Silk Road forums

Discussion => Security => Topic started by: GottaDoIt on February 03, 2012, 01:38 pm

Title: Can't the TOR node see.. everything that everyone does?
Post by: GottaDoIt on February 03, 2012, 01:38 pm
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: supersecretsquirrel on February 03, 2012, 02:11 pm
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?

The Tor client encrypts all traffic to and within the Tor network, but not traffic leaving the Tor network. Silk Road is a hidden service that exists only within the Tor network, which means that all traffic to and from the site is encrypted by default.
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: fruity on February 03, 2012, 02:18 pm
each node in the network only knows the previous and next nodes (also a counter telling it how many more hops to make), typically a tor connection is bounced off 3 nodes. each node has a different encryption key, this prevents your information/position leaking in transit.

so to answer your question the last node does know every thing you are sending to the sr server, but it also happens that the last node is the sr server. :)
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: Horizons on February 03, 2012, 02:34 pm
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?

Well, yes. But the last tor node is the one that hosts SR. How can you log in if the site can't see your password?  :P
Most importantly, though, the last node can't see your IP. Oh, it knows that somebody logged in with username GottaDoIt at X time on Y day... but it has no idea who did it, or where they did it from.
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: GottaDoIt on February 03, 2012, 02:39 pm
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?

Well, yes. But the last tor node is the one that hosts SR. How can you log in if the site can't see your password?  :P
Most importantly, though, the last node can't see your IP. Oh, it knows that somebody logged in with username GottaDoIt at X time on Y day... but it has no idea who did it, or where they did it from.
Ahh ok. But if you visit a non-tor site like google or hotmail then the last tor node can see it because google and hotmail can't decrypt it? right?
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: Horizons on February 03, 2012, 02:50 pm
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?

Well, yes. But the last tor node is the one that hosts SR. How can you log in if the site can't see your password?  :P
Most importantly, though, the last node can't see your IP. Oh, it knows that somebody logged in with username GottaDoIt at X time on Y day... but it has no idea who did it, or where they did it from.
Ahh ok. But if you visit a non-tor site like google or hotmail then the last tor node can see it because google and hotmail can't decrypt it? right?

Right. But that's why you want to connect to these sites via https - that way, not even the middleman (the last tor node, but also any othe rproxy you happen to be using) can see the data. At least not without a little bit of dirty work.
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: supersecretsquirrel on February 05, 2012, 10:50 am
This might be a stupid question. But doesn't the last TOR node see everything you purchase, the address its sent to, the passwords used for SR, etc.? Or have I missed something?

Well, yes. But the last tor node is the one that hosts SR. How can you log in if the site can't see your password?  :P

Uh, no. The last relay in the circuit is not the one hosting the hidden service you're trying to visit.

Most importantly, though, the last node can't see your IP. Oh, it knows that somebody logged in with username GottaDoIt at X time on Y day... but it has no idea who did it, or where they did it from.

True for any exit relay, regardless of the site you're visiting. For non-.onion sites, please remember to use HTTPS or encrypt your communications in some other way.
Title: Re: Can't the TOR node see.. everything that everyone does?
Post by: ChaxChax on February 05, 2012, 05:43 pm
If you are absolutely paranoid, positively paranoid, and never in a hurry ( Page loads are very Looooong). Pay for a portable VPN service that has multiple geographic launch points. Be choosy, pick a VPN service that uses advanced encryption like L2TP. The one I use has 7:

Three North American
Two European
Two Asian.

Go to a starbucks/hotel/airport with open Wi-Fi

Connect to your VPN that gives you an IP block from let's say: Los Angeles, or Paris.
Ensure all your traffic is routed through your VPN
Start your TOR session. Ta-Da, any backtrace to your first hop will only be to your VPN.