TOR Entry and Exit nodes

obsidianclock · 31-01-2015 08:35PM

_Jumper_ wrote: »

Depends on the country.

How do you mean?

_Jumper_ · 31-01-2015 08:46PM

obsidianclock wrote: »

How do you mean?

Ya can pick any name you want in some countries.

RainyDay · 31-01-2015 09:47PM

bedlam wrote: »

Something else is going on. If you are connecting to the Tor hidden service the only connecting IP address they will see for you is localhost. The only reason Facebook would see you coming from a different public IP would be if you are connecting to www.facebook.com over Tor.

Sorry, yes, that's right. The 'other country' warnings came when I was logging in to Facebook.com via TOR. However, now, each time I log into the Facebook onion address, I get a warning that I've logged in from 'somewhere unexpected'. Facebook asks me to verify that login, and if I try to verify it from FB on my phone, it crashes when it tries to hit the FB onion address.

RainyDay · 06-02-2015 11:19PM

Anyone else having trouble with TOR in the past couple of days? Could UPC have blocked it or something?

_Jumper_ · 07-02-2015 12:18AM

_Jumper_ wrote: »

Ya can pick any name you want in some countries.

But not China.

Christ, they're trying again to make registration of your real name compulsory on even discussion sites now aswell.

http://www.reuters.com/article/2015/02/04/us-china-internet-censorship-idUSKBN0L80ZF20150204

None of this in...Germany for example.

Khannie · 07-02-2015 08:07PM

RainyDay wrote: »

Anyone else having trouble with TOR in the past couple of days? Could UPC have blocked it or something?

I haven't had any trouble. I'm on eircom.

RainyDay · 13-09-2015 09:26AM

Has anyone used a TOR browser on Android? I see a few apps, but would love to hear from others before I choose;

https://play.google.com/store/apps/details?id=info.guardianproject.browser

https://play.google.com/store/apps/details?id=nu.tommie.inbrowser

anvilfour · 13-09-2015 11:53AM

RainyDay wrote: »

Has anyone used a TOR browser on Android? I see a few apps, but would love to hear from others before I choose;

https://play.google.com/store/apps/details?id=info.guardianproject.browser

https://play.google.com/store/apps/details?id=nu.tommie.inbrowser

Hi Rainyday,

I used Orbot + Orweb back in 2012.

I was fairly happy when trying to access clear sites but had huge problems trying to access tor hidden services .. it was much slower than a computer. Recently I tried to access Facebook's onion address from a Samsung Galaxy phone using Orweb but had to give up because it took too long, other sites loaded fine.

anvilfour · 13-09-2015 11:54AM

RainyDay wrote: »

Anyone else having trouble with TOR in the past couple of days? Could UPC have blocked it or something?

Have you considered setting up private bridge chief? Alternatively obfsproxy might be worth a bash.

anvilfour · 13-09-2015 12:00PM

Guardian Project are also working on a new tor based mobile browser:

https://dev.guardianproject.info/projects/orfox-private-browser/news

RainyDay · 13-09-2015 12:45PM

anvilfour wrote: »

Hi Rainyday,

I used Orbot + Orweb back in 2012.

I was fairly happy when trying to access clear sites but had huge problems trying to access tor hidden services .. it was much slower than a computer. Recently I tried to access Facebook's onion address from a Samsung Galaxy phone using Orweb but had to give up because it took too long, other sites loaded fine.

Tks, very interesting. I'm not trying to access hidden services - just keen to keep prying eyes off my regular day to day stuff. So maybe Orweb is the best option for me.

anvilfour wrote: »

Guardian Project are also working on a new tor based mobile browser:

https://dev.guardianproject.info/projects/orfox-private-browser/news

Tks, what would the difference be between this new browser and Orweb?

anvilfour wrote: »

Have you considered setting up private bridge chief? Alternatively obfsproxy might be worth a bash.

Seems like a bit OTT for my needs. I don't run a server, just a standard Windows laptop, but thanks for the suggestion.

Khannie · 14-09-2015 11:50AM

I'm going to second a private bridge. They're a bit of effort to set up, but they can seriously enhance your Tor experience for two main reasons:

1) You trust the first hop (lots of benefits here)
2) You know how much bandwidth is available and if it's better than Tor average you're winning

I am using one and I found my average speed on Tor went from ~4.5Mbps to ~6.5Mbps. That's a serious improvement though there is fluctuation with it.

RainyDay · 14-09-2015 12:15PM

Khannie wrote: »

I'm going to second a private bridge. They're a bit of effort to set up, but they can seriously enhance your Tor experience for two main reasons:

1) You trust the first hop (lots of benefits here)
2) You know how much bandwidth is available and if it's better than Tor average you're winning

I am using one and I found my average speed on Tor went from ~4.5Mbps to ~6.5Mbps. That's a serious improvement though there is fluctuation with it.

Do I need a server for this, or can I set it up on my bog-standard (and fairly clunky and overstretched) Windows laptop?

Khannie · 14-09-2015 12:35PM

Typically you would use a server, but it should be possible to set it up on your laptop and have port forwarding on your home router (once the laptop is always on).

edit: If none of this makes sense to you, a private bridge is probably going to be more hassle than it's worth.

anvilfour · 14-09-2015 01:41PM

Khannie wrote: »

Typically you would use a server, but it should be possible to set it up on your laptop and have port forwarding on your home router (once the laptop is always on).

edit: If none of this makes sense to you, a private bridge is probably going to be more hassle than it's worth.

Well said Khannie.

My own advice is to have a VPS (Virtual Private Server) dedicated to the bridge and which is used for nothing else. They only cost a few dollars a month and setting up the private bridge is very easy, there are loads of guides online.

If you want to be ultra secure you need to make sure there's no way to connect the server to you. One way you can increase the odds of this is to pay the server fees in Bitcoin, which if used correctly is untraceable.

anvilfour · 15-09-2015 08:59AM

In a more holistic sense I will say that pretty much all the major vulnerabilities in Tor come from the entry/exit nodes. That's why protecting that "first hop" as Khannie puts it by using a private bridge increases your protection hugely.

Accessing sites on the "clear" web can be problematic inasmuch that an adversary has several types of attacks they can use by monitoring exit nodes, which in fairness can be mitigated by connecting to websites using SSL only. This is of course assuming the nodes themselves aren't run by a dishonest person or law enforcement who aren't harvesting data about which sites you connect to and other browsing habits.

Pretty much all these vulnerabilities disappear when you stick to using "dark web" sites e.g through using Bitmessage's Onion address to set up and check your e-mail rather than their regular website.

This of course will only make it much more difficult for someone monitoring your connection to tell which website you are connecting to and in the case of the website to which you are connecting, near impossible to trace your IP. It doesn't protect from side channel attacks like key loggers, malware, "evil maid" attacks etc.

For this reason when I access Tor services I use the TAILS Operating System booted from a DVD, this way even someone with physical access with your machine would be unlikely to be able to install keylogging software as you're not booting from the hard drive.

Khannie · 15-09-2015 12:18PM

anvilfour wrote: »

If you want to be ultra secure you need to make sure there's no way to connect the server to you. One way you can increase the odds of this is to pay the server fees in Bitcoin, which if used correctly is untraceable.

With a private bridge you're unfortunately bollixed in terms of connecting the bridge with you because all of your traffic to and from the bridge will be via your normal IP.

anvilfour · 15-09-2015 05:28PM

Khannie wrote: »

With a private bridge you're unfortunately bollixed in terms of connecting the bridge with you because all of your traffic to and from the bridge will be via your normal IP.

VPN maybe?

In any case there does seem to be cause to believe that having torified traffic on your home internet singles people out for greater surveillance so a private bridge might be a case of prevention being better than cure.

Khannie · 23-09-2015 02:13PM

I think that used to be the case alright, but with the growth in the number of VPN and Tor users over time, I would hope that will stop.

TOR Entry and Exit nodes

Comments