

Is Tor Safe? Think Again. - Aetius
http://cryptogon.com/?p=624

======
shaddi
Some good points here. A couple thoughts:

\- If, for some reason that I can't really conceive of, you wanted to connect
to a far-away access point, you'd need a highly directional antenna (due to RF
physics). Doing this actually makes direction finding extremely challenging,
for the same reason you can't see a laser from the side (unless it's super
high power and has something to reflect off of, which is unlikely to be the
case in the wifi scenario).

\- End-to-end encryption plus an anonymization mechanism like Tor seems to me
to be pretty impervious to attackers, assuming the implementation of your
encryption and anonymization are both correct (which, admittedly, is a big if,
but is not a /fundamental/ issue; you could envision a system engineered to be
correct). If you have a secure, trust-worthy, out-of-band mechanism for
exchanging keys with whoever you want to talk to, even if someone owns the
infrastructure you're using they won't be able to decrypt your communication,
or know who the source and destination are if you're using an anonymization
mechanism. This also assumes you trust the person you're communicating with,
etc.

I'd love for someone to correct my understanding of this if I'm wrong.

~~~
ehsanul
I'm no security expert, but I don't think you even need an out-of-band key
exchange mechanism. Just use public key cryptography [1], as used in
SSH/TLS/PGP/GPG.

[1] <http://en.wikipedia.org/wiki/Public-key_cryptography>

~~~
DougBTX
I was about to write this response, but I see that it is more clearly written
in the wikipedia article already:

 _Another potential security vulnerability in using asymmetric keys is the
possibility of a man-in-the-middle attack, in which communication of public
keys is intercepted by a third party and modified to provide different public
keys instead. Encrypted messages and responses must also be intercepted,
decrypted and re-encrypted by the attacker using the correct public keys for
different communication segments in all instances to avoid suspicion. This
attack may seem to be difficult to implement in practice, but it's not
impossible when using insecure media (e.g. public networks such as the
Internet or wireless communications). A malicious staff member at Alice or
Bob's ISP might find it quite easy to carry out. In the earlier postal
analogy, Alice would have to have a way to make sure that the lock on the
returned packet really belongs to Bob before she removes her lock and sends
the packet back. Otherwise the lock could have been put on the packet by a
corrupt postal worker pretending to be Bob to Alice._

The workaround is to either exchange the public keys out of band, or
distribute a certificate which can be used to verify public keys out of band.

------
x12x12x12
Security can succeed by making an attack economically or logistically
impractical. You have to consider when using any such system:

1\. What would it cost the adversary to pull off a successful attack to reveal
your identity? Would it be worth it to the attacker to do so?

2\. Are there easier, more obvious targets?

I would say it's a possible useful tool of increasing that cost for a
potential adversary above their threshold of resources and motivation.

If I'm wrong, tell me where I posted this from, and I'll go hide in the woods.

~~~
corin_
Naturally depends on who you're trying to hide from.

This article seems to have been written from the point of view of "the CIA are
watching me", not "I don't want someone to hack my facebook profile".

And based on that logic, you have to assume that the CIA (or whatever agency)
won't chose who to spy on based on who will cost them the least money.

~~~
pyre
The CIA won't choose to spend $1billion+ to spy on a single person unless they
are _really_ important.

~~~
wladimir
Most of the things he mentions are very cheap to pull off, though. Proxy
honeypots, sniffing ISP internet connections, querying IPs, email surveillance
-- the infrastructure is already in place they just have to type some
commands. Cost: $0.

On the other hand, actions that require actually sending men in suits and vans
filled surveillance equipment can be costly. If they're doing that, you know
you're in big trouble.

~~~
mootothemax
_Most of the things he mentions are very cheap to pull off, though. Proxy
honeypots, sniffing ISP internet connections, querying IPs, email surveillance
-- the infrastructure is already in place they just have to type some
commands. Cost: $0._

I'm sorry but I have to jump in here - you're writing off an awful lost of
resources under the banner of "they just have to type some commands."

~~~
wladimir
I'm sorry you had to take that literal, I was just figuratively speaking.

My point is that it is the human part of surveillance that is costly. For
everything that can be collected automatically with systems already in place
(even though placing those systems could have been very expensive), the
threshold to use it is very low. When the information is collected and
processed, what rests is only database queries. "automatic surveillance" is
(comparatively) cheap.

In contrast, "expensive surveillance" is placing monitoring equipment in a
house, parking some fan sneakily around the block to listen in, and such. It's
labour and resource intensive.

------
iuguy
I'll try to be careful with my words here (to avoid ambiguity more than
anything else), but there are different programmes in different countries that
provide different degrees of interception.

In the UK we have the Regulation of Investigatory Powers Act 2000, which
amongst other things forces service providers to keep logs of Internet
activity for the police. These logs are typically of the order of IP address
and connection type, not the actual data itself. This applies to pretty much
all Internet access coming out of the UK somewhere along the line.

Beyond the police there are means of intercepting specific Internet traffic.
It's easier for me to talk about US interception capabilities at that level
though (as it's more publicised). The FBI, NSA, CIA and (if IIRC but they
might be colluding with another agency) the DHS all have their own independent
capabilities for broad sweeps and targeted surveillance. These capabilities
are exercised according to remit. The agencies have information sharing
agreements with each other, and the relevant agencies have international
sharing agreements with their counterparts e.g. UKUSA intelligence sharing
agreements etc.

If you want anonymity, you have to understand what you're trying to protect
yourself from and (if possible) your adversary's capabilities. Having worked
in countries with significant local interception capabilities that I do want
to protect against, usually a properly configured VPN or SSH tunnel to a safe
country is about as good as you're going to get without getting into
government crypto (and if you're using government crypto in a hostile
environment like that you're probably breaching some rule somewhere anyway).

As to the question of whether or not Tor is safe, I assumed it was public
knowledge that various countries' intelligence services ran monitored exit
nodes for quite a while. I've seen malicious Tor exit nodes in investigations
and have known people who've set them up for the express purpose of monitoring
them.

------
jwhitlark
When four people sit down to talk conspiracy, three are government agents, and
the fourth is a fool.

------
ZoFreX
Between the terrible grammar, grade school sentence structure, needless
paranoia, senseless rambling and overall [citation needed]-ness of the
article, I'm afraid I didn't really get the point. I thought it was going to
explain why Tor is unsafe, yet it just made some broad speculative points and
finished with a final jab in Tor's direction with no strength or conviction
behind it.

------
wmf
From 2006/2007.

~~~
AndrewS
Given the direction in which governments seem to be moving, it's probably more
relevant now than it was then.

~~~
chunkybacon
Too paranoid to upvote and comment from my normal account...

------
unicornporn
Not that the post actually brought up the Tor concept, but... I hate it when
people diss the Tor concept by making the assumption that all uses of Tor
requires an exit point. It doesn't. See torchat as an example.
<https://code.google.com/p/torchat/>

------
sown
So what about for hidden tor services?

~~~
wmf
I think one of the points of the rant is that you have no way to know whether
Tor is safe or not; if Tor is compromised then you might as well assume that
it's _completely_ compromised, including hidden services.

