Sign in to follow this  
Followers 0
unregistered

Privacy on the tor network

15 posts in this topic

would someone sniffing on an exit node still know where your packets are going (the destination node) if they are encrypted, whether through ssl, ssh or otherwise?

when encryption happens, do the packet headers get encrypted too?

0

Share this post


Link to post
Share on other sites

an exit node would totally know. If the destination address was encrypted than the routers past the exit node wouldn't know what to do with them.

0

Share this post


Link to post
Share on other sites

They would know the destination, but not necessarily the contents. This may or may not be significant, depending on what you're trying to do.

For example, knowing that you've made a SSH connection to foobar.example.com may not have any real meaning to an exit node observer. (Although why you would run SSH over tor would be anybody's guess.) On the other hand, seeing HTTPS traffic to lolkiddiepr0nz.example.com might raise some eyebrows. Or, it might not.

Regarding packet headers, there needs to be enough non-encrypted data for the protocol to work. (I.e. if you encrypt the destination, your packet wouldn't be able to go anywhere.)

0

Share this post


Link to post
Share on other sites

So supposedly they know the destination node and i suppose they could get authorization from the destination server admin to sniff my traffic but if the admin disallows that, could monitoring be done on outgoing traffic without the server admin of the destination node knowing, say through carnivore of the server isp?

Also, for securing both anonymity and privacy, what do you guys suggest?

Edited by unregistered
0

Share this post


Link to post
Share on other sites
Also, for securing both anonymity and privacy, what do you guys suggest?

Using an unsecured wireless access point far away from home with a spoofed MAC address. And if you're really paranoid, throw Tor into the mix. If you're using a web browser, disable any browser plugins; Java, JavaScript, Flash, etc. Use SSL whenever possible. The most important thing is to use common sense.

Oh, and you might find this FAQ informative regarding your original question.

Edited by deadwax
0

Share this post


Link to post
Share on other sites
Also, for securing both anonymity and privacy, what do you guys suggest?

Using an unsecured wireless access point far away from home with a spoofed MAC address. And if you're really paranoid, throw Tor into the mix. If you're using a web browser, disable any browser plugins; Java, JavaScript, Flash, etc. Use SSL whenever possible. The most important thing is to use common sense.

Oh, and you might find this FAQ informative regarding your original question.

* HDD encryption with possible hidden volumes >

* Live cd can be used when carrying out activities that require privacy >

* MAC spoofing >

* someone's wireless - reroute through someone's computer on the intranetwork and/or encrypted connection (can be VPN or ssh to prevent sniffing) to a trusted server on the net >

* Tor network >

* SSH server >

* [Anonymous proxy chain can be added here]

ok let's say i have already done all this in addition to using no script in firefox, what other advice can you give to achieve greater anonymity and privacy?

0

Share this post


Link to post
Share on other sites
* HDD encryption with possible hidden volumes >

* Live cd can be used when carrying out activities that require privacy >

* MAC spoofing >

* someone's wireless - reroute through someone's computer on the intranetwork and/or encrypted connection (can be VPN or ssh to prevent sniffing) to a trusted server on the net >

* Tor network >

* SSH server >

* [Anonymous proxy chain can be added here]

ok let's say i have already done all this in addition to using no script in firefox, what other advice can you give to achieve greater anonymity and privacy?

Don't use a computer?

Get rid of your credit cards, and only use cash. Don't buy anything that requires financing. Quit your job, take one where you are paid in cash at the end of each day. Abandon your home/mortgage, pay your rent in cash. Don't have a bank account. Get rid of your car and phone. Use a prepaid cell phone, and never give the number out. Don't use any government services; in fact, move to another country altogether. Don't carry any photo ID. Live in a cabin in the woods, with no utilities.

Seriously... if you're doing all of the above already, you're probably doing more than 99% of most Internet users. What the crap are you doing that you're so afraid of The Man tracking you down?

0

Share this post


Link to post
Share on other sites

If i were paranoid and I'm not, even though i have a prepaid cell phone with a phone number that i don't even know, i would be sure not to use the same open hotspot more than once.

The only weakness i see is connection to a "trusted server" on the network.. i don't think there is such a thing... hmmm, i guess i am paranoid after all..

depending on what you want to do perhaps a prepaid phone with data plan could be tethered to a computer.. then you would just have to worry about the cell phone company's giving away your location..

0

Share this post


Link to post
Share on other sites
i dont know of any cellular carriers that offer data service on their prepaid plans.

STi Mobile does: http://www.stimobile.com/dataoptions.aspx

They do ask for name, address, etc... when you register, but they don't verify/validate it or anything (to my knowledge) so you can tell them whatever. Just make sure you remember what it is if you have to call them for tech support.

0

Share this post


Link to post
Share on other sites
If i were paranoid and I'm not, even though i have a prepaid cell phone with a phone number that i don't even know, i would be sure not to use the same open hotspot more than once.

The only weakness i see is connection to a "trusted server" on the network.. i don't think there is such a thing... hmmm, i guess i am paranoid after all..

depending on what you want to do perhaps a prepaid phone with data plan could be tethered to a computer.. then you would just have to worry about the cell phone company's giving away your location..

i dont know of any cellular carriers that offer data service on their prepaid plans.

Pretty easy actually ...

http://prepaid-wireless-internet-access.we...ireless)?t=anon

0

Share this post


Link to post
Share on other sites
The only weakness i see is connection to a "trusted server" on the network.. i don't think there is such a thing... hmmm, i guess i am paranoid after all..

yes, it is a most probable point of failure as data goes out unencrypted and any sniffing from the server's isp could compromise it, so does anyone know a way to bypass this weakness? or do i encrypt it through the anon/socks proxies?

0

Share this post


Link to post
Share on other sites
They would know the destination, but not necessarily the contents. This may or may not be significant, depending on what you're trying to do.

For example, knowing that you've made a SSH connection to foobar.example.com may not have any real meaning to an exit node observer. (Although why you would run SSH over tor would be anybody's guess.) On the other hand, seeing HTTPS traffic to lolkiddiepr0nz.example.com might raise some eyebrows. Or, it might not.

Regarding packet headers, there needs to be enough non-encrypted data for the protocol to work. (I.e. if you encrypt the destination, your packet wouldn't be able to go anywhere.)

ok it says here for vpn

http://searchsecurity.techtarget.com/sDefi...213324,00.html#

An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

1) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?

2) what's the difference between a proxy and bouncer?

3) btw, is ssh tunnelling an implementation of vpn?

4) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?

Edited by unregistered
0

Share this post


Link to post
Share on other sites

i haven't read this thread, so sorry if i'm repeating everything. the whole point of TOR and being anonymous is about hiding what you do on the internet, but that doesn't mean what you do can't be seen.

so, as long as you don't give away your identity, your packets can be monitored, but you're still being anonyous, your ISP won't know where you have been and the person on the exit node won't know who you are.

0

Share this post


Link to post
Share on other sites

using TOR at a hotspot makes it impossible for a man-in-the-middle to happen because the connection uses SSH, only the very last hop is unencrypted, it has to be, but all the other hops are encrypted. so it's 100% safe to use at a hotspot. your ISP will know you have used TOR, but can't see what is happening after the first TOR node, there are 3 TOR nodes, as the packets pass between them a layer of encryption is removed, so by the time the packets get to the 3rd TOR node it won't know where the traffic came from.

i do know TOR is totally safe, but you have to disable java and javascript and any scripting to be sure because a site can force something like a java applet to make a direct connection and bypass TOR altogether.

0

Share this post


Link to post
Share on other sites
3) btw, is ssh tunnelling an implementation of vpn?

4) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?

Here's an introductory article I wrote about SSH tunnels: http://neworder.box.sk/news/12498

That may answer some of your questions.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0