Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 11 12 [13] 14 15 ... 208
181
Silk Road discussion / Re: Wtf Main Site And Forum Running Terrible
« on: September 03, 2013, 09:25 pm »
Is it possible that bots are being used to overload the tor network in an attempt by either L.E. or some other group as a form of attack or frustration for those who use sites like The Silk Road?

Are you suggesting that LE infected over 2 million people's computers in order DOS the Tor network and prevent people from using SR? That's a class action lawsuit of epic proportions. No, these are probably some Russian/Eastern European hacker shitheads.

we have always heard that the more people on Tor the better it will run, but then now that it has happened we see that it doesn't run worth a shit!

The more people that run Tor, the bigger our anonymity set, but some of them also have to run relays. If 4000 relays can support 500K daily users, then we need 16,000 relays for 2 million users. The number of relays hasn't increased to keep up with the number of clients.

When are we going to get word on what has being happening the last 2 days?

Keep an eye on the tor-talk, tor-dev and tor-relays mailing lists at https://lists.torproject.org. They are trying to figure out what's going on and how to stop it.

Is this the affect of the Forbes thing we were expecting?

Almost certainly not. The increase started on August 19, and I don't know if the print article has even come out yet. The online article has received fewer than 400,000 views, not enough to account for an increase of 2 million clients.

Why does everyone thing SR is so big and special? It is really a tiny part of the Tor network and pretty much nothing that happens at a global network level is due to SR. When SR got DOSed in April, it didn't affect the rest of the Tor network at all.


182
Silk Road discussion / Re: Wtf Main Site And Forum Running Terrible
« on: September 03, 2013, 12:48 pm »
It's probably due to the massive increase in the number of clients connecting to the Tor network, which has gone from 500K per day to over 2 million per day.

https://metrics.torproject.org/direct-users.png?start=2013-01-01&events=off&end=2013-09-03&country=all

At the same time, the advertised bandwidth in the network has actually decreased.

https://metrics.torproject.org/bandwidth.png?start=2013-01-01&end=2013-09-03

Tor is mostly CPU-bound, meaning that the crypto operations used to build circuits and push encrypted traffic are the limiting factor on the network. High bandwidth relays max out their CPUs long before they max out their bandwidth. Even with 1 Gbit ports, they can only push about 200-300 Mbit of traffic per core.

Some relay operators have posted to the tor-relays mailing list:

https://lists.torproject.org/pipermail/tor-relays/2013-August/002594.html

Quote
    I'm currently seeing more than a doubling of connections (from a mean of
    c. 2000 established connections to just over 5000) on my relay at
    0xbaddad. The log is full of the (expected) messages:

    "Your computer is too slow to handle this many circuit creation requests!"

    I guess this is related to the massive jump in connected clients
    in the past few days and I assume that everyone else is seeing
    something similar.


So even though the new clients don't seem to be doing much (bandwidth isn't increasing), maintaining open circuits for 4 times as many clients is straining the relays. The whole network is slowed down with increased lag and a high percentage of failures when connecting to sites. Because circuits to hidden services use twice as many relays as circuits to clearnet sites, we should expect hidden service to be affected more by this.

As for what's causing so many clients to connect, nobody knows yet.


183
Silk Road discussion / Re: Down?
« on: September 03, 2013, 06:50 am »
It's the massive increase in the number of clients connecting to the Tor network. It has gone from 500K per day to over 2 million per day.

https://metrics.torproject.org/direct-users.png?start=2013-01-01&events=off&end=2013-09-03&country=all

At the same time, the advertised bandwidth in the network has actually decreased.

https://metrics.torproject.org/bandwidth.png?start=2013-01-01&end=2013-09-03

I've argued before that Tor is mostly CPU-bound, meaning that the crypto operations used to build circuits and push encrypted traffic are the limiting factor on the network. High bandwidth relays max out their CPUs long before they max out their bandwidth. Even with 1 Gbit ports, they can only push about 200-300 Mbit of traffic per core.

Some relay operators have posted to the tor-relays mailing list:

https://lists.torproject.org/pipermail/tor-relays/2013-August/002594.html

Quote
I'm currently seeing more than a doubling of connections (from a mean of
c. 2000 established connections to just over 5000) on my relay at
0xbaddad. The log is full of the (expected) messages:

"Your computer is too slow to handle this many circuit creation requests!"

I guess this is related to the massive jump in connected clients
in the past few days and I assume that everyone else is seeing
something similar.

So even though the new clients don't seem to be doing much (bandwidth isn't increasing), maintaining open circuits for 4 times as many clients is straining the relays. The whole network is slowed down with increased lag and a high percentage of failures when connecting to sites. Because circuits to hidden services use twice as many relays as circuits to clearnet sites, we should expect hidden service to be affected more by this.

As for what's causing it, I don't think anyone knows yet.



184
Silk Road discussion / Re: vendors forcing clients to leave 5/5
« on: September 03, 2013, 05:22 am »
I think that's what DPR is trying to do with the new ratings system. As it stands, it might as well be thumbs up or thumbs down.

May take a while to get people to change their behavior and recalibrate their intuitive sense of what a rating means. Switching to the average out of 5 was a good step in that direction. Whether vendors accept a legitimate ratings system, as opposed to the bullshit one we had, remains to be seen.

185
You don't need the VirtualBox Guest Additions unless you want a shared clipboard and folder between the host and guest OSes, and those create security risks (for example, a password copied into the host clipboard could be read by a malicious app on the guest OS).

You can follow this guide without installing guest additions. You can also just download the Whonix Gateway and Workstation, import the appliances into VirtualBox and start them, no long installation steps necessary and it's safer because Tor runs in a separate VM. Alternatively, you can replace the default Whonix Workstation with the Lubuntu VM that pine describes here, you just have to manually set the networking to:

gateway: 192.168.0.10
netmask: 255.255.255.0
ip address: 192.168.0.50
dns address: 192.168.0.10

More info on running any OS with Whonix can be found here: https://www.whonix.org/wiki/Other_Operating_Systems
That's basically it.


186
Security / Re: how do I run a vpn software program with TAILS open?
« on: September 03, 2013, 03:35 am »
You can't install OpenVPN on Tails directly. I mean you can, but Tails uses a weird networking configuration that might now allow it to work, and you'd have to reinstall it after each reboot. The best option is to install OpenVPN on a router that supports it (generally a router with DD-WRT and at least 32 MB of RAM), so your connection goes Tails -> router -> VPN -> tor network.


187
Security / Re: Interesting research
« on: September 03, 2013, 03:29 am »
You->TorClient->EvilMonitoredGuardNode->Middle->ExitTheyCantSee->ClearnetHops->(NSA Tap)->ClearnetHops->www.someclearsite.com = deanonymize the user?

That's why you're theoretically better off using entry guards and exit nodes in the US if you are in the US, and assuming they do more surveillance at the borders, although they are likely tapping IXPs inside the US too. Unfortunately, the internet is not a spider web with multiple links between destinations. Most traffic congregates at choke points like IXPs and backbone fiber, making it relatively easy to snoop on a lot of it, just as everyone traveling long distance is likely to drive on an interstate.

188
Security / Re: Interesting research
« on: September 02, 2013, 09:18 pm »
I just read the paper, which you can get here: http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

It builds on the work of several other papers that explored the issue of multiple relays in the same autonomous system, or in different autonomous systems that are run by the same organization. For those that don't know, the internet is comprised of thousands of subnetworks that are controlled by different organizations (corporations, universities, governments, etc). For example, your ISP runs an autonomous system. The web site you want to visit is at a hosting provider in a data center that runs an autonomous system (or perhaps several). Large organizations like Amazon with its cloud hosting service (AWS) run autonomous systems in many locations around the world.

OVH is a dedicated server provider that has data centers in multiple locations and many Tor relays run on OVH servers. So a few ISPs like OVH and Hetzner are potentially powerful adversaries. If your entry guard is an OVH server in France and your exit node is an OVH server in Montreal, then OVH can watch both ends of your connection and see who you are and what site you are visiting, thus rendering Tor useless.

The problem is made worse by internet exchange points, which are places where autonomous systems exchange traffic. Someone who controls an IXP can watch the traffic of two or more autonomous systems simultaneously as it traverses those networks. Western intelligence agencies like the NSA and GCHQ are almost certainly tapping many of these IXPs.

This is why we need to diversify the Tor network, and why I suggested running relays in South America and Asia in my relay guide. If you look at a map of Tor relays by geolocation, you'll see that way too many are in North America and Europe. Way too many of the high bandwidth relays are in a handful of autonomous systems, which is especially bad since circuit path building is weighted by relay bandwidth. 20% of Tor circuits will begin and end within an autonomous system that is controlled by the same organization, at any one time!


According to the simulations in the paper, 80% of Tor users can be deanonymized within 6 months through normal Tor use, and without the adversary doing anything special, just watching the networks they already have control over. Interestingly, some of the suggestions they make at the end of the paper to improve security are the same thing we've been saying here for months. Entry guards are the weakest point, so you can increase your security by reducing the number of entry guards (from 3 to 2 or 1) and increasing the entry guard rotation period.

The number of entry guards can be changed in torrc with:

NumEntryGuards NUM

You can manually specify which entry guards you want to use, for example, selecting entry guards that are in autonomous systems where no exit nodes exist. Do that with:

EntryNodes node,node,node

Where "node" can be a relay nickname, identity key fingerprint, or country code (ie, {us},{de}).

You can look up information about relays and ASes on the Tor Compass web site: https://compass.torproject.org

There is no torrc option to increase the entry guard rotation period. You have to modify the source code and compile a custom version of Tor, which I've explained elsewhere on the forum, but it's not a viable option for most people.

A better option may be to use bridges. Since you set them manually, they act like persistent entry guards. There is no rotation period. You keep them for as long as you want, as long as they are up and set in your torrc. Also, since they are theoretically private, the adversary may not know that they are Tor entry point, especially if they are using the obfsproxy protocol to defend against DPI.

Keep in mind that these stats are based on Tor users visiting clearnet sites. It is more difficult to deanonymize hidden service users because the adversary must control specific relays, such as the hidden service's entry guard or service directory, rather than just any exit node. However, it is still possible to attack hidden service users.


There are proposals to make Tor "AS-aware", meaning that it would come bundled with information about ASes and who controls them, and it would avoid building circuits through ASes that are controlled by the same organizations. None of these proposals have been implemented yet (right now Tor only avoids building circuits through relays that in the same /24 subnet, I believe). So it's up to us to defend ourselves against this threat. Probably the safest thing you could do is grab the list of exit nodes, figure out which AS numbers they are in, and who controls them, then find bridges that are in ASes not controlled by those organizations.

189
Security / Re: MAJOR SECURITY BREACH IN SR! HACKER WITHDRAWS ALL FUNDS!
« on: September 02, 2013, 12:40 am »
Your discussion privledges have been suspended for 1000 day(s) because of the following post:

Silk Road's #1 Alternative: http://[CENSORED: scam link].onion/


It's a spam for the Atlantis phishing site. You entered you SR login details on the Atlantis phishing site.

Once again, when people claim they are 100% sure they didn't do something, 95% of the time they are wrong.

190
Security / Re: Dissent: accountable anonymous group communication
« on: September 01, 2013, 10:53 pm »
any platform that doesnt allow for child pornography, terrorist organizations, drug dealing and general bullshittery is not any platform i want to be a part of.

SR doesn't allow child porn, so bye!



191
Security / Re: MAJOR SECURITY BREACH IN SR! HACKER WITHDRAWS ALL FUNDS!
« on: September 01, 2013, 10:50 pm »
Did you make any purchases before this happened and entered your PIN?

Have you scanned your computer for malware, like key loggers?

192
Silk Road discussion / Re: Down?
« on: September 01, 2013, 07:32 pm »
[Info] connection_dir_client_reached_eof(): Received rendezvous descriptor (size 3258, status 200 ("OK"))
[Info] rend_cache_store_v2_desc_as_client(): We already have this service descriptor [scrubbed].
[Info] connection_dir_client_reached_eof(): Successfully fetched v2 rendezvous descriptor.
[Notice] Closing stream for '[scrubbed].onion': hidden service is unavailable (try again later).

193
Security / Re: Dissent: accountable anonymous group communication
« on: September 01, 2013, 02:41 pm »
yeah but with true freedom there comes a price, we should all know that. the price of true freedom on a message board is spam. srf does alright, we get a bit of spam but its not so bad for the value that we gain.

Yeah, mainly because of the newbie forum and a lot of work by the mods. Think about how many man-hours are wasted on that bullshit, when it could be automated, as an optional feature built into the anonymity protocol.

Quote
at least i know i have some form of security. if there was something in the code somewhere that was identifying me to just one account then it would always be on my mind that it could be exploited to reveal my real identity or ip address. i think i'm ok with the spam thanks. its a bit annoying but its not that annoying.

They claim to offer, "accountable anonymity, giving users strong guarantees of anonymity while also protecting online groups or forums from anonymous abuse such as spam, Sybil attacks, and sockpuppetry

Again, not sure how they did it, haven't read the papers yet, but they address your concern.

194
Security / Re: Dissent: accountable anonymous group communication
« on: September 01, 2013, 12:19 pm »
Quote
Dissent can guarantee that each user of an online forum gets exactly one bandwidth share, one vote, or one pseudonym, which other users can block in the event of misbehavior.

so a platform called dissent is designed to squash dissent?

It "can" be used that way. Makes it sound like an optional feature, for people who want to prevent spam on their forum, for example. I guess each client is assigned a unique identifier, but I don't know how it works to preserve anonymity.

195
Looks like things are coming together. :)

Pages: 1 ... 11 12 [13] 14 15 ... 208