[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor users are not anonymous



From http://translate.google.com/

On the basis of patterns can be easily identified despite Tor users
anonymity than expected. The have Aaron Johnson , Chris Wacek , Micah Sherr
and Paul Syverson studied in a scientific study . The authors have
investigated here the data that go into the Tor network and compared with
those who come out . Especially users of BitTorrent or IRC via gate can be
exposed quickly . The problems , however, are known and Tor team has
adequately in their FAQs out .

Provided that both the attacker can also monitor the incoming and outgoing
traffic of at least one or more gateway relays the data can be analyzed and
assigned on the basis of comparative patterns of a given IP address . It
was only a matter of time , write the authors of the study, at least six
months , a user with up to 80 - percent probability 'll identify . For
example, since few users abriefen BitTorrent over Tor and a few relays
opened the ports for BitTorrent , they also stayed open long , so
decreasing the duration of a clearly de-anonymization .
Quickly identified by larger attack surface

The deanonymisation will accelerate when either the attacker complete
control over a portion of the traffic would , for example through an
autonomous system (AS ), or even an Internet Exchange Point ( IXP ) . Then
the period of identification partly reducing by half. A scenario that
classify the scientists in the context of the current discussion of the
work of the intelligence services to be realistic.

Additional tools that speed up the traffic on Tor network , increase the
risk deanonymization also , such as Congestion -Aware Path Selection ,
identified in the bottle necks and data can be redirected accordingly. The
higher the number of guards used by users , the higher the probability to
catch a guard, which is overseen by an attacker .
countermeasures

The four authors of the study but also give hints on how the
de-anonymization may be at least delayed , for example by the number of
entry guards would be reduced . An increase in the decay time of a Guards
could prolong the time until a user is identified. The study indicates that
the Tor team this measure have been used in version 0.2.4.12 -alpha. In
addition, users could manually reduce the number of entry , exit and
exclude nodes. This would indeed sent at the expense of speed more packets
of different clients by individual nodes , but they are less likely to be
assigned .

Although the results of their study are very pessimistic, the authors write
. But yet Gate means confidentiality over the Internet for thousands of
users . They were optimistic that the Tor team could offer the service and
continue to improve .


On Thu, Sep 5, 2013 at 10:22 PM, sigi <tornode@xxxxxxxx> wrote:

> Hi,
>
> two main german technology news sites are spreading news about the
> study: »Users Get Routed: Traffic Correlation on Tor by Realistic
> Adversaries« [1]
>
> They write about 'broken anonymity' for Tor-users:
> Tor-Nutzer surfen nicht anonym - Tor users do not surf anonymously
> <
> http://www.golem.de/news/anonymisierung-tor-nutzer-surfen-nicht-anonym-1309-101417.html
> >
>
> Tor-Benutzer leicht zu enttarnen - Tor users to easily expose
> <
> http://www.heise.de/security/meldung/Tor-Benutzer-leicht-zu-enttarnen-1949449.html
> >
>
> The articles are german-only - The main point was always stated by the
> Tor-devs [2], that anonymity »fails when the attacker can see both ends
> of the communications channel« - can anyone out there assess how
> serious or new this really is?
>
> Regards,
> sigi
>
> [1] http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
> [2] https://www.torproject.org/docs/faq.html.en#EntryGuards
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk