Silk Road forums

Discussion => Security => Topic started by: CaptainJohnny on September 10, 2011, 02:06 am

Title: The Danger of speeding up TOR.
Post by: CaptainJohnny on September 10, 2011, 02:06 am
I am giving away for free the information that another user was charging for. BUT, I'm not censoring the negative side of it. I explain the whole mess in my listing:

http://ianxz6zefk72ulzz.onion/index.php/silkroad/item/8203

I've been developing on TOR since it's inception. I guess most people don't understand how TOR works and are just happy to get their drugs without thinking about it... This is a serious issue.

The user who was selling "how to speed up tor" for $2 used to sell 'shrooms as well. I was informed that the seller went inactive after being notified of how damaging to security and anonymity his offering was. It is the sort of thing LE would encourage people to do in order to make Traffic Analysis Attacks dramatically easier to perform. I am not saying this vendor was LE, and I am not naming his name. But, the shoe does fit.

If this adds up to buys you've made, you might want to make a change of address...  ;-)

My Listing is how you donate to me being awesome and telling you about this. It's only $0.50. If this prevents you from making a very bad mistake, or convinces you to undo this bad idea, I'd appreciate the jinglies. I'm telling you for free, so it's not a requirement.

You can easily google this same information, again, absent any explanation of the consequences....
Title: Re: The Danger of speeding up TOR.
Post by: CaptainJohnny on September 10, 2011, 03:57 am
I am not trying to discredit you. I'm am presenting facts. For free. Facts that are dangerously omitted from your sales pitch to the detriment of anyone who doesn't know better.

I'm not making an accusation. My duration here and/or post count has absolutely nothing to do with my experience using tor or conducting my business. I don't sell the products you sell. We are not competitors. It would not benefit me to discredit you.

It is a fact that you are selling information that can be googled for free. This does not discredit you. It is a fact. Some people are too lazy to use google.

It is a fact that using that information will DRASTICALLY reduce their security.

It is a fact that you fail to provide this data in your listings.

These facts exist regardless of my post count or how new my seller account is.

These facts are very important.

Stephen Hawking doesn't even have an account here (that I know of). Does that make him stupid? Does that mean he's trying to discredit you?

Please explain what your seller account's age or rating has to do with technical knowledge of how TOR works?
Please explain what your post count has to do with your omission of the above facts?

In the other thread on this subject, you stated that you would then provide the down side. But none of your listings were edited to contain that data.

I did this to inform people of the dangers of performing the actions you one-sidedly advertised. Bringing these facts to light has not discredited you. Your attempts at accusation and concealment of dangerous security information is what may have discredited you. You're trying to shoot the messenger. Why would an honest person do that?

I gave you the benefit of the doubt. Once informed, you still did nothing to fix the absence of this crucial data, even after saying that you would. Then, when I make a bigger deal out of this major security issue, you come out of the blocks accusing ME of being the bad guy, and holding up irrelevant metrics in an attempt to make facts evil?

Is that what someone who simply didn't know there was a down side to his product would do? Honestly not knowing is fine. But you're not acting like someone in that position. And the more you do it, the more my suspicions are solidified.

You could say "Holy shit, I had no idea I was setting up my customers like that! I just stumbled across a way to make TOR faster and had no idea it could do so much harm! I was in it for a quick buck and didn't do my research, I'm so terribly sorry for exposing every member of SR to this huge risk!"

But you didn't...  You tried to defame me while claiming that it was my intent to harm you. You held up rulers that have nothing to do with the knowledge needed in your attempt to do so.

I have posted facts. I have also said that it could be simple ignorance. Not a lot of people know how TOR works to such an extent.

I gave you plenty of outs. You chose to be combative. Do you not realize what you expose of yourself when you do that?

I did not even mention your name. You came out here and pinned the sign on yourself.

What I did was nothing more than a public service announcement based on facts.

Quote
The security threat is negligible because the settings merely help TOR in moving on when a node/circuit is unresponsive. Basically, reduces the timeout time for the circuit before looking for another path. This decreases wait time on finding a path to complete your request.

You underestimate the number of nodes, thus circuits, that will be removed from the pool of possible routes. This includes exit nodes, too.

Most of TOR is very slow.

By removing the "slow," you also remove the "most of."

This makes traffic analysis way too easy. You either honestly underestimate this problem, or are deliberately misrepresenting it.
Title: Re: The Danger of speeding up TOR.
Post by: DigitalAlch on September 10, 2011, 05:46 pm
Since I have yet to look into this on either side I'm going to guess the speed up makes tor Ignore connection to slow nodes -  CaptainJohny you saying that by doing that traffic analysis is easier(I'm guessing because they could have control of nodes and you're guessing that most of the fast nodes are rouge)? What type of traffic analysis. Perhaps I am failing to see how this could be exploited. A good deal of the fast nodes are in the Netherlands. I'm not saying your wrong I just would like more information.

Peace,
DigitalAlch
Title: Re: The Danger of speeding up TOR.
Post by: CaptainJohnny on September 11, 2011, 03:01 am
TOR is already vulnerable to traffic analysis by an observer with global network monitoring capacity. TOR only functions in it's current capacity because it is considered that no entity with such resources cares to expend them, or exists.

An overwhelming majority of TOR nodes are very bandwidth limited volunteers setting up their personal Broadband. These volunteers limit I/O to tens of kBps, sometimes less. Most are not exit nodes, just relays.

By eliminating them, one no longer needs global resources on the network. If you get the users to stop using the slows, you don't have to watch the slows to watch traffic...  Your scope of observation becomes small enough for even an individual with one computer to observe. Match the ins to the outs, that's traffic analysis.

Also, the latency of the TOR network is an unintentional, but very beneficial factor in hindering traffic analysis, as well. The slow is a good thing, and too numerous for observation and correlation. The fast is very limited in quantity and easy to see...

It's simple math. Restricting your pool so severely reduces your possible routes and makes you easier to watch both for the fewer routes and the increased speed. TOR still isn't throwing ghost data well enough to obfuscate on the full network, much less the tiny faction of it people limit themselves to by using this 'trick.' If it did, guess what? It'd be even slower... While the ability to do so exists, it is held back deliberately, lest the added latency of the obfuscating packets crush the network and make it unusable.
Title: Re: The Danger of speeding up TOR.
Post by: TheUsualSuspect on September 11, 2011, 04:42 am
I'm definitely not taking sides on this one, but it seems to me that purchasing anything that does not come in the mail (digital goods) seems highly dangerous. But then again, so I buying illegal substances from the internet  ;)

Even if you download the item through TOR, unless it is source code that you compile and you know how to examine said code, who knows if the item you downloaded "phones home" in any way, exposing your real IP address and the fact that you are a purchasing member of SR.

In this case, I don't think my comments apply though. The seller seems to just be selling instructions and not really something you download.

Also, not taking sides because I know very little about the technical aspects of TOR that were being discussed.

Peace out!
TUS
Title: Re: The Danger of speeding up TOR.
Post by: 46&2 on September 11, 2011, 06:55 pm


Even if you download the item through TOR, unless it is source code that you compile and you know how to examine said code, who knows if the item you downloaded "phones home" in any way, exposing your real IP address and the fact that you are a purchasing member of SR.
In this case, I don't think my comments apply though. The seller seems to just be selling instructions and not really something you download.


yeah you answered that correctly.
Title: Re: The Danger of speeding up TOR.
Post by: DigitalAlch on September 12, 2011, 01:11 am
TOR is already vulnerable to traffic analysis by an observer with global network monitoring capacity. TOR only functions in it's current capacity because it is considered that no entity with such resources cares to expend them, or exists.

An overwhelming majority of TOR nodes are very bandwidth limited volunteers setting up their personal Broadband. These volunteers limit I/O to tens of kBps, sometimes less. Most are not exit nodes, just relays.

By eliminating them, one no longer needs global resources on the network. If you get the users to stop using the slows, you don't have to watch the slows to watch traffic...  Your scope of observation becomes small enough for even an individual with one computer to observe. Match the ins to the outs, that's traffic analysis.

Also, the latency of the TOR network is an unintentional, but very beneficial factor in hindering traffic analysis, as well. The slow is a good thing, and too numerous for observation and correlation. The fast is very limited in quantity and easy to see...

It's simple math. Restricting your pool so severely reduces your possible routes and makes you easier to watch both for the fewer routes and the increased speed. TOR still isn't throwing ghost data well enough to obfuscate on the full network, much less the tiny faction of it people limit themselves to by using this 'trick.' If it did, guess what? It'd be even slower... While the ability to do so exists, it is held back deliberately, lest the added latency of the obfuscating packets crush the network and make it unusable.

Makes sense. Good info. Thanks.

Peace,
DigitalAlch
Title: Re: The Danger of speeding up TOR.
Post by: nomad bloodbath on September 12, 2011, 04:13 am
TOR is already vulnerable to traffic analysis by an observer with global network monitoring capacity. TOR only functions in it's current capacity because it is considered that no entity with such resources cares to expend them, or exists.

An overwhelming majority of TOR nodes are very bandwidth limited volunteers setting up their personal Broadband. These volunteers limit I/O to tens of kBps, sometimes less. Most are not exit nodes, just relays.

By eliminating them, one no longer needs global resources on the network. If you get the users to stop using the slows, you don't have to watch the slows to watch traffic...  Your scope of observation becomes small enough for even an individual with one computer to observe. Match the ins to the outs, that's traffic analysis.

Also, the latency of the TOR network is an unintentional, but very beneficial factor in hindering traffic analysis, as well. The slow is a good thing, and too numerous for observation and correlation. The fast is very limited in quantity and easy to see...

It's simple math. Restricting your pool so severely reduces your possible routes and makes you easier to watch both for the fewer routes and the increased speed. TOR still isn't throwing ghost data well enough to obfuscate on the full network, much less the tiny faction of it people limit themselves to by using this 'trick.' If it did, guess what? It'd be even slower... While the ability to do so exists, it is held back deliberately, lest the added latency of the obfuscating packets crush the network and make it unusable.

Makes sense. Good info. Thanks.

Peace,
DigitalAlch


THIS!
Do not adjust your Tor settings please, if you don't know what you are doing.

:D
nomad bloodbath
Title: Re: The Danger of speeding up TOR.
Post by: CaptainJohnny on September 13, 2011, 08:32 pm
I really was not trying to start a fight with anyone, I even asked permission before posting this and my Listing.

I noticed that "someone's" post in this thread is gone now, but I haven't checked for the associated Listings.
Title: Re: The Danger of speeding up TOR.
Post by: Paperchasing on September 20, 2011, 10:41 am
the captain is correct.  Dont change your tor settings!  Tor is pretty damn good, albeit the iran incident earlier this year is a little unnerving (iran government used deep packet inspection looking for a limited narrow set of encryption blocks tor knowingly implemented... Tor developers knew was a vunerability all along yet did not fix it till  the Iranian government arrested a bunch of anti-government tor users)
Title: Re: The Danger of speeding up TOR.
Post by: nef on September 22, 2011, 01:38 am
I'll third'ed the good Captain.  I saw the "speed up Tor!" listing and just couldn't get motivated to explain why it was a bad idea.  Thanks for doing the educating, CaptainJohnny!
Title: Re: The Danger of speeding up TOR.
Post by: Calistoner on September 22, 2011, 03:45 am
shit.

what are the default settings?


i need to change mine back