User Controls
New attack to de-anonymize hidden services or TOR users.
-
2015-07-31 at 9:11 PM UTC
[INDENT] The researchers’ attack requires that the adversary’s computer serve as the guard on a Tor circuit. Since guards are selected at random, if an adversary connects enough computers to the Tor network, the odds are high that, at least on some occasions, one or another of them would be well-positioned to snoop.
During the establishment of a circuit, computers on the Tor network have to pass a lot of data back and forth. The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.
Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host.
Similarly, a spy who lucked into the position of guard for a user could, with 88 percent accuracy, tell which sites the user was accessing.
[/INDENT]
http://arstechnica.com/security/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/
Interesting, what is also interesting i read an article about a group of Russian hackers who had compromised an exit node in such a way that it dynamically added malware as user would download files through it.
I think this was the article.
http://securityaffairs.co/wordpress/29589/cyber-crime/tor-exit-node-serves-malware.html -
2015-08-04 at 2:48 AM UTCGood to know. I always knew that there would come to be ways to de-anonymize tor traffic. Its interesting to see the cat and mouse in anonymous connections in that it seems to be:
1. People make an "anonymous" network
2. People figure out how to find out connections and ids
3. People figure out how to mask those connections and ids
4. People figure out how to uncover the masks for those connections and ids
5. Repeat ad nauseum
(obligitory)
6. ????????????
7. PROFIT!
-
2020-11-28 at 1:46 PM UTCany upd8?
-
2020-12-01 at 3:57 PM UTC
Originally posted by Sudo any upd8?
Good question, this is a 2015 thread, so Sopie was more 0226 than 1337. And i haven't looked into this for a while. however the Tor Project is still very much active and it gets updates very regularly. In fact if you're interested you can read about their work on their website. https://torproject.org.
Thay're always working on fixing vulnerabilities and making Tor more robust in general. -
2020-12-01 at 4:01 PM UTCSo can my ISP see the porn i google on tor or what
-
2020-12-01 at 4:52 PM UTCyeah if Google was working with the nsa, and google owns tor onion than wtf is the point of using the tor vpn in the first place?
-
2020-12-01 at 9:20 PM UTC
Originally posted by Blue Oyster Cult So can my ISP see the porn i google on tor or what
Nah, a VPN would be sufficient for that, or even a simple proxy, as long as you proxy your DNS queries as well.
Originally posted by Bugz yeah if Google was working with the nsa, and google owns tor onion than wtf is the point of using the tor vpn in the first place?
Google does in fact work with the intelligence community. If i recall correctly, they got seed money from INQTEL when they first got started. That's the CIA's Venture Capital branch. Also, Google doesn't own the Tor network. The Tor Network is decentralized, there are many people and organizations of all sorts that run Hidden Services(Tor Websites), then there are people that operate relay servers, exit nodes and all sorts of infrastructure and you have the clients of course.
There is also an important distinction to make here, Tor is not a VPN. Basically with a traditional VPN you connect to a privately owned network your connection comes in at server A, encrypted, so it's hard to tell what sort of data goes through, comes out at server B, grabs the web resources you requested and sends it back. The Tor Network is a lot more complicated and secure. Basically, your traffic comes in at an entry node, this node encrypts the request/data and sends it to a relay node, the relay node only knows where the request/data has to go, sends it to the next relay, with an added layer of encryption, so the second relay only knows the request/data came from the relay before it not the original source but does know where it has to send it next. It arrives at the exit node in case you are requesting a clearnet site, grabs whatever was requested ans sends it back to a relay. This way, only the exit node knows what data was requested but it doesn't know where the original request comes from.
When you are requesting a tor website, hidden service, onion, whatever you want to call it. Something similar happens. However, you send the request and it goes three hops into the network, and the website sends the data that goes three hops into the network. Your request and the data the website is providing meet in the middle, which makes six hops in total, where neither your browser/computer/whatever and the server/hidden service/whatever, know where exactly the request is coming from nor exactly where the data is coming from.
That's the basic gist of it without getting into too much technical details.The following users say it would be alright if the author of this post didn't die in a fire! -
2020-12-07 at 12:28 AM UTCI stopped using TOR years ago. I wouldn't doubt it if the NSA has dozens of ways to deanonymize TOR users. There's always some new security hole with TOR it seems.
-
2020-12-07 at 12:31 AM UTCsupposed attack does not do what it says on the tin
-
2020-12-09 at 3 AM UTCedited for privacy
