[tor-talk] Making TBB undetectable!

behnaz Shirazi skorpino789263 at gmail.com
Sat Oct 3 09:16:50 UTC 2015


>Since TBB uses the consensus this discussion is quite nonsensical,
>you can't hide the fact that you use tor from the site you visit,
>not with an addon or a bridge, while using tor.
>
>Since the consensus data is available, I do
>grep "^r " /var/lib/tor/cached-consensus | cut -d \  -f 7
>and have a handy list. For historic data one uses exonerator.
>Since this list contains all kind of nodes (6651 atm), we make
>sure not to miss anyone involved using tor or someone getting
>promoted. :)
>
>Want to know how may Exits are available? 1081 atm, to verify try
>grep "^s Exit" /var/lib/tor/cached-consensus | wc -l
>
>So, detecting Tor usage at an endpoint is a very trivial exercise.

A private Tor exit node is not listed in consensus. And there is no
need to use a private exit node for undetectability, we can simply use
a public exit node that is connected to a socks proxy server thereby
destination site can't see exit node's IP address and match it with
consensus.

>By using a private exit, you are actually increasing chances to become
>a victim of a correlation attack, since an adversary needs to observe
>the private exit only, may inject patterns and try to observe
>this patterns somewere. For enduring connections like bitcoin, it may be
>enough to interrupt/shape/reset connections and look for whom bitcoin
>isn't working anymore - there aren't much full nodes anymore.
>
>It may work for a mining pool, but not for an individual miner. I am
>not going into the subtle details of different, easy to detect
>fingerprints within the protocol.

If we use a socks proxy server to talk with destination instead of a
private Tor exit node then such an attack becomes as dangerous as when
you are using a detectable TBB over a public Tor exit node because the
number of socks proxies available out there won't be less than public
Tor exit nodes today.


>Lets not digress, back to TBB: if you allow cookies, caching or javascript
>this gets even worse. If you authenticate (like using a password or a public
>key), you are unique. If you use data of an oob protocol within tor
>(like a bitcoin) chances are  pretty high you become unique and traceable
>(reddit provides a neat list of mistakes made with tor and bitcoin).

in UnidentifiableMode if you use a randomized fingerprint then you are
unique until you close your browser and during that session different
sites you open in different tabs can identify same person is visiting
these sites but if you use a common fingerprint like a mobile device
that is same for everyone then you are not unique among undetectable
users.

>Btw., TBB isn't designed to hide usage patterns. If you want that,
>invite some friends over to surf or run a node, a relay, bridge or exit.

It's really impractical to ask a friend install a RAT and let me
backconnect to surf the Internet using his web browser. We can patch
TBB or create an Add-on that let anyone in special cases easily visit
destination sites anonymously and invisibly.

>The benefits of tor are few but they are still awesome, you can hide the
>fact that you use something from a local authority, like your ISP or an
>upstream adversary and you can hide your location/origin.

Why not expand those few benefits into more awesomeness?

>If you involve a bridge, you may hide the fact that you use tor from
>a local authority, but you can't hide this fact from an endpoint.

Yes we can hide that fact from endpoints. at least we can prevent them
use an automated system to instantly find out the answer like today.

>Thats all, TBB is limiting that to https, if you use http you
>become vulnerable against malicious exit nodes.

Tor is not perfect but still we can rely on it.

>So, please forget about hiding the fact that you use tor, by using
>tor, from an endpoint - it won't work.

If you give us only one practical example that let destination sites
automatically separate TBB from vanilla Firefox or safari then we
forget about it but don't try throw your fallacies about what global
adversaries can do because nobody expect Tor to be perfect.


More information about the tor-talk mailing list