Disguising a Tor node?

coderman coderman at gmail.com
Sat Dec 16 00:27:50 PST 2006

On 12/15/06, Eugen Leitl <eugen at leitl.org> wrote:
> On Fri, Dec 15, 2006 at 06:43:55AM -0500, Tyler Durden wrote:
> > OK, more dumb questions about hiding a Tor node.
> Not dumb at all, it's just the Tor designers went for a public approach.
> However, as persecution seems to have started tightening thumbscrews on
> Tor operators, a slide into illegality (and a redesign towards more
> resilience) might be soon required. Of course, that's the whole idea
> behind harassing Tor operators -- move them into a dark niche, where
> they will be insigificant as providers of anonymity for the masses.

see http://tor.eff.org/svn/trunk/doc/design-paper/blocking.pdf

> I would be very surprised to learn that no TLAs are running nodes, or at
> least tap nodes (when you run a colo, you don't have a lot of control about
> physical security, so you have no idea whether there's a rootkit after
> it comes up after a yet another "outage").

there are effective ways to manage this risk.  i'm not keen on posting
details here but perhaps off the record or at a later date.  you do
need to be willing to drop a suspect host, so mitigation is mainly
centered on secure initialization and subsequent vigilant monitoring
to decide when to cut out.  there are probably a thousand more
significant risks from host and application security angles, but
physical security is indeed tricky/severely limited in a remote
dedicate server scenario.

> A much better idea is to make Tor a payload for a worm vector.

heheh, curious yellow raises its head again...  this has always been a
favorite for censorship resistance and plausible deniability.

> Btw, there's a Tor package for OpenWRT -- I have not verified it's
> working as adverized however -- the hardware *is* a bit tight. It would a
> perfect disposable node, meshable, and with no wires to trace.

it works ok; the processor struggles with the crypto (read: latency
and constant max load) but otherwise tolerable.  i've thought about
making a "Tor spot" configuration for access points, where transparent
http/tcp and dns proxy through Tor is provided for all associated
clients.  how useful would such a thing be?  (perhaps
personaltelco-free / personaltelco-anon dual service?)

> You'd need a redesign where servers with only partical network knowledge
> can randomly redirect packets, while still unable to gnaw off all the
> onion layers. Topologically, routing in random high-N spaces is not
> difficult.
> However, the network better be of considerable size. Enter the worm.

the trade-off's and design constraints are more complicated and
context dependant.  read the draft blocking resistant Tor design
paper, it covers all these topics and provides a mostly reasonable
approach (the devil is in the details, as always...)

More information about the cypherpunks-legacy mailing list