Silk Road forums
Discussion => Security => Topic started by: digitas on August 31, 2011, 06:40 am
-
Should we be concerned about Tor bridges being controlled by LE?
Tor bridges increase the privacy of the entire process but what if the bridge is administered by LE, in the same way a Tor exit node honeypot would be?
-
The point of using a bridge in our case is membership concealment. If LE owns the bridge you are using then they obviously know you are a tor user so you have gained no concealment at all by using the bridge. If membership concealment is important for one's security then this risk might very well be worth taking.
Note that using bridges may actually hurt your anonymity a bit, potentially making it easier for passive attackers to identify you. So if membership concealment is not important for you then using a bridge is not a good idea.
-
Tor hides where you're coming from, not who you are. LE can in fact control an exit node (no local or state police do, trust me, i know). SO if you're sending unencrypted traffic containing sensitive info, they a malicious exit node can intercept that.
In case of SL, the site is hosted INSIDE the network, so it becomes harder for LE to trace who is connecting (again, i don't know about federal agencies, but no state/local guys do it) to/from SL.
-
LE can in fact control an exit node (no local or state police do, trust me, i know).
I don't really see how anyone could know that for sure? Is there a list of exit nodes somewhere?
-
Yes. The Tor Project maintains one, described here [ https://blog.torproject.org/blog/torbel-tor-bulk-exit-list-tools ]. Another can be found at [ https://torstatus.blutmagie.de/index.php ] by scrolling to the bottom of the page, selecting Exit: Yes, and clicking Apply Options. I'm sure there may be others as well.
-
Yes. The Tor Project maintains one, described here [ https://blog.torproject.org/blog/torbel-tor-bulk-exit-list-tools ]. Another can be found at [ https://torstatus.blutmagie.de/index.php ] by scrolling to the bottom of the page, selecting Exit: Yes, and clicking Apply Options. I'm sure there may be others as well.
So from that list we can know with some certainty whether or not state and local LE operate exit nodes?
-
No. It seems unlikely that they have sufficient resources/manpower/interest to do so, but there is no way to determine this with certainty.
-
If you're only using Tor for SR and other hidden services, you don't have to worry about LE controlling exit nodes.
-
If you're only using Tor for SR and other hidden services, you don't have to worry about LE controlling exit nodes.
Yeah, I've just recently learned that you don't need to worry about exit nodes when accessing a .onion site, which seems like a no-brainer. Before knowing that, I kept thinking "shouldn't these guys be using some kind of SSL?!" ::)