Re: Reducing relays = reducing anonymity ? Tortunnel.
On Wed, May 19, 2010 at 03:21:15PM -0400, Stephen Carpenter wrote: On Wed, May 19, 2010 at 1:48 PM, Sebastian Hahn m...@sebastianhahn.net wrote: Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? Yes, unfortunately quite a few people use it. It hurts the network by endangering exit node operators, and by completely ignoring any of the load balancing that happens in normal Tor. I agree with most of what you have had to say, though, this gets to the heart of why its not just bad for you but abusive to the community. However, I am not sure that I understand how this is the case. Certainly there is a certain amount of sense to the idea that tortunnel traffic may use another system that focuses more on speed if tortunnel was unavailable. However, an assumption is an assumption and I am not sure how much I buy the truth of it. Is there an argument for the problem beyond this? What load balancing mechanisms is it ignoring? Is this ignorance a symptom of what it tries to do, or a symptom of ignorant design (ie just plain ignoring network information that it is the client's job to respect?). I ask for two reasons. The first is logical accuracy, what its trying to do, while bad for user anonymity, doesn't, on its face, seem like a real problem for tor exit node runners. The second is that I have considered writting a client myself (I have some things that I want to play with that is a bit beyond what the current client can do... like rendezvous nodes that don't publish in the public directory) and I wouldn't want to end up being considered an abuser If single-hop users of exit nodes become common it then becomes worthwhile for Tor adversaries to seize or compromise or tap traffic going into exit nodes in order to locate those single-hop users. I have been using the alpha versions that detect anomalous connections from nodes claiming to be tor relays for several weeks and have seen some (but not majority) activity. Although tortunnel-like code can be used for detecting bad exits, i wouldnt be surprised if someone adapted it for p2p botnets spamming etc. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
Does anybody use tortunnel ? Never heard of it before, so doubt it. Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? We discourage people from reducing the circuit length since it cripples the anonymity tor provides, makes exit nodes more tasty targets since they can correlate users to exit traffic, etc. There's been several discussion of this in the archives. Where is the security/anonymity reduction since tortunnel also uses Tor ? It's equivalent to using a single hop proxy. Can Tor itself reduce the number of relays (like tortunnel) ? No, nor do we want it to. Cheers! -Damian On Wed, May 19, 2010 at 9:06 AM, Attac Heidenheim heidenh...@attac.dewrote: Hi everybody, I just tried a little tool called Tortunnel which allows a user to tunnel Tor via Privoxy/Polipo to any selected exitnode. Just one hop instead of three relays. Of course, if the exitnode ist evil, you're lost, but it really speeds up the whole thing on the other hand. Website: http://www.thoughtcrime.org/software/tortunnel/ My questions: Does anybody use tortunnel ? Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? Where is the security/anonymity reduction since tortunnel also uses Tor ? Can Tor itself reduce the number of relays (like tortunnel) ? Greetings, Niklas
Re: Reducing relays = reducing anonymity ? Tortunnel.
Hi Niklas, On May 19, 2010, at 6:06 PM, Attac Heidenheim wrote: Hi everybody, I just tried a little tool called Tortunnel which allows a user to tunnel Tor via Privoxy/Polipo to any selected exitnode. Just one hop instead of three relays. This works by pretending to the exit relay that you've already come through the Tor network. This is considered abusing the resources made available to the Tor network by volunteers, and effectively entirely breaks your anonymity. Of course, if the exitnode ist evil, you're lost, but it really speeds up the whole thing on the other hand. The only goal of tortunnel is speed. Remember, though, that most nodes on the Tor network aren't exits, so even for the network as a whole tortunnel, is a bad idea as exit capacity is tapped by more people (assuming the people who use tortunnel would otherwise find something else that offers speed but no anonymity). Remember that not only the exit node, but also people who might want to threaten/watch the exit node or its operator are perfectly able to track you down and analyze all your traffic as much as they want. My questions: Does anybody use tortunnel ? Yes, quite many people do, unfortunately. We have implemented a patch to detect people who abuse Tor in this way, and exit node operators using the development version can already opt to deny handling traffic for tortunnel users. As this option gets more testing it will propagate into the stable versions and probably be turned on by default before too long. Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? Yes, unfortunately quite a few people use it. It hurts the network by endangering exit node operators, and by completely ignoring any of the load balancing that happens in normal Tor. Where is the security/anonymity reduction since tortunnel also uses Tor ? Anonymity is entirely gone. Can Tor itself reduce the number of relays (like tortunnel) ? No, because Tor itself identifies as a client to the first hop. This means that the first hop knows that you are a client, and disallows exiting. Greetings, Niklas One thing you fail to consider is how secure tortunnel itself is. Others have reported it is doing some dubious things, and it wouldn't come as a big surprise if there were a nice bugdoor somewhere. Sebastian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
On Wed, May 19, 2010 at 1:48 PM, Sebastian Hahn m...@sebastianhahn.net wrote: Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? Yes, unfortunately quite a few people use it. It hurts the network by endangering exit node operators, and by completely ignoring any of the load balancing that happens in normal Tor. I agree with most of what you have had to say, though, this gets to the heart of why its not just bad for you but abusive to the community. However, I am not sure that I understand how this is the case. Certainly there is a certain amount of sense to the idea that tortunnel traffic may use another system that focuses more on speed if tortunnel was unavailable. However, an assumption is an assumption and I am not sure how much I buy the truth of it. Is there an argument for the problem beyond this? What load balancing mechanisms is it ignoring? Is this ignorance a symptom of what it tries to do, or a symptom of ignorant design (ie just plain ignoring network information that it is the client's job to respect?). I ask for two reasons. The first is logical accuracy, what its trying to do, while bad for user anonymity, doesn't, on its face, seem like a real problem for tor exit node runners. The second is that I have considered writting a client myself (I have some things that I want to play with that is a bit beyond what the current client can do... like rendezvous nodes that don't publish in the public directory) and I wouldn't want to end up being considered an abuser Where is the security/anonymity reduction since tortunnel also uses Tor ? Anonymity is entirely gone. A bit overstated but, not far off. It is as anonymous as any single hop relay. Also, since it tries to emulate tor traffic to trick the node, well, if you were running a node (even a non-exit), I would think that tortunnel traffic would be very hard to distinguish from non-tortunnel. Of course... this wouldn't help if speed is your goal. -Steve *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
Sebastian Hahn wrote: Hi Niklas, On May 19, 2010, at 6:06 PM, Attac Heidenheim wrote: Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the number of relays ? Yes, unfortunately quite a few people use it. It hurts the network by endangering exit node operators, and by completely ignoring any of the load balancing that happens in normal Tor. Just wondering if anybody from the Tor Project has contacted the author to express the concerns with tortunnel. Particularly about it being detrimental to the Tor network. Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
--- On Wed, 5/19/10, Stephen Carpenter thec...@gmail.com wrote: Certainly there is a certain amount of sense to the idea that tortunnel traffic may use another system that focuses more on speed if tortunnel was unavailable. However, an assumption is an assumption and I am not sure how much I buy the truth of it. Although, I can't help but think that with equal resources, the use of a single system could have benefits too: shared code paths (and thus potentially better debugged), better load balancing, more traffic to mix with for those loving company (anonymity seekers)... To be more specific about what I mean by equal resources: suppose that users of system X have 5 relays, and tor has 5 relays, and both sets of users used the same bandwidth. If all users used one 10 relay system instead, the total bandwidth should be similar. I ask for two reasons. The first is logical accuracy, what its trying to do, while bad for user anonymity, doesn't, on its face, seem like a real problem for tor exit node runners. The second is that I have considered writting a client myself (I have some things that I want to play with that is a bit beyond what the current client can do... like rendezvous nodes that don't publish in the public directory) and I wouldn't want to end up being considered an abuser I can't help but think that there are indeed other use cases that would greatly benefit from a independent simpler transport-type lower-layer that tor could ride on. If this layer could have more users and more resources (relays/coders) dedicated to it than just the resources that tor currently gets, it could be a net win for tor. I proposed something like this a year or two ago and have done nothing with it. I keep coming back to the idea though. I just recently started playing with the concept again, I was going to call it PNR for Private Natting Router. Essentially attempting to define a very simple OpenVPN setup ontop of some natting firewall rules and IP forwarding. A simple system would then define a way to add restrictions and extra capabilities to such a setup and to publish them along with status info. Restrictions might be something like: can only connect to these other PNRs (act as a middle node), or can only go to the internet via port 80 (exit node restriction). A capability might be something like the ability to tunnel connections to other individual points via a single VPN (to make separate input streams aggregate into a single output stream), or to aggregate/delay packages for potentially better mixing. All of this would create more of a research environment where new models could be experimented with and still potentially benefit from a common deployed foundation. It would be possible to explore many new transport layer speed/latency/bandwidth optimisations independently from anonymity issues. It might make exploring resource management (charging for/exchanging for bandwidth...) easier. An implementation of tor could be designed to ride on such an infrastructure. This implementation would embody many of the very clever things that tor does today, good route selection, directory services... Anonymity is entirely gone. A bit overstated but, not far off. It is as anonymous as any single hop relay. Also, since it tries to emulate tor traffic to trick the node, well, if you were running a node (even a non-exit), I would think that tortunnel traffic would be very hard to distinguish from non-tortunnel. Of course... this wouldn't help if speed is your goal. I keep searching for that use case where a user does not need anonymity for any individual query, but does on the aggregate level. Perhaps this is something some users want, i.e. to never access different sites from the same IP. Such a use case would be very effectively achieved with many single hop relays. Although I can see why tor is not interested in catering to such users, I can't help but think that they could help disguise traffic for users requiring strong anonymity and they could potentially add to the resource pool that tor uses, to ultimately benefit tor as a whole. My .02 cents, -Martin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
Just wondering if anybody from the Tor Project has contacted the author to express the concerns with tortunnel. Particularly about it being detrimental to the Tor network. Jim The author is a security researcher, the tool is ages old and abandoned, as far as I know it doesn't work right away unless you change some of the code, and it was written to check what tor exit nodes where running sslstrip or in other ways were messing with the traffic. I'm not really sure what this fuzz is all about. I wonder how many people actually use it these days. Also, *if* Tor can be used in this way, it will be. If no white-hat will write code to do it, the black-hats will, and the only difference is that you'll be unaware of the tool. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
To be more specific about what I mean by equal resources: suppose that users of system X have 5 relays, and tor has 5 relays, and both sets of users used the same bandwidth. If all users used one 10 relay system instead, the total bandwidth should be similar. Tortunnel is not a separate network, but (ab)uses existing Tor exits. My guess would be that tortunnel users - client only - don't think a lot about adding exit relays to Tor. It's not developed any longer, and I don't think many are using it anyway. I agree with Stephen that it's not per se a threat to the Tor network. I can't help but think that there are indeed other use cases that would greatly benefit from a independent simpler transport-type lower-layer that tor could ride on. Have you looked at I2P? http://www.i2p2.de/techintro.html It for example allows both users and services to specify their hop length, and uses packet switching instead of circuit switching. -- Moritz Bartl GPG 0xED2E9B44 http://moblog.wiredwings.com/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
The author is a security researcher, the tool is ages old and abandoned, as far as I know it doesn't work right away unless you change some of the code, and it was written to check what tor exit nodes where running sslstrip or in other ways were messing with the traffic. I'm not really sure what this fuzz is all about. I wonder how many people actually use it these days. Also, *if* Tor can be used in this way, it will be. If no white-hat will write code to do it, the black-hats will, and the only difference is that you'll be unaware of the tool. Agreed as to general sentiment. Have you looked at I2P? http://www.i2p2.de/techintro.html It for example allows both users and services to specify their hop length, and uses packet switching instead of circuit switching. Phantom does this too... user specified hop counts based on their needs for speed vs. security. A nice design feature. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
On 19.05.2010 23:58, grarpamp wrote: Have you looked at I2P? http://www.i2p2.de/techintro.html It for example allows both users and services to specify their hop length, and uses packet switching instead of circuit switching. Phantom does this too... user specified hop counts based on their needs for speed vs. security. A nice design feature. Is there any working implementation of Phantom? I2P is widely in use, and I must say that I really begin to like it. Code also looks much cleaner to me (not: mature). Tor could use a complete rewrite. -- Moritz Bartl GPG 0xED2E9B44 http://moblog.wiredwings.com/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reducing relays = reducing anonymity ? Tortunnel.
Is there any working implementation of Phantom? I2P is widely in use, and I must say that I really begin to like it. Code also looks much cleaner to me (not: mature). Tor could use a complete rewrite. Not as of yet. They have a specification whitepaper and a video with slides to give you a pretty good idea. And a blog post indicating some form of midyear release plans. Other players in the anon space are surely good things. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/