[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Confused about Tor settings

On Thu, 2006-10-05 at 02:07, jon smith wrote:
> I still don't get it. Tor is for anonymity. DNS leaks
> compromise anonymity (apparently anyone with 2 brain
> cells on nodding terms can figure out where you're
> going). The Tor documentation implies, however, the
> setting ftp to fail (port 8118) solves this. But I
> think people are saying DNS leaks are unavoidable. So
> what's the point of Tor(?). 

It's true that anyone who can read your DNS traffic can figure out sites
that you will likely be connecting to by TCP/IP protocol. Determining an
IP destination from DNS doesn't mean they can tell what you do there
(more below). The DNS issue does not mean Tor has no point. Tor prevents
(or attempts to and probably mostly succeeds in preventing) the site you
are going to, from knowing who you are or what your access patterns are.
There is a lot of anonymity value in that.

I have a web site. It's hosted but I full access to the logs. I browsed
my site through Tor and then repeated the same pages with a browser not
configured to use Tor. When done I retrieved the logs. I was using Lynx,
a text only brwoser, that represents less than one tenth of a percent of
the browser market. By searching for the exact version of Lynx, I was
able to find all my page requests both through Tor and not. All that I
did without Tor had my real IP address, and a DNS lookup gives the
reverse address including my ISP's name. 

Apparently my Tor session lasted more than 20 minutes. The requests were
made from 4 different IP's that had no relation to each other or to me.
It's only because I used a very unusual browser, and surfed my own site,
that I could identify my Tor traffic. If this were anyone else's site
and a common browser, the web operator would not likely relate what in
the logs looked like four short sessions, from four different users. If
the user engaged in consistent activities that violated site policies,
he would have to exert legal pressure on the four separate exit nodes to
get what information they had, and attempt to backtrack through
potentially 12 Tor nodes before he'd have a reasonable chance of getting
to me. 

Without Tor, the web operator could do a dns lookup in a few seconds,
and after a couple minutes on my providers website, be making a phone
call or writing an email. There is a huge difference. Only if my actions
were entirely legal, and did not violate the website use agreement, or
my ISP Terms of Use, my ISP, depending on the its policies and
attitudes, might/probably would not cooperate with the website operator.

As for the DNS leaks, I think more is being made of this than it
warrants. I'd guess 99%+ Internet users use the DNS sites assigned by
their ISP. When you make such a request nothing about you goes further.
If the name your application is looking up is already in the DNS cache,
the IP is returned directly to you. If not, your ISP's caching server
will need to go to higher level servers, but nothing about you is
included in these requests. If you use only your ISP's DNS servers, only
your ISP can know what locations you are looking up.

BUT your ISP already has total control of all your traffic between your
computer and a Tor entry node. If it's not encrypted (and only a
minority of web pages accept SSL requests) your ISP can read everything
you send or receive, as well as knowing who it's to or where it's from.
Even if it's encrypted Tor traffic, they still know at a minimum the Tor
entry node it's for, and depending on how well the Tor headers are
constructed, may even be able to find the final destination. If they
were specifically watching you and monitoring all your traffic already,
the DNS information would probably do little more than speed the
determination of your final destination.

While most ISP don't do a very good privacy job for their clients, they
also don't want a reputation for abusing their clients privacy because
that will cost them at least some customers. Unless they are operating
under some legal pressure, or responding to an abuse complaint, few are
likely to monitor their customer's routine traffic, and if they do it's
likely to be fully automated and the records kept for only a short time.
They are not required to monitor, and they cannot be asked for records
they do not have. Monitoring exposes them to more legal and financial
risks than not doing so. Of course there is always the possibility of a
rouge employee.

Glymr, I understand why you are leaving, but maybe you will check out
Tor in a year or two when it should be easier to use and more robust. It
looks like a potentially better solution that any of the commercial
privacy services.

George Shaffer