

Not Anonymous: Attack Reveals BitTorrent Users on Tor Network - hornokplease
http://arstechnica.com/tech-policy/news/2011/04/not-anonymous-attack-reveals-bittorrent-users-on-tor-network.ars

======
JoachimSchipper
Basically, Tor only works if the protocol you're running on top of it doesn't
do stupid things. For instance, Tor doesn't work if your browser helpfully
sends geolocation information. Likewise, Tor doesn't work if you happily make
un-Torred connections to possibly malicious IP addresses retrieved via a Tor
link, which is more or less what the vulnerable Bittorrenters were doing. (You
_can_ run the entire Bittorrent protocol over Tor, but it's painfully slow and
a big load on the network.)

In short, Tor may have real issues, but this is not Tor's fault.

------
david_shaw
I have some questions about the significance of this claim. If I'm reading
this correctly, the attack is that someone hosting a malicious Tor exit node
(and we assume that _all_ exit nodes are compromised -- just common sense) can
correlate tracker requests over the Tor network to chunks being sent to the
non-anonymous IP _not_ over Tor.

In other words, this isn't really groundbreaking at all -- if you're
requesting data to be sent _not_ over Tor, and instead _only_ proxying your
tracker requests, of course that data can be correlated. You're anonymously
asking for chunk 5429817, but telling the tracker to send it to your real IP
address. An interesting issue, to be sure, but it's certainly not "breaking"
the Tor network.

A lot of people are complaining about how one shouldn't BitTorrent over Tor
anyway, for courtesy of the network--and I agree--however, this is _just_ the
tracker data being proxied. That is, if you _were_ actually sending the
BitTorrent data over Tor (which _would_ slow the network), then you're
protected from this kind of attack because your unprotected IP would not
request data from the honeypot.

From the article:

 _When one of the malicious exit nodes sees an attempted connection to a
BitTorrent tracker, it intercepts the response and adds the IP address of one
of the honeypot clients under researcher control. The user's BitTorrent client
then attempts to make a data connection directly to the honeypot without using
Tor, thus revealing the user's IP address to the honeypot._

The article goes on to mention that users who _do_ tunnel their traffic
through Tor are still vulnerable if they use DHT, because DHT works over UDP
while Tor only proxies TCP traffic.

------
Rondrak
See also, direct from the Tor blog:
[https://blog.torproject.org/blog/bittorrent-over-tor-isnt-
go...](https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea)

------
getsat
Don't use Bittorrent over Tor, people. It's bad for the network itself.

------
shii
I was a big proponent of Tor circa 07-09ish. However, I don't think it's
really the best solution out there for those who need/wish-to-have private,
anonymous internet usage. There are a number of issues I could list including
how slow and unreliable it can be, but the worst by far is the fact that vast
majority of the exit nodes are sniffed on or are honeypots to catch
dissidents.

There is no way to know who the hell you're tunneling your traffic through,
and it's really unsafe. It's much, much more safe to setup your own VPN
service on another outside box/server that you personally control and tunnel
everything that way.

And yes, don't ever use bittorrent on Tor, not just for the security exploit
mentioned here, but the fact that that eats up __alot__ of bandwith and slows
things down for everyone, dramatically.

The UofWash project mentioned in the end is a better alternative to straight
bittorrent btw, in that there is __trust__ and you know who you're connecting
to. Or you could just get an astraweb account, but I digress...

~~~
demosthenes
Anonymity is not the same as privacy. Tor is more about anonymity than about
privacy.

That exit notes can sniff traffic has been known for a long time. Compromised
exit nodes do not compromise anonymity as long as you don't give up personally
identifiable information in traffic that gets routed via exit nodes.

More problematic is that compromised exit nodes could inject or run man in the
middle attacks on your outbound traffic. These could then make you give up
your real IP. This is why you shouldn't run exploitable protocols when exiting
via Tor (ie. don't use javascript, flash, etc. if you want to remain
anonymous).

~~~
shii
If you're engaging in sensitive escapades via Tor to conceal your true
identity, shouldn't the intentions and identity of who you're tunneling all
your traffic through be one of your top priorities?

How do you know if that node with the pretty flag saying it's in Switzerland
isn't logging all IPs, DNS requests, and packet headers straight to another
Room 641A?

I just dislike when people suggest things like Tor without having used it
themselves and seen the glaring issues and essential deficiencies with the
tool.

Especially when there are such better and faster solutions available.

~~~
demosthenes
Because of Tor's design there's no need for trust at the exit node. Plus, you
hop between exit nodes at 10 minute intervals, giving any one node at best a
scrappy picture of your activities. You can also blacklist exit nodes that you
consider suspicious.

Even if an exit node's logs are compromised an adversary wouldn't know your
identity if you haven't given it up in the compromised traffic.

What better solutions are available? As far as I know Tor is still the most
resilient option out there.

------
pppp
Jeez, did anyone read the article? It said that bitorrent users commonly only
use TOR to access the trackers, then use a NON-TOR connection to the peer.

The researchers then recorded the user's IP address from the non-TOR traffic.
Nothing magically going on here.

