this post was submitted on 20 Sep 2024
201 points (97.2% liked)

Privacy

31814 readers
247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] ShortN0te@lemmy.ml 68 points 1 month ago (2 children)

This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.

[–] orcrist@lemm.ee 37 points 1 month ago (1 children)

The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn't mean you can't defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.

Based on what was in the article and what's in the history books, I'm not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn't contradicted by what's in the article?

[–] ShortN0te@lemmy.ml 6 points 1 month ago

Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.

Nope, just a summary that this is just old news. There is nothing new in the article.

[–] EherNicht@feddit.org 15 points 1 month ago (11 children)
[–] possiblylinux127@lemmy.zip 5 points 1 month ago* (last edited 1 month ago) (1 children)

I2p has issues that can more easily lead to deanonymization attacks. It says it on the FAQ

[–] MigratingtoLemmy@lemmy.world 6 points 1 month ago (1 children)

Confirmed the troll.

From the FAQ:

Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.

It may be dangerous to use I2P in what the project calls "Strict Countries"

Most I2P peers are not in those strict countries and the ones that are, are placed in "Hidden Mode" where they interact with the rest of the network in more limited ways, so that they are less visible to network observers.

Unlike Tor, "exit nodes" - or "outproxies" as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these.

There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.

If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort.

I2P has defenses available against this like multihoming or Tahoe-LAFS

I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination.

In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients").

In theory, if you're accessing the clearnet, then it is no better or worse than TOR. It is a little better if you're stay in I2P land.

Don't listen to me or him. If you're reading this, go to the FAQ (https://geti2p.net/en/faq) and make your own decisions.

[–] possiblylinux127@lemmy.zip 3 points 1 month ago (2 children)

I2p lacks the ability to mask your traffic. It is obvious that you use i2p and someone could identity you from analyzing the network for long enough

[–] MigratingtoLemmy@lemmy.world 6 points 1 month ago* (last edited 1 month ago)

TOR is obvious too to someone snooping on your network, unless you're using bridges (and that's hit or miss). If you don't want someone to know you're using I2P, use OpenVPN and mask your traffic as HTTPS.

You're going to have to explain better about "I2P not masking your traffic" and especially about "someone identifying you" - timing attacks are possible in both cases and the I2P Devs have mitigations against it. Please provide sources which define how I2P is weaker and more susceptible to TOR against network forensics

load more comments (1 replies)
load more comments (10 replies)
[–] ExtremeDullard@lemmy.sdf.org 50 points 1 month ago (3 children)

The TOR network itself is safe - at least assuming the TLAs don't control at least half of the nodes, which is far from impossible. But let's assume...

The weak point comes from the browser: that's how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that's the problem: it disables so many unsafe functionalities that it's essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that's how they get caught.

[–] delirious_owl@discuss.online 15 points 1 month ago (1 children)

My understanding is that Tor Browser works fine, there's just some dumb website owners that block Tor traffic by IP address.

[–] CCRhode@lemmy.ml 18 points 1 month ago (1 children)

And ... guess what ... www.bleepingcomputer.com, the source of the story, is one of those.

[–] delirious_owl@discuss.online 11 points 1 month ago* (last edited 1 month ago)

Maybe email them and let them know about the misconfiguration

Let them know that tor users can't read their article about Tor

[–] Trainguyrom@reddthat.com 11 points 1 month ago

I mean, the advice I've heard for one who's threat model is "the feds are actively trying to identify me" is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)

[–] chappedafloat@lemmy.wtf 3 points 1 month ago (1 children)

Do you think it's better to use a VPN if you aren't using TOR Browser?

[–] schnurrito@discuss.tchncs.de 19 points 1 month ago (1 children)

All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.

[–] HelixDab2@lemm.ee 19 points 1 month ago (4 children)

ISPs definitely keep records. At least some VPNs claim that they don't, and that their networks are set up in such a way that they can't. Some organizations claim to validate the claims of the VPNs, but it's unclear if they're trustworthy.

So your choice is to use something that definitely keeps logs, or to use a company that at least says that they don't/can't.

[–] communism@lemmy.ml 9 points 1 month ago (1 children)

Yes, and there's also the fact that some VPNs such as Mullvad let you be anonymous so even if Mullvad were keeping logs, if you pay privately they have no way of knowing whose logs they are (unless the content itself of your internet history reveals your identity). Meanwhile your ISP definitely knows who you are, and absolutely will collaborate with the police if asked to.

[–] electric_nan@lemmy.ml 11 points 1 month ago (2 children)

You can pay anonymously, but if you regularly connect from your home IP address, it hardly matters.

load more comments (2 replies)
[–] possiblylinux127@lemmy.zip 6 points 1 month ago (1 children)

The VPN company themselves may not keep logs. However, they might be a little black box somewhere in the data center...

[–] NauticalNoodle@lemmy.ml 7 points 1 month ago (1 children)

As Proton made evident, VPNs can be legally compelled to start keeping logs on specific accounts as the result of a court order. So if you're gonna do something incriminating, then I guess you should create a new account each time.

[–] orcrist@lemm.ee 5 points 1 month ago (1 children)

That's true but it also depends what attack vector you're trying to defeat. If someone is doing a timing attack and you're running through a VPN, it might be harder to work for them, depending on where they sit.

load more comments (1 replies)
[–] yogthos@lemmy.ml 5 points 1 month ago (4 children)

I mean, you could set up your own VPN on a VPS and ensure it doesn't keep logs. You could also get a VPS in a different legal jurisdiction from where you're at.

load more comments (4 replies)
load more comments (1 replies)
[–] h4lf8yte@lemmy.ml 27 points 1 month ago (1 children)

As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.

[–] hate2bme@lemmy.world 5 points 1 month ago (3 children)

How do you get an anonymous VPN? I see mullvad has a pay in cash option. Is that how?

[–] Katzastrophe@feddit.org 3 points 1 month ago* (last edited 1 month ago)

You literally put the money + a piece of paper with your account number into an envelope and mail it to them

[–] h4lf8yte@lemmy.ml 3 points 1 month ago

Yes exactly and some providers also accept crypto.

load more comments (1 replies)
[–] sumguyonline@lemmy.world 24 points 1 month ago (2 children)

First, randomize your mac, shutdown anything that can "dial home" (updates, sync, logged in apps, etc) then connect to internet then anonymous VPN, then connect to the tor network, use an anonymized browser with NO java enabled, never download anything -copy paste text, and screen cap images-, if your network drops the popo's are trying to do a "reconnect" attack to see if they can get an unprotected connection to the material you were looking at. Use a livedisk on USB and you likely won't get bios level attacks, as live disks make it harder to access your bios. Source: a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.

[–] PM_Your_Nudes_Please@lemmy.world 10 points 1 month ago

This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.

It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.

[–] sunzu2@thebrainbin.org 6 points 1 month ago

a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.

I also prefer my feds to earn their keep, I pay them good money for it.

[–] MigratingtoLemmy@lemmy.world 24 points 1 month ago (18 children)

If I understand correctly, stream isolation will route different connections through different circuits. If you're doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess

[–] chappedafloat@lemmy.wtf 7 points 1 month ago (1 children)

whonix docs is very good to learn about this stuff

[–] delirious_owl@discuss.online 3 points 1 month ago

Heh, whonix docs for privacy have become the arch wiki for Linux

load more comments (17 replies)
[–] some_guy@lemmy.sdf.org 17 points 1 month ago

I have considered Tor safe for illicit activities for at least half a decade. Luckily, there's no need for me to be on there. But this is bad news for people living in places where speech is heavily regulated plus journalists and would-be whistle-blowers.

[–] autonomoususer@lemmy.world 11 points 1 month ago (1 children)

What else you going to use?

[–] Prunebutt@slrpnk.net 26 points 1 month ago (14 children)

I wish more people would try out I2P as a result. AFAIK, garlic routing makes this kind of attack impossible.

[–] ShortN0te@lemmy.ml 11 points 1 month ago (1 children)

AFAIK it only makes it harder not impossible.

load more comments (1 replies)
load more comments (12 replies)
[–] possiblylinux127@lemmy.zip 8 points 1 month ago

What are you going to use instead?

Tor is the best tool you just need to know how to use it

[–] endofline@lemmy.ca 6 points 1 month ago

I think the only still secure network is i2p. In there you don't have the exit node

load more comments
view more: next ›