Unmasking Tor users with DNS!!!!

The experiment was run from the five countries where Tor is most popular; the USA, UK, Germany, France and Russia, and found that traffic from the USA and UK was far harder to crack. (The Silver Lining In This)

https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dns/


Comments


[17 Points] young_k:

I mask my DNS queries by with DNSCrypt...ran by OpenDNS...

For those of you interested, DNSCrypt 0.0.6

Basically, it encrypts your DNS queries and as a fallback in case of server issues, will even use TCP (although it's slower) to issue DNS queries over port 443. I'm sure it's not entirely NSA-proof...but it's one of those tools that gives me a bit of piece of mind when I'm running windows.

If exit-nodes ran this, as well as everyone ON the Tor network, I wonder if it would make this sort of correlation obsolete.


[8 Points] uEbrjuZxTDEwVhqS:

Ok, but I'm not sure why this is a big problem for DNM's? The most important sentence in the article is the last one:

Site operators worried about their users’ anonymity can bypass the DNS system entirely, and stay within the Tor network, by running their site as a hidden service.

Aren't all DNM sites run as a hidden service, and thus never hit the exit nodes? I might be misinformed, but I thought exit nodes only even mattered if you are browsing to non-.onion sites.

In any event, a VPN should protect you well enough from this, so long as it doesn't allow DNS leaks. There are multiple tools and websites that can determine if your DNS queries are leaking while on a VPN. They are easily searchable and available. Outside of that, correlation attacks such as the one in the article should at most yield a VPN IP, and not a local address.

I think this falls under the category of blockchain analysis. Something that could be used to de-anonymize or track you, but of little concern to the average DNM user.


[2 Points] MrJuanPablo:

shit....


[1 Points] throwoutofwindowplz:

Good read here


[1 Points] t0ruser:

Good reading.

I always using public WI-FI.

Also I think that using TOR is not illegal.

Worse is running TOR exit node via unsecured DNS server.

^


[1 Points] Morvu:

im kinda confused about the topic of your post..doesnt the article say this "attack" wont help LE (talking about dnm's)? could someone help me?