TOR Entry and Exit nodes

Nika Bolokov · 16-03-2013 9:20pm #1

Hi All,

Would anyone be able to explain how you can be tracked even using the TOR browser through statistical analysis of TOR entry and exit nodes?

Are relay bridges essential?

Is there any other way to preserve privacy?

Cheers !!:D:D

BaconZombie · 16-03-2013 11:44pm

The easiest way to preserve privacy is to unplug your computer.

Nika Bolokov wrote: »

Hi All,

Would anyone be able to explain how you can be tracked even using the TOR browser through statistical analysis of TOR entry and exit nodes?

Are relay bridges essential?

Is there any other way to preserve privacy?

Cheers !!:D:D

Nika Bolokov · 17-03-2013 4:49pm

Thanks guys. A fascinating field.

Seachmall · 22-03-2013 7:10pm

Here's a DefCon talk that discusses some of the past and present issues with TOR if you're interested.

Nika Bolokov · 22-03-2013 8:20pm

Brilliant , Thanks !

Rucking_Fetard · 03-07-2014 7:42pm

Austrian Tor Exit Node Operator Found Guilty As An Accomplice Because Someone Used His Node To Commit A crime

from the bad,-bad-news dept
Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:

Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.

Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor. While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria. Hopefully there is some way to fight back on this ruling and take it to a higher court -- and hopefully whoever reviews it will be better informed about how Tor works and what it means to run an exit node.

House of Blaze · 04-07-2014 2:25am

Thought this might be of interest.

www(dot)wired.com/2014/07/nsa-targets-users-of-privacy-services/

Apparently leaked NSA source code indicates that even visitors to the Tor website have their IP's logged and are flagged for further deep packet email analysis.

FFS!

Rucking_Fetard · 04-07-2014 2:40am

House of Blaze wrote: »

Thought this might be of interest.

www(dot)wired.com/2014/07/nsa-targets-users-of-privacy-services/

Apparently leaked NSA source code indicates that even visitors to the Tor website have their IP's logged and are flagged for further deep packet email analysis.

FFS!

lol, was just coming back to post this.:pac:

http://www.dailydot.com/politics/tor-tails-search-nsa/

Anonymity—or even just searching Google to read articles about anonymity—makes you an extremist in the eyes of the National Security Agency.

The report specifies that the NSA was targeting a German student named Sebastian Hahn, who runs a node on the anonymization network Tor.
The source code includes the IP address for a server administered by Hahn, believed to be the second specific individual reported to be tracked by the NSA after German chancellor Angela Merkel.

Hahn runs a Tor directory authority which lists almost every one of Tor’s 5,000 network nodes. It’s not clear if the NSA was directly monitoring Hahn’s server of if German intelligence was involved.

Tor itself appears to remain uncompromised, but American surveillance is monitoring German-based Tor directory authorities that act as “gateways to the entire system,” Russia Today reports. That gives them the IP addresses of those accessing the system, a resource that can be cross referenced with the agency’s massive intelligence troves.

Rucking_Fetard · 04-07-2014 11:02pm

Tors Response

We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.

Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.

The Linux Journal is now an extremeist Forum.

Anyone know what Reyosa* is?

It's in that Analysts Desktop Binder from Dept of Homeland Security released in 2011 as a word watched for online.

Just throwing that in for the laugh^^^. Must throw in a few more of the ones I don't even know what they are.

*

Hotblack Desiato · 05-07-2014 10:14am

Anyone else remember when people would put Echelon-bait into their usenet signatures?

Recondite49 · 08-07-2014 3:27pm

Hi Nika,

In brief bridges aren't essential but setting up your own private bridge or alternatively using the Obfsproxy Bundle will make it harder to analyse your traffic or tell you're running tor in the first place respectively. This take care of the "entry" side of things and if you need further help setting up your bridge or using the Obfsproxy bundle, feel free to send me a message.

It's important to bear in mind the difference between privacy and anonymity. If you visit Facebook using the Tor browser, it won't be possible to identify you from your IP address alone but if you then sign in to your own account and send messages to your friends, any fool with access to Facebook's records will know it's you who's connected.

The danger inherent to exit relays is partly due to the issues I outlined above (someone connects anonymously to a website and then posts personally identifiable information) as well as immoral people running 'poisoned' exit nodes and trying to harvest information like your passwords and browsing habits. If you must connect to the regular web from tor, at least try to use sites protected via SSL i.e those that begin https://.

Someone who could observe a large portion of the network might be able to detect that you were connected to Tor at a time when some information left an exit relay e.g If the Burmese government is monitoring the network, they may be able to see that a certain human rights worker was using tor at the same time an e-mail was sent to a Western newspaper detailing human rights abuses via an exit relay. This would be sufficient evidence for a corrupt dictatorship but you'd have a hell of a job convincing an Irish jury that this amounts to evidence.

You asked about other ways to preserve privacy - I think Bedlam has already touched on this but for sensitive messages I'd definitely recommend encrypting via gpg or OTR messaging (Torchat is a favourite of mine but there are some vulnerabilities in it).

You also want to make sure you leave no trace of your browsing activity so I'd recommend either installing the Tor browser to a USB stick or better yet using a 'live' operating system like TAILS which automatically 'torifies' all your traffic and of course if you're booting from a CD any trace of your activity is lost within minutes of you powering off the machine.

For any data you want to keep safe, I'd recommend encrypting a USB stick. The Disk Utility program in most Linux distros has a point and click feature to do this. By default I think it uses AES-128.

Rucking_Fetard · 08-07-2014 3:32pm

Recondite49 wrote: »

It's important to bear in mind the difference between privacy and anonymity. If you visit Facebook using the Tor browser, it won't be possible to identify you from your IP address alone but if you then sign in to your own account and send messages to your friends, any fool with access to Facebook's records will know it's you who's connected.

Thief Arrested Because He Forgot to Log Off Facebook After Burglarizing a Home

Look, we’re no experts here, but if you’re breaking into somebody’s home, we suggest getting in and out as quickly as possible. This means you probably shouldn’t take a break to check your Facebook.
Apparently, though, that’s what 26-year-old Nicholas Wig did after breaking into a house in St. Paul. He used the target’s computer to check his profile — and then he forgot to log out, CBS Minnesota reports.

jmcc · 23-07-2014 3:17pm

Hotblack Desiato wrote: »

Anyone else remember when people would put Echelon-bait into their usenet signatures?

The days of CypherPunks and the NSA Trawler?

Most people here weren't around then.

Regards...jmcc

industrialhorse · 23-07-2014 4:08pm

Rucking_Fetard wrote: »

Thief Arrested Because He Forgot to Log Off Facebook After Burglarizing a Home

Eh how come the burglar was able to easily just turn on the PC and go straight to the browser to access Facebook? No PC logon password required or maybe the burglar used the (ahem!) Guest account??

If that burglar was even slightly quick-witted, he could have probably convinced the victim and police that he was just testing the security of the PC......and the victim failed in this case:rolleyes:

Rucking_Fetard · 15-08-2014 1:32am

PORTAL router puts hassle-free TOR privacy in your pocket

Rucking_Fetard · 21-08-2014 4:35am

Tor Browser Security Under scrutiny

http://m.slashdot.org/story/206171

Khannie · 21-08-2014 10:03am

Rucking_Fetard wrote: »

Tor Browser Security Under scrutiny

http://m.slashdot.org/story/206171

Interesting.

In short, the road Tor Project is embarking on will be difficult to continue while maintaining high
security standards without considerable cooperation with Mozilla, a sustainable development group,
and periodic involvement from specialized individuals.

Perhaps mozilla should be engaging with them a bit more? It would be a big loss of face to them if Chromium took over as the browser of choice for the tor bundle.

Recondite49 · 22-08-2014 3:55pm

Khannie wrote: »

Interesting.

Perhaps mozilla should be engaging with them a bit more? It would be a big loss of face to them if Chromium took over as the browser of choice for the tor bundle.

I have read through the comments. Forgive my ignorance but it didn't seem to me that a switch to Chrome/Chromium is on the cards - did I miss it? Had to read through in a hurry as I am at work!

Recondite49 · 22-08-2014 4:02pm

Rucking_Fetard wrote: »

PORTAL router puts hassle-free TOR privacy in your pocket

Thanks for this RF. I've just ordered the kit necessary to assemble an "Onion Pi" and will see when it arrives if my Luddite brain is up to the challenge. Fingers crossed!

Rucking_Fetard · 22-08-2014 5:37pm

NSA and GCHQ agents 'leak Tor bugs', alleges developer

British and American intelligence agents attempting to hack the "dark web" are being deliberately undermined by colleagues, it has been alleged.

Spies from both countries have been working on finding flaws in Tor, a popular way of anonymously accessing "hidden" sites.

But the team behind Tor says other spies are tipping them off, allowing them to quickly fix any vulnerabilities.

The agencies declined to comment.

The allegations were made in an interview given to the BBC by Andrew Lewman, who is responsible for all the Tor Project's operations.

He said leaks had come from both the UK Government Communications Headquarters (GCHQ) and the US National Security Agency (NSA).

By fixing these flaws, the project can protect users' anonymity, he said.

"There are plenty of people in both organisations who can anonymously leak data to us to say - maybe you should look here, maybe you should look at this to fix this," he said. "And they have."

Carries on...

Rucking_Fetard · 22-08-2014 5:41pm

Recondite49 wrote: »

Thanks for this RF. I've just ordered the kit necessary to assemble an "Onion Pi" and will see when it arrives if my Luddite brain is up to the challenge. Fingers crossed!

https://learn.adafruit.com/onion-pi/overview

Doesn't look to bad, from a quick skim of it. Have Fun.:P

Recondite49 · 22-08-2014 6:00pm

Rucking_Fetard wrote: »

https://learn.adafruit.com/onion-pi/overview

Doesn't look to bad, from a quick skim of it. Have Fun.:P

Thanks chief,

Of course the presence of an Onion Pi in your home is a bit of a giveaway, will have to find somewhere I can stow it...!

I don't want to sound negative but TAILS has been awfully restrictive of late and also there's no support for Torchat...

Rucking_Fetard · 28-08-2014 9:24pm

Cybersecurity official uses Tor but still gets caught with child porn

The former acting cybersecurity director for the US Department of Health and Human Services, Tim DeFoggi, was convicted yesterday on three child porn charges.

As reported by Wired, DeFoggi is the sixth suspect to be caught by the FBI's Operation Torpedo, which used controversial methods of defeating the Tor anonymizing software in order to find child porn suspects.

One site frequented by DeFoggi was PedoBook, hosted by Aaron McGrath—a Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as "****christ" and "PTasseater" to register on the sites, where he could view more than 100 videos and more than 17,000 child porn images.

The FBI seized McGrath's site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used "various investigative techniques… to defeat the anonymous browsing technology afforded by the Tor network."

The techniques used include "drive-by downloads," in which a website installs malware on every visitor's computer.

Such a deployment "can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates," explained Wired in an earlier piece on Operation Torpedo.

Having set up such a trap, FBI agents got to know DeFoggi better. Wired's Kim Zetter explains:

During chats DeFoggi described using Tor to access PedoBook early in the morning hours and between 4 and 6 pm. Among the evidence seized against him was pen register/trap trace data obtained from Verizon showing someone at his Maryland residence using Tor during these hours as well as the IP addresses used by an AOL account under the username “ptasseater,” which pointed to DeFoggi’s home.

When agents arrived at his home early one morning to execute a search warrant, they had to pry him from his laptop, which was in the process of downloading a child porn video from a Tor web site called OPVA, or Onion Pedo Video Archive. In addition to child porn images stored on his computer, authorities also found evidence of his Tor browser history, showing some of his activity at PedoBook and OPVA.

DeFoggi worked for the Department of Health and Human Services from 2008 until January of this year. He's scheduled to be sentenced in November.

Lots of freaky sh1t in there, PedoBook, Onion Pedo Video Archive. Jaysus.

And a Cybersecurity Director that couldn't hide himself online.

Khannie · 28-08-2014 10:22pm

Rucking_Fetard wrote: »

And a Cybersecurity Director that couldn't hide himself online.

Amateur. I'm delighted they nailed the fcuker though.

Recondite49 · 29-08-2014 12:29am

Khannie wrote: »

Amateur. I'm delighted they nailed the fcuker though.

You said it bro,

Still what's good for kiddy porn is also good for people who want to exercise their democratic freedoms online.

We chatted earlier about using a live OS like TAILS, do you think this would help?

I also imagine that tracing his IP wouldn't have been enough under law, they would also have needed proof he'd downloaded the files. Fortunately he was obligingly in the process of downloading a video to his laptop at the time.

Don't suppose he thought of putting his sick videos on an encrypted external drive, still it's for the best, he's getting the help he needs now.

Hotblack Desiato · 29-08-2014 12:56am

Sounds to me like a lot of bluff about 'compromising Tor'. Seems he wasn't compromised through Tor as such, but he revealed circumstantial evidence (time of day he used dodgy sites correspoding to time of day they knew he used Tor) and that's enough for a warrant. He also used a username on a Tor site which he'd used on a non-Tor site, which is the equivalent of posting with your real name on Boards and then complaining you're not anonymous.

I'd bet money they had their eyes on him for some other reason, e.g. dodgy sites at work, or a credit card on a dodgy site which was taken over, and his mistakes just gave them the proof for what they were already looking for. Caught in the act during a search was the icing on the cake as far as law enforcement were concerned.

Rucking_Fetard · 29-08-2014 1:08am

Hotblack Desiato wrote: »

I'd bet money they had their eyes on him for some other reason, e.g. dodgy sites at work, or a credit card on a dodgy site which was taken over, and his mistakes just gave them the proof for what they were already looking for. Caught in the act during a search was the icing on the cake as far as law enforcement were concerned.

Parallel construction

Parallel construction is a law enforcement process of building a parallel - or separate - evidentiary basis for a criminal investigation in order to conceal how the investigation began. [1]
In August 2013, a report by Reuters revealed that the Special Operations Division (SOD) of the U.S. Drug Enforcement Administration advises DEA agents to practice parallel construction when creating criminal cases against Americans that are actually based on NSA warrantless surveillance.[1] The use of illegally-obtained evidence is generally inadmissible under the Fruit of the poisonous tree doctrine.[2]