HelixDab2@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              Depending on what you’re doing, that probably wouldn’t be a significant hinderance to law enforcement. Child sexual abuse, drug trafficking, etc., all tends to get lots of interagency cooperation, regardless of political issues.

                • HelixDab2@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  2 months ago

                  It depends on whether you believe that people should be allowed to use narcotics or not. I tend to believe that people should be able to make that choice for themselves–as it’s their own body–and ordering narcotics online decreases violence in the drug trade since there’s no longer obvious fights over territories, etc.

                  The same interagency cooperation that makes it easier to track down one groups of people and punish them also makes it easier to track down other groups of people that you might agree with.

          • tired_n_bored@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            That’s exactly the reasoning I did for choosing a VPN. I know that VPNs are falsely advertised as “anonymous black magic” but better Proton or Mullvad than my ISP which definitely sells data to advertisers

        • FeelzGoodMan420
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 months ago

          Reputable VPNs like Mullvad publish their auditer results verifying a no-log policy. I guess they could be fabricated results, however that seems extremely unlikely as in that case the auditing firm (usually one of the big 4) would most definitely take legal action considering their name is attached to the results…

  • h4lf8yte@lemmy.ml
    link
    fedilink
    arrow-up
    28
    ·
    2 months ago

    As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.

  • sumguyonline@lemmy.world
    link
    fedilink
    arrow-up
    28
    arrow-down
    3
    ·
    2 months ago

    First, randomize your mac, shutdown anything that can “dial home” (updates, sync, logged in apps, etc) then connect to internet then anonymous VPN, then connect to the tor network, use an anonymized browser with NO java enabled, never download anything -copy paste text, and screen cap images-, if your network drops the popo’s are trying to do a “reconnect” attack to see if they can get an unprotected connection to the material you were looking at. Use a livedisk on USB and you likely won’t get bios level attacks, as live disks make it harder to access your bios. Source: a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.

    • PM_Your_Nudes_Please@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      2 months ago

      This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.

      It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.

    • sunzu2@thebrainbin.org
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      2 months ago

      a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.

      I also prefer my feds to earn their keep, I pay them good money for it.

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    2 months ago

    If I understand correctly, stream isolation will route different connections through different circuits. If you’re doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess

  • some_guy@lemmy.sdf.org
    link
    fedilink
    arrow-up
    19
    ·
    2 months ago

    I have considered Tor safe for illicit activities for at least half a decade. Luckily, there’s no need for me to be on there. But this is bad news for people living in places where speech is heavily regulated plus journalists and would-be whistle-blowers.

  • endofline@lemmy.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    I think the only still secure network is i2p. In there you don’t have the exit node