Silk Road forums

Discussion => Security => Topic started by: Rastaman Vibration on July 29, 2013, 08:06 pm

Title: Masking TOR traffic with clearnet streams
Post by: Rastaman Vibration on July 29, 2013, 08:06 pm

Its a fact that your ISP can tell when you are using Tor. Tor traffic has unique and distinguishing characteristics.

I'm interested in whether or not these distinguinshing traffic characteristics can be masked by having simultaneous clearnet traffic, such as a video stream. I've read conflicting opinions on this. Does anyone know how effective it would be to use cleanet streams to mask your Tor use? Or can point me to some references that can answer this question? (For example, have a Netflix movie streaming on another computer while browsing with Tor.)

Thanks

Title: Re: Masking TOR traffic with clearnet streams
Post by: astor on July 29, 2013, 09:10 pm

Browsing clearnet at the same time won't hide your Tor use, because the ISP can easily read the packet headers and discover which streams are going to entry guards. You would need to use bridges (that the ISP doesn't know belong to the Tor network) to hide your Tor use. You can use obfsproxy bridges, which make the connections look like something other than Tor. The obfs3 protocol makes it look like random data.

On a related note, the Chaos Computer Club published an attack a few years ago where they could fingerprint encrypted Tor connections to specific web sites with something like 55% accuracy by watching the user's end of the connection, but it was trivially defeated by browsing with two tabs open. The Tor Project is against padding because they believe it will slow down the network even more, and that's a major complaint about Tor. They accept many usability over security trade offs, because a large, diverse userbase increases your anonymity.

Title: Re: Masking TOR traffic with clearnet streams
Post by: kmfkewm on July 30, 2013, 01:54 am

Browsing two sites at the same time with Tor should really fuck up fingerprinting attacks if they are both being loaded through the same circuit at the same time. Some people download a big file in the background over Tor while they are surfing with Tor to try to fuck up fingerprinting attacks. I think that this would be useful but I have heard others argue that an attacker can filter this and still fingerprint you. I don't know for certain in either case but I certainly lean toward thinking that it will add protection from fingerprinting attacks. Surfing the clearnet directly and Tor at the same time will not help you though.

Title: Re: Masking TOR traffic with clearnet streams
Post by: Rastaman Vibration on July 30, 2013, 04:11 am

Thanks astor & km. You guys really know your shit!

;D