online-shopping with tor? torify everything?

22 réponses [Dernière contribution]
quantumgravity
Hors ligne
A rejoint: 04/22/2013

Hey,
i thought about two things lately:
is there any problem using tor for online-shopping (with ssl)? Of course the shop owner will know my real name, but still my ISP and all the nodes along the way won't know what i'm buying.
It really bothers me that every idiot knows my shopping behaviour.

Then i thought about torifying everything on my smartphone.
I realized that my phone checks my mail account (mail address with real name); i guess once that happens, the exit node knows who i am and this could be a problem if i transmit sensible data without encryption (ok, that's not clever to begin with).
Besides, I couldn't come up with any reason why this torifying everything should be a problem.
Do you have any?

Be aware that i'm not a whistleblower but just an average guy who thinks his privacy is important;
So if i get de-anonymized, this is not fatal itself but of course i want to avoid it.
An evil exit node who captures login data or something, that would be fatal - or maybe there could be some other danger by using the tor network?

Martago
Hors ligne
A rejoint: 01/11/2015

I woudn't buy something by an onlineshop with the tor network. In my company I develop shops and I don't know how the session_id from php works with the tor network. If it works correct, so then they shouldn't be a problem but if have a few user the same session_id then have you an problem.
I know a few Shops they work to lazy with the session_id so an hacker can easy take over the account for a user.

Jodiendo
Hors ligne
A rejoint: 01/09/2013

In my opinion, to purchase anything on-line, while using TOR, you just sold your identity. Tor was not designed for that purpose...

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

right

JadedCtrl
Hors ligne
A rejoint: 08/11/2014

This sounds like the type of thing a VPN is for. Tor is for fairly light web-browsing, not anominity for every task you can think of. In this case I'd recommend getting a reputable VPN- it'd work with anything you throw at it So full anominity for your system), be faster, and you wouldn't get CloudFlare as often.
(Correct me if I'm mistaken on any points, please.)

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

that is right as far as I know but there is a little caveat - do you personally know the dude that provides you the vpn? can you trust him?

JadedCtrl
Hors ligne
A rejoint: 08/11/2014

I think using a reputable VPN is fair enough- if anyone got into any trouble via the VPN connection, or any evidence at all was gained that the VPN was snooping, it'd go out of buisness pretty much overnight. I think the risk would be too great for the VPN host, so they probably wouldn't snoop or any such thing. However, you are taking a risk, and there's always the chance.
You could also have a dedicated server hosted at some host and have access to SSH so you could start a VPN on their server, but a server you would be able to monitor the logs and such of.

marioxcc
Hors ligne
A rejoint: 08/13/2014

>I realized that my phone checks my mail account (mail address with real name); i guess once that happens, the exit node knows who i am and this could be a problem if i transmit sensible data without encryption (ok, that's not clever to begin with).

I thought that there was no computers with phone (Popularity known as “smart phones”) that work with a fully free system. If you found one please post more information. If it's a digital jail like almost every computer with phone, then there is likely a lot of backdoors from which the developers (companies or individuals) can get the information they want. Adding Tor on top doesn't makes much sense; you may alleviate the possible tracking from your ISP, but you will still have whatever malware (spyware or otherwise, see https://gnu.org/philosophy/proprietary/proprietary.html) the developers have put (That may also happen with free software, but if you compile from the sources, the vulnerability may be obvious or may be discovered by security researchers, or you, and so it's much more likely to get discovered and fixed).

By the way, Tor uses a different exit node for different sites, precisely so that a single exit node can't easily guess whom you are by the combination of sites to which you connect. See the Tor documentation for more information.

P.S: Unless you personally trust the VPN operator AND he's strong enough to not to surrender to physical, legal and technical threats (That's *VERY* unlikely IMO) you shouldn't trust it when anonymity is critical (Your life is at danger, etcetera).

JadedCtrl
Hors ligne
A rejoint: 08/11/2014

Replicant works with a few 'smart' phones to make fully free computers with phones. Wifi and videos don't work, though, but it's good enough.
And yea, don't trust any VPN operator with your life. Whistle-blowers and such should gravitate towards Tor, and people that need every-day anominity to VPNs.

quantumgravity
Hors ligne
A rejoint: 04/22/2013

"If you found one please post more information. If it's a digital jail like almost every computer with phone, then there is likely a lot of backdoors from which the developers (companies or individuals) can get the information they want. Adding Tor on top doesn't makes much sense; "

Sorry, but your argumentation doesn't make any sense to me; there is no computer we know of today that is certainly free from back doors; think of proprietary bios or hardware backdoors. Still it makes sense to run this computer with a free operating system and use tor - you can't lock out everybody, but still a lot of people.
So just like most pc's on this world, you can't run a smartphone with just 100% free software but at least with a 100% free operating system (replicant).
Maybe there is more proprietary software running next to the OS than on a normal pc... but in principle it's the same problem.

lloydsmart

I am a member!

Hors ligne
A rejoint: 12/22/2012

"It really bothers me that every idiot knows my shopping behaviour."

They don't. So long as the website you're buying from uses HTTPS, your connection is encrypted end-to-end with SSL/TLS. No routers along the way can decrypt the communications without your computer's private key.

The only risk is a MITM attack, but this could only be carried out by someone with access to the certificate authorities. i.e. a government. Since you said you're not a whistleblower or journalist, but just want your shopping to be private, this scenario shouldn't be too much of a concern.

marioxcc
Hors ligne
A rejoint: 08/13/2014

But everyone forwarding the IP packets will know which web sites he visits and can make a very good guess about which web sites he buys from, even if (usually) not read the encrypted traffic. Somewhat regularly, attacks on SSL/TLS are discovered, but they usually require that one side is partially compromised (I.e: a JavaScript program that cooperates with the attacker).

Martago
Hors ligne
A rejoint: 01/11/2015

Yeah HTTPS is more secure then HTTP but it is not perfect.
But at the end, a Onlineshop will be never 100% secure. When you buy something, you can do everything right, but when the shop owner make maybe an mistake and all the data are stolen, then are yours data will be stolen too.

quantumgravity
Hors ligne
A rejoint: 04/22/2013

SSL will keep the data secret I exchange with an onlineshop, but sure my isp can see the URL and hence can easily figure out what i buy.

marioxcc
Hors ligne
A rejoint: 08/13/2014

SSL is obsolete. You should use the latest TLS protocol whenever possible, and exclusively if authenticity and confidentiality are a major concern.

The HTTP requests made through SSL and TLS are encrypted, so the ISP can't know what page you're seeing that way, but plain requests and IP addresses reveal this information.

If you expect strong privacy and security, learn the basics of the protocols you use.

Martago
Hors ligne
A rejoint: 01/11/2015

For me the most problem is the shop owner, not HTTPS or other stuff.
I didn't know any Shop that encrypt your address data into the database. Im the most cases the password will be encrypt but this isn't for 100% sure. So if someone want many addresses, so he has to inject or something else the database and he will get the jackpot.
I ask me the question, why should someone try to hack only one person if the person can hack a shop to get thousand informations.

quantumgravity
Hors ligne
A rejoint: 04/22/2013

Thank you for all your comments!
I appreciate your opinions, but honestly i hoped for more technical reasons why you think tor is unsuitable for a task like this.
Maybe it's not "designed" for this purpose, so what? I don't care what it was designed for as long as it does the job.

andrew
Hors ligne
A rejoint: 04/19/2012

> is there any problem using tor for online-shopping (with ssl)? Of
> course the shop owner will know my real name, but still my ISP and
> all the nodes along the way won't know what i'm buying.

Using Tor can help disconnect your other browsing habits, hides your
current location and provides an opportunity to use a false name (but
probably not a false address).

If the online shopping website is using TLS then you don't have to worry
about your ISP or Tor exit nodes looking at your shopping behaviour.

As long as the shopping website doesn't block Tor I don't see any reason
to not use it.

> Then i thought about torifying everything on my smartphone. I
> realized that my phone checks my mail account (mail address with real
> name); i guess once that happens, the exit node knows who i am and
> this could be a problem if i transmit sensible data without
> encryption (ok, that's not clever to begin with). Besides, I
> couldn't come up with any reason why this torifying everything should
> be a problem. Do you have any?

Torifying everything could create a unique fingerprint, depending on
what programs you are using. I think Torifying email is a good idea if
you have a TLS connection to your mail server though. Most providers do
this so if you don't get a TLS connection then it could be worth
complaining.

If you use a TLS connection between your mail client and the mail
provider then intermediaries such as Tor exit nodes shouldn't be able to
find out who you are.

I don't really have any answers for doing this on your phone unfortunately.

Andrew

G4JC
Hors ligne
A rejoint: 03/11/2012

I would second that a trusted VPN is a far better choice for this purpose. You can get a rating of VPNs that don't sell you out here: http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/

TOR is meant for browsing anonymously, but as they say during the download of the browser bundle - bad habits will breach that anonymity. Logging into your google/facebook/shopping over TOR is dangerous because:

1) Evil TOR Exit nodes that can SSL strip to try and steal your credit card.
2) Provides a clear link to you specifically even though they might not know precisely which location you are coming from. Useful to keep tracking your unique metadata/analytics.
3) Credit Card providers will often flag purchases during the verification process if using TOR, since they check your IP during checkout.

There used to be a considerably large database tracking rouge exit nodes, this site shows but a few:
http://torstatus.blutmagie.de/index.php?SR=FBadExit&SO=Desc

Further thoughts on using TOR properly:
http://lifehacker.com/how-can-i-stay-anonymous-with-tor-1498876762

lloydsmart

I am a member!

Hors ligne
A rejoint: 12/22/2012

Agreed. HTTPS will secure the contents of your communications from intermediaries, but if you want to hide the IP addresses of the parties you're communicating with, a trusted VPN is the only way to go. If you don't want to trust a commercial VPN provider, you could hire a full hosted VPS and run OpenVPN yourself.

HuangLao
Hors ligne
A rejoint: 01/19/2014

Also, would not recommend TOR for online shopping or banking. You have to be careful because you really do not know what node your traffic is going through and who may or may not be watching. It may be possible for them to see your activity (credit card #'s etc....). Tor is great for browsing and especially good for watching videos on youtube that may be blocked in your country. :)

anitta
Hors ligne
A rejoint: 05/13/2015

Actually I can suggest using OpenVPN over SSH tunnel. SSH encryption is similar to SSL encryption so DPI technology can't detect you. It is the perfect encrypted VPN I had ever http://www.vpnanswers.com/secure-android-with-ssh-tunnelling-tutorial-with-steps/.

Chris

I am a member!

Hors ligne
A rejoint: 04/23/2011

A lot of companies are going to cause you grief if you try to checkout via any kind of system which purports to offer anonymity. PayPal for instance will likely kill your account. Merely having your IP come from a different location than the billing address may get you flagged- so VPN's aren't necessarily going to work either.

The real question is who/what are you trying to protect against. If it is a specific ISP or country you might be able to thwart spying at that level by using a VPN. However if the VPN is located in or the company has people located in the same country as you all bets are off. The same can be true for countries which are cooperative with your country. VPN providers will succumb to at least government pressures if pressed to reveal your 'identity' (real public IP address anyway) where there is some connection. The United States is a difficult country to thwart for example as it is tangled in many many other nations affairs.

If your trying to buy something your government doesn't permit you to then VPN + Tor is probably the answer. Tor was designed for anonymity. However if you reveal who you are or leak little clues via what you say all bets are off. For example if your the only Tor user around they'll be able to identify you more easily after you've let out some detail of location. Just look at how the FBI agents tracked a Harvard bomb threat suspect down despite the user posting via Tor. They didn't need absolute proof to suspect the person they identified as a probable suspect. The FBI simply sought the records that Harvard kept of all users activities on its network. I'm taking an educated guess here, but Harvard probably kept a log of IP addresses that users connected to and timestamps of these connections. The FBI then merely searched for IP addresses of Tor nodes and identified the user who had been on Tor at the university (as it was a threat toward the university there was a good chance it was made by someone attending the university). After which they could get a search warrant and/or question the one or two suspects tied to that IP address. The solution to this problem would have been to use VPN + Tor or a Tor bridge. The government will have a much harder time connecting a user as they'll first have to identify all VPN users at the university and then seek the IP logs from the VPN provider to identify weather or not the VPN user connected to Tor. Now if the user had used VPN + Tor + a Tor bridge there would be a significantly more difficult time as the information held by the VPN provider would not be a public Tor node. The same would be true if the user had merely used a Tor bridge. However the student might have been identified still as a Tor user merely by the fact he had connected to the Tor project's web site to download Tor. If it wasn't done immediately (that is the threat around the time of the Tor download) then there would probably be a lot more students that the FBI would have had to interview in order to narrow down a suspect. It would probably also have been more difficult had he downloaded Tor via another means like through Debian's repository. There would then be no tie to him having downloaded Tor (probably- this assumes they only logged the IP addresses- and were not retaining other info linke URLs).

Ultimately if the seller is going to ship something to your door all bets are off. However there are still some tactics to reduce the risk of identification short of purchasing from an adversary or an adversary being in the know of the sellers records at the time of purchase. For example if you have 'untraceable' currency and the seller is shipping to someone else for which your 'picking up the goods' (and there is no connection between where you pick up the goods and you), and you went through the proper means to thwart being identified as a Tor user (Tor bridges), then you'll be much harder to identify.

Ultimately Tor wasn't really designed for this use case and users/sellers who want to remain relatively anonymous have to be extremely knowledgeable about how the system works and how law enforcement track people down (ie via old fashion police work).