Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Tor Users Should Be Cautious About P2P Privacy

timothy posted more than 4 years ago | from the but-this-computer's-in-a-safe-location dept.

Privacy 122

An anonymous reader writes "I went across your post a few days ago saying that a machine connected to the Internet was all one needed to spy on most BitTorrent users of the Internet. I followed the link to find out that those researchers from INRIA claimed their attacks also worked for BitTorrent users on Tor. I didn't believe it at first, but then today I found this link on the Tor Project. It seems their attacks don't only link your real IP to your BitTorrent files on Tor but also to the web pages that you're browsing! Tell me it's a joke." No joke, but according to Jacob Appelbaum (a Tor developer), the security flaw is more nuanced — and the fault of software outside of Tor. Read on for his explanation of how the privacy benefits of Tor can be easily lost.Appelbaum writes "This isn't a failing of Tor, it's a failing of BitTorrent application designers and a privacy failure of their users too. The BitTorrent clients don't appear to double check the information that's ripe for tampering. When combined with common BitTorrent applications that aren't designed for privacy, it's possible to cause a BitTorrent client to leak information about their actual source IP. The BitTorrent protocol is difficult to anonymize with a simple proxy. Ironically, one of the best points of the paper is that those BitTorrent clients also harm the anonymity of the users' web browsing. The user's browsing will often leave the same Tor Exit Node as their BitTorrent traffic; the user is using the same circuit for browsing as they are for BitTorrent. If the user isn't practicing safe browsing techniques, they're probably going to reveal some more of their traffic to the authors of the paper. This is just like the normal internet too. If you browse unsafely, people can observe you or tamper with the data in transit. So in conclusion, this paper isn't about busting anonymity networks as much as it is about busting BitTorrent client privacy." Additionally, he says, "Tor can't keep you anonymous if you don't actually use Tor for your connections. ... The real key is that if they had done transparent proxying (that failed closed) and they had a privacy-aware BT client, the user would probably be fine. Please don't use BitTorrent and Tor together."

Sorry! There are no comments related to the filter you selected.

boots (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32052102)

sex with a duck, motherfuckers

Re:boots (0)

Anonymous Coward | more than 4 years ago | (#32054320)

FUCK everyone who is using Tor with BitTorrent. I hope you all DIE OF CANCER. And then get run over by a truck. And then exhumed and put on display in a freakshow of FUCKING IDIOTS.

First torrent (-1, Offtopic)

vikingpower (768921) | more than 4 years ago | (#32052108)

SPLASH

Pardon my ignorance... but tor for P2P? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32052132)

Pardon my ignorance, but using Tor for P2P stuff is at best abusive, at worst highly destructive. Tor wasn't designed for high bandwidth applications. It was designed for Web browsing and ensuring that packets from an exit node would be very hard to trace back to the sender as the first priority.

Of course, even with the best anonymization methods, if someone has cookies, Flash shared objects, or shared objects stored by add-ons that positively identifies their Web browser, their browsing history can be linked together, and some sort of profile be built.

Tor is half the battle. The second half is making sure your Web browser is anonymous. I prefer running it in a VM which rolls itself back, and has as little customization as possible, so it fits in with the millions of other people running IE with standard XP installs.

Re:Pardon my ignorance... but tor for P2P? (5, Insightful)

santax (1541065) | more than 4 years ago | (#32052262)

Not everyone uses torrents to download movies... I can even imagine someone trying to watch a recorded news-show or documentary that could get him in trouble... in that case I would say, use of TOR is fine. But in the case of just downloading your average movie, you are right, don't use TOR for that! But there are lots of cases where I feel the use of TOR for torrents is allowed.

Re:Pardon my ignorance... but tor for P2P? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32052316)

Not everyone uses torrents to download movies... I can even imagine someone trying to watch a recorded news-show or documentary that could get him in trouble... in that case I would say, use of TOR is fine. But in the case of just downloading your average movie, you are right, don't use TOR for that! But there are lots of cases where I feel the use of TOR for torrents is allowed.

I would have said that if I caught you doing high bandwidth stuff thru my TOR exit node, I'd
have put you up for banning--despite your "feelings". As it is, chumps like you are why I no
longer permit ANYBODY to exit at my node, I'm pass-thru only---good work, blockhead! Keep
it up, and TOR will slowly either vanish--or start tossing jerks like you off....

Re:Pardon my ignorance... but tor for P2P? (-1, Troll)

santax (1541065) | more than 4 years ago | (#32052360)

You ok buddy? Trouble reading?

Re:Pardon my ignorance... but tor for P2P? (1)

Anonymous Coward | more than 4 years ago | (#32052518)

You said it's OK to use tor for video torrents, so long as it's documentaries, and not movies. Using Tor for video torrent,any video torrents, is a dick thing to do.

Re:Pardon my ignorance... but tor for P2P? (1)

suomynonAyletamitlU (1618513) | more than 4 years ago | (#32052718)

Actually he said, to paraphrase, "I can imagine them wanting to watch something that would get them in trouble, I can forgive that. There are legitimate uses for bittorrent over tor."

He did not say "Circulate video through bittorrent/tor simply because it's a documentary" or anything like that. It's easy to misread him, but he went out of his way to say he wasn't supporting that.

Re:Pardon my ignorance... but tor for P2P? (3, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#32056454)

He did not say "Circulate video through bittorrent/tor simply because it's a documentary" or anything like that. It's easy to misread him, but he went out of his way to say he wasn't supporting that.

You're completely missing why it's a dick move to download torrents on TOR. The AC said exactly why in his post, and everybody has subsequently ignored it.

Downloading torrents eats away at Tor's bandwidth in large chunks. Tor is a free service, but they have to pay for bandwidth. One person downloading torrents uses the same bandwidth as 100 people or more actively browsing the web. Most people don't actively browse either, they sit on a site and dick around for a while, so it's very possible someone with a high bandwidth connection downloading torrents could use the same bandwidth as several hundred people browsing. This is the same complaint cable companies make, and it's legitimate, but we pay a lot for the service so we tell them to piss off and upgrade their network. Tor is totally different, you are abusing someone's network who is letting you use it for free.

Ergo, downloading torrents on Tor is a real dick move.

Re:Pardon my ignorance... but tor for P2P? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32057832)

You're completely missing why it's a dick move to download torrents on TOR. The AC said exactly why in his post, and everybody has subsequently ignored it.

No, we haven't. santax's point was that there are some places where downloading certain videos can get you in a lot of trouble, and in those (admittedly narrow) circumstances, torrenting over TOR is acceptable because using "too much" of other people's (freely volunteered) bandwidth is by far the lesser evil. He specifically said it wasn't okay in the general case.

In short, you're the one missing the point.

Re:Pardon my ignorance... but tor for P2P? (1)

Stile 65 (722451) | more than 4 years ago | (#32055148)

Correct. Use I2P (with I2PSnark) instead. The entire torrent stays on the mixnet. It works better because it doesn't rely on exit nodes, only relays, and more people are willing to run relays.

Re:Pardon my ignorance... but tor for P2P? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32052388)

Slow down, cowboy. Read the comment instead of just quoting it, and you'll notice that he only said there are legit reasons to use TOR for torrents, not that he actually does so.

Re:Pardon my ignorance... but tor for P2P? (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32056530)

Except the reason it's a dick move to use Tor for torrents is not because people are almost certainly downloading copyright material.

It's a dick move because Tor is a free service, and downloading torrents (or any large files, for that matter) over the network costs whosever node you are punching out of (and everyone's in between, if multiple relays are involved) a lot of money in bandwidth charges.

In other words, you are abusing someone else's network connection by using large amounts of bandwidth for long periods of time. I.e, downloading torrents.

Re:Pardon my ignorance... but tor for P2P? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32052446)

I agree with you 100%.. The guy needs to NOT USE Tor!! (for high-bandwidth applications)

fuck these other idiots who think you didn't read it.

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32052502)

"He" didn't, sockpuppet. And you know it.

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32054676)

Deal w/ it, nerd.

Re:Pardon my ignorance... but tor for P2P? (1)

mysidia (191772) | more than 4 years ago | (#32052510)

The great thing about Tor is it is completely anonymous, so it is impossible for an exit node to ban anyone.

Re:Pardon my ignorance... but tor for P2P? (4, Insightful)

Anonymous Coward | more than 4 years ago | (#32055330)

FFS... use Freenet for that, not Tor!

Tor is preferable if you need low latency; Freenet is preferable for transferring large amounts of data (due to its cache nature).

Re:Pardon my ignorance... but tor for P2P? (1)

santax (1541065) | more than 4 years ago | (#32055468)

That's a good tip friendly AC :D I have participated here, else I would mod you insightful.

Re:Pardon my ignorance... but tor for P2P? (3, Interesting)

CharlyFoxtrot (1607527) | more than 4 years ago | (#32052332)

I prefer running it in a VM which rolls itself back, and has as little customization as possible, so it fits in with the millions of other people running IE with standard XP installs.

I'd like to see some way of tor-ifying all network connections coming out of a VM to make sure there is no leakage instead of running tor inside the VM. I've toyed with the idea of using one VM with tor installed as a router for another VM used for browsing but that seems like overkill.

Re:Pardon my ignorance... but tor for P2P? (4, Informative)

Anonymous Coward | more than 4 years ago | (#32052648)

That's easy enough to do [torproject.org] with iptables or pf.

Re:Pardon my ignorance... but tor for P2P? (1)

jgreco (1542031) | more than 4 years ago | (#32053002)

I set up a separate SSID and subnet on the OpenWRT, transparent proxied into Tor. Forced anonymous browsing == use that SSID, everything goes through Tor or else fails completely.

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32053138)

You'd still be vulnerable to some degree if you're using a broken Bittorrent application. It's possible that you'd only leak an RFC1918 address but that is minimally risky.

Re:Pardon my ignorance... but tor for P2P? (4, Funny)

alen (225700) | more than 4 years ago | (#32052422)

so maybe Tor should upgrade their infrastructure like every other ISP has had to do to keep up with demand

Re:Pardon my ignorance... but tor for P2P? (0, Insightful)

Anonymous Coward | more than 4 years ago | (#32052542)

uh tor is free so hard for them to invest. you are welcome to donate your bandwidth http://www.torproject.org/docs/tor-doc-relay.html.en

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32052678)

so maybe Tor should upgrade their infrastructure like every other ISP has had to do to keep up with demand

Tor is not designed to take bittorrent traffic. From the second link in the summary [torproject.org] So what's the fix? There are two answers here. The first answer is "don't run Bittorrent over Tor". We've been saying for years not to run Bittorrent over Tor, because the Tor network can't handle the load; perhaps these attacks will convince more people to listen. The second answer is that if you want your Bittorrent client to actually provide privacy when using a proxy, you need to get the application and protocol developers to fix their applications and protocols. Tor can't keep you safe if your applications leak your identity.

To be fair, bittorrent is designed to efficiently distribute files, which it does very well. If you have a distributed file transfer system, it isn't going to work very well if it doesn't link to the files. What's the use of a tracker that doesn't track? Privacy on bittorrent is achieved with a private tracker, by screening out hostile connections rather than trying to make connections untraceable.

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32053236)

Woosh

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32053400)

Tor isn't an isp...it's a publically distritubed network. where each nod shares its own bandwidth amoungst all of te users of tor..many infact thousands of nods are peoples personal computers

Advanced Technology (0)

Anonymous Coward | more than 4 years ago | (#32054720)

The BitTorrent clients don't appear to double check the information that's ripe for tampering. When combined with common BitTorrent applications that aren't designed for privacy, it's possible to cause a BitTorrent client to leak information about their actual source IP.Advanced Technology [usadvancedtechnology.com]

Re:Pardon my ignorance... but tor for P2P? (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32056536)

God I hope that was a joke, if so you definitely deserve the +5. If not, it's a sad day on slashdot. ;)

Re:Pardon my ignorance... but tor for P2P? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32052474)

Oh, you're that one remaining guy running IE without any extra crap added on. Thanks, I've been wondering about that oddly short user agent.

Re:Pardon my ignorance... but tor for P2P? (2, Interesting)

buchner.johannes (1139593) | more than 4 years ago | (#32052974)

Well you could put the Bittorrent tracker traffic over Tor. It doesn't have to be responsive, and it is low-bandwidth. It occurs repeated though (probably every minute or so).
Client-to-Client communication is encrypted anyway, so one can plausibly deny it has anything to do with (certain) torrents.

Re:Pardon my ignorance... but tor for P2P? (1)

mukund (163654) | more than 4 years ago | (#32054000)

1. If you don't use Tor for the client-to-client traffic, you would have to reveal your real IP to the tracker, so other clients (including malicious ones) can connect to your client.

2. What when you serve the content in question when a malicious peer using that tracker connects to your client, encrypted or not?

Re:Pardon my ignorance... but tor for P2P? (1)

buchner.johannes (1139593) | more than 4 years ago | (#32054298)

Good point. But then one of two scenarios happen:

I.
The third party tries to find all pirates, so it tries to connect & track all users of one or more torrents. Then they might find your real address somehow and blackmail/sue you.
This is a violation of privacy, no one is allowed to just snoop traffic or probe everyones computer just to stir something up. I can not believe such evidence would hold up in court. The only one who might take such action is the police (or other gov organisation), but they need some previous evidence and most likely a warrent.

II) The malicious client just knows your IP and wants to find out what you serve or if you serve illegal files. I assume you have set your bittorrent client to only allow encrypted c2c communication. If you use HTTPS to download the .torrent files, the malicious client does not know which file the torrent hash belongs to. If you use a Proxy or HTTPS trackers (do they exist?), the malicious client does not even know the hashs.
So your bittorrent client will deny serving the malicious client because of a hash mismatch.

Re:Pardon my ignorance... but tor for P2P? (1)

mukund (163654) | more than 4 years ago | (#32055002)

Good comeback :) Here are my replies:

I.
The third party tries to find all pirates, so it tries to connect & track all users of one or more torrents. Then they might find your real address somehow and blackmail/sue you. This is a violation of privacy, no one is allowed to just snoop traffic or probe everyones computer just to stir something up. I can not believe such evidence would hold up in court. The only one who might take such action is the police (or other gov organisation), but they need some previous evidence and most likely a warrent.

I don't think this will hold up in many countries as snooping. Snooping would include you being a MITM, or information that you gather monitoring a conversation between two parties. However, in our case, the malicious party is actually your peer. You are communicating with him and sending him the data as intended for him.

II) The malicious client just knows your IP and wants to find out what you serve or if you serve illegal files. I assume you have set your bittorrent client to only allow encrypted c2c communication. If you use HTTPS to download the .torrent files, the malicious client does not know which file the torrent hash belongs to. If you use a Proxy or HTTPS trackers (do they exist?), the malicious client does not even know the hashs.
So your bittorrent client will deny serving the malicious client because of a hash mismatch.

It doesn't work like this in practice. I'll explain, assuming you are familiar with the .torrent file format, and protocols for Bittorrent tracker and peer communication.

Most torrents that entities such as RIAA are interested in investigating _are_ public. Supposing there is a website like the Pirate Bay that hosts "Britney-Spears-Songs.torrent". That provides the hashes and points to a bunch of trackers. The malicious party's software gets the torrent file, and connects to the tracker, from where it gets peer addresses. The malicious party connects to peers, requests pieces for the hashes and it is the peers that supply it with content that matches the hashes.

Once the malicious party has downloaded the torrent fully, it knows that all peer addresses it downloaded from were interested/involved in the content distribution (and had parts of this content, if not seeds that had all of it).

Of course, if your torrent and tracker are not public, but restricted to a secluded group of people, you don't have to worry.. but then, most people don't use Bittorrent like this.

Encryption without any kind of authentication makes no difference if the malicious client is in the pool. Bittorrent's encryption made sense for working around ISP throttling (which involved actual snooping btw).

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32055362)

1. If you don't use Tor for the client-to-client traffic, you would have to reveal your real IP to the tracker, so other clients (including malicious ones) can connect to your client.
Wrong, you can get a fake IP to tracker and get other clients IP from the tracker. Other client won't be able to connect to you (you need a open port anyway), but you can connect to other clients.
So the only way to get your IP is to have a client for this torrent.
But given the number of torrent, good luck to have a client that monitor IP for each of them.

Re:Pardon my ignorance... but tor for P2P? (0)

Anonymous Coward | more than 4 years ago | (#32054296)

Client-to-Client communication is encrypted anyway, so one can plausibly deny it has anything to do with (certain) torrents.

Since when?

BitTorrent clients provide protocol encryption to bypass deep packet inspection systems that throttle the traffic. The algorithm is Diffie-Hellman Key exchange with RC4 encryption (a piss poor stream cipher). Most client's websites explicitly say not to use the encryption mechanism for privacy.

Re:Pardon my ignorance... but tor for P2P? (1)

paganizer (566360) | more than 4 years ago | (#32054532)

I think most of the people who use TOR and BT do it the way I do; the only thing going through TOR is the connection to the tracker, which gives me the IP of the other clients, without giving the tracker, or anyone listening to the trackers communications, my IP.

I then connect directly to the other clients to interchange packets. This is obviously not secure, but it's an incremental thing. It's more secure than not doing it.

It also helps to make sure that the only packets leaving your computer are packets that you know about; the machine I normally use is filtered all to hell, with only 3 ports open, on a private subnet, connecting to a DMZ machine that is running TOR and what ever other port forwarding or I2P or freenet 0.5 or whatever software I'm using that week.

I have on occasion did things this way, and did all my client communication through I2P, mainly just to see if it would work; it does, not bad actually.

Re:Pardon my ignorance... but tor for P2P? (1)

icebraining (1313345) | more than 4 years ago | (#32055176)

When you connect to the tracker, you have to give it the same IP you'll be using to connect to clientes. Tor doesn't protect you, because even if the IP is anonymised in the Transport Layer, it'll still be sent in the Application layer: http://wiki.theory.org/BitTorrentSpecification#Tracker_HTTP.2FHTTPS_Protocol [theory.org]

I2P (0)

Anonymous Coward | more than 4 years ago | (#32052190)

I2P is much better suited to anonymous file sharing: http://www.geti2p.org/

There is also http://www.stealthnet.de , but it only does file sharing, while I2P supports a broad range of anonymous communication.

p2p (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32052256)

I'm a big fan of p2p -- penis to pussy, that is.

Re:p2p (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32052554)

Now I know where your mother gets her lust for my cock. It's genetic.

I2P? (1)

ElusiveJoe (1716808) | more than 4 years ago | (#32052282)

What about i2p [wikipedia.org] ? As it uses modified p2p programs (including BitTorrent), is it vulnerable to this flaw or not?

Re:I2P? (0)

Anonymous Coward | more than 4 years ago | (#32052306)

Yes. The Bittorrent applications give out their IP address. It doesn't matter what transport you're using.

Oh, crap. We're screwed. (1)

ElusiveJoe (1716808) | more than 4 years ago | (#32052494)

What else could I say?

Re:I2P? (0)

Anonymous Coward | more than 4 years ago | (#32052568)

What are the people behind the Bittorrent protocol and the various clients saying about this? Any change of it getting fixed?

Re:I2P? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32055350)

I'm sorry, but that is just plain FALSE.

Torrent clients for I2P don't leak your IP address at all (I2P trackers don't even work with IP addresses anyway).

Your comment is misleading because the issue here is NOT the transport layer (i.e. Tor), but the fact that regular torrent clients (i.e. non-I2P torrent clients) *may* leak your IP address.

tl;dr: present proof of what you're saying or STFU

Re:I2P? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32052898)

What about i2p [wikipedia.org] ? As it uses modified p2p programs (including BitTorrent), is it vulnerable to this flaw or not?

Not if you use the BitTorrent client that comes with I2P, or Robert, which is another BitTorrent client for I2P. There is a paragraph on torrenting in I2P on the Wikipedia page you linked to:

http://en.wikipedia.org/wiki/I2P#BitTorrent

However, if you use a BitTorrent client that is not written with I2P in mind, it will reveal your IP the same way it does over TOR.

Re:I2P? (2, Informative)

Mathiasdm (803983) | more than 4 years ago | (#32054470)

Yes, I2P has a number of clients specifically made for it. Also, since the traffic stays inside the network, there's not the same issue as with Tor (that bittorrent basically ruins the outproxies). That upside is also a downside, since it means you can't torrent traffic from regular sites, you have to stick to internal I2P torrents.

Re:I2P? (1)

Crayon Kid (700279) | more than 4 years ago | (#32056970)

And to further expand on this, as well as respond to the GP's claims he filters everything: BT simply wasn't built for protecting privacy. No matter how much filtering and encryption you do, the fact of the matter is that your BT client will happily connect and exchange file pieces with anybody who wants it, and it is easy to prove that you had those pieces and knew what file(s) they were from. Thus potentially landing you in trouble.

What is needed here is something that will add real privacy and plausible deniability. The potentially malicious peer has to be unable to accurately claim that the owner of the IP which just gave him a piece of a file knew what it was and where it had come from. Something along the lines of a double blind. Trackers need to start mixing peers from several/all torrents and use them to send the pieces via one or several intermediaries who have no idea what the pieces are, where they come from or where they are going.

Yes, traffic will increase, unfortunately, so will requirements for local temporary storage space. The sad thing is that in this battle between MAFIAA and the end consumer, it's the IPS's that are caught in the middle.

!peerblock (0)

Anonymous Coward | more than 4 years ago | (#32052290)

just use peerblock
http://www.peerblock.com/

Re:!peerblock (1)

MikeURL (890801) | more than 4 years ago | (#32053982)

Right, because the people looking for infringers are utter morons who never change their IP address.

Re:!peerblock (1)

allo (1728082) | more than 4 years ago | (#32055908)

if i want to find pirates, i would get a regular isp-account, fire up my bittorent client, like any normal pirate, and then collect ips. I do not see, how peerblock could help you there, because i do not differ in behaviour from other pirates.

Re:!peerblock (1)

Pictish Prince (988570) | more than 4 years ago | (#32057662)

if i want to find pirates, i would get a regular isp-account, fire up my bittorent client, like any normal pirate, and then collect ips. I do not see, how peerblock could help you there, because i do not differ in behaviour from other pirates.

mod parent +1 Obvious

Using Tor securely (5, Insightful)

Dr. Sp0ng (24354) | more than 4 years ago | (#32052370)

There's really only one way to do it - run it on a freshly-installed (probably virtual) machine (so there's no personal data on the system) with a non-public IP address, and then firewall it off so it cannot make any non-Tor network connections. Then apps can leak all the data they want, but they have no useful info to leak.

Re:Using Tor securely (3, Informative)

Anonymous Coward | more than 4 years ago | (#32052390)

Re:Using Tor securely (1)

Dr. Sp0ng (24354) | more than 4 years ago | (#32052922)

Yeah, that's useful, but I don't trust it as a full solution. I would make sure to firewall it off externally too. All it would take would be a web browser hole and somebody could run a script resetting your filters. Tor users are uniquely vulnerable to such things from rogue exit nodes.

Re:Using Tor securely (1)

mysidia (191772) | more than 4 years ago | (#32052830)

Thanks to the VM backdoor in most hypervisors, a VM that is intent on leaking info can query the host for that info.

Info can also be leaked through characteristics of the Tor protocol itself.

When you connect using Tor, there is going to be an adjacent node that knows your IP address.

A machine that wants to leak its IP could initiate a finger-printable pattern designed to be picked up by a probe monitoring many Tor nodes.

Re:Using Tor securely (1)

Dr. Sp0ng (24354) | more than 4 years ago | (#32052972)

Yep. Tor, like everything else in this world, isn't perfect. If you have a high-level view of the network, you can trace anything.

As for adjacent nodes knowing your IP, though, the whole point of Tor is that they don't know if the data is coming from your or somebody 10 hops back. All they know is that you're using Tor.

Re:Using Tor securely (2, Funny)

physicsphairy (720718) | more than 4 years ago | (#32052942)

Overheard at the CIA...

"Sir! We have analyzed that connection and found it to originate from a public access point. We hacked the system and found it to be a blank virtual machine. It's disconnected now and we don't have any other identifying data. This guy was pretty slick."

"Excellent! Find Dr. Sp0ng, arrest him, and lock him up. No one else would anonymize themselves that effectively, so he is obviously the culprit!"

Re:Using Tor securely (2, Insightful)

Dr. Sp0ng (24354) | more than 4 years ago | (#32053024)

Find Dr. Sp0ng, arrest him, and lock him up.

Good thing I'm only College-Dropout Sp0ng. They'll never find me.

Re:Using Tor securely (1)

lawpoop (604919) | more than 4 years ago | (#32056472)

OK, let's arrest you for impersonating a doctor then :)

Re:Using Tor securely (0)

Anonymous Coward | more than 4 years ago | (#32057230)

He's not impersonating a doctor: he just plays one on Slashdot!

simple, (0)

Anonymous Coward | more than 4 years ago | (#32052596)

just join a good private tracker

Re:simple, (1)

kronosopher (1531873) | more than 4 years ago | (#32054668)

Is it really that easy? Private trackers are just that, private. Getting an invite isn't exactly a trivial matter, and if it were, then it would be easy for snoopers to infiltrate and monitor.

Way to avoid this security problem (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32052636)

Surrender and go Amish!

Re:Way to avoid this security problem (1)

AHuxley (892839) | more than 4 years ago | (#32053618)

Sneakernet to your family, tribe, gang, cult, freedom fighters, friends, new friends or fellow travellers.
TOR was so hacked from day 0 via clusters of high-traffic colluding Tor routers ect.
If your connecting on a telco system hardwired into the NSA all TOR does is make you glow.
The NSA can tap all of the US and the US friendly telcos that offering TOR friendly bandwidth so entry and exit points could be traced back if needed.
Then you have efforts like "Hacker builds tracking system to nab Tor pedophiles".
http://blogs.zdnet.com/security/?p=114 [zdnet.com]
"inject a little extra HTML code into the response going back to the Web browser. This HTML code would connect to my decloaking engine."

Privacy to hide Piracy (1)

postmortem (906676) | more than 4 years ago | (#32052676)

That's the real name of the game, people what to download whatever they want but that nobody recognized them. Just like thieves wear black mask so that they are not recognized when stealing.

Such protocols will be frowned upon by bigger players than RIAA and MPAA, for example international police don't want child predators to be able to share illegal material with such privacy.

Re:Privacy to hide Piracy (4, Funny)

Anonymous Coward | more than 4 years ago | (#32052832)

Just like thieves wear black mask so that they are not recognized when stealing.

FYI, cartoons are not real life.

a tor-friendly p2p alternative: http://anomos.info (4, Interesting)

keneng (1211114) | more than 4 years ago | (#32052828)

Anomos' Key Features:
--------------------
1)UNLIKE BITTORRENT, NO PEERS DIRECTLY UPLOAD/DOWNLOAD TO OTHER PEERS.
Every peer relays to other peers just like Tor. This makes it more difficult for the prying eyes.
2)The more peers connecting to the same tracker, the stronger the anonymity for everyone.
3)runs on windows, mac os x, and linux
4)Based on the original python-based bittorrent sources
5)Tweaked to be tor-friendly

For more information:
http://anomos.info/ [anomos.info]

Anomos torrent sites are on their way. Seek and you shall find.

Re:a tor-friendly p2p alternative: http://anomos.i (3, Interesting)

BitZtream (692029) | more than 4 years ago | (#32053424)

Wow, you realize at some point it becomes easier to just buy the content you're trying to hide transfering than what you're doing right?

By the time your transfer is complete, the copyright will have expired, even at lifetime + 75 years.

Re:a tor-friendly p2p alternative: http://anomos.i (0)

Anonymous Coward | more than 4 years ago | (#32054060)

Actually you'd be surprised by the speed.

Re:a tor-friendly p2p alternative: http://anomos.i (2, Insightful)

santax (1541065) | more than 4 years ago | (#32054540)

Yes and when you're in China I am sure the local library will be quite happy to lend you that copy of the dvd on Tankman, just as long as you can show your ID ;)

Re:a tor-friendly p2p alternative: http://anomos.i (0)

Anonymous Coward | more than 4 years ago | (#32053862)

Or you could just pay the $5 a month to superchargemytorrent.com and not have to worry about downloading any new applications, since everything originates from their proxy IP anyway.

Re:a tor-friendly p2p alternative: http://anomos.i (1)

eulernet (1132389) | more than 4 years ago | (#32054840)

Now, I understand why Tor is so slow.

Pirates: please, don't pollute the Tor network with your files.
Tor is only for web browsing or for low quality video streaming.

If you really want to download pirated stuff, there are tons of other ways than to kill Tor.
If you are able to use Tor (which is for the tech savvy), you should be able to discover the other ways.
Hints: NNTP, HTTP, IRC.

Re:a tor-friendly p2p alternative: http://anomos.i (0)

Anonymous Coward | more than 4 years ago | (#32055420)

I disagree.

Tor must simply become robust to "bandwidth hogs". They have to come up with a way to anonymously enforce ethical behavior through "bandwidth sharing" (i.e. you can't consume much more bandwidth than you provide for long periods of time), through some form of hashcash or something.

Otherwise, this only means that if some powerful agent (think "China" or "NSA") wants to temporarily disable the whole Tor network worldwide, they only need to saturate it with traffic. This seems to be a flaw that needs to be fixed, if Tor wants to scale and be resilient.

Re:a tor-friendly p2p alternative: http://anomos.i (2, Informative)

QCompson (675963) | more than 4 years ago | (#32055850)

Stop your spamming. The tracker sees your real ip, game over. It's disingenuous to name something "anomos" when it is anything but anonymous (not even pseudo-anonymous).

Re:a tor-friendly p2p alternative: http://anomos.i (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32056606)

Yup, all they have to do is subpoena the tracker and everyone on that list is done. Plus, the tracker has a record of everything that was sent to everyone (it must, by nature of the protocol).

In other words, it looks a lot like anonymity, but all it really protects you from is someone in the middle of the cloud sniffing out your IP address. There are services that already find and block such hosts on the network, so you are not really gaining a lot in that respect. It will not protect you from litigation once they hit the tracker. You're only slightly better off than bittorrent, and it's probably a hell of a lot slower.

Re:a tor-friendly p2p alternative: http://anomos.i (1)

Pictish Prince (988570) | more than 4 years ago | (#32057712)

Well, almost. From the download page:

OSX
We currently do not have a maintainer for OSX. If you have access to OSX machines and would like to build packages / test for us, we’d love to hear from you. Email partnersanomos.info.

I don't have enough time to screw with it, but I'll try the linux build. Thx

Someone should invent a new p2p program (1)

jonwil (467024) | more than 4 years ago | (#32053280)

It would have the following aspects:
1.Freenet style "you dont know what you are sharing" plausible deniability so when the RIAA come after you for file sharing, you can prove in court that you had no clue that you were sharing that content.
2.A full set of options so you can limit its resource usage (and so it wont just use up all available bandwidth the way some p2p protocols and clients do)
3.Good encryption designed so that you cant tell what someone is downloading unless you are sharing the data yourself (AND have a modified client to record this info). For the encryption, use Diffie-Helman to negotiate an AES key or something with AES then being used for the actual data transfer.
4.The protocol and client would be 100% open source so its impossible to target the developers in the way Napster and others were targeted
and 5.It would have a good in-built search feature (no more torrent tracker sites for the RIAA or MPAA to sue or go after)

Re:Someone should invent a new p2p program (2, Interesting)

BitZtream (692029) | more than 4 years ago | (#32053458)

1. The court tends to call bullshit when its obvious you're going out of your way to facilitate breaking the law and using ignorance as an excuse.
2. Thats a simple option for the software of all p2p software, the Internet had ways to deal with flow control before you ever connected to it.
3. So use SSL ... already done.
4. Again, already done.
5. This creates a way to figure out who is hosting what, defeating #1 Of course, its kind of a requirement to know who is offering what so that you can figure out where to ask for it.

If you want something public to be useful, its not going to be private or completely anonymous, you're asking for mutually exclusive features.

casual sharing (1)

Weezul (52464) | more than 4 years ago | (#32053950)

You don't sound like you have much grasp of the problem honestly. I doubt the plausible deniability will hold up all that well, plus search gets very difficult. Onion routing definitely could make obtaining evidence harder.

I'd favor instead restricting file transfers to people's social networks and instant messaging connections. I'm aware that some IMs like Yahoo have file sharing functionality, but you might get more traction with a multi-protocol plug-in for the various libpurple based IM clients like Adium and Pidgin.

An even better option would be merely using hashes based upon various online identities. You give the p2p application your login information for social networks, instant massagers, hotmail, gmail, etc. It'll then compute a rough extremely non-injective hash for your identities and your contacts identities. Your own identities hashes are sent through the p2p network along with temporary public keys. Any client recognizing some hash sends an encrypted response with a better more injective hash. If both clients agree they are friends, then direct connections are established, file lists are shared, etc. All clients cache the file lists from other clients, meaning users may peruse their friend's shares while their friends are offline, or even negotiate offline transfers via portable hard-disk. Nobody ever shares with strangers.

Re:Someone should invent a new p2p program (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32056792)

1.Freenet style "you dont know what you are sharing" plausible deniability so when the RIAA come after you for file sharing, you can prove in court that you had no clue that you were sharing that content.

Here's how well plausible deniability works:

File-Sharing Mom Fined 1.9 Million [cbsnews.com]

Here's how it works:

You: But I had no idea people were downloading those files, it could have been anything!

Jury: But you were sharing everything, it is in fact a stated feature on the website when you download, so you obviously intended to share those files too. Since you intended to share them, and you did actually share them, you are guilty.

You: Damn! I woulda gotten away with it too, if it weren't for those meddling kids!

That your defense is plausible isn't good enough. It can be plausible yet still be unreasonable to think that is the case given the circumstances. You've got to remember, with criminal law, since there is no way to prove anything beyond all doubt, the threshold is it needs to be unreasonable to think that anything else occurred. That it is technically possible for something else to have happened is not good enough for a defense. It needs to be reasonable to think that is what happened. When you've got an obscure program who's primary feature is to try to obscure exactly what you are sharing, you'd better have one hell of a good reason for it.

However, these cases rarely end up in criminal court, they end up in civil court. In civil court, the threshold is lower - the plaintiff only has to show it is more likely than not that you did it. 51% sure you did it as opposed to the 95% sure of a criminal case.

A reasonable defense would be to say that your nephew must have installed it, you had no idea it was on there and you've never used it. This works as long as you can provide the following: Testimony that your nephew does in fact like to come over and use your computer occasionally, and a download record from your ISP that correlates with your nephew's visits. I.e. an unusually high upload/download rate begins at the same time as one of your nephew's visits, the upload rate remains high after he leaves but does not spike up again until another visit from your nephew.

A jury will look at that and say "Given the pattern, what he says is probably true; he should have known better he's not guilty of distributing the music."

However if your case is any weaker than what I described, you will probably lose. If the ISP shows spikes of high bandwidth over the bittorrent protocol during periods when your nephew was not around, you're fucked.

Your piddly defense of "plausible deniability" wouldn't get you off in criminal court, let alone civil court. Say good bye to everything you own, son.

Global "Lawful Interception" break Tor anyway (1)

SplashMyBandit (1543257) | more than 4 years ago | (#32053352)

US government agencies have been forcing friendly nations into installing "Lawful Interception" (LI) devices in their ISPs for years. These devices mean that those US agencies can remotely trace a packet across the globe no matter how many bounces it takes. If your country wants to trade with the US then installing these LI devices usually becomes part of conditions for trade agreements. Such capabilities may be necessary for tracking down drugs, organised crime child porn/abuse and terrorism. However, how often does such tracking it stop there? Furthermore, whatever protections there are in US law for US citizens doesn't apply to these agencies when looking at foreign traffic (same loophole that Guantanamo solves/exploits, depending on your point of view). Since Tor relies on anonymizing by bouncing packets around but Lawful Interception can see the packets no matter where they end up. Only rational conclusions from this are: Tor is broken, don't use it; don't break the law; and, don't oppose your government (no matter how corrupt or bad they might be) - since Tor can't help you. Encryption is the best solution. But since encryption can be broken if resources are applied to it this only works if everyone uses encryption (just as everyone uses envelopes for physical correspondence rather than postcards.)

Re:Global "Lawful Interception" break Tor anyway (3, Interesting)

Ux64 (1187075) | more than 4 years ago | (#32053750)

True. Problem with Tor is that it is LOW LATENCY network. There is no way to hide traffic by adding hops on low latency network, if all connections are monitored. And even if there are some unmonitored nodes, traffic can be still easily monitored.

That's why all links between peers should use constant bandwith method. Every link need to maintain same utiliation level, even if no traffic is being passed. This is very old method, but rarely being used with P2P.

Re:Global "Lawful Interception" break Tor anyway (1)

Rich0 (548339) | more than 4 years ago | (#32055290)

The odd thing is that file transfers like used with torrents should be fairly friendly to constant-bandwidth approaches like what mixmaster used. It probably wouldn't be any slower than tor is today. If anything, having people downloading stuff might help since it gives the network more traffic to mix stuff in.

What is needed, however, is to build the anonymity into the file transfer protocol, so that you don't need exit nodes. The reason torrent over tor is popular is that you can use existing swarms with it (with thousands of seeds sometimes) - if you try to look on something like freenet or i2c for a file you'd be lucky to find the US declaration of independence, with maybe one "seed."

The big problem is the network effect - any new sharing network is going to have fewer contributers than anything established, which makes it hard to change the status quo.

The tor folks should probably go out of their way to create/promote such a new network. It could be used to handle non-web video traffic, and it would get all that bandwidth off of tor!

Re:Global "Lawful Interception" break Tor anyway (1)

Weezul (52464) | more than 4 years ago | (#32053760)

Tor works pretty well if your packets get routed through places that don't like the interested countries. In particular, Iranian dissidents can very likely take full advantage of Tor.

Well. (1)

drolli (522659) | more than 4 years ago | (#32053600)

Highly suprised? Not at all.

a) The same story was about a year ago about embassies using tor and being sniffed on

b) All anonymizing techniques rely on a sufficiently high ration of suitable "good" to "bad" nodes. Nowadays, injecting 1000 bad nodes is not costly. I suppose many secret services have 1000s of machines (or virtual machines) in the Tor network

c) If your endpoint needs to keep a stateful connection for your machine, he will be able to sniff the total connection. At least he will be able to extract metadata, and unless you use encryption, also get the whole content of the stream

d) P2P is inherently not-encrypted, at least no the content level. In the contrary, it is indexed by content, which reduces the effort to analyse what somebody wants to download (which is why P2P works).

e) Your ISP is subject to a contract with you and privacy laws. An arbitrary guy being a tor node is not

f) If you dont trust you ISP, then use a VPN you pay for with a clearly defined policy on when to hand over you records (the one i use specifically states only when forced by a judge). You anyway should have one of these for going online abroad.

Gnunet and Freenet are designed for privacy (1)

Ux64 (1187075) | more than 4 years ago | (#32053726)

Gnunet and Freenet are designed for privacy from the very beginning. It's usually very very bad choise to trying to use systems that aren't designed for privacy. And then trying to fix all the problems that are hidden with these overly complex protocols and plugins.

Easiest way to secure any system is get rid of way too complex systems. Just like web browsers, web servers, extensions like php, python, sql, email clinents and protocols like BitTorrent. Keep it simple, very simple, is the key when dealing with private data.

Same method apply with real world privacy too. Don't use cell phones, don't use credit card. Keep it simple. All modern nice and complex things include many issues that you might not be aware about.

This isn't a 'flaw' in BitTorrent... (2, Insightful)

laird (2705) | more than 4 years ago | (#32054156)

In case anyone is thinking that this is somehow a 'security flaw' in BitTorrent, we should be clear that privacy is not a design goal of BitTorrent; BitTorrent was designed to provide extremely reliable, efficient file delivery. So while BitTorrent has many strengths (efficiency, etc.) there is a tradeoff between its goals and the goals of a network such as Tor. Specifically, in order to maximize efficiency, BitTorrent distributes your IP address quite openly, has consistent and obvious torrent IDs, etc., which make it efficient and reliable, but pretty much the OPPOSITE of concealing what you are doing from your ISP and the rest of the p2p network. Anyone who was surprised that it's easy to monitor BitTorrent traffic hasn't read the protocol spec - it is EXTREMELY easy to monitor activity in BitTorrent networks, because BitTorrent intentionally distributes everyone's IP addresses, transfer activity, etc., in order to allow the protocol to operate efficiently. So if you want to monitor BitTorrent, you just find tracker addresses and torrent IDs (which are in the .torrent files) and ask the trackers and for the addresses of all of the peers in each torrent, and get back a nice list of peers.

There are other p2p networks that do attempt to conceal what you are doing in the network, but the cost of that is that they generally are inefficient (wasting tons of CPU and bandwidth) and thus perform badly, making them unpopular with people who want to rapidly download files.

And I will second the note that running BitTorrent through Tor is a terrible idea. You end up with the worst of both networks - terrible performance and not much security. Worse, doing so damages the rest of the Tor network, interfering with people who are using Tor for what it is designed for.

Toe like BitTorrent... (2, Insightful)

GlobalColding (1239712) | more than 4 years ago | (#32054262)

... Offer the illusion of privacy.

Re:Toe like BitTorrent... (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32056852)

The only people who think BitTorrent is private are those who have no clue know how BitTorrent works.

It's like giving out your address over the web and wondering why you're suddenly getting so much mail all of the sudden. But what great offers! Seriously, people need to wise up a bit.

How the hell do you think a distributed download service is supposed to work and still remain anonymous?

And don't give me Anomos, the tracker still maintains everyone's IP and links it to the torrent they are downloading. It doesn't share the information as readily, which just makes it less efficient. It doesn't offer any substantial protection because it basically works the same way BitTorrent does.

The threats - short summary (0)

Anonymous Coward | more than 4 years ago | (#32054332)

This is just a short summary of the blog-post, errors may occur please say so if you find some.

1.) Threat UDP/TCP - Proxy ignore
a.)
The BT-client is at fault not telling the user when selecting to use a socks-proxy, that it will simply ignore your setting. It's because (most) BT-Tracker uses UDP and tor cannot relay UDP

b.)
WORSE: some BT-Clients put your real ip-address into the information they send out to the tracker.

Applies to tracker-data over tor

2.) Threat
Combined 1.a & 1.b

3.) Threat
in short the exit-nodes can try to identify you,
like when sending your /. login over a non-https connection

(you're identifiable, unless you use a totally anonymous account with anon-email etc..) and not telling on twitter that you are Willy Woe.

Your data-stream and all over streams from you going web/out over this exit-node are pointing to you.

Threats 1 2 3 - teach us a lesson

The problem is that devellopers don't build their software (tor)-safe or safe anyway, just ignoring the users wish without telling about the override, reminds me a bit of vista & 7 :)

ps.
even if you think an app like jdownloader is tor-safe, scrap it, it's not it will only use the web-proxy you specified but ignores the socks-proxy setting.

You can watch this behaviour using "an" applicationlevel software firewall on win32, also make sure that dns-requests are reported.

Tor is hopeless (1, Insightful)

Animats (122034) | more than 4 years ago | (#32054340)

Tor, as a means of obtaining "privacy", is hopeless. If you use a web browser, the browser headers, cookies, single-pixel GIFs, and Java applets still tend to give out identity information. A sizable fraction of TOR exit points are exploits of one kind or another. Give it up.

Re:Tor is hopeless (2, Informative)

Anonymous Coward | more than 4 years ago | (#32055640)

Why was this marked Flamebait? Most of it is true.

Even dealing with all the points in the first sentence, the last part is impossible to fix.
Tor, by its very nature, is open to attack from any company with enough money to buy a couple hundred servers and bandwidth for all of them.
Trusting Tor is like trusting some guy in a mask who looks "important".
It is not a matter of proving that most of the nodes, or a good chunk of the nodes are from agencies of some sort, it is the fact that you CAN'T.
Trusting an unknown is the worst thing you can do when it comes to privacy.

This goes for all those random anonymizer services you pay for as well.
Pretty much all of them can't be trusted simply because they are unknowns.
Unless you know the people behind the project either directly or indirectly (think that VPN from TPB), you are putting yourself at serious risk.

Just because you haven't heard of people being caught by using said services, doesn't mean that it fails to happen.
There is a lot of stuff that fails to leave courtrooms, and some plain don't even go near them due to it being settled outside court. (that happens significantly more often, actually)

Remember: it could be you next.
You hear about people getting screwed over by doing something on the internet, whether it was illegal downloads, child porn, protests, revealing secrets, blah blah etc, but you never think it will happen to you until it is either too late, or someone you know is fucked

Hilarious- people still don't get what Tor does (0)

Anonymous Coward | more than 4 years ago | (#32054700)

Tor isn't some magic bullet. You aren't going to get privacy unless you know wtf you are doing with it. It also isn't necessarily really useful for that kind of stuff. It is more useful for those who actually have a need for privacy. People who aren't going to be surfing "safe" and "non-safe" sites or doing "safe" and "non-safe" stuff at the same time. You won't have these types of problems if the environments where Tor is really useful. Tor will protect you if you want to go into hiding. It won't protect you from the RIAA cause the RIAA isn't going to kill you. The RIAA won't drag you out of your house spit in you spit in your face, beat you, lock you up, rape, and torture you for the next 20 years. Then put you on a list and make you live in shitty conditions all so they can do it all over again to you. No. Tor is for people who are being persecuted. It isn't for you ass fucks who think ... ok. I hate the RIAA and i think people who are opposed to bittorrent on the Tor network are ass holes- but they aren't wrong about it degrading the network either. They have a point. I think though some of them take it too far with what they ban passing through their exit nodes. They don't get that some people actually have real needs to get video and other media out to the world. Bittorrent might not be critical to that end. Certainly though those using Tor need to be able to pass large files through it though and there are people blocking "file sharing" sites. Sites that are exactly of the type people who need to get video and other exploitations out to the world would need. Anyway. My two thoughts.

all you can eat (0)

Anonymous Coward | more than 4 years ago | (#32055762)

don't you just need a big "erase all disks" key-combo?
or some PCI card that does a EMP pulse?

put it to a vote! (0)

Anonymous Coward | more than 4 years ago | (#32055816)

the weired thing is that if every bit-torrent users
vote would count towards ...errr... getting stuff for free
we'd probably have a majority.

Re:put it to a vote! (1)

SharpFang (651121) | more than 4 years ago | (#32056168)

It doesn't matter who votes.
It matters who writes the candidates lists.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?