can we be sure tor still works?

19 réponses [Dernière contribution]
tomlukeywood
Hors ligne
A rejoint: 12/05/2014

i have heard that the nsa could deanonymise tor users if they have control over all the exit nodes

and although theres quite a few exit nodes if the nsa can find a bug in gnu/linux or open/liberty bsd
like the recent bash bug they could remotely control just about all exit nodes

is there anyone checking that at least some of the exit nodes are rely rely rely secure?

i may be misinformed though

Legimet
Hors ligne
A rejoint: 12/10/2013

Malicious tor nodes is the reason you should make sure you use HTTPS.

tomlukeywood
Hors ligne
A rejoint: 12/05/2014

so even if the nsa had ever tor node on the network your fine if you use https?

Legimet
Hors ligne
A rejoint: 12/10/2013

Yes, if the NSA can't break the encryption

onpon4
Hors ligne
A rejoint: 05/30/2012

I must admit I don't know the technical details of how Tor works, but I do know that since Tor nodes are communicating with each other, they must know which Tor node they're sending a particular request to and which Tor node they're receiving a request from, and the Tor node that requests the actual data must know the location of that data (the URL) even if it doesn't know the data itself. I don't see how HTTPS has anything at all to do with Tor's attempt to mask your identity. The EFF recommends using HTTPS with Tor to avoid leaking data to all third parties, including the final Tor relay, which would otherwise be able to see that data.

I'm not entirely sure if Tor is set up so that you appear to be an exit node, or if the first node you talk to just knows your location. I think the latter is the case, in which case control over all involved Tor exit nodes would negate Tor's anonymity entirely, because your request can simply be traced through all the nodes in this case. Even if the former is the case, it wouldn't help much anyway, though. To achieve anonymity from a party, your request must be routed through at least one node that isn't controlled by that party (at which point it's impossible to figure out your identity by following the route). Of course, the chance of picking a series of Tor nodes all controlled by one party is slim, and becomes more slim when more Tor nodes are available, and even more slim if you increase the number of Tor nodes you route your requests through.

One more important thing to note: in addition to knowing the entirety of the path taken destroying Tor's anonymity, it's possible to use statistical data to correlate a Tor user with a final exit node by monitoring both of these points at the same time. The chance of this occurring is already quite low and can be decreased further both by increasing the number of available Tor exit nodes and by increasing the number of Tor users. But it's always a possibility, and as far as I'm aware it's the greatest weakness of Tor.

Legimet
Hors ligne
A rejoint: 12/10/2013

Sorry, I wasn't talking about anonymity (which I guess tomlukeywood was talking about)
But if the NSA controls all exit nodes, that doesn't mean they control all nodes, so I don't think they can trace you back even in that case.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

I don't know how secure Tor is because it is a complex topic and because I am inexperienced. But I do know one thing: for many years Tor was considered top notch secure and completely anonymous. Suddenly, two years ago, a lot (I mean, really a lot) of hidden services were taken down and a lot of people are in jail for illegal activities they were doing on the Tor network. If I understood the thing correctly - for many years no hidden service was seized and no criminal incarcerated and then two years ago it started to change and many services are no more and a lot of dudes are staring at the ceiling in a 2*2 m cell. I guess the NSA found something at some point..
Again, I don't know really, it's just a guess, I may be wrong.

Legimet
Hors ligne
A rejoint: 12/10/2013

Actually, with silk road, it was because the guy revealed his email address. I don't think the NSA has really broken Tor, they are just good at using other data to deanonymize users.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

I read several articles some time ago about this. Nobody knows how the FBI/NSA managed to get at those services and people behind those services. The matter is that it is not just silk road. Some of this articles like this one talk about 400 and more services taken down..
If that is indeed the case the question arises: "Are all these people dumb and don't know how to protect a fairly lucrative business or is FBI/NSA getting better at what they do?"

tomlukeywood
Hors ligne
A rejoint: 12/05/2014

btw would it be a bad idea to be a tor exit node?

is there any legal issue?

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014
tomlukeywood
Hors ligne
A rejoint: 12/05/2014

so has anyone actually been prosecuted for running a tor relay?

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014
tomlukeywood
Hors ligne
A rejoint: 12/05/2014

:(

Mangy Dog

I am a member!

I am a translator!

Hors ligne
A rejoint: 03/15/2015

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

Measuring and mitigating AS-level adversaries against Tor
http://arxiv.org/pdf/1505.05173.pdf

cantor
Hors ligne
A rejoint: 04/08/2015

and what about torchat?! Do you have some informations about dangers using torchat?

pogiako12345
Hors ligne
A rejoint: 07/11/2014

Yeah I'd like to know about this.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

Ciao Cantor! Ti è arrivata la risposta alla tua mail? Te lo chiedo perchè avevo risposto quel giorno che me l'hai mandata ma oggi quando ho aperto icedove mi è arrivato un messaggio "avviso mail non ricevuta dal destinatario"..
Strano. Solo dopo 3 o 4 giorni mi arriva l'avviso.
ciao!

cantor
Hors ligne
A rejoint: 04/08/2015

No, non mi è arrivata infatti

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

strano.. ora te la rimando. ciao!