this post was submitted on 20 Sep 2024
193 points (97.1% liked)

Privacy

32424 readers
483 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] ShortN0te@lemmy.ml 60 points 3 months ago (2 children)

This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.

[–] orcrist@lemm.ee 32 points 3 months ago (1 children)

The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn't mean you can't defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.

Based on what was in the article and what's in the history books, I'm not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn't contradicted by what's in the article?

[–] ShortN0te@lemmy.ml 5 points 3 months ago

Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.

Nope, just a summary that this is just old news. There is nothing new in the article.

[–] EherNicht 13 points 3 months ago (11 children)
[–] possiblylinux127@lemmy.zip 4 points 3 months ago* (last edited 3 months ago) (1 children)

I2p has issues that can more easily lead to deanonymization attacks. It says it on the FAQ

[–] MigratingtoLemmy@lemmy.world 7 points 3 months ago (1 children)

Confirmed the troll.

From the FAQ:

Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.

It may be dangerous to use I2P in what the project calls "Strict Countries"

Most I2P peers are not in those strict countries and the ones that are, are placed in "Hidden Mode" where they interact with the rest of the network in more limited ways, so that they are less visible to network observers.

Unlike Tor, "exit nodes" - or "outproxies" as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these.

There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.

If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort.

I2P has defenses available against this like multihoming or Tahoe-LAFS

I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination.

In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients").

In theory, if you're accessing the clearnet, then it is no better or worse than TOR. It is a little better if you're stay in I2P land.

Don't listen to me or him. If you're reading this, go to the FAQ (https://geti2p.net/en/faq) and make your own decisions.

[–] possiblylinux127@lemmy.zip 3 points 3 months ago (2 children)

I2p lacks the ability to mask your traffic. It is obvious that you use i2p and someone could identity you from analyzing the network for long enough

[–] MigratingtoLemmy@lemmy.world 6 points 3 months ago* (last edited 3 months ago)

TOR is obvious too to someone snooping on your network, unless you're using bridges (and that's hit or miss). If you don't want someone to know you're using I2P, use OpenVPN and mask your traffic as HTTPS.

You're going to have to explain better about "I2P not masking your traffic" and especially about "someone identifying you" - timing attacks are possible in both cases and the I2P Devs have mitigations against it. Please provide sources which define how I2P is weaker and more susceptible to TOR against network forensics

load more comments (1 replies)
load more comments (10 replies)
[–] ExtremeDullard@lemmy.sdf.org 46 points 3 months ago (19 children)

The TOR network itself is safe - at least assuming the TLAs don't control at least half of the nodes, which is far from impossible. But let's assume...

The weak point comes from the browser: that's how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that's the problem: it disables so many unsafe functionalities that it's essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that's how they get caught.

[–] delirious_owl@discuss.online 12 points 3 months ago (1 children)

My understanding is that Tor Browser works fine, there's just some dumb website owners that block Tor traffic by IP address.

[–] CCRhode@lemmy.ml 17 points 3 months ago (1 children)

And ... guess what ... www.bleepingcomputer.com, the source of the story, is one of those.

[–] delirious_owl@discuss.online 12 points 3 months ago* (last edited 3 months ago) (1 children)

Maybe email them and let them know about the misconfiguration

Let them know that tor users can't read their article about Tor

load more comments (1 replies)
[–] Trainguyrom@reddthat.com 11 points 3 months ago

I mean, the advice I've heard for one who's threat model is "the feds are actively trying to identify me" is to have a dedicated burner computer that you do all of your illegal activities on and no other activities. Then of course on top of that avoid saving secrets onto the device and type them in manually every time (ephemeral distros like Tails are good for that)

load more comments (17 replies)
[–] h4lf8yte@lemmy.ml 28 points 3 months ago (1 children)

As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.

[–] hate2bme@lemmy.world 5 points 3 months ago (4 children)

How do you get an anonymous VPN? I see mullvad has a pay in cash option. Is that how?

[–] Katzastrophe 3 points 3 months ago* (last edited 3 months ago)

You literally put the money + a piece of paper with your account number into an envelope and mail it to them

[–] h4lf8yte@lemmy.ml 3 points 3 months ago

Yes exactly and some providers also accept crypto.

load more comments (2 replies)
[–] sumguyonline@lemmy.world 25 points 3 months ago (2 children)

First, randomize your mac, shutdown anything that can "dial home" (updates, sync, logged in apps, etc) then connect to internet then anonymous VPN, then connect to the tor network, use an anonymized browser with NO java enabled, never download anything -copy paste text, and screen cap images-, if your network drops the popo's are trying to do a "reconnect" attack to see if they can get an unprotected connection to the material you were looking at. Use a livedisk on USB and you likely won't get bios level attacks, as live disks make it harder to access your bios. Source: a boring ass individual that just wants the gov off their jock strap, suck it Joe my FBI agent, you know what you did.

[–] PM_Your_Nudes_Please@lemmy.world 10 points 3 months ago

This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.

It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.

[–] MigratingtoLemmy@lemmy.world 22 points 3 months ago (18 children)

If I understand correctly, stream isolation will route different connections through different circuits. If you're doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess

[–] chappedafloat@lemmy.wtf 7 points 3 months ago (1 children)

whonix docs is very good to learn about this stuff

[–] delirious_owl@discuss.online 3 points 3 months ago

Heh, whonix docs for privacy have become the arch wiki for Linux

load more comments (17 replies)
[–] some_guy@lemmy.sdf.org 19 points 3 months ago

I have considered Tor safe for illicit activities for at least half a decade. Luckily, there's no need for me to be on there. But this is bad news for people living in places where speech is heavily regulated plus journalists and would-be whistle-blowers.

[–] autonomoususer@lemmy.world 10 points 3 months ago (1 children)

What else you going to use?

[–] Prunebutt@slrpnk.net 25 points 3 months ago (14 children)

I wish more people would try out I2P as a result. AFAIK, garlic routing makes this kind of attack impossible.

[–] ShortN0te@lemmy.ml 11 points 3 months ago (1 children)

AFAIK it only makes it harder not impossible.

load more comments (1 replies)
load more comments (12 replies)
[–] possiblylinux127@lemmy.zip 8 points 3 months ago

What are you going to use instead?

Tor is the best tool you just need to know how to use it

[–] endofline@lemmy.ca 7 points 3 months ago

I think the only still secure network is i2p. In there you don't have the exit node

load more comments
view more: next ›