[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: "Practical onion hacking: finding the real address of Tor clients"
From: Fabian Keil <freebsd-listen@xxxxxxxxxxxxx>
Date: Wed, 1 Nov 2006 13:22:14 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 01 Nov 2006 07:22:46 -0500
In-reply-to: <1162315168.1689.117.camel@localhost.localdomain>
References: <4535B995.8010304@appelbaum.net> <20061018055830.GC24708@fscked.org> <4eaf3b6f0610180858r1b9aafbfvcddd099424cd9f58@mail.gmail.com> <20061018184738.370f3d45@localhost> <1161248804.28290.2514.camel@localhost.localdomain> <20061020155340.6c206ba6@localhost> <1161441284.28290.3657.camel@localhost.localdomain> <20061023142236.72e281d1@localhost> <1161707654.28290.6259.camel@localhost.localdomain> <20061026210536.53d64ed4@localhost> <1161948461.7826.407.camel@localhost.localdomain> <20061031154932.0b0c1b5f@localhost> <1162315168.1689.117.camel@localhost.localdomain>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

GeorgeDS <georgeds@xxxxxxx> wrote:

> On Tue, 2006-10-31 at 09:49, Fabian Keil wrote:
> > George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote:
> >  
> > > To go to
> > > a malicious site you need to encounter a site whose security has been
> > > compromised, be tricked into going to a site, be the victim of
> > > poisoned DNS, receive an email with a macro based Outlook virus that
> > > uses IE functionality, or deliberately browse fringe web sites.
> > 
> > Or you can use Tor and give every Tor exit node operator the chance
> > to render every "trusted site" that doesn't use encryption into
> > a source of malware.
> 
> If your only point is I forgot to list this, I'm guilty. Other than
> that, this seems to be an argument against using Tor.

I think it's just a fact every Tor user should be aware of.
It sure is a disadvantage, but I don't see it as a reason to stop
using Tor.

> Regarding systrace:
> 
> > > Looking at man, it does appear that it would be useful for
> > > controlling "developmental" software on a very secure OpenBSD system.
> > 
> > It's useful to control software in general.
> 
> "In general" I agree but there are costs as well as benefits to all
> security measures. Rational people can reach a wide range of conclusions
> regarding how much to invest and where.

Of course.

> I suspect you might be rather
> uneasy with controlling software, as in preventing customers from using
> Skype, as the Narus tools linked to below can.

It's besides the point, but given the free alternatives I don't think
anyone should be using Skype anyway. Especially not users who care
about their privacy and system security.

If an ISP thinks it's a good idea to disallow Skype usage
in its terms of service and then tries to enforce this policy,
I don't have a problem with that.

If the user wants to use Skype, she should sign up with an
ISP with less unreasonable terms of service.

> > There are several valid reason not to run a Tor server at all,
> > I just don't think that "local security" or "ISP terms of service"
> > are among them.
> 
> We will obviously continue to disagree about these. I recently came
> across http://www.narus.com/products/index.html which describes a line
> of products that allow large ISPs and broadband carriers to monitor
> everything that flows across their network. Virtually every protocol can
> be identified, and everything from any IP can be assembled into a stream
> and it's contents examined.

For Tor users this shouldn't be a big deal. I also don't see anything
exciting about Narus, I once saw a Squil presentation and if I remember
correctly it can do the basically the same.
http://sguil.sourceforge.net/index.php?page=description

Of course a patient person can already do the same thing with
less comfortable tools like tcpdump anyway.

> That barely begins to describe what the
> Narus tools can do. If you care about privacy, this is really creepy.

Maybe if you care about privacy and don't use tools like Tor
to protect it.

> Partly this is to allow carriers to conform to the wiretap laws that are
> being applied in the US and other countries, but Narus makes clear the
> carriers can use these tools for their own purposes. While resources
> should prevent an ISP or carrier from monitoring all their customers all
> the time, tools like this will allow them to focus on protocols banned
> by terms of service and identify the customers using the banned
> protocol.

Personally I think the frequent changes in wiretaping laws
are lot more frightening than the software to comply with them.

> In the case of a cable provider, there is only one in any
> specific area. If you loose your access, then you have to hope DSL is
> available, and you will normally pay more for comparable download
> speeds. Personally I want to be careful about my ISPs terms of service.

It was probably not clear enough, but I wasn't trying to say
that one shouldn't honour the ISP's terms of service. I'm just
saying that they aren't a valid reason not to run a Tor server.
They are only a reason not to run a Tor server in that ISP's
network (if you are interested in running a Tor server and I
know, you personally aren't).

Fabian
-- 
http://www.fabiankeil.de/

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: coderman

Prev by Author: Appeal for class-action lawsuit against connection data storage in Germany
Next by Author: Using Privoxy to increase the security level (was: reporter from The Economist in Thailand seeks help / new Tor guide is up)
Next by thread: Re: "Practical onion hacking: finding the real address of Tor clients"
Index(es):
- Author
- Thread