Feeds

back to article Boffins follow TOR breadcrumbs to identify users

It's easier to identify TOR users than they believe, according to research published by a group of researchers from Georgetown University and the US Naval Research Laboratory (USNRL). Their paper, Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, is to be presented in November at November's Conference on …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Black Helicopters

Kind of makes you wonder if this is really an initial discovery, or if it has been known about for a while and simply not published. I'm generally not the tinfoil hat sort, but with the Snowden leaks I find myself kind of distrusting all the security options out there.

No matter I guess. The government already knows what I do. They're responsible for almost a third of my business. I keep all my plans for global domination in a series of spiral bound single rule notebooks hidden in an extinct volcano I lease in Indonesia. As long as they don't know about my plans or volcano everything will be just fine.

29
0
Bronze badge

are your notebooks guarded by a white cat, Persian or otherwise? If not, perhaps this white cat might be of assistance http://www.123rf.com/photo_18425302_white-tiger.html?

4
0
Silver badge
Meh

Anonymity

Did anyone really think that anonymity Tor could be guaranteed?

With the resources Governments have it is a given that they can see what you are upto on any day of the week.

As Tor is based and originated in America don't you think they would have allowed it if they couldn't crack it?

They just want you to have a false sense of security because it makes it easier for them to get you.

3
6
Silver badge

Re: Anonymity

>Did anyone really think that anonymity Tor could be guaranteed?

For most cases as good as guarenteed yes, for messing about with governments no. If you've been bad enough governments will throw as many resources as necessary to get you.The same can't be said for companies who have their websites defaced, and that's just an example I don't suggest tor should be used for that or any other illegal activity.

5
0
Silver badge

Re: Anonymity

>Did anyone really think that anonymity Tor could be guaranteed?

I suspect even for gov-level snooping (maybe less so for pan-gov like USA/UK/CAN/NZ sort of thing) and for its intended job of the occasional spy/oppressed activist message it is good enough. But not for users who route a lot of traffic through it, which is the key to this discovery.

And WTF routing bittorrent through it? Not only is that going to give your game away much more, it is a serious abuse of the network and going to be real slow. Really, such folk should be using a VPN for that sort of thing.

12
0
Silver badge
Big Brother

Re: Anonymity

I'm somewhat less concerned regarding anonymity than I am regarding TPTB seeing where I've been.

I don't use TOR to access porn or torrents:- if anything I use it with the primary aim of confounding those who insist on following my web movements when as far as I'm concerned they have absolutely no f***ing right to or need to.

Anything to throw a spaniard in the worms or even just piss 'em off is, in my book, an exercise worth following...

2
1
Silver badge
Coat

Re: "Anything to throw a spaniard in the worms"

Goodness me, what have Spanish people done to you to warrant such ire ?

2
1
Go

Re: Anonymity

What this research demonstrates (and it's fairly readable and not too long - go for it) is that an avdersary with ISP-level network resources can deanonymise users in a statistically predictable time period - some shorter and some longer but a lot shorter and more predictable than previous analyses have shown.

But, and it's quite a big but, it seems obvious from the paper that they are analyzing the bulk or Tor use (i.e. for which Tor is probably the only anonymity tool in use) rather than Tor plus anonymous proxies, encryption and the like. That work is yet to be done but it is likely that someone more technically competent than your average BitTorrent freetard attempting to avoid the RIAssA would take a lot longer to identify even with state-level resources.

That said Tor is clearly of interest right now to some big player or other as recently reported by Ars Technica. This will be interesting to follow in the coming months in light of the ongoing Snowden NSA/GCHQ revelations.

0
0
Boffin

Re: "Anything to throw a spaniard in the worms"

Google Spoonerism.

1
1
FAIL

Re: "Anything to throw a spaniard in the worms"

google malapropism

3
0
Silver badge

Re: "Anything to throw a spaniard in the worms"

Google "writing comments on a touchscreen"

(writing came off as spring and wording first couple of tries. ..)

0
0
Anonymous Coward

Re: "Anything to throw a spaniard in the worms"

I think you mean Spoogle Goonerism

2
0
Anonymous Coward

Re: "Anything to throw a spaniard in the worms"

"I'm sorry, I've met too many Spaniels."

0
0
Silver badge

Re: Anonymity

"Did anyone really think that anonymity Tor could be guaranteed?"

I think one of the main things it does is that even if it can ultimately be compromised, it shifts the scenario from a few quick commands on a keyboard to considerable effort and resource. The more people who use TOR or GPG, etc., the less that casual and speculative searching can take place.

It changes the scenario from 'scan all the people who visited X' or 'search all emails for references to Y', to 'we suspect this specific person - start the machinery up and get back to me'.

That's a big win for privacy.

My own view of TOR, though, is that however much I approve of securing privacy and building measure to resist abuse of power by the state, the moment I contribute by setting up a TOR node, I've no idea whether what I'm actually helping is the distribution of child porn and people pirating movies. So I don't.

1
0
Silver badge

Re: Anonymity

I've no idea whether what I'm actually helping is the distribution of child porn and people pirating movies. So I don't.

Don't ever run an ISP. You'll never be able to sleep at night.

0
0

Re: "Anything to throw a spaniard in the worms"

I just did.

"A malapropism (also called a Dogberryism) is the use of an incorrect word in place of a word with a similar sound, resulting in a nonsensical, often humorous utterance. An example is Yogi Berra's statement: "Texas has a lot of electrical votes,"[1] rather than "electoral votes"."

"A spoonerism is an error in speech or deliberate play on words in which corresponding consonants, vowels, or morphemes are switched (see metathesis) between two words in a phrase,[1] for example saying "The Lord is a shoving leopard." instead of "The Lord is a loving shepherd." While spoonerisms are commonly heard as slips of the tongue resulting from unintentionally getting one's words in a tangle, they can also be used intentionally as a play on words."

Both are essentially the same thing.

Now report the icon administrator's office for a lesson on incorrect use of the fail icon.

0
0
Anonymous Coward

Force all users to act as relays?

I mean there are only 4000 or so active tor relays at the moment, it stands to reason that many of these would be operated by parties that have interests other than keeping data anonymous.

Can't they just force all tor users to act as relays? Sure it wouldn't make the system immune to the same problem, but it'd greatly increase either the cost to those doing the spying, or the time it takes them to discover anything.

0
0
Silver badge
Boffin

Re: Force all users to act as relays?

The problem with that is you're assuming everyone running/using TOR is doing so under the same conditions you get in the "free" world. Actually, a lot of users will end up being

- Behind CG-NAT, which some cheapskate ISPs have implemented in some countries (all CableCos in Mexico!) which makes the relay unreachable

- Behind an oppressive regime that has probably made TOR illegal. Running in relay mode might land said user in jail. Or behind a firing squad.

3
0
Silver badge
Coat

Re: Or behind a firing squad.

Or worse, in front of a firing squad!

19
0
Anonymous Coward

Re: Force all users to act as relays?

Make it on by default and have an opt-out setting n the options.

I assume anyone intelligent enough to be using tor in the first place would be intelligent enough to untick the "send me to jail" option. It's gotta increase the number of relays somewhat even if some do opt-out.

1
0
Happy

Re: Force all users to act as relays?

"Or behind a firing squad."

It's quite safe behind a firing squad. It's in front of it where the danger lies.

0
0
FAIL

Re: Force all users to act as relays?

Squad! About, Turn!

0
0
Pirate

Re: Force all users to act as relays?

Note I have my Boys Brigade Drill badge which requires you to command a squad so I have issued that command in my time. A long time ago, but still. For the record you About Turn to the Right.

0
0
Anonymous Coward

CG-NAT, which some cheapskate ISPs have implemented

Like BT Retail

http://www.ispreview.co.uk/index.php/2013/05/uk-isp-bt-quietly-forces-cgnat-ipv4-internet-address-sharing-pilot.html

Previously I'd been assigned static, now dynamic, (shared).

0
0

so a guy who uses a lot of traffic in a pattern thats not too hard to figure out can be found out on a secret network....well done

Now find the people who go into it to browse, changing IDs often and only there just to read a few bytes, then my pickle can be classed as tickled, AND NOT A AY BEFORE! :)

1
0
Bronze badge

Was just a matter of time

I wonder how many millions or how many hundreds of thousands are burned now.

Probably what happened to help the statistical analyses thingies was coercing known and likely/suspected TOR users under some ruse or legit warrant to hand over their password. Then, after seizing their equipment, they probably impersonated said person for weeks on the user's own network and an agency shadow network while they had the subject in quarantine. Then, they compare paths, hops, latencies, fingerprints of the files, the embedded attachments and other content, then map the possible paths against replies and reply fingerprints.

Somewhere in all this probably are tens of thousands of AT&T, Cox, Comcast, Sprint, etc., others' hardware that secretly are NOT stripping off the headers in the routers (in 95, network classes taught that routers stripped out what wasn't for them, and did handshaking and such to enhance the quality of service and so on, but, hey, what if a backdoor since then came into existence to dump checksums of traffic, even embedded, hidden messages?), and forwarding checksums.

OK, I'm pulling all this out of my ass as fast as I can type, and I am not a SysAdmin of any merit. I just wing/ponder stuff as if fitting into a hopper for possible use in a movie script. Of course, before making such a suggestion in dialogue, real analysts might have to ponder it -- then worry about the risks of doing so under pre-delivered NSLs, hmmmmm...

0
2
Bronze badge

Never anonymous

Yet another study to show that anonymising data is very difficult...

http://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-in-databases-of-ruin/

0
0
Silver badge

>Sorry, BitTorrent fans, your traffic is extremely vulnerable over time

Good because if you are running bittorrent over Tor you are officially an ass nine muppet. Tor has many good uses but lame piracy using volunteer resources means your the kind of guy that shits all over a public restroom for teh lulz.

23
0
Anonymous Coward

BYOS

The only way to be even partially secure is to write your own encryption and run it your own Operrating System on a computer you built yourself where all the firmware on all the chips including the network was written by yourself to avoid backdoors.

Hell, you'd even have to write your own compiler from assembler upwards.

0
0
Silver badge
Coat

Re: BYOS

"Hell, you'd even have to write your own compiler from assembler upwards." -- Sounds like something from the matrix ... "The reader software works for the matrix so we have to view the raw code. I don't see the code any more, I just see Blonde, Redhead, Brunette ..."

1
0
Bronze badge
Trollface

Re: BYOS

And lets face it- anyone who would dedicate the time and effort to do that would have no time for subverting the state and, dare I say it, possibly even be a tiny bit boring so the only secure system in the world would be in the possession of someone nobody would ever want to listen in on.

3
0
Silver badge

Re: BYOS

so the only secure system in the world would be in the possession of someone nobody would ever want to listen in on.

Sounds like the perfect plan!

0
0

This post has been deleted by its author

Anonymous Coward

Re: BYOS

But the guys at the Help Desk told me my laptop is perfectly secure. All I have to do is shake it and the memory is cleared.

0
0
Silver badge

News?

So people who regularly use the same networks wiith the same patterns aren't as anonymous as they think? Well, what a surprise. Isn't this why the professionals in the physical spying trade randomise their routes when they travel, use dummies and cut-outs, never stick to a schedule or the same roads, etc?

Let's face it, most of the people who want to be anonymous on the internet are amateurs who just don't want to be caught downloading pirate moves or extreme porn. They don't understand how the network actually works, and have no clue what being anonymous really means, so they just rely on third parties with a "tick this box and you're hidden" approach. Is anyone surprised that it doesn't work very well?

3
0
Silver badge
Coat

If you have to go to the same place with any regularity, it will be most difficult to "randomize their routes".

Fiction is all it is meant to be, but in the real world I think that spies rely more on acting like normal people with daily routines. Someone who actually does randomize his travel routes every time is going to be easy to suspect of being a spy.

And having a (plastic) dummy drive the car is rather dangerous, not to mention terribly conspicuous.

0
0
Anonymous Coward

Re: News?

"Let's face it, most of the people who want to be anonymous on the internet are amateurs who just don't want to be caught downloading pirate moves or extreme porn."

Well, for some people Tor just makes it's easier to buy weed. I mean, so I've heard. Allegedly.

What were we talking about again?

1
1
Bronze badge

The Irony

TOR started off as a NRL project which they later open sourced. It's ironic that another NRL study has found it to be not wholly effective...

1
0
Anonymous Coward

Re: The Irony

Not really; testing things is one of the many ways people improve things.

I'm not entirely sure I want people with a 'ahh, it's probably fine' attitude working on something that deals with anonymity.

3
0
Silver badge
Happy

Re: The Irony

Ideally people with the 'its probably fine' attitude wouldn't be allowed to work on anything. There's always room for improvement and even something as simple as the guy making hamburgers can ruin your day with a dropped patty and that attitude.

0
0
Bronze badge

Re: The Irony

I'm sure whoever authorised that project got a solid telling-off from the NSA later for making their job harder.

0
0
Anonymous Coward

Re: The Irony

Really? Ability on the job is separable from caring.

I know plenty of people who are good at what they do, but ultimately don't really care. I also know people who care tremendously but are ultimately, quite useless.

1
0

If you're really paranoid

Use Torbrowser together with a real VPN and proxy. Then you can say "try to find me bitch!".

0
0
Anonymous Coward

Re: If you're really paranoid

...and only ever use all of them from your raspberry pi. Lob it out of the window when the time comes.

0
0
Bronze badge

Re: If you're really paranoid

Mark, is that you?

0
0

Clarity would be good.

Do you mean a 100% chance of identifying a user with 95% probability?

Or a 95% chance of identifying a user with 100% probability?

The latter stands up in court, for instance - nailed.

The former is a statistic and doesn't.

3
0
Bronze badge

Compromising tor...

If you have enough relays tor isn't really secure, you could even map hidden services by recording relay to relay traffic and thereby mapping hot spots which would be most likely services.

I suspect the entire network is actually law enforcement. The cost of 4000 relays would be peanuts for that kind of intelligence.

0
0
Facepalm

>>Kind of makes you wonder if this is really an initial discovery...

If you read the fine TOR manual, they have always warned that this type of attack is possible, right down to noting the (many) problems with routing bittorrent through TOR nodes.

I guess this is the first paper to put some actual numbers on things though.

0
0
Unhappy

OK I am now officially old

Someone please explain WTF is TOR?

0
0
Bronze badge

Re: OK I am now officially old

It's kind of like tcpip for paedos.

3
2

Page:

This topic is closed for new posts.