Silk Road forums

Discussion => Newbie discussion => Topic started by: SirNomDePlum on July 19, 2013, 11:42 am

Title: Tor traffic monitored?
Post by: SirNomDePlum on July 19, 2013, 11:42 am
This site - http://hackertarget.com/tor-exit-node-visualization/  *Clearnet link*

- says, "At the most basic level unless you are using encrypted protocols (HTTPS / SSH / TLS), the Tor traffic could be monitored."

They also go on to say, "In this post I have touched on some of the security threats and benefits of the Tor network. I encourage anyone intending to use the Tor network, to do some solid research around Operational security. If you are using Tor to bypass a proxy you should understand the risks to your traffic. If you are an activist using Tor to avoid monitoring by oppressive regimes, you really need to have a solid understanding of the technology, without knowing the threats you are putting yourself and perhaps others at risk."

What does this mean exactly? What are the different ways that the Tor network could be monitored and how does one protect themselves?

Title: Re: Tor traffic monitored?
Post by: lighterup on July 23, 2013, 12:30 pm
i got threats from a seller saying he told the police
Title: Re: Tor traffic monitored?
Post by: mcguire39 on July 23, 2013, 01:20 pm
I didn't read the article, but from the URL I'm going to guess it discusses the risks of tor exit nodes. Malicious exit nodes can do things like store usernames and passwords from non encrypted (i.e. HTTP rather than HTTPS) traffic. I have read through statistical methods it can be possible to correlate entry node and exit node traffic, i.e. know with a certain percentage probability that a request coming out a tor exit node came from a certain tor entry node. But, if you are using hidden services (.onion) all the exit node stuff is moot, since you are not popping out an exit node in that case.
Title: Re: Tor traffic monitored?
Post by: SirNomDePlum on July 24, 2013, 09:25 am
... Malicious exit nodes can do things like store usernames and passwords from non encrypted (i.e. HTTP rather than HTTPS) traffic ... But, if you are using hidden services (.onion) all the exit node stuff is moot, since you are not popping out an exit node in that case.

Thanks for the info! Yes, when staying on the Tor network one doesn't pop out of an exit node. But is there a way to protect my cleartext if I were to pop out of an exit node onto the clearnet while using Tor?
 
Title: Re: Tor traffic monitored?
Post by: d0peymean on July 24, 2013, 09:57 am
Thanks for the info! Yes, when staying on the Tor network one doesn't pop out of an exit node. But is there a way to protect my cleartext if I were to pop out of an exit node onto the clearnet while using Tor?

Cleartext is inherently not protected from being sniffed at an exit node because it is CLEARtext. The only way to protect data going out of an exit node is to assure that it is encrypted, therefore NOT clear. Even then, it is likely possible for the operator of an exit node to sniff traffic and monitor the content of encrypted https:// (SSL/TLS) data by performing a man-in-the-middle attack. If the operator of the exit node is sophisticated enough (ie, an intelligence agency, nation-state, CIA, NSA, etc), then you can definitely assume they have the capability to intercept the content of https:// traffic without your knowledge.

Personally, I would avoid logging into personal accounts like Google, Twitter, and other such things over Tor, even if they are using https://.

If you really want to add another layer of security, you can actually connect to a VPN provider OVER Tor, so that all your traffic coming out of the Tor exit node is encrypted and passed directly to the VPN. This is incredibly slow, of course. The only benefit of doing Tor-->VPN is that the VPN provider would have absolutely no way of obtaining your identity, as all they would see is a Tor exit node connecting to their VPN server, whereas if you were connecting directly to a VPN provider, they would have your IP address. Most VPN providers with a focus on anonymity pride themselves on not keeping logs, but you have to trust that a) they aren't compromised by LE or an intelligence agency, b) they actually aren't keeping logs, and c) they wouldn't cooperate with LE and provide your IP the next time you connect if they were served with a warrant (or an NSL). If you connect to a VPN provider via Tor, they would not be able to identify you regardless.