Silk Road forums
Discussion => Security => Topic started by: verdant_world on June 07, 2013, 10:23 pm
-
8) :'( 8)
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
-
why? ok so im onioning away then decide to log into my myspace (haha) is the problem that if someone were monitroring a clearnet site that was known to be mine that then they would be able to connect that traffic to my Tor activity during that one particular log on?
also is JAVA a way my anonymity can be compromised or is is a conduit for malware?
ii realize these may be stretches im just trying to undestand the theory of the big picture
thanks
vw
They are talking about using two separate browsers. One through TOR and one not through TOR. If you login to myspace on the one not going through TOR then you are fine.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
I think you read something incorrectly. Why would you want java or javascript on? :o
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
I think you read something incorrectly. Why would you want java or javascript on? :o
Well noscript is off by default on the TBB, this forum uses javascript too. You can't watch flash videos or run java applets but javascript is on on tor... Apparently, without any plugins like flash, javascript can't deanonymize you. Do you have noscript on?
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
I think you read something incorrectly. Why would you want java or javascript on? :o
Well noscript is off by default on the TBB, this forum uses javascript too. You can't watch flash videos or run java applets but javascript is on on tor... Apparently, without any plugins like flash, javascript can't deanonymize you. Do you have noscript on?
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
Flash bypasses proxy settings. I definitely have NoScript on.
The risk is far greater. Let me break it down. They are saying that most TBB users are dumbasses and don't enable NoScript on because that is the default configuration and people just need their damn javascript and they would give up on TOR if they couldn't have javascript so if you leave NoScript disabled then you blend in with the majority AKA those dumbasses.
I prefer to be more secure than the dumbasses.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
I think you read something incorrectly. Why would you want java or javascript on? :o
Well noscript is off by default on the TBB, this forum uses javascript too. You can't watch flash videos or run java applets but javascript is on on tor... Apparently, without any plugins like flash, javascript can't deanonymize you. Do you have noscript on?
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
Flash bypasses proxy settings. I definitely have NoScript on.
The risk is far greater. Let me break it down. They are saying that most TBB users are dumbasses and don't enable NoScript on because that is the default configuration and people just need their damn javascript and they would give up on TOR if they couldn't have javascript so if you leave NoScript disabled then you blend in with the majority AKA those dumbasses.
I prefer to be more secure than the dumbasses.
That's a fair point but they also seemed to say that disabling javascript didn't actually make you more secure because even if it protects you from some zero-day attacks, it makes you less anonymous, and most information leaked by javascript can be leaked by HTML and CSS as well, according to them. The way javascript deanonymizes someone is if flash, or other plugins, is enabled from what I've read..
So do you think forbidding all scripts is really more secure? I did that before but after reading more about it from the tor project it didn't seem more secure, because if you don't blend in with the dumbasses then you're not so anonymous anymore and that makes you easier to identify.
I'm not exactly sure about that but I trust the developers which is why I decided to leave NoScript off. If you, or someone else, proves it's really safer on then I'll put it on.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
I think you read something incorrectly. Why would you want java or javascript on? :o
Well noscript is off by default on the TBB, this forum uses javascript too. You can't watch flash videos or run java applets but javascript is on on tor... Apparently, without any plugins like flash, javascript can't deanonymize you. Do you have noscript on?
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
Flash bypasses proxy settings. I definitely have NoScript on.
The risk is far greater. Let me break it down. They are saying that most TBB users are dumbasses and don't enable NoScript on because that is the default configuration and people just need their damn javascript and they would give up on TOR if they couldn't have javascript so if you leave NoScript disabled then you blend in with the majority AKA those dumbasses.
I prefer to be more secure than the dumbasses.
That's a fair point but they also seemed to say that disabling javascript didn't actually make you more secure because even if it protects you from some zero-day attacks, it makes you less anonymous, and most information leaked by javascript can be leaked by HTML and CSS as well, according to them. The way javascript deanonymizes someone is if flash, or other plugins, is enabled from what I've read..
So do you think forbidding all scripts is really more secure? I did that before but after reading more about it from the tor project it didn't seem more secure, because if you don't blend in with the dumbasses then you're not so anonymous anymore and that makes you easier to identify.
I'm not exactly sure about that but I trust the developers which is why I decided to leave NoScript off. If you, or someone else, proves it's really safer on then I'll put it on.
I do believe it to be more secure. You are open to more exploits as the things that people do and learn to do with javascript evolves. Same with java. That is why we get updates. It only makes you less anonymous by making you stand out from the people that have it disabled. You still blend in with all of the security conscious individuals that have it enabled.
-
Well I guess you're right, I'll see if I can find more sources about that.
-
why? ok so im onioning away then decide to log into my myspace (haha) is the problem that if someone were monitroring a clearnet site that was known to be mine that then they would be able to connect that traffic to my Tor activity during that one particular log on?
also is JAVA a way my anonymity can be compromised or is is a conduit for malware?
ii realize these may be stretches im just trying to undestand the theory of the big picture
thanks
vw
They are talking about using two separate browsers. One through TOR and one not through TOR. If you login to myspace on the one not going through TOR then you are fine.
So I've been wondering for a while and despite looking, haven't seen a solid answer anywhere one way or the other. So if I have TBB open with whatever I'm doing in there and Chrome open with a few of my usual tabs (blogs and stuff) is that bad? Because I've heard this "DON'T CLEARNET WHILE USING TOR" mantra since I found out about Tor, and have yet to see a good explanation why it is bad.
-
why? ok so im onioning away then decide to log into my myspace (haha) is the problem that if someone were monitroring a clearnet site that was known to be mine that then they would be able to connect that traffic to my Tor activity during that one particular log on?
also is JAVA a way my anonymity can be compromised or is is a conduit for malware?
ii realize these may be stretches im just trying to undestand the theory of the big picture
thanks
vw
They are talking about using two separate browsers. One through TOR and one not through TOR. If you login to myspace on the one not going through TOR then you are fine.
So I've been wondering for a while and despite looking, haven't seen a solid answer anywhere one way or the other. So if I have TBB open with whatever I'm doing in there and Chrome open with a few of my usual tabs (blogs and stuff) is that bad? Because I've heard this "DON'T CLEARNET WHILE USING TOR" mantra since I found out about Tor, and have yet to see a good explanation why it is bad.
The main reason if confusing the two browsers, you can accidentally copy and paste links in the wrong browser. It's happened to me once so I should've followed that advice. Some people say that your DNS can leak if you're using clearnet and TOR at the same time but it's not supposed to happen if you do.
-
Thank you. My setup varies pretty drastically (visually) from browser to browser so it'd really have to be something for me to mess them up. And it'll be nice to not shut down my other browser every time I need to Tor.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
Tor Project argues that javascript should be left on due to the fact that most people leave javascript on. If you turn javascript off, your browser fingerprint is now much more identifiable, as you only blend in with the people who have turned javascript off. I argue that turning javascript off makes you more anonymous, because browser attacks that require javascript will no longer work against you. It comes down to a trade off between browser fingerprint crowd size and browser hardening against hackers.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
Tor Project argues that javascript should be left on due to the fact that most people leave javascript on. If you turn javascript off, your browser fingerprint is now much more identifiable, as you only blend in with the people who have turned javascript off. I argue that turning javascript off makes you more anonymous, because browser attacks that require javascript will no longer work against you. It comes down to a trade off between browser fingerprint crowd size and browser hardening against hackers.
+1 That is exactly what I said except I said it in layman's terms.
-
Javascript off = browser fingerprinting attacks can link your sessions together with more accuracy, the crowd of browsers that share the fingerprint of your browser is much smaller. This can theoretically lead to linkability attacks, but in practice enough people have javascript disabled that your web surfing is not going to stick out like a sore thumb. This sort of attack cannot be directly used to actually trace you and determine your real IP address, it is only for determining the probability that the person who visited site A also visited site B.
Javascript On = Browser fingerprinting attacks have their accuracy substantially reduced, as now your browser blends into the much larger crowd of browsers that leave javascript enabled.
___
Javascript On = You increase the attack surface area of your browser, hackers can use malicious javascript embedded in websites to try to take over your browser and even root your system. Not all attacks require javascript to be enabled, but a substantial portion of them do. Disabling javascript makes it harder for a remote attacker to hack into your system through weaknesses in your browser. If an attacker does successfully pwn your browser, it will be a totally deanonymizing attack unless you used one of various isolation techniques (whonix, host only routing with a VM, mandatory access controls, etc).
Javascript Off = You can still be hacked through your browser, but you significantly reduce the risk of this happening.
-
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
Disabling javascript actually makes you less anonymous according to the tor project, most exploits are taken care off by leaving it by default. My impression was that it was more secure to leave noscript off.
Tor Project argues that javascript should be left on due to the fact that most people leave javascript on. If you turn javascript off, your browser fingerprint is now much more identifiable, as you only blend in with the people who have turned javascript off. I argue that turning javascript off makes you more anonymous, because browser attacks that require javascript will no longer work against you. It comes down to a trade off between browser fingerprint crowd size and browser hardening against hackers.
+1 That is exactly what I said except I said it in layman's terms.
I know I just wanted to lend support to your opinion.
Tor Project is *obsessed* with linkability, they focus disproportionately on preventing linkability attacks. Traceability has always been a secondary issue for them. Browser fingerprinting is a trivial sort of linking attack and disabling javascript makes it substantially more effective (although the practical implications of this are debatable). Hacking somebodies browser with malicious javascript is an advanced sort of attack that can lead to tracing in addition to linking (in addition to communications security compromise, stored data compromise, and essentially total compromise of the entire system).
-
I should also add that by Tor projects definition of 'anonymous' (which is the technically correct definition, mind you), none of us are anonymous anyway, we are all pseudonymous. Turning off javascript reduces your anonymity in the sense that you can now be identified by the 'pseudonym' that is your browser fingerprint, which is going to be a less used 'pseudonym' than the browser fingerprint in which javascript is enabled. However, this is mostly only important if you use Tor to access all kinds of sites. When I am posting on SR, the fact that I am named 'kmfkewm' already removes all of my anonymity, 'kmfkewm' is a more important pseudonym than the pseudonym I have due to my browser fingerprint. However, if I surf SR as well as other sites with this browser, then the 'pseudonym' of my browser fingerprint becomes more important, and server logs could indicate that somebody who shares my not-kmfkewm 'browser pseudonym' has surfed several different websites.
But even though I am not anonymous when I surf SR, I still don't want to be traceable. Not having javascript enabled makes me less traceable, having javascript enabled makes me potentially more anonymous (although not if I am posting as kmfkewm, and not if I am hacked!) but it also makes me more traceable.
-
So I've been wondering for a while and despite looking, haven't seen a solid answer anywhere one way or the other. So if I have TBB open with whatever I'm doing in there and Chrome open with a few of my usual tabs (blogs and stuff) is that bad? Because I've heard this "DON'T CLEARNET WHILE USING TOR" mantra since I found out about Tor, and have yet to see a good explanation why it is bad.
It safe to browse Clearnet & Tor at the same time, as long as you are not visiting the same site at the same site on the same computer. The main danger with doing this, however, is user error. As in, if you forget which is which and accidentally log into your Mt Gox account with Tor.
-
Thanks to the OP and those who replied. I have also had this question. I get the gist of the thread, though a lot of the technical stuff is over my head.
Could someone who understands this stuff please confirm in layman's terms whether my understanding is correct?
I am using TAILS iceweasel browser. If I browse to a clearnet url (eg., to read a news item someone posted in the forum here) with a new tab in this tor browser, I'm okay, right? I should just avoid sites that require login?
-
Tor was originally designed for surfing the clearnet anonymously. That has always been its focus. Hidden services were added later as a proof of concept, they are not and they have never been the primary focus of Tor. Some anonymity networks were designed with hidden services in mind, for example I2P is like the inverse of Tor in that it was originally designed for hidden services and the ability to exit was layered on to it later (I think it has like two user added exits). Freenet is another network with more of a focus on hidden services, it doesn't even have the ability to exit to clearnet. So it is kind of ridiculous to see people posting clearnet warnings, considering the fact that Tor has always been the anonymity network designed with clearnet in mind at every single step of its development.
You can open multiple tabs in your browser at the same time, clearnet and hidden services can both be accessed at the same time. You don't even need to avoid sites that require login, you only need to avoid sites that can link you to your real identity via your login. For example, if I go and register on a clearnet site with Tor it is fine for me to access it with Tor. Of course I am no longer anonymous because I have logged in, but I am still untraceable. The thing is that there are all kinds of different aspects to an anonymity network.
Anonymity:
Means that you are without a name. In a technical sense it means that you blend into a crowd of other people who all have exactly the same identifying characteristics. This crowd of people is called your anonymity set size. When you are on the internet you are never truly nameless, your browser has a lot of identifying information associated with it, the fact that you use Tor in itself means that you are somebody using Tor, etc. The best you can hope for is to use a browser that is the same as a lot of other people are using, using a network that a lot of other people are using, etc. This gives you a large anonymity set size, even though you are pseudonymous by the data points you reveal about yourself via browser etc, you are using the same pseudonym as so many other people that you are anonymous in the traffic analysis sense of the term.
Pseudonymous:
Means with a fake name. Technically you are always pseudonymous on the internet, but if you use the same pseudonym as a lot of other people then you have an anonymity set size. If you have a large anonymity set size you are referred to as being anonymous, even though you are still pseudonymous in the purest sense of the word. The way that I prefer to use pseudonymous is when your anonymity set size consists of 1. For example, when I browse SR without logging in, I blend in with everybody else using the same browser configuration as I am (of course there are other ways that anonymity can be broken, but in general). This means that my anonymity set size is roughly equal to the number of people who can not be technically distinguished from me. When I login to SR I am given the name kmfkewm, and now my anonymity set size falls to 1 so I am essentially pseudonymous.
Now Tor is a network that focuses on allowing people to maintain their anonymity. Using a pseudonym is the surest way to not actually get the anonymity that Tor offers you. But thankfully Tor also offers a variety of other things.
unlinkability: Is the property of an adversary not being able to associate two items of interest with each other. For example, if I publish a book with one pseudonym and another book with another pseudonym, ignoring writeprint analysis, I can assume that the two books are unlinkable. Tor offers some level of unlinkability because circuits rotate approximately once every ten minutes. Ideally, traffic sent down one circuit cannot be linked to traffic sent down another circuit. Of course when you are pseudonymous (set size = 1) all of your traffic can be linked together, because your pseudonym is a datapoint that links the traffic. My posts here as kmfkewm can all be linked to the same person, if the forum allowed for anonymous posting with the username 'anonymous', then posts I make anonymously would not be linkable to the same poster (between circuit rotation anyway, although in all cases for someone who doesn't own the server).
untraceability: Is the property of an adversary not being able to identify the location of someone who they see traffic from. In a sense untraceability is unlinkability between a publisher and the item they publish (however, generally unlinkability is used to describe the relationship between two published items, and untraceability is used to describe the relationship between the publisher and the published item). For example, if I publish a book under my real name, but I mail it to my publisher with a fake return address and I never let on to where I live, I am not traceable. In the context of anonymity networks, somebody who is always traceable can always have their sessions linked together, but somebody who can always have their sessions linked together is not always traceable.
We are primarily worried about maintaining our untraceability. Tor is more focused on maintaining unlinkability, although in recent years they have started to be more balanced. In the past they rotated circuits every thirty seconds, which is great for unlinkability but significantly speeds up the rate at which a trace can be carried out. Anonymity and unlinkability go hand in hand, if you are anonymous then your sessions are inherently unlinkable, if you are not anonymous then inherently all of your sessions are linkable. Tor is an anonymity network and so of course their primary focus is unlinkability. For people who are not worried about anonymity as much as they are untraceability, it might not matter too much if your browser fingerprint is part of a smaller anonymity set size. This is especially the case if by making your browser fingerprint part of a smaller set size, you are also hardening yourself from hackers.
The risk of logging into clearnet sites with Tor is that if you login to a site like facebook, then obviously it can identify you because it knows who you are. During the time that you are connected to facebook, all of the connections going through the circuit that you use to connect to facebook will therefor be linkable to your real identity. If you use the same circuit to visit facebook that you use to visit an illegal website, then your real identity is linkable to the illegal website by the exit node.
Another risk of clearnet websites is that the exit node can spy on any non-encrypted traffic that you send. Tor to the clearnet is strictly for anonymity, it is not for privacy. Technically speaking privacy generally means that what you say cannot be read by unwelcome third parties, and anonymity again means that you blend into a set size.
-
Tor Project is *obsessed* with linkability, they focus disproportionately on preventing linkability attacks. Traceability has always been a secondary issue for them. Browser fingerprinting is a trivial sort of linking attack and disabling javascript makes it substantially more effective (although the practical implications of this are debatable). Hacking somebodies browser with malicious javascript is an advanced sort of attack that can lead to tracing in addition to linking
Tor Project ships TorBrowser with JavaScript enabled not because they don't care about traceability or people getting hacked, but because disabling JavaScript would break a lot of clearnet sites, and most Tor users wouldn't know that they can whitelist domains or turn off NoScript. They would think that TorBrowser is broken and stop using it. The Tor devs surmise that using Tor with JavaScript is better than not using Tor at all.
That being said, the Tor devs put NoScript in TorBrowser and it's easy to turn on if you're worried about JavaScript attacks.
-
Tor Project is *obsessed* with linkability, they focus disproportionately on preventing linkability attacks. Traceability has always been a secondary issue for them. Browser fingerprinting is a trivial sort of linking attack and disabling javascript makes it substantially more effective (although the practical implications of this are debatable). Hacking somebodies browser with malicious javascript is an advanced sort of attack that can lead to tracing in addition to linking
Tor Project ships TorBrowser with JavaScript enabled not because they don't care about traceability or people getting hacked, but because disabling JavaScript would break a lot of clearnet sites, and most Tor users wouldn't know that they can whitelist domains or turn off NoScript. They would think that TorBrowser is broken and stop using it. The Tor devs surmise that using Tor with JavaScript is better than not using Tor at all.
That being said, the Tor devs put NoScript in TorBrowser and it's easy to turn on if you're worried about JavaScript attacks.
What you said is true, but the Tor devs also tell people that they should leave javascript on because if they turn it off they will stick out from everybody who used the default settings. If you are mostly concerned with browser fingerprinting leading to linkability then this is good advice, if you are mostly concerned about somebody hacking you then it is bad advice. They assume that everybody is concerned primarily with linkability.
-
Yeah, I don't buy their argument about that. One of them said that disabling JavaScript is ok for now, since there are a lot of tech savvy users who disable JavaScript, but as Tor becomes more popular, you will become more unique. That's not true. You will be a smaller percentage of Tor users, but the set should be the same size unless tech savvy users abandon Tor, and actually there are plenty of tech savvy users who don't use Tor yet, so as it gets more popular, the set of Tor uses with JavaScript disabled should increase.
Whether or not to disable JavaScript depends on your circumstances. 99% of exploits are written for Windows and I don't use Windows, and the cross-platform ones are Flash and Java based, which already disabled, so it's not a threat that I'm concerned about. I gain a lot by being part of the JavaScript-enabled anonymity set at very little cost/risk.
On Windows I would probably disable it.
-
I think in either case little is gained or lost. Enough people disable javascript that the set size is still going to be significant, and if somebody is skilled enough to hack you with javascript they can probably hack you without it as well. I choose to disable javascript primarily because I am more concerned with having a slightly more hardened browser than I am with blending into a larger crowd. I don't really care if they can determine that there is a 1:50,000 chance that kmfkewm visited some other site, versus a 1:500,000 chance. I would rather make life a little bit more difficult for the person who tries to root me.
-
What Jack said.
It is good technique to visit clearnet sites with TOR. Don't login to personal accounts though and leave java off.
For instance, Mt. Gox. If you visit Mt. Gox from Tor, and log in to Mt Gox, they will freeze your account, and won't thaw it until you have verified your identity with them. Which you don't wanna do. :)