Tor is not anonymous if the relays and hidden service work together. Given the cost of hosting and the significant funding put into this by the U.S. it's just a matter of probability before the deanon cannon aligns to a user.
I had a fun one a few years back - the company it guy pulled me aside and then with a lot of hesitation/beating around the bush told me that someone on my team had been mining crypto at work and that they would have to format their machine and disrupt their day as a result.
Never felt so much relief to hear the world "crypto" as the delivery of the message had me confused and fearing bad things.
When I spoke to the person about it turns out they'd started mining on their own hardware as a hobby and were just curious what the perf diff would be on the work computer's
Unless you're talking about interacting directly with DeFi stuff via a standalone Ethereum node, isn't those alarms just based on a DNS and IP blocklist?
Stopped taking tor seriously when i read one of these attackers controlled something like 30% of exit nodes around 1-2 years ago. Just makes you wonder whether the rest are govt hosted given there are no incentives for anybody to host a node. Another reason i don't trust TOR is that on the TOR subreddit they always tell you not to use a VPN before TOR, which just seems very suspect given there is only upside to doing this (VPN only sees what your ISP would've seen unless the vpn client is malware).
>there are no incentives for anybody to host a node.
Sounds like you kids need an anonymous decentralized cryptocurrency powering your tor nodes with rewards for doing so. But everyone here hates crypto so I’ll just be over here sipping my Monero tea.
I don’t think people here dislike crypto for its stated goals, but because current implementations don’t live up to those goals and have some serious defects. The hype doesn’t match the reality, which makes crypto feel more like a speculative market than a solution to a problem.
Things take time. Which industry matured that quickly? Anyhow, stuff like Monero are actively suppressed by regulation and central exchanges. That's a political problem.
Monero is just a digital currency anyway, similar to Bitcoin if Bitcoin had cheap transactions. You can hardly run anything on the network. Something like Ethereum might be an option once it scales properly and when transaction costs come down. I do agree there needs to be a financial incentive to run nodes. A blockchain which does not discriminate in terms of applications running on it could be very valuable in the future. Privacy is important, not just from a civil rights point of view but for businesses too. There's a reason corporations care about IT security and encryption.
There was a pretty nice project a few years ago, awarding Bitcoin to Tor node operators called Oniontip [1]. All Tor operators had to do was to add a Bitcoin address to their Tor contact info. Donors would transfer Bitcoin to a Oniontip-operated Bitcoin address and Oniontip would regularly pay out the Tor operators proportional to the bandwidth they provided to Tor.
That did work remarkably well, but unfortunately the author lost interest at some point and took the whole project down.
OK, I'm curious, how would this work out in practice?
The first reservation that comes to mind for me is concerns about crypto ledgers being more pseudonymous than anonymous. If I start using a cryptocurrency to tip exit node operators, that creates an immutable, publicly visible paper trail linking my presence on TOR back to me. Not exactly the kind of thing I'd be eager to sign up for if I'm trying to hide my tracks.
It also moves things toward a situation where digital privacy is reserved for people who can afford to pay for it, which strikes me as running directly counter to the principles the TOR project is supposed to be upholding.
It needs to be verifiable to be protected from spoofing, and encrypted to be protected from listening. You can't verify arbitrary network traffic because servers aren't stateless, but you can encrypt some traffic (https). Sadly, the encrypted traffic still has some metadata, such as server ip, sometimes hostname, request size.
Either way, it can't be protected in the way filecoin/gridcoin are protected.
I think the idea was to reward all exit nodes, to provide an incentive for doing so that doesn't involve malicious behavior. Hopefully that would drown the malicious nodes in a sea of non-malicious operators who are here for the cryptocurrency rewards.
Of course a way to prove you are not malicious would be great but I don't see how you can prove that using technology.
I think their point about VPN is that a third party provider then could be compelled to disclose information about you. Since all your traffic routed through a single provider before hitting the remote proxy, there is now the potential for a single point of collection. When using Tor only, traffic leaving your computer is encrypted before hitting the first node which mitigates this threat. If the use of Tor is illegal for you, a VPN makes sense to hide its use-- but like you said, it is only hidden from the ISP. The VPN provider can still see that you are using it. In practice, how Tor is used should depend on the threat a person is trying to defend against.
Nonsense or terrible design. The VPN shouldn’t be able to read anything sent to a tor node. There are easy ways to detect a key exchange intercept with a trusted certificate authority, and probably also with no trusted authority.
Maybe the thought is that there is no additional security is gained by using the VPN in this use case unless your threat model includes your ISP knowing you are using Tor. You're moving the trusted partner from your ISP to the VPN provider. Again, it comes down to an assessment of risk based on your threats.
VPN hardens against your local ISP knowing when you are and are not using Tor, which is important meta data and has been used to identify people in the past.
True, but the ISP knows you are using VPN and the VPN provider knows you are using Tor. Thats why I made the argument that the stategy of defense depends on the use case.
I can't even access TOR without VPN, because it's blocked in my country. My government makes sure our citizens use the best security practices to access the Internet. Very nice.
You are completely correct about the nodes being run for all sorts of nefarious reasons. Although, there are a small number of nodes rub by enthusiastic individuals but it's rare.
Reddit has tons of actors spreading disinfo especially about VPN's never trust the info from there without serious vetting.
Forgive my ignorance but why does it matter who controls exit nodes? Unless you identify yourself on the clearnet an exit node operator can't identify you can they?
Like you, I imagine plenty of governments run exit nodes just to see what's happening and keep the system working for their own uses.
If they control the relay and the exit mode then they can force http and mount MITM attacks on subsequent traffic of the user didn’t notice. This allows them to replace the destination address with their address and the user will be robbed of his cryptocurrency.
I hosted a node which moved a hefty amount of traffic. Tor and the EFF sent me several T-shirts even. Then Tor decided they would label themselves a “human rights project” and started to go full political. I shut down my node forever.
There are only a handful of things I can think of that are more political than creating software which allows people to access the internet freely and anonymously, in many cases against the wishes of their government.
(Also the EFF is literally a political organisation and has described itself as a civil rights organisation since its formation in 1990.)
It's kind of interesting to see an apparent expression of pleasure at receiving a T-shirt from the Electronic Frontier Foundation, followed immediately by an expression of disdain about political missions.
I'm pretty sure that, if you asked a random EFF board member, they would tell you that digital rights are largely just the application of human rights principles to the digital domain.
>Then Tor decided they would label themselves a “human rights project” and started to go full political
Why is this bad? Branding yourself as a human rights project garners way more sympathy than having the implied branding of "we help cybercriminals cover their tracks". In an age where encryption and privacy is under constant attack, having the public be on your side is very important.
Why is this an issue? Most websites support HTTPS. It should be required and impossible to disable. Other malicious actors could also be running such attacks even at a much smaller scale.
In this case, I think if the user makes an HTTP connection to a site, even if the site is HTTPS only, the attacker can intercept it, and man-in-the-middle it or pose as the legitimate site
edit: and, the reason it's an issue is not because these systems and networks don't have strong secure communication options available, but because if there is any potential security hole at all, some users will fall into it
The HSTS preload checking service doesn't support .onion URLs (not to mention you can only get EV certificates for .onion URLs).
However, Tor onion services cannot be MITM'd by an exit node, because you don't use exit nodes and the connection is end-to-end encrypted (and authenticated -- the URL is also the public key of the hidden service so you'd need their key to spoof the service). So arguably .onion URLs are far harder to attack in this manner than TLS, and the HSTS preload list isn't needed at all to protect .onion URLs.
I don't know, but your connection to a .onion service is encrypted before leaving your machine (no nodes see plain HTTP traffic). It's also authenticated as the domain is derived from the public half of the keypair.
There are a few ways one could perform this attack. SSL stripping would be the most transparent. The attacker could also proxy SSL with a different cert. If the cert was invalid the victim would at least be warned. HSTS should mitigate this threat.
> Why is this an issue? Most websites support HTTPS.
Tor Browser and TAILS try not to keep any trace of the websites you've visited.
That means no 'frequently visited sites' start page, no bookmarks, no address bar autocomplete from history, and no HSTS unless it's preloaded.
So if a tor user visits bitcoin-mixer.com there's a good chance they'll be typing the address in manually - and a good chance they'll omit the https:// at the start.
(Also, a great many bitcoin mixers, for some inexplicable reason, don't get themselves HSTS preloaded)
the attackers are intercepting the initial request which is a plain text tcp packet containing the https url. that https is then stripped from the url, turning the url into a plain http request.
i think the only way to prevent that from working is if the websites outright reject http requests.
