[tor-talk] Additional hop before connecting to Tor

[Steve Kinney]

On 06/11/2015 10:08 AM, Eugen Leitl wrote:> ----- Forwarded message
from dtm168 at openmailbox.org -----
>
> Date: Thu, 11 Jun 2015 13:52:40 +0200
> From: dtm168 at openmailbox.org
> To: tor-talk at lists.torproject.org
> Subject: [tor-talk] Additional hop before connecting to Tor
> Message-ID: <2a8f8c25121cbad6b4575ce5ddcd3d57 at openmailbox.org>
> User-Agent: Roundcube Webmail/1.0.5
> Reply-To: tor-talk at lists.torproject.org
>
> Hi,
>
> You often read that the fact you are using Tor is being monitored by
> the various intelligence services.
>
> I guess this works by recording which IP addresses connect to known
> entry relays and/or directory authorities.

Other tracking vectors available to State level actors include:

* Owning and operating a large fraction of the routers in the
network.  This can be concealed very effectively by using a cloud
server to host all the routers in one place, with exits all over the
world via transparent proxies.  "All in one place" means, monitored
and manipulated in realtime to shape traffic and identify users.

* Monitoring exit node traffic to record browser fingerprints,
cleartext of any data transmitted between the TOR user and any
server on the Internet, and associating these with behavior patterns
indicating a personal interests profile, likely time zones, etc.

* Diverting exit node traffic through a hostile router equipped with
"real" Certificate Authority signing keys negates SSL completely -
connecting to a server via SSH over TOR is the same as connecting to
the server without SSH, if your adversary is NSA.

* Injecting exploits and implants into the TOR user's inbound
traffic from sites on the "normal" Internet, custom tailored to
"climb out of" the TOR browser and take over the user's system.

All of the above are within known capabilities at NSA and, most
likely, Israeli, Chinese and Russian security services.  It is
possible that their biggest problem is tripping over each other's
feet while interfering with TOR users.

> Since you usually also connect to facebook or gmail your identity can
> be easily linked to Tor usage.
> This is especially true if you have a static IP address.

Any contact with NSA owned (Facebook) or NSA partner (Google)
services creates big, greasy fingerprints that make tracking anyone
anywhere much easier.

> Currently I use a virtual server in a foreign country which I pay with
> Bitcoin. I use an ssh tunnel which I use to make connections to Tor,
> i.e. intelligence service see the IP of my server which connects to
> known Tor IP addresses.

A VPN does not even attempt to conceal the identities of users from
any actor who can watch both ends of the connection.  A VPN will
stop low tech adversaries like MPAA/RIAA goons who go after people
sharing files; NSA and its peers, not so much.  Not to mention that
the VPN provider's logs know all and, if handed over or stolen, tell
all.

> 1. How likely is it that they look at connecting IP addresses to my
> server (and identify me)?  Probably very likely. Would it help to have
> an additional anon server as an additional hop to Tor?

Generally speaking, TOR and similar systems may delay but will not
prevent the identification of frequent users, paired with their exit
node traffic and its content.  Repeatedly using /any/ anonymizing
protocol from one location more or less guarantees your correct ID
lands in a database with a summary of what your anonymous traffic
contains.

One-off use of TOR via the TAILS operating system on a "clean"
laptop at an open WiFi router might be enough to prevent you and
your traffic from being logged.

> 2. Tor traffic has these characteristic traffic signatures (packet
> size, timings of packets when idle). Would these also "shine through"
> the ssh tunnel?

SSH in general and VPN providers in particular are transparent to
outfits like NSA.  Using them with TOR only becomes part of a
profile that eventually narrows down to one user - you.

> 3. I guess making that server a private bridge will be worse than
> using ssh because of these typical Tor traffic patterns.

Maybe not.  Needle vs. haystack and all that.  But again, if you use
the same physical Internet connection to repeatedly do "anonymous"
things, it would be very good if these things were of no real
interest to our Security Services.

> 4. I am also afraid of running a Tor relay on my home internet
> connections because all members of my family who share that IP will be
> flagged as Tor users...

I have run TOR relays from time to time.  As long as you are not
running an exit node, nothing bad will happen.  And at least you
know you are adding one "honest" router to the network - unless your
box has been rooted and you don't know who really controls it.

> I am interested to hear your opinions.

There's mine, for what it's worth.  Te anonymity provided by TOR
(and i2p, Mixmaster, Freenet, etc.) is very limited even in best
case scenarios.  These tools simply can't work when a hostile actor
effectively sees all, knows all, and can fuck with any connection on
demand.  On the brighter side most private, corporate and criminal
attackers would be completely unable to penetrate the security
provided by TOR (or etc.), unless they are in a position to ask the
NSA or a comparable Security Service to do it for them.

:o)

Steve