Quick Summary of recent traffic correlation using netflows
Here’s what you need to know about the recent research study on traffic correlation attacks:
While it’s great to see more research on traffic correlation attacks, this is not a new area of research. This is one study on the subject in a controlled environment using one readily available traffic monitoring technology to analyze Tor traffic. The researcher has clarified in the media that it was only 81.4 percent of their experiments not “81 percent of all Tor traffic” as has been reported elsewhere.
The Tor network provides anonymity by routing the user’s information through multiple servers (usually three) so that it is hard to detect the person’s physical location.
Tor protects users by:
1) encryption to ensure privacy of data within the Tor network,
2) authentication so clients know they're talking to the relays they meant to talk to, and
3) signatures to make sure all clients know the same set of relays.
In theory it may be possible to track Tor users by linking up their entry and exit points on the network but it is generally very difficult to do so. The Tor network design, however, does not protect against a targeted attack by a global passive adversary (such as the NSA) intent on figuring out whom to investigate through watching and measuring Tor traffic going into and out of the network and correlating the information on both sides. We encourage you to learn more about what Tor does provide.
Tor is used by 2.5 million people a day including the general public, journalists, companies, activists, military, and law enforcement and is a very safe, reliable way to protect your privacy on the Internet.
You run Tor, to provide
You run Tor, to provide cover for those that need it the most. Such as victims of crime, or your neighbor who wants to look up information on an illness without letting it's insurance company first. You should run Tor to provide capacity for humanity to have some sort of freedom in the digital age.
EVERYONE have something to
EVERYONE have something to hide. Don't be stupid. Take for example homosexuality in homophobic societies. In Egypt the state is cracking down on homosexuals, and for absolutely no reason. They pose no threat to the political establishment in there.
http://www.independent.co.uk/news/world/africa/grindr-urges-lgbt-commun…
This is where tor comes in handy, here lies ONE answer out of many to your question.
Really? after ALL the
Really? after ALL the snowden revelations about what the NSA, GCHQ, and the rest of the gang are doing? And we still have people asking this question??
Well, we all do know for
Well, we all do know for certain that they are listening, watching, collecting and analyzing...
Yes, and we keep learning
Yes, and we keep learning about new ways in which they're watching, where before we thought surely they wouldn't be illegally doing *that* too...
(In fact, the more centralized privacy designs out there -- VPNs, proxies, etc -- are in worse shape than Tor against many of these attacks, since there are far fewer places that the attacker needs to watch in order to be able to launch the attacks.)
This "correlation attack" research area is important, but it's just that: a research area. Nobody knows whether attacks like this work in practice, or how best to defend against them if they do. Tor is strong exactly because of this thriving research community of professors around the world who investigate these questions:
http://freehaven.net/anonbib/
Please accept a big thank
Please accept a big thank you for all the work you have done.
I am operating a couple of (non-exit) relays, and want to also contribute exit-nodes. Will there again be a meeting for tor-operators at 31c3 ? How to find ?
Thanks.
There should be a separate
There should be a separate release specifically for running relays and bridges (of all kinds) for windows, mac, and Linux. They can revive vidalia for this task, and remove anything that doesn't have anything to do with running bridges and relays, then release it. So they don't start from scratch.
This will make it much easier to run bridges and relays, expanding the network more.
It's such a shame that there isn't a release specifically for that.
My question wasn't so much
My question wasn't so much aimed at the technical side (though helpful), but rather about possible legal implications and best practices when operating an exit relay, in my specific country.
So I hope to be able to check in with people who run exits, to pick their brains.
From the technical side, I found it rather astonishing that some people run relays with very little regard to good operational security. Not to fault them, I think they want to do a good thing and do best of their abilities.
But I mean knowing what capabilities and resources are out there in the hands of our not-so-friendly spy agencies... time to step up operational security.
I cringe every-time I see a high bandwith relay running Windows. Or has an exposed IPMI interface to the world ...
I hate how you keep
I hate how you keep belittling the threats, and every-time a new attack discovered you repeat the same mantras:"we don't really know" "nobody really knows" and "there is no evidence"
Especially after the openssl bug you said there's no evidence it was used. Are you kidding me? that bug's very own nature IS to leave no evidence, so whether it was used or not THERE WOULD BE NO EVIDENCE!!!! Not mentioning how you start using diplomatic language, and avoid admitting defeat at the hands of the NSA.
"it's just that: a research area" no it's not just a research area. these threats are real. The NSA have tapped whole countries. And you still think this is just a research area.
"Nobody knows whether attacks like this work in practice" well probably not you, but the NSA and company know very well it works, that's why they bugged the whole fucking planet.
And you always run away from the question by attacking proxies and vpns, who mentioned those?
Many threats have been known for a long time, like end-to-end correlation, but you still haven't adopted even half a solution (which is scramblesuit between clients and guard relays). why? because you're afraid it's going to "slow down" the network. well, guess what! surprise surprise, tor users do NOT use tor for speed!!!!! and scramblesuit is NOT as slow or memory consuming as you think it is. scramblesuit is our savior and you still haven;t accepted it.
How about that while using
How about that while using tor all the time to send and receive packets of traffic such all the time as play video YouTube.
This can help against traffic correlation attacks?
I do not know English hope my question is clear.
Thanks in advance
Excuse a beginner at this,
Excuse a beginner at this, and also for not using my own language. But is there any difference when using a encrypted ip adress, before you enter Tor? If so, should one do it afterwords?
Started to think about this when someone wrote that NSA can get you anyway.
Mr Walking stick
What is an "encrypted IP
What is an "encrypted IP address"? It sounds like you are listening to some for-profit snake-oil company that is trying to mislead you about how the Internet works. :(
Okay, Tor isn't perfect; we
Okay, Tor isn't perfect; we all knew that. But, does that mean that you, the Tor developers, should just give-up? Of course, not!! Make life as difficult as you can for TLAs/LE; after all, all that we are talking about, ultimately, is "bits and bytes" here. Western civilization has, in spite of strong encryption and anonymity software being widely available, continued on just fine. I say that the benefits outweigh the costs; after all, we (at least, we Americans) do not throw the 2nd Amendment under the bus just because some lunatic abuses it. Ditto for the 1st Amendment.
So, where does that leave us, for now, at least? How about using Tor bridges, or better yet, obfuscated bridges? Easy to do with the new Tor Browser software! Also, why not access the Tor network via an anonymous Wi-Fi hotspot, perhaps, using Tails? In any case, "Don't give up!" Continue to develop your software to its fullest and brightest potential! It's not only your right, but at this point, your duty, as well. If not you, then who?
Thanks for the kind words!
Thanks for the kind words! And don't worry, we aren't going to give up. Tor is as much a movement and community as it is a particular set of software.
As for your particular suggestions: using bridges or obfuscated bridges might help if your adversary doesn't realize that he should log traffic flows to/from those bridges. For more discussion there, see the threads around
https://blog.torproject.org/blog/being-targeted-nsa#comment-64375
Doing something in front of Tor, like switching to a wifi hotspot, could be a good idea -- but take care that your opsec approaches like this don't accidentally add in some new vulnerability.
Your helpful suggestion of
Your helpful suggestion of WiFi hotspot ....
Is that only because the traffic between the ISP and Tor guard relay will show the hotspot's IP rather than your own?
Or requires multiple users of the hotspot overlapping their destination like Facebook, Twitter, Google etc, rather than connecting to unique sites (like blog.torproject.org)?
Or if you can cite a link that explores these issues to save yourself precious time, thank you.
Never Forget Iranian Cyber
Never Forget Iranian Cyber Power !
They even hacked twitter A few years ago
also They were able to decode Tor In the same year
Iranian cyber police claims that is capable of detecting at least 60% of cyber crime.while this figure is 20 to 30 percent in developed countries..so i think there are somethings more than IP .It can be hardware information such as :mac address , ISP logs to Internet routing points, satellites, cables and etc.
i believe to ISP logs to Internet routing points ! and i think
Each user has its own algorithm.
A) Decoding Tor, i.e.
A) Decoding Tor, i.e. recognizing that a flow on the Internet is Tor, is not the same as breaking Tor's anonymity. So yes, periodically Iran figures out how to recognize and block Tor flows, and then we fix that (and that's the arms race that "pluggable transports" aims to win), but none of the moves by Iran have involved breaking the anonymity that Tor provides (learning which websites a given user visits, and learning which users visit a given website).
B) Their numbers (like 20-30% of cyber crimes detected in developed countries) sound like nonsense to me. So I would assume that they're saying these things to change your behavior, not because they're factually correct.
As I thought they can only
As I thought they can only do something bad on the exit nodes~
Tor is still the best of the best~
Brand New To Tor,But Really
Brand New To Tor,But Really Like it.Anything that can be done to keep the tail from wagging the dog is GREAT news to me.Here is my Question? Can you mirror a node,if so then put in may mirrors with each node able to add a little salt or take some away.Also this could add small random amounts of time. I do wait a little time for most web pages to load anyway.Example. Node one has 10 mirrors, node two has 15 mirrors, node three has 7, all the data is broken down and not only sent to one,two,and three but actually all of the mirrors as well..Like I said I am New to tor. Thanks 2 everyone at Tor.
Как начать
Как начать пользоваться системой TOR? И где здесь регистрачия?
Where I could be registered
Where I could be registered on TOR?
Tor needs more people to
Tor needs more people to run relays
for stronger privacy
don't just post about tor
help tor anyway you can.
We are Anonymous We do no
We are Anonymous
We do no forgive
We do not forget
Expect us
Awesome! Please drop by
Awesome!
Please drop by anytime. We like people who like privacy.