Difference between revisions of "Tor"
Levi99Vmsb (Talk | contribs) (→Hidden services) |
Levi99Vmsb (Talk | contribs) (→Hidden services) |
||
| Line 42: | Line 42: | ||
<center><pre style="background:transparent; border:none;">you -> arbitrary # nodes -> rendezvous <- arbitrary # nodes <- hs box</pre></center> | <center><pre style="background:transparent; border:none;">you -> arbitrary # nodes -> rendezvous <- arbitrary # nodes <- hs box</pre></center> | ||
| − | + | While hidden service tends to be very slow, ssl is practically moot. | |
| − | There was [http://thesprawl.org/memdump/?entry=8 an article] in 2600 a couple of years | + | There was [http://thesprawl.org/memdump/?entry=8 an article] in 2600 a couple of years ago detailing use of the control port to change the length of tor circuits, and other uses. |
| − | + | One of the pitfalls with hidden services is a correlation attack. If someone controls enough nodes, they can send enough traffic to the hidden service to find its location. The best way to help prevent this is to make the hidden service a Tor node as well. At that point, it passes non-hs traffic and keeps anonymity static. | |
| − | + | Hidden services use .onion as a pseudo-tld. An example being the hidden wiki at [http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page] .onion is a way of describing a hidden service without giving away its location. The string before the .onion is actually a key fingerprint, which ensures the service cannot be found, and it has the expected private key. | |
| − | .onion is a way of describing a hidden service without giving away its location. The string before the .onion is actually a key fingerprint | + | |
| − | + | ||
| − | + | One of the more well known .onions is [http://gawker.com/5805928/the-underground-website-where-you-can-buy-any-drug-imaginable The Silk Road], a venue for buying and selling drugs. | |
| − | One of the more well known .onions is | + | |
| − | + | ||
| − | + | ||
==Conclusion== | ==Conclusion== | ||
Revision as of 06:10, 8 May 2012
- Special thanks to Nachash for this lesson.
Tor is, to put it simply, the world's largest anonymity service. Relied on by many, the onion has developed into a staple of tech-security culture. With the immense popularity of Tor, several rumors have circulated regarding its security and effectiveness. This article serves to answer said speculations, and provide further insight into the workings of the Tor service.
Contents
How It Works
One takes a big chance using tor. Privacy isn't assured in any way; anonymity however is, given that one changes their habits.
Tor originally stood for "The Onion Router". How Tor essentially works is, traffic gets wrapped in multiple layers of encryption, passes from the initial box to the first node in the chain where traffic gets decrypted once, and passed to the next node. It then gets decrypted again and passed to the exit node from where decryption occurs the last time, and routes traffic in the clear.
Tor bridges are basically unofficial entry points into the tor network which are utilized by users in locations such as China in order to access Tor because a vast majority of the official nodes are banned. Such was the case during the Middle East protests, in which online activists were creating exit bridges with haste.
Common Pitfalls
The onion structure undoubtedly has issues. Such problems can be read in a comical form here.
Without clicking links, exit node operators can sniff the traffic that passes through. Some operators choose to do so, and for this reason, you should assume Tor traffic is being monitored, and therefore, always use some form of end to end encryption such as sshing into a box over Tor.
Another precaution Tor users can take to help protect themselves to a certain extent is to exclude known incompetent nodes, such as those found here. For Linux users, add that line to the /etc/tor/torrc file and restart Tor.
If one is running a tor service (it's very simple, just requires one additional line to tor config), they should be running it as a Tor node for security reasons. Services not on a node are vulnerable to certain attacks.
Getting Tor and Extra Uses
For more practical usage, the browser bundle can be downloaded and installed from the Tor Project's website. This being the easiest method.
A convenience for those who have Tor installed and/or running is to use it as a socks5 proxy. The proxy address should be set to 127.0.0.1, and the port to 9050.
For running command-line programs over tor, torify is recommended, which appears as:
| Terminal |
| localhost:~ $ torify ssh [email protected] |
Proxychains and Tor-Resolve
Proxychains and Tor-resolve work better than torify usually, as torify leaks DNS. Proxychains adds a library to LD Preload, which essentially wraps all DNS and connect calls to proxified ones, and Tor-resolve simply resolves a domain name to an IP address using Tor. One can additionally torify an entire box or shell session by adding "libproxychains.so.5" to /etc/ld.so.preload.
Hidden services
When connecting to "normal" websites, the connection looks roughly like:
you -> tor node 1 -> tor node 2 -> exit node -> internet
Hidden services appear as:
you -> arbitrary # nodes -> rendezvous <- arbitrary # nodes <- hs box
While hidden service tends to be very slow, ssl is practically moot.
There was an article in 2600 a couple of years ago detailing use of the control port to change the length of tor circuits, and other uses.
One of the pitfalls with hidden services is a correlation attack. If someone controls enough nodes, they can send enough traffic to the hidden service to find its location. The best way to help prevent this is to make the hidden service a Tor node as well. At that point, it passes non-hs traffic and keeps anonymity static.
Hidden services use .onion as a pseudo-tld. An example being the hidden wiki at http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page .onion is a way of describing a hidden service without giving away its location. The string before the .onion is actually a key fingerprint, which ensures the service cannot be found, and it has the expected private key.
One of the more well known .onions is The Silk Road, a venue for buying and selling drugs.
Conclusion
Remember when I said you don't really have privacy, but you have anonymity? As long as youre careful about what info you disclose. However if youre buying goods you at least have to disclose your address. A lot of vendors on SR have PGP keys for this reason. This is not the biggest problem. While sellers are pretty much in the clear, assuming tor or SR itself arent compromised, buyers are vulnerable to stings. Either from sloppy sellers getting busted (maybe they werent so careful about erasing/storing your address) or from stings where the buyer is a fed/informant.
|
Tor Visit the Anonymity Portal for complete coverage.
|
