Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spying On Tor

CmdrTaco posted more than 6 years ago | from the shocked-and-apalled-and-totally-not-surprised dept.

Security 198

juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Sorry! There are no comments related to the filter you selected.

Who cares ? (0, Offtopic)

Adolf Hitroll (562418) | more than 6 years ago | (#21436075)

as long as there's beer [bestpicever.com] !

fuck teh usa!

Lets see if I can say i correctly (-1, Offtopic)

UberHoser (868520) | more than 6 years ago | (#21436127)

This makes me Tor !
I will have to go see the doctor about this Tor.
I wonder if they have a cream for this Tor.

OMG a Flaming Tor !

Conclusion: (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21436135)

You have to know what you're doing to have security. I know it's getting old, but plug-in security simply does not exist.

Re:Conclusion: (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21436427)

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure.

Re:Conclusion: (5, Funny)

s20451 (410424) | more than 6 years ago | (#21436603)

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure.

It's for exactly this reason that Tor should adopt AGPL. That way, if the Chinese government ran a hacked Tor server, they would have to release the source code as well and the hack would be obvious.

You Can't Sue China (0, Redundant)

Jason Earl (1894) | more than 6 years ago | (#21436689)

You can't sue China. Therefore the license doesn't matter.

Re:You Can't Sue China (1)

KEnderK (1171753) | more than 6 years ago | (#21437049)

Yes I can.

Re:You Can't Sue China (0)

Anonymous Coward | more than 6 years ago | (#21437151)

with a userid that low, you'd think you would be able to identify a joke when you see one by now

Re:You Can't Sue China (2, Funny)

Jason Earl (1894) | more than 6 years ago | (#21437269)

with a userid that low, you'd think you would be able to identify a joke when you see one by now.

It just goes to show that age does not necessarily bring enlightenment. Thanks for the heads up :).

Re:You Can't Sue China (2, Funny)

Anonymous Coward | more than 6 years ago | (#21438151)

Not with that attitude

Re:Conclusion: (0)

Anonymous Coward | more than 6 years ago | (#21436733)

I know you are joking, but this sort of naivety pervades the OSS community. OK, maybe it is asinine to believe a hacker would release the source code but it is not far off from thinking that OSS is secure because it is OSS.

Re:Conclusion: (1)

kdemetter (965669) | more than 6 years ago | (#21438009)

thinking that OSS is secure because it is OSS.
The idea is quite simple . If you make something open source , you will have to do everything you can to make the application secure , because anyone can read the flaws . But you still need people who can make the application secure .

Security based on secrecy is bad security .

And well , Tor never claimed that it couldn't be abused .
Personally , it's a nice experiment , and it will no doubt keep improving .

Re:Conclusion: (3, Informative)

dave562 (969951) | more than 6 years ago | (#21438285)

And well , Tor never claimed that it couldn't be abused .

Very true. During one of the original presentations done at Defcon it was mentioned that Tor was already being abused by the government to obfuscate emails for political purposes. It was also mentioned that at the time of the presentation, the potential for both an entry and exit node to be on machines connected to a Level3 connection. One of the big concerns at that point was that with the increased consolidation of backbone providers, it will become more and more difficult to achieve the aims of anonymity.

Re:Conclusion: (1)

Stewie241 (1035724) | more than 6 years ago | (#21437069)

I don't think that helps at all... There would be no way to ensure that the code being run corresponds to the source code being released. AGPL does nothing for security. The decision at the end of the day is who do you trust?

In fact, releasing the source code would make it easier to convince people it is safe, because some might even look at the code and say, "well, looks okay..." But what is actually being executed? Who knows.

AGPL won't help security... having to release the source is intended to increase sharing, not security. The point of a hacked site is for it to operate like a non-hacked site.

Re:Conclusion: (5, Funny)

Anonymous Coward | more than 6 years ago | (#21437883)

It's for exactly this reason that Tor should adopt AGPL. That way, if the Chinese government ran a hacked Tor server, they would have to release the source code as well and the hack would be obvious.

The problem is, a couple hours after suing the Chinese, you want to sue them again.

Re:Conclusion: (1)

Anonymous Coward | more than 6 years ago | (#21436685)

Well if you encrypt your messages, at most you expose your route, but at least the contents is still private. And yeah, a series of rogue TOR Servers could collude and report messages to each other (e.g. to figure out the route).

So in essence ... Tor is useless. Yipee.

Re:Conclusion: (1)

X0563511 (793323) | more than 6 years ago | (#21437809)

You realize when you run tor you get a big warning about it being experimental software, and not to use it for strong privacy? HEED THE WARNINGS. Contents may be hot, handle with care.

Re:Conclusion: (5, Informative)

Kadin2048 (468275) | more than 6 years ago | (#21438361)

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure.
I know I'm feeding a troll here, but I think this is an opportunity to clarify a point: Tor does one thing, and does it pretty well. It hides your IP address from the server you're connecting to. That's it.

It's not a "plug in security" solution, and it's not meant to protect your traffic from people snooping on it in transit. If you want that, you need to use some sort of end-to-end encryption on top of Tor. (And you need to use some form of encryption that doesn't positively identify you, or else you might as well not use Tor to begin with.)

These kind of "attacks" are trivial because they have nothing to do with Tor's actual function. They're taking advantage of user stupidity, not a design flaw.

Is this not what that swedish hacker said? (3, Insightful)

TheSciBoy (1050166) | more than 6 years ago | (#21436137)

This is what happens in a knee-jerk-reaction-based society. You point out a security flaw, instantly identifying yourself as a security threat, get thrown into jail and while your very public trial is going on, the real bad guys are utilizing the very security flaws you found to do Bad Things(TM).

Good grief.

Re:Is this not what that swedish hacker said? (3, Interesting)

Z00L00K (682162) | more than 6 years ago | (#21436313)

That's the normal situation - governments are permitted to do anything that's criminal for a normal citizen. As soon as you do anything is government approved or required it's no longer an issue of breaking the law. Even if it's morally wrong.

The problem here is that the guy revealed one of the weaknesses that's utilized by governments all over the world and suddenly that leak was quenched.

Re:Is this not what that swedish hacker said? (0)

Anonymous Coward | more than 6 years ago | (#21436393)

That is what he said, but he made the mistake of a) not just observing other people's mischief but doing it himself and b) publishing the ill-gotten information. He paved the way though, so that saner ways to look at the problem would get noticed.

MOD PARENT UP (0)

Anonymous Coward | more than 6 years ago | (#21436523)

This whole thread is quite dupeish.

Re:Is this not what that swedish hacker said? (4, Insightful)

Frosty Piss (770223) | more than 6 years ago | (#21436671)

The problem with the guy you're talking about is not that he pointed out some issues with TOR, but that he then proceeded to disclose 100's of user ID and password combos. Totally unnecessary and irresponsible.

any idiot should realize it's a hostile network (4, Insightful)

SuperBanana (662181) | more than 6 years ago | (#21436933)

Is this not what that swedish hacker said?

Is this not what anyone with a basic understanding of the most basic network/TCP concepts (ports, IP addresses, connections, that sort of thing) should have realized, if they read anything about Tor? Is this not something that the Tor project should have explained in clear language for those who do NOT have a basic understanding of networking?

It's beyond "untrusted". It's a hostile network and blatantly so, if you bother to read even a basic description of it. You should assume that your traffic will be routed out a node where a person, organization, or government is passively monitoring or actively attacking your traffic.

All this (repeated) fuss demonstrates is how many incompetent network/sysadmin people there are in the world, and how few people in the press and "blogging" community understand networking. Any idiot who knows ALL of the reasons why ssh is better than telnet (ie, answers more than just "it's encrypted, so people can't see what you're typing") should be able to tell you why Tor is a hostile network...unless they're just parroting what they've read elsewhere.

Nobody has pointed out a security flaw (0)

Anonymous Coward | more than 6 years ago | (#21437995)

The "Swedish hacker" didn't show anything new. This is how Tor is designed, ie it will not solve all of your security problems. It isn't going to give you end-to-end encryption. Your ISP can read your email. With Tor, exit nodes can read your email. Unencrypted network traffic is not secret people. Get over it. This has got to be at least the third Slashdot article pointing this out. Tor nodes have been MITM'ing certs for at least a couple years now as well. This is why your browser pops up a warning.

MITM (4, Interesting)

MartinG (52587) | more than 6 years ago | (#21436187)

I've seen ssh MITM attempts myself with tor, but this can easily be avoided by ensuring you check your fingerprints. You do check your fingerprints, don't you?

Shared keys, browsers, and malice (1, Interesting)

Valdrax (32670) | more than 6 years ago | (#21436363)

Or by using private-key encryption whenever possible. Of course neither solution means anything when you're trying to use an e-commerce site with SSL. Browsers don't offer a solution for checking the security of the connection against MitM attacks.

I find it interesting and openly malicious that encrypted protocols are blocked at some exit nodes. This may explain some intermittent problems that I've been experiencing with some of my apps that use TOR and encryption.

Re:Shared keys, browsers, and malice (3, Informative)

Anonymous Coward | more than 6 years ago | (#21436471)

Huh? You make no sense. SSL is private-key encryption. Every browser I have ever touched does offer a solution for checking against MITM attacks, namely by warning if the certificate is self-signed or doesn't match the site that sent it.

Re:Shared keys, browsers, and malice (1)

Valdrax (32670) | more than 6 years ago | (#21436739)

What are you talking about? SSL certificates are/contain public keys. Read more about the SSL and TLS handshaking procedure.

Also, what happens when you visit a site that signs its own certificate? It's not that hard in doing a MitM attack to fake being that site's unique certificate. Unless you're dealing with a site that you absolutely know uses a trusted third party certificate, then you're SOL.

Also, a government-run MitM node could very well possess a CA's private key and be able to fake legit certificates -- granted, that's paranoid -- whereas its significantly less likely that they could fake the fingerprint of joe random SSH server.

You make very little sense (1)

Burz (138833) | more than 6 years ago | (#21437325)

...and your earlier statement that browsers have no way of checking against MITM is incredibly irresponsible. The only MITM browsers cannot warn against is where the CA is executing or cooperating in the attack.

You either trust a third-party CA, or the communicating parties setup their own keys (preferably in person). Those are the fundamental mechanics of trust when using electronic communications, and the modern browser covers them. Need to use a "joe random" CA? Just plug it into your browser preferences. Inconvenient? Too bad, ssh is no better.

As for those who bemoan government surveillance through e-commerce sites and the CAs they use: You need to seriously re-evaluate your expectations of what online merchants can and cannot do for people. Perhaps the merchant, understanding special privacy needs of their clientelle, would switch CAs (perhaps even to their own).

Yeah, well show me a PSK solution for browsers. (1)

Valdrax (32670) | more than 6 years ago | (#21437429)

You either trust a third-party CA, or the communicating parties setup their own keys (preferably in person). Those are the fundamental mechanics of trust when using electronic communications, and the modern browser covers them. Need to use a "joe random" CA? Just plug it into your browser preferences. Inconvenient? Too bad, ssh is no better.

In person? Oh, really. Just what browser implements TLS-PSK today?

No, you're pretty much entirely stuck with the first choice -- blindly trusting a third-party CA which can be a single point of security failure for a large number of sites. That's the problem. E-commerce requires trust where none should be assumed, especially in the case of a network like TOR that funnels all traffic into a handful of potentially compromised exit nodes.

There is no perfect technical solution for the problem when using PKI.

Team Furry? (3, Funny)

Odiumjunkie (926074) | more than 6 years ago | (#21436191)

> Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols.

Are they worried that the Chinese will intercept pictures of them dressed like this [imageshack.us] ?

Re:Team Furry? (0)

Anonymous Coward | more than 6 years ago | (#21436559)

lulz @ troll mod. Furfags? On MY slashdot?

Re:Team Furry? (0)

Anonymous Coward | more than 6 years ago | (#21436625)

Another perfect example of Slashdot's groupthink being confused - 2, Troll?

Re:Team Furry? (0)

Anonymous Coward | more than 6 years ago | (#21438031)

You Sir, have won the interwebz!

Re:Team Furry? (1)

necro2607 (771790) | more than 6 years ago | (#21438321)

Yeah either that or they're worried about having their personal videos [youtube.com] found... heheh

you're insane to use TOR for anything serious (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21436213)

TOR is a great concept but horribly slow and certainly insecure by default, even with SSL

Re:you're insane to use TOR for anything serious (0, Redundant)

Frosty Piss (770223) | more than 6 years ago | (#21436275)

TOR is a great concept but horribly slow and certainly insecure by default
I'm sorry, what?

Re:you're insane to use TOR for anything serious (0)

Anonymous Coward | more than 6 years ago | (#21436681)

Uh, RTFA?

trust. (0)

apodyopsis (1048476) | more than 6 years ago | (#21436217)

and once credibility is tainted or the finger of suspicion is pointed then nobody will trust it again. as trust is like love, in that it must be built up over a period of time - but can be destroyed in an instant.

burp.

Whew. (1, Funny)

Anonymous Coward | more than 6 years ago | (#21436219)

It's good to know the furry community is keeping us abreast of these security concerns.

No expectation of anonymity (5, Insightful)

athloi (1075845) | more than 6 years ago | (#21436253)

How does anyone expect anonymity? Traffic must somewhere go through ISPs, most of which rent their upstream from large providers like AT&T, who is surely not the only large corporation to get in bed with the government or anyone else who can pay. Enough of that information loaded into a database and compared will yield information about the suspect, even if it's too complex to explain to a "jury of your peers."

If you want anonymity, SSH through a string of compromised Eastern European servers to a comfortably log-agnostic Indonesian ISP, and do all your surfing through Lynx/Links. That's the only stab at anonymity you'll get, and they'll probably just install a keylogger anyway. Freedom is slavery.

Tor gives you anonymity (5, Informative)

arevos (659374) | more than 6 years ago | (#21436751)

Tor gives you pretty robust anonymity, it just doesn't provide privacy.

Re:Tor gives you anonymity (1)

um_atrain (810963) | more than 6 years ago | (#21438143)

Anonymity cannot exist without privacy. Sure, they wont know where the packet comes from. But without privacy, nothing stops them from looking that that packets contents, and finding out your name and other information. And if they know your name and personal information, I would not call that being anonymous.

Re:Tor gives you anonymity (2, Insightful)

Fred Ferrigno (122319) | more than 6 years ago | (#21438375)

If checked the "Post Anonymously" button at the bottom, then ended my post by signing my name, then it's my own damn fault that my communication is no longer anonymous.

Re:Tor gives you anonymity (3, Insightful)

arevos (659374) | more than 6 years ago | (#21438515)

But without privacy, nothing stops them from looking that that packets contents, and finding out your name and other information.
Unless you're really really cunning and - stop me if I'm going too fast for you - don't send out your name in plaintext when trying to stay anonymous!

Re:No expectation of anonymity (1)

vertinox (846076) | more than 6 years ago | (#21437407)

How does anyone expect anonymity?

It isn't as much as anonymity, but rather when the authorities or ISP ask "Who is Sparticus?!" everyone shouts "I am Sparticus!"

Of course what has been happening here is that not everyone has been going along and the concept fails.

I believe true internet anonymity can achieved if there are multiple trusted destination sources and proper encryption between them.

As in if you encrypt your data (with a one time pad), cut it up into multiple different chunks and send it to multiple recipients who blindly send it to a source who they don't repeat who they got it from and the second tier only knows who the real recipient in and so on and eventually it gets sent to a single recipient down the chain.

That way, the ISP can see that you send encrypted stuff to a lot of people but not know what or who it was going to. They would still know you are doing it, but thats about it.

However, if enough people on the chain of blind senders/recipients decided to not follow the rules and started telling more info than the should then the ISP and or powers that be can start tracking who is who.

Re:No expectation of anonymity (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21438311)

Nice try, but a protocol for perfect anonymity has already been described:

http://www.ece.cmu.edu/~adrian/731-sp04/readings/dcnets.html [cmu.edu]

Not sure if there are any actual implementations yet.

not so fresh (2, Interesting)

cpearson (809811) | more than 6 years ago | (#21436257)

Old news is better than no news... i guess. /.ers have know that TOR exit notes where being sniffed for a while now and hackers certainly much longer than that.

Re:not so fresh (0)

Anonymous Coward | more than 6 years ago | (#21436287)

Yeah. Remember Dan Egerstad, the Hacker of the year [slashdot.org] .

Re:not so fresh (1)

necro2607 (771790) | more than 6 years ago | (#21438469)

"i guess. /.ers have know that TOR exit notes where being sniffed for a while now and hackers certainly much longer than that."

Haha, you imply that /.ers and hackers are mutually exclusive.. ;)

Wolves in Sheep's Clothing (1)

ChromaticDragon (1034458) | more than 6 years ago | (#21436331)

Isn't this just pretty much a direct consequence of the nature of TOR pretty much assuming that everyone uses it the way it was intended?

Or otherwise stated, TOR is like a flock of sheep where a wolf cannot bite down on one since they're all on some sort of merry-go-round? But a wolf could simply hop on the merry-go-round and feast?

As the article has repeated, if you're interested in security it seems you really ought to apply your own encryption on top of TOR.

However, even if you do that are you truly anonymous? Is there any way to determine both ends of a conversation (either email or sessions)?

Re:Wolves in Sheep's Clothing (3, Interesting)

koehn (575405) | more than 6 years ago | (#21437303)

As the article has repeated, if you're interested in security it seems you really ought to apply your own encryption on top of TOR.

However, even if you do that are you truly anonymous? Is there any way to determine both ends of a conversation (either email or sessions)?


There's no way to guarantee that your communications over TOR are anonymous, and they're pretty upfront about that in the documentation. It's pretty easy for a government (or just about anybody, really) to add enough nodes to TOR to have a reasonable likelihood of being all three nodes in your conversation (entrance, middle, and exit). The nodes need to be geographically distributed, but that's easy for governments and easier for hackers, who have access to botnets of machines all over the world. Once they've got enough nodes out there, it's pretty easy to tell who's sending all that traffic, and where it's going.

Again, adding encryption helps keep your data from being sniffed (as long as you know you're not hit by MITM, see other comments about PKI), but TOR doesn't protect your anonymity against a sophisticated (and reasonably well-funded) attacker.

Do fancy locks attract thieves? (4, Insightful)

G4from128k (686170) | more than 6 years ago | (#21436379)

Perhaps the problem is that using an anonymizer makes someone a more interesting target to authorities. Like the old adage of attacking the bank because "that's where the money is," perhaps some people are attacking Tor because "that's where the secrets are."

Re:Do fancy locks attract thieves? (1)

mmcuh (1088773) | more than 6 years ago | (#21436935)

Or maybe because it's easy. Setting up an exit node and snooping on the unencrypted data coming through requires a lot less work than listening in on normal internet traffic.

Only problem with TOR (1)

Casandro (751346) | more than 6 years ago | (#21436443)

The only problem with TOR is that it's currently mostly used for 'interresting' from an attacker's point, trafic. If TOR would be used for anything, nobody would evesdrop on the exit nodes anymore.

BTW, it's not like your ISP won't spy on you.

a more wretched hive of scum and villainy (4, Interesting)

davejenkins (99111) | more than 6 years ago | (#21436451)

1. set up a data-laundering haven
2. advertise amongst the warez people and criminal element
3. let enough criminal traffic (drug trafficking info) go through to build up trust that the laundering 'really works'
4. Wait around for the stuff that is important (like nuclear codes or enemy state intel)
5. ???
6. Promoted to section chief at the invisible mansion! (Profit!)

I don't have one lick of proof to say that our friends in Maryland or their cousins in Langley set this thing up from the beginning, other than it's an obvious slam dunk for them. I don't think the NSA is monitoring certain ports, I think they own the whole thing.

Trust (1)

adrenalinekick (884201) | more than 6 years ago | (#21436453)

Old news I know, but this once again brings up the issue of trust. I am only familiar with the TOR protocol/Onion routing at a high level, but is it possible to somehow revamp the protocol and include a trusted node-ranking system? Think slashdot style mod points applied to a TOR server. Obvious DOS attacks exist with this method, but refined a little it may work.

Even so, I'd still try to browse using HTTPS everywhere I go. (Granted that doesn't stop people from knowing what sites you browsed...)

Re:Trust (1)

houstonbofh (602064) | more than 6 years ago | (#21436797)

Old news I know, but this once again brings up the issue of trust. I am only familiar with the TOR protocol/Onion routing at a high level, but is it possible to somehow revamp the protocol and include a trusted node-ranking system? Think slashdot style mod points applied to a TOR server. Obvious DOS attacks exist with this method, but refined a little it may work.

And exactly how would you know if someone is sniffing if they do not publish the results? The fact is that this is a security/anonymization system built on trust. If we could trust people, we would not need a security/anonymization system...

Re:Trust (2, Interesting)

stevey (64018) | more than 6 years ago | (#21437301)

Given the number of hijacked machines taking part in the Storm worm, for example, any popularity contest could be skewed by a maliciously motivated attacker.

The big issue with tor is that you're magnifying your exposure. By default you're vulnerable to sniffing by your ISP, and all the people they peer with till you get to your endpoint. With tor in the mix you're vulnerable to sniffing from your ISP, and any number of random people who've elected to host a tor node.

Sure you've bounced your connection around to essentially mask the source & destination from the end-point and your ISP - but you've introduce a whole load of untrusted hops as part of that.

If you care about security the idea of passing unencrypted traffic through even more random machines should scare you ..

Ludicrous (2, Interesting)

vvaduva (859950) | more than 6 years ago | (#21436463)

The idea that anonymous routers/nodes can offer your secure routing of traffic is laughable. Since most folks don't understand the difference between anonimizing traffic and securing traffic, the entire conversation is a waste of time. The observations are interesting, but they are not surprising at all.

Not what tor was intended for! (5, Insightful)

sammydee (930754) | more than 6 years ago | (#21436501)

Tor was never intended to SECURE traffic. It is an ANOMYMISER. It is designed to cope with compromised nodes and still provide military grade anonymity.

It's important to remember that security and anonymity are different things.

Re:Not what tor was intended for! (0)

Anonymous Coward | more than 6 years ago | (#21436767)

MOD PARENT UP

It's just like Stallman says about the term "Intellectual Property" being a term that creates a muddy confusion between Copyrights, Trademarks, Patents, and other laws. The term "security" is now a muddy confusion of anonymity, privacy, and access control. TOR isn't going to automagically make your data unreadable, break CIA/NSA ciphers, or tell you where Hoffa is buried. Hell, the **AAs are so confused about "security" they think it means the end-users can be prevented from copying a message they are intended to receive!

Military grade anonymity? Say what? (5, Interesting)

myvirtualid (851756) | more than 6 years ago | (#21437103)

Military grade anonymity?

What?

Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.

Military grade anonymity, indeed.

[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.

Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.

There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.

To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.

So the people who do know cannot and will not tell.

You'll just have to take my word for it. :->

"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"

Re:Military grade anonymity? Say what? (4, Informative)

Old Man Kensey (5209) | more than 6 years ago | (#21437445)

myvirtualid wrote:

clearance at - or above - top secret

There is no clearance above TS, at least in the technical sense. There is TS/SCI ("special compartmented information") clearance, which may or may not include a lifestyle polygraph exam. TS/SCI and TS/SCI + lifestyle poly are not "above" TS in any real sense, they are merely additional qualifiers used as criteria to determine whether you can be allowed access to compartmented info. If you have TS/SCI it makes that process easier, but not having TS/SCI is not an absolute barrier if the right people sign off on it (although for certain information "the right people" may consist of both houses of Congress and the President).

Compartments can be as loose (within the restrictions of TS) or as restrictive as necessary. There can be (and I understand are) compartments with only a handful of people.

Re:Military grade anonymity? Say what? (1)

myvirtualid (851756) | more than 6 years ago | (#21437993)

There is no clearance above TS

Perhaps not in the US. And not trying to be tongue-in-cheek, but if there, would you be allowed to know of them, without having a TS yourself? (Not that I am in any implying that this might be the case anywhere, you understand....)

Re:Not what tor was intended for! (0)

russ1337 (938915) | more than 6 years ago | (#21437245)

Exactly. If I was ever going to use a p2p for illegal file sharing (Disclaimer: I do NOT illegally file share,) I'd make sure I used azureus bittorrent client through the TOR network - (azureus supports TOR)*. That way, my IP address as seen from the MAFIAA would be seen as the TOR exit node, and they'd never be able to see me on the other end.

The TOR exit node can sniff my traffic all they want, but they ain't finding anything personal beyond a penchant for the latest movies and certain types of pr0n.

*Sure, TOR aint big fans of people chewing up BW with p2p, but better that than being sued right? You could always use a live CD with azureus and configure TOR manually so if power was shut off to the system its configuration would be lost - but that's just tinfoil hat now aint it?

Re:Not what tor was intended for! (2, Insightful)

Cal Paterson (881180) | more than 6 years ago | (#21437355)

*Sure, TOR aint big fans of people chewing up BW with p2p, but better that than being sued right?
No, not "better that than be sued". You're just making tor more difficult to use for what it really is for; information censured for political reason. Tor really does help chinese nationals (at least, those that are aware of it and able to use it), you're just ramming nodes with your idiotic hollywood film traffic.

Re:Not what tor was intended for! (0)

Anonymous Coward | more than 6 years ago | (#21437897)

This is an example of the tragedy of the commons at work.

TOR is not intended for someone to download the latest Britney Spears video, its intended to allow people to view and interact with websites and other Internet services. Running P2P through TOR nodes only causes node operators to have to throttle traffic or be forced to shut down their exit node completely (because a lot of sites have to pay for every single byte through their network, and every bit of TOR traffic means two bits on their meter), which hurts the network as a whole.

Absolutely. Tor is great at anonymity (1)

Burz (138833) | more than 6 years ago | (#21437805)

...and trust isn't required with this anonymity vehicle.

The privacy layer you supply yourself, and that requires the usual crypto-facilitated trust. As the Tor people often remind us, there is no way around that fundamental requirement.

So the question is really, do you trust Certificate Authorities pre-loaded in your browser? And if not, what steps are you and the party you're connecting with going to take to swap private keys?

Also bear in mind that many connections need only anonymity and not privacy, if you don't want to be seen browsing certain websites that are viewable by anyone, for instance. In that case, using Tor while regularly flushing your browser's cookies and cache will do the trick.

Privacy becomes necessary when either you or the second party are transmitting data that no one else should see at all, or that no one else should see in the context of anonymity (like your name or other identifying info). Think!

How can ... (1, Informative)

Anonymous Coward | more than 6 years ago | (#21436521)

people be smart enough to setup tor, but not smart enough to use GPG/PGP/etc. ?

TOR is *not* a privacy tool in the sense it hides your message contents. It hides your route. So with Tor people know what is being sent, just not who is sending it.

It's not hard people, encrypt your traffic, then send it through TOR. OMG wow, I R SMRT!

Re:How can ... (1)

emj (15659) | more than 6 years ago | (#21436879)

Have you ever tried to set up GPG? It's really a lot of things to get right directly you need to know about keyservers and how to send publickeys in a secure way etc. etc. And you need to know all the commands.

To install TOR I did, click on "install new packages", find TOR, install. Change to the Proxy gateway. I actually forgot that I was using TOR..

Re:How can ... (1)

DarkSarin (651985) | more than 6 years ago | (#21437197)

Sending public keys in a secure way? Hmmm?

I may be wrong, but I thought the point of a public key was that it didn't need to be secure. I publish my public key on my website (this is hypothetical-I don't really, though I should), and then ANYONE can use it to send me encrypted data. Then, to decrypt it, you need the private key. Period. No one should ever have your private key for any reason. If they do, then you need to ditch it and the public key and start over, as you have been compromised. There should never be a reason to send your private key to anyone. If you need to transfer it to a new computer, I suggest using a usb key to temporarily store it, but you'd have to ask the experts on how to do that.

Re:How can ... (2, Informative)

Chyeld (713439) | more than 6 years ago | (#21438131)

Congratulations, you are only half wrong.

With "Joe Random"'s public key, you can indeed encrypt using it and only the owner of the matching private key can decrypt it. However, who is to say that you are really using Joe's public key?

And conversely, if you get something signed that can be decrypted using Joe's public key, how can you be sure that it was actually signed by Joe?

The answer is, you can't. Not unless Joe has a secure way of providing you his public key. Perhaps publishing it to a web site works, if the only part of your identity that is being proven is that you are "Joe of web site X". But that still doesn't prove much about Joe, does it?

Re:How can ... (0, Redundant)

Fizzl (209397) | more than 6 years ago | (#21437763)

publickeys in a secure way

And why would you need to do that in a "secure way"? Public keys are.... public! For christs sake..

Huh (1)

Impy the Impiuos Imp (442658) | more than 6 years ago | (#21436601)

"Sir, there's this anonymizing computer out there people are using."

"Cool, let's quitely set up computers in line with it and intercept the traffic going to and from it and correlate it with anonymized traffic going the other direction." ...and this is a surprise to just who again?

This and more from this month's issue of the spy quarterly, "Duh!"

Re:Huh (1)

arevos (659374) | more than 6 years ago | (#21437527)

Tor isn't a single computer; it's an international network of servers set up by volunteers. In order to effectively correlate traffic information you'd have to have the capability to monitor a large majority of nodes in the network.

A little reminder (5, Interesting)

Khopesh (112447) | more than 6 years ago | (#21436617)

This is a little reminder that we need a lot more users and exit nodes before TOR is reasonably safe.
This is a little reminder to encrypt your data end-to-end rather than through another network; anonymity is not security.
This is a little reminder that you really do need to check your SSL certificates.

TOR's encryption fools some into thinking it is a security model. It is not. TOR facilitates anonymous transactions using encryption internally. It eliminates the possibility of people spying on you by name, but it does not stop them from spying on "the people" (which includes you). You still need another encrypted transaction between you and your endpoint for real security.

The more exit nodes there are, the less likely a snooping entity will get ahold of your data. The more users there are, the more data those snoops need to filter through to get something meaningful (caveat: statistical analysis [wikipedia.org] . workaround: encrypt data past the TOR network).

This is a call-to-arms; everybody needs to use encryption and anonymization to enable the system to work, otherwise somebody can set up a few nets and read the whole network's content, even brute-force decrypt it due to its low volume. Take a look at what Zimmerman's justification for PGP [philzimmermann.com] :

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding.

Re:A little reminder (1)

griffjon (14945) | more than 6 years ago | (#21436889)

Good points, all. If you're telnetting over the Internet; without having a very specific reason to do so, you're already asking for problems that no proxy is going to help you with. Now, monitoring who's trying to telnet to places using Tor I can see as generating a good list of naughty users and misinformed network admins...

Re:A little reminder (0)

Anonymous Coward | more than 6 years ago | (#21438093)

The more exit nodes there are, the less likely a snooping entity will get ahold of your data.
Unless the additonal nodes belong to snoopers.

How does a SSL MITM attack work? (3, Insightful)

arevos (659374) | more than 6 years ago | (#21436619)

I can't quite see how a SSL MITM attack works. Wouldn't the SSL certificate have to be registered for use with a specific domain? Could anyone explain how this would work?

Re:How does a SSL MITM attack work? (4, Informative)

phantomcircuit (938963) | more than 6 years ago | (#21436819)

Replace the SSL Certificate with a self signed one and hope they just click yes.

Re:How does a SSL MITM attack work? (1)

MrNemesis (587188) | more than 6 years ago | (#21436987)

Granted, this'd work for most "average" computer users accustomed to clicking "OK" every few minutes. But if you're the sort of person who uses TOR, surely a bogus SSL cert would be enough to set of plenty of alarm bells. heck, I remember logging into my newly built file server at home an noticing that the SSH key had changed - cue immediate power down, reformat and analysis of all other boxes I had access to before I realised that the account I was using at the time was using ~/.ssh that hadn't been touched for at least a year (with the previous incarnation of that server still in known_hosts). D'oh!

Anyway, in answer to the GP, a bit of googling found (amongst other things) this: http://www.monkey.org/~dugsong/dsniff/ [monkey.org] which I shall give a whirl tonight...

Re:How does a SSL MITM attack work? (1)

gedhrel (241953) | more than 6 years ago | (#21437153)

This is why you probably don't want to use an exit node run by Verisign :-/

Re:How does a SSL MITM attack work? (1)

wkk2 (808881) | more than 6 years ago | (#21437415)

A self-signed certificate may not be require if real signing was coerced. Browsers probably should complain if a non-expired certificate changes from a prior connection. Who believes that the major certificate authorities haven't been forced to give up their private keys?

Re:How does a SSL MITM attack work? (0)

Anonymous Coward | more than 6 years ago | (#21437923)

That's why Internet Explorer doesn't offer you a Yes/No dialog anymore. It displays a dead-end error page.

Re:How does a SSL MITM attack work? (0)

Anonymous Coward | more than 6 years ago | (#21437085)

Most likely they generate a self-signed certificate, and then hope that users ignore or bypass the warning that shows up in their browsers.

Please help us improve our documentation. (5, Informative)

Nick Mathewson (11078) | more than 6 years ago | (#21436699)

Hi all. I'm one of the Tor authors.

We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.

Right now, we do this in our documentation, and in a list of warnings on our download page [torproject.org] . But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.

Does anybody have good ideas about how to get the word out better?

(As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)

Re:Please help us improve our documentation. (5, Funny)

Rob T Firefly (844560) | more than 6 years ago | (#21436781)

If you find a reliable way to make end-users RTFM, please let us know.

Re:Please help us improve our documentation. (1)

phantomcircuit (938963) | more than 6 years ago | (#21436919)

You want to automatically detect in route sniffing? Good luck with that one.

You want to detect MITM attacks on SSL? Already been done, do not waste your time.

Re:Please help us improve our documentation. (1)

Klaus_1250 (987230) | more than 6 years ago | (#21437823)

Automatically detecting them won't happen but you can setup honeypots to detect bad exit-node.

Re:Please help us improve our documentation. (0)

Anonymous Coward | more than 6 years ago | (#21437493)

On the matter of getting users to notice that unencrypted protocols are bad: Have the TOR client by default reject traffic on ports which are known to be used for unencrypted communication and give an error message which points to the relevant documentation. Even if you don't catch all instances of unencrypted traffic, most users are going to try and use one of the more common protocols and read the documentation then (or ask on a forum where they will hopefully have the documentation quoted to them.)

Re:Please help us improve our documentation. (1)

DrkShadow (72055) | more than 6 years ago | (#21437501)

I'm confused.. what do you need a coder for? I googled Mike Perry man in the middle SSL, and I came across a discussion of things..

http://archives.seul.org/or/talk/Aug-2006/msg00316.html [seul.org]

but, as is stated, there's no work to be done on this issue. If a certificate is invalid, you probably have a man in the middle -- at least, that's how a tor user should take it. If it's not invalid, then accept it and go with trust.

From what I understand, these things are _already_ implemented.

As for getting the word out more, perhaps a full click-through screen with big red text saying "BAD!" and a little puny button that does a jump-around-the-page-on-mouseover thing four times before you can continue. Even place the button over the four most appropriate words in turn, so they're looking at the word after the button moves. Don't use runon sentences like I just did, and get rid of the yes/no popup with uniform, boring text that looks like the standard, "Do you want to blah blah or not?" box. Of course they want to do what they're trying to do. They just don't know they shouldn't want to.

I think that'd strike a negative for usability, though ;-)

-DrkShadow

Re:Please help us improve our documentation. (1)

Klaus_1250 (987230) | more than 6 years ago | (#21438075)

First of all, thanks for working on TOR! Second, to answer your question, no (PEBKAC). You could force the user to read a document with all warnings upon install, but even that won't really work. Last, it would be nice to see some improvements in TOR itself to protect the network from rogue exit-nodes: 1) setup a (auto-updating) blacklist of rogue nodes. 2) use honey-pots to expose rogue nodes. 3) blacklist exit-nodes which use MITM-SSL attacks or alike client-sided (should bedoable in combination with an echanced TOR-button plugin) 4) allow users to setup certain rules/criteria for their routes and exit-nodes (e.g. I wouldn't want an exit-node in the US, Nigeria and a bunch of other countries)

Re:Please help us improve our documentation. (1)

Khopesh (112447) | more than 6 years ago | (#21438085)

Some possible solutions for TOR clients to implement:
  1. Avoid using exit nodes that prohibit encrypted content, even if using unencrypted content.
  2. Check server fingerprints (in known protocols) on multiple exit nodes.
  3. Cache server fingerprints for local and relayed traffic. If a server changed from a known CA to self-signed, throw a red flag somehow.
  4. Force all nodes (not just exit nodes) to participate in a distributed web cache proxy, whose cached objects are verified through secondary exit nodes.

Items 1-3 are quick smoke tests that shouldn't really affect speed or latency. Item 4 will hopefully have the added benefit of speeding up the network ... theoretically, it could go bittorrent-style and give significantly faster access to slower sites, reducing the slashdot effect and more closely matching (or even surpassing) direct access speeds.

Re:Please help us improve our documentation. (1)

srollyson (1184197) | more than 6 years ago | (#21438453)

Nick, Tor uses privoxy [wikipedia.org] , right? If you want to be any more invasive about telling people the privacy risks, simply redirect the first HTTP request of each session (once per boot) to a page displaying this info with a checkbox to disable it. That's the closest you can get to make people RTFM, but I'm inclined to leave the behavior as it stands now.

In soviet russia, (0)

Anonymous Coward | more than 6 years ago | (#21436885)

governments are spying on Ext.

Pity (1)

AuntieWillow (1188799) | more than 6 years ago | (#21437067)

Of course I pity the people who's only job is to spy on my boring life. If I don't have a real life, how much more pathetic is it to just watch me? Now...off to Database programming and Laundry (What I like to call "Saturday Night")!

Any router can spy? (1)

katorga (623930) | more than 6 years ago | (#21437261)

Any router that passes your packets can be abused to spy on you and where you go. It is that simple.

But... (0)

Anonymous Coward | more than 6 years ago | (#21437767)

Isn't Tor open source?
Then, if some security issue is found, all you need to do is fix it!

I am quite surprise about this news too... I thought Tor was safe...

Now, how can I do my evil surfings from now on????
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?