Re: [tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Milestone:
Component:  Core Tor   |Version:
 Severity:  Blocker| Resolution:
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---

Comment (by cypherpunks):

 i tried to verify the BUG by controlport

 {{{
 GETINFO orconn-status
 }}}
 i can see multiple lines of

 {{{
  $13A883871EF7BA0CB7C913534C5EC360D6DF1BF7~Unnamed CONNECTED
 }}}
 netstat also is proof for multiple connection to same guard by using
 different socksports which should be canonical

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Milestone:
Component:  Core Tor   |Version:
 Severity:  Blocker| Resolution:
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---

Comment (by som3bodi):

 Hello

 Any other ticket/subject about this ? This is Bug/Feature ?

 >> If I use multiple SocksPort, it connects to entry node multiple times,
 instead of one time.

 Could you share what analysis tools did you use ? I did some monitoring
 those past few days with several SocksPort (and flag IsolateClientAddr
 IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr
 KeepAliveIsolateSOCKSAuth), did have more than 1 connection to the
 entrynode

 Thanks

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Milestone:
Component:  Core Tor   |Version:
 Severity:  Blocker| Resolution:
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---

Comment (by cypherpunks):

 Hello,
 i have discovered and seen this happening in previous versions. I must
 note, I'm not the cypherpunks issue opener.

 Replying to [comment:1 randomname213324]:
 > > If I use multiple SocksPort, it connects to entry node multiple times,
 instead of one time.
 >
 > Yes, that's the point of it. It uses different Tor circuits so
 activities can't be correlated together.
 No, it should use a own circuit for the stream on different SocksPort, but
 still use same multiplexed TCP connection to guard and not open another
 connection to it.

 > > So CIA and NSA can analyze my traffic more easily.
 >
 > No, if anything it's harder as they have multiple connections to analyze
 rather than a single one.
 >
 No, this is on of the reason we using guard nodes and multiplex all
 circuit over single tcp connection to single guard.
 > > They also know how many applications I use with Tor.
 >
 > No, TBB uses a different circuit per tab. You could just have multiple
 tabs open.
 >
 No, if a socksport stream opens a new connection, you can easily track
 application usage as its isolated from other connection.
 > > That's huge bug.
 >
 > No, it's a feature.
 >
 No, it's a bug. Read the specification please.
 > > There should be one connection to entry node, but then each socksport
 should use different middle and exit node. (or maybe use same middle node
 too?)
 >
 > Then activities would be more easily correlated.
 >
 No, the current design actually is one connection to entry node for not
 correlating activity to connections.

 >
 > > It lowers privacy and gives zero benefits.
 >
 > It increases privacy and gives plenty of benefits.
 No, this bug decreases privacy a lot. With no benefits, but extra delay of
 handshaking extra TLS to guard.
 >
 > > NSA, CIA, can isolate each TCP connection and try to make analysis and
 correlation.
 >
 > And they can isolate a single TCP connection and try to analyze it. The
 only difference is is that multiple connections means they have more work
 to do.
 >
 Don't you want to understand, that if you have multiple connections open,
 it is easier to analyse because it already is isolated connection?
 > > If everything was transmitted on single TCP connection they would need
 to own entry node to do same thing. If everything was transmitted on
 single Entry and Middle node (but different Exit node) they would need to
 own entry and middle node to make this analysis.
 >
 > If the connections all shared the same entry node then they'd only need
 one entry node for your traffic to pass through to perform analysis
 attacks rather than with multiple entry nodes.
 Please read why torproject decided to switch to single guard circuit path
 selection and stop posting misleading information. This harms users
 privacy.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Milestone:
Component:  Core Tor   |Version:
 Severity:  Blocker| Resolution:
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---

Comment (by randomname213324):

 > If I use multiple SocksPort, it connects to entry node multiple times,
 instead of one time.

 Yes, that's the point of it. It uses different Tor circuits so activities
 can't be correlated together.

 > So CIA and NSA can analyze my traffic more easily.

 No, if anything it's harder as they have multiple connections to analyze
 rather than a single one.

 > They also know how many applications I use with Tor.

 No, TBB uses a different circuit per tab. You could just have multiple
 tabs open.

 > That's huge bug.

 No, it's a feature.

 > There should be one connection to entry node, but then each socksport
 should use different middle and exit node. (or maybe use same middle node
 too?)

 Then activities would be more easily correlated.

 > You are just helping NSA. Do they own torproject?

 No they don't.

 > It lowers privacy and gives zero benefits.

 It increases privacy and gives plenty of benefits.

 > NSA, CIA, can isolate each TCP connection and try to make analysis and
 correlation.

 And they can isolate a single TCP connection and try to analyze it. The
 only difference is is that multiple connections means they have more work
 to do.

 > If everything was transmitted on single TCP connection they would need
 to own entry node to do same thing. If everything was transmitted on
 single Entry and Middle node (but different Exit node) they would need to
 own entry and middle node to make this analysis.

 If the connections all shared the same entry node then they'd only need
 one entry node for your traffic to pass through to perform analysis
 attacks rather than with multiple entry nodes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Component:  Core Tor
  Version: |   Severity:  Blocker
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---
 What the fuck is going on here?
 If I use multiple SocksPort, it connects to entry node multiple times,
 instead of one time.
 So CIA and NSA can analyze my traffic more easily. They also know how many
 applications I use with Tor.
 That's huge bug. There should be one connection to entry node, but then
 each socksport should use different middle and exit node. (or maybe use
 same middle node too?)
 You are just helping NSA. Do they own torproject?
 Here is how to get the bug:

 1. Configure Tor to use multiple SocksPort with IsolateDestAddr flag
 2. Start Tor
 3. Connect each application to each SocksPort and start doing network
 activity on all of them.
 4. You might get multiple TCP connections to entry node.
 5. Each separate TCP connection transmits data from separate SocksPort.

 It doesn't happen 100% of time. Sometimes you need to wait or try again to
 get this bug.
 This bug is a design flaw maybe. It lowers privacy and gives zero
 benefits.
 NSA, CIA, can isolate each TCP connection and try to make analysis and
 correlation. If everything was transmitted on single TCP connection they
 would need to own entry node to do same thing. If everything was
 transmitted on single Entry and Middle node (but different Exit node) they
 would need to own entry and middle node to make this analysis.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs