
Hackers build a new Tor client designed to beat the NSA - nsshey
http://www.dailydot.com/politics/tor-astoria-timing-attack-client/
======
otoburb
>>Astoria [is] both most effective and most usable when at its highest
security level, the researchers say, so "Astoria is a usable substitute for
the vanilla Tor client only in scenarios where security is a high priority."

I'm still working through the research paper[1] linked at the end of the
article, but if Astoria is as good as described, wouldn't Tor either adopt the
same node selection policies, or people shift over to Astoria wholesale?

[1] [http://arxiv.org/pdf/1505.05173.pdf](http://arxiv.org/pdf/1505.05173.pdf)

EDIT: From the paper, quotes below provide much clearer context for the quote
in the article:

"From our evaluation of Astoria, it is clear that the performance-security
trade-off is favorable only in its higher security configurations. [...]
However, at lower security configurations, the performance offered by Tor is
clearly better, and its security, only slightly worse. Therefore, Astoria is a
usable substitute for the vanilla Tor client only in scenarios where security
is a high priority."

~~~
Forbo
It would be interesting to see if this gets adopted in something like Tails
where security is the priority focus.

~~~
pakled_engineer
Tails apparently doesn't even have time to patch grsec/pax so unlikely. It
took them almost a year to add macchanger on boot even, they spend all their
available time patching the flood of bugs due to cramming their distro full of
userland tools like video editing software.

~~~
higherpurpose
Sounds like their efforts would be better spent on a ChromeOS-like OS that's
only a Tor (or Astoria) browser at its core.

~~~
MacsHeadroom
Or Firefox OS, considering Tor Browser is FF.

------
throwaway7767
I'm not done reading the paper, but I suspect that astoria clients could be
distinguished from regular tor clients at least by the fact that they do not
pre-build circuits.

This means that the anonymity set has been partitioned, especially given that
the authors say "From our evaluation of Astoria, it is clear that the
performance-security trade-off is favorable only in its higher security
configurations."

So there is a danger that people who perceive themselves to need higher
security and use this client will lose anonymity guarantees as they are mixing
with a much smaller group of people who all consider themselves "interesting
targets".

The big reason tor is so effective is because they've performed a lot of
outreach and gotten different groups to use it, resulting in a large and
heterogenous set of users.

Of course, this is still very interesting research, and maybe it will be
integrated into the official tor client. I know there have been many
discussions of AS-path-based selection in the past.

------
late2part
"designed to beat" means better, not perfect. Imperfect means eventually it
gets beat. The NSA might say what the IRA told Margaret Thatcher, "Today we
were unlucky, but remember we only have to be lucky once. You will have to be
lucky always."

~~~
justcommenting
as a friend reminded me, anonymity only buys you time; it does not buy anyone
justice.

and david simon's recapitulation is more succinct and compelling:
[https://www.youtube.com/watch?v=E2Fv-
nJCfrk](https://www.youtube.com/watch?v=E2Fv-nJCfrk)

~~~
jacquesm
It might buy you _enough_ time.

Note that almost every exercise in security is an exercise in buying time.
Today's encryption will likely be broken tomorrow and by the time you've
achieved your goal it no longer matters whether or not your communications are
broken.

Of course if you plan to stay in business for a very long time you're gambling
against really good odds of discovery and potentially _not_ achieving your
goal.

If you want to be a terrorist or miscreant you could extrapolate from that
that fewer numbers is better and the first 'hit' should be your hardest and
should not take too long to set up or require a lot of communication.

Fortunately for the rest of the world any plot that does real damage _usually_
does not have those properties.

But beware of the lone wolf with access to technology.

------
maljx
Isn't the classical solution to this encryption problem to always send
packages in the same size at regular intervals. If each host adds a layer of
encryption you can't match the packages at the end points. Is this just too
expensive? (I'm not an expert so genuine question from my naive POV.)

~~~
chatmasta
I don't know about "classical," but this is the approach Dissent [0] takes to
thwarting traffic analysis. Communication is broken into "rounds" and
intervals within those, so that every packet is indistinguishable from the
outside based on size alone.

[0] [http://dedis.cs.yale.edu/dissent/](http://dedis.cs.yale.edu/dissent/)

------
white-flame
I really wish more people and companies would host things on Tor's hidden
services, avoiding the entire notion of exit nodes and the cleartext network.

~~~
dEnigma
At least you can look at "Anonymous Cat Facts"[1]

[1][http://2v7ibl5u4pbemwiz.onion/](http://2v7ibl5u4pbemwiz.onion/)

------
digitalchaos
>> Astoria also opens multiple avenues for future work such as integrating
realtime hijack and interception detection systems (to fully counter RAPTOR
[18] attacks)

This is really interesting. I'm curious how that would work.

------
kiproping
I tend to prefer links from the actual researchers if available other than
links from news sites. Just a general observation.

~~~
jeremy85
But the summary is easier and faster to read by the general public, and the
article puts the reference very clearly in the end, it's good in this case.

~~~
aluhut
It is. And as a part of the general public I appreciate it. Thank you.

~~~
nsshey
:-)

------
ZainRiz
"Astoria reduces the number of vulnerable circuits from 58 percent to 5.8
percent, the researchers say"

Yes, their researched showed that exactly 5.8% circuits would be vulnerable
with their change, and measured it accurately to 0.1%.

The research did not say that vulnerability would be around 10% of the
original amount +/\- 5%

------
ape4
Maybe this isn't a new idea. But it seems that more Tor exit points would be a
big help. Has anyone made a tool that's both and entry and exit point. You
could control the amount of bandwidth exiting. This way the exit points would
be more transient - like Bittorrent peers.

~~~
tacotime
I think the lack of exit nodes has more to do with legal considerations than
actual computational resources/willing volunteers. See the tor blog's Tips for
Running an Exit Node with Minimal Harassment -
[https://blog.torproject.org/blog/tips-running-exit-node-
mini...](https://blog.torproject.org/blog/tips-running-exit-node-minimal-
harassment)

"Suggest creation of LLC for large exit nodes" I'm guessing that this might be
a larger barrier to entry for most willing volunteers compared to hardware and
bandwidth costs

~~~
ape4
Wow, thats a lot of effort.

------
pakled_engineer
The problem is getting Tor itself as per Snowden docs they capture your
identifiers for later surveillance so need to Jason Bourne around the city to
anonymously fetch Tor.

------
FatalBaboon
The header picture looks terrific, very webby

