diablo69

Wiretap Monday

16 posts in this topic

I don't even really have to go into how much this is bullshit. My real question is since all this shit has been implemented OPENLY, b/c lets face it they were doing this shit years before they admitted to it. Anywho, I use Tor and Privoxy, but I heard from a few friends that it isn't really as secure as people say it is. So the question is, what is better than tor? Or can Tor be configured in a more secure manner.

0

Share this post


Link to post
Share on other sites

Rent a shell account somewhere in Russia. Tunnel all your traffic through that computer.

Or better yet, China. Anywhere were the US can't easily get information. I'm not sure if TOR servers are in the US or not. If they are, it would be much easier for them to obtain logs.

I'm sure TOR does log it's traffic in some form. So it's more secure if you do it yourself in some foreign country.

0

Share this post


Link to post
Share on other sites

Normally I try to avoid posting negative comments anywhere, but gloomer, do you know anything about Tor? It's really disheartening to see it being put down by somebody who obviously doesn't understand the system. In fact, tunelling an SSH connection to some system in Russia or China is alot worse than using Tor. If you think that the US can't get logs there, you're sadly mistaken.

No system is perfect, Tor is no exception. The fact that you are using privoxy alongside Tor is a good sign because one of the weaknesses of Tor alone is DNS leaks. Your system may be querying DNS servers without proxying those queries, giving some clues as to who the anonymous connection may be. Privoxy protects you against that. The fact that DNS queries are leaked may be what diablo69's friend's were referring to when they said that "Tor" is not as safe as people say, because alone it isn't.

Another known weakness of Tor is it is susceptible to traffic analysis. While this may eliminate SOME of the anonymity provided by Tor, you have to remember that all Tor links are encrypted and randomized. The fact that someone (going through alot of trouble) may in fact trace back one connection to the original source, doesn't mean alot when the next connection path may be completely different.

The Tor system is really complex and very interesting. If you really want to know if it's secure or not, I would suggest reading up a bit on it's documentation rather than installing it and assuming it's a be all end all solution. Remember, think security in depth :)

0

Share this post


Link to post
Share on other sites

I didn't put down TOR. I said it might be easier to track if it is in the US.

0

Share this post


Link to post
Share on other sites

Ahh, my mistake, I apologize. I completely misinterpreted your post.

Well, the idea of Tor is the underlying "Onion Routing" system. The theory behind this model is that each link is unaware of the future links of the connection. This means that even if routers in the US forward the packets to routers in say Germany, other than the initial hop, the routers in Germany aren't aware of the packet paths throughout the US. On top of that, even if the data was logged on any of those hosts in the US, the onion way of routing wouldn't reveal the destination of that packet. Combined with the fact that all of the data is encrpyted, it's really a pretty secure solution.

Now, that being said, this is all things I've read. I have a little bit of a hard time understanding how "Tor" is able to provide TCP level reliability of packets given that they don't know the route back to the original source. This was known problem in the original onion routing system that the next generation "Tor" has supposedly fixed, but I haven't really been able to find any documentation on how this reliability is achieved. :blink:

0

Share this post


Link to post
Share on other sites

I think nothing is secure, that you do not control. eg: we all know 99% of free proxy are run by governments.

Learn to code and make everthing yourself and you will be much safe.

0

Share this post


Link to post
Share on other sites

just a question would i be safer using the tor addon to firefox plus privoxy or would i be safer using the the torrify browser?

0

Share this post


Link to post
Share on other sites

Whatever you do with proxies, your connection is still going throughout your ISP. So if the government wants to they can still get the required information regardless of any proxies you used. I do not know about you, but I would not want to use a proxy for anything.... who knows who is intercepting my traffic on the other end.

Edited by Mortex
0

Share this post


Link to post
Share on other sites
Whatever you do with proxies, your connection is still going throughout your ISP. So if the government wants to they can still get the required information regardless of any proxies you used. I do not know about you, but I would not want to use a proxy for anything.... who knows who is intercepting my traffic on the other end.

This is actually exactly why Tor is around. Because of the onion routing model, your ISP knows nothing about the data coming from your machine other than it's next hop. It doesn't know where the data's final stop is. On top of that, the data is encrypted as it leaves your machine so even if they just decided to log all of your traffic, they aren't going to get much.

Proxies aren't for providing anonymity once you've already been established as a potential target, to the point where the government would get information from your ISP. Proxies are for keeping your connection anonymous to the distant end.

0

Share this post


Link to post
Share on other sites

If you use tor and you are small fry your safe, if your not, you will be court (or tracked), do not kid yourself, do not do anything bad and you should be OK. The first rule, if you want to catch bears, is set a honey trap. Now i am not saying this is the case with tor.

Edited by Dex
0

Share this post


Link to post
Share on other sites

I believe that tor was initially researched by ONR (The Office of Naval Research) that being said I'm not about to say it's a pile of kaka but I'm somewhat leery of tor because of it's origins. Lots and lots of folk that know way more then me seem to like tor but I take a more pessimistic approach to it all.

Edited by Berzerk
0

Share this post


Link to post
Share on other sites

How many of you actually have read how Tor works? From this discussion, it seems not many.

0

Share this post


Link to post
Share on other sites

this is my first post in these forums! hopefully i can be helpful.

anyway, tor was developed by the electronic frontier foundation, which is a digital freedoms advocacy group that does some great work- sorta like the tech version of the aclu or the national lawyer's guild. it seems like a lot of people here don't really understand how it works, and the tor website does a great just of explaining it: http://tor.eff.org/overview.html.en

there's no such thing as a final security solution, but if you understand how things work then you can make educated decisions about what will work in which circumstances. so read up on it, then ask further questions. also, if you really want to know exactly how safe you're being, why not download a packet sniffer like wireshark (http://www.wireshark.org/), and start sniffing your own traffic while you do something like post to this message board, create a yahoo mail account and login, write an email, do some google searches. then look at everything you sniffed and see if you can find any traces of anything at all. because tor traffic you're looking at is exactly what your ISP knows about you-- which hopefully is just about nothing.

i think tor is actually at least as useful as an encryption device as it is a proxy server. if you're sitting a coffee shop on an unsecure wireless network and you're about to login to some website that doesn't use ssl (like the binrev.com forums, for example), anyone else in that coffee shop might be sniffing your password. if you use tor, at the very least just to login, then your password will be safe because sniffers will only pick up your encrypted traffic (though session hijacking is still possible).

anyway, my question is does anyone know if it's possible to use tor to connect to other services besides websites? specifically i'm interested in ftp, sftp, and ssh.

0

Share this post


Link to post
Share on other sites

Actually, Tor wasn't developed by the EFF. It was picked up by the EFF, but originally developed by two guys at NRL (Naval Research Laboratory) http://tor.eff.org/people.html.en

And yes you can use Tor for things such as FTP, SSH, ETC. The only problem with this is the fact that the speeds you're going to see will be horrible. This security comes at a price, and isn't really meant for transferring large amounts of data. In fact, I believe if you read all of the documentation it even asks you to please refrain from using the Tor network for downloading alot of data.

0

Share this post


Link to post
Share on other sites

Tor is safe, but not 100%, even there site say's as much, there's people that think its 100% and those that think its not.

See here: http://www.daniweb.com/blogs/entry1331.html

But just because we do not think its 100% safe, does not mean we do not know how it works.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now