Silk Road forums
Discussion => Security => Topic started by: rise_against on January 27, 2012, 04:14 am
-
in Laymans terms can someone explain to me why its not safe to use p2p while using tor. thanks
-
a complicated subject for which i probably don't have all the answers for unless i spent considerable amount of time researching to ensure i get everyone concerned
point of view.
- in essence keep your Tor "work" for SR or whatever separate from any p2p where possible.
- can run a Tor instance plus some p2p but this in itself could introduce problems where software crosses over and / or reveals information it wouldn't normally
do if one of them weren't running.
- there is a greater chance the identity and / or location of the users being revealed.
- separate PC's or hardware would be better.
- totally different dsl or connection would be much better as you aren't attracting attention to yourself from isp's etc due to say p2p...
- don't cross over Tor / SR work from the Tor bundle to another firefox browser or some p2p / other proxy'd service running locally..
- requires complicating firewall and port setup to make it all work, and mistakes could cost you...lots
- if you are still going to run a mix of p2p ensure you allocate fair bandwidth to each = fair use / experience for everyone to ensure the service is usable.
- p2p often relies on equal upload for your downloads 1:1 ratio etc, i dont know how well torrents for example would work with Tor.
- some anonymous networks don't like p2p activity because it slows down the network esp downloads of movies, music etc; so its my guess the anon network suffers
where bandwidth is already being expended due to the extra security needed to remain anonymous. so the primary use for anon networks seem to be browsing
anonymous websites and remaining anonymous; p2p needs and consumes lots of bandwidth. With time and faster links for everyone its possible it'll all become
one big Net {a dream..}
i don't claim this is the ultimate guide as per 1st statement, nor do i run the exhaustive list of p2p's out there...
-
What a nebulous post above mine. Anyway, short answer: it subjects you to several deanonymizing attacks (at least one of which is impossible to defend against per Roger Dingledine, the lead researcher of Tor), and filesharing on Tor is a major asshole move anyway.
Long answer: http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf
-
What a nebulous post above mine.
Yeah, his posts are so Sarah Palin-esque in their lack of subject and substance, it's frightening.
arma over at the tor blog has a good explanation for the layman: https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
Anyone who runs bittorrent over tor deserves to DIAF.
-
..usual constructive compliments from variety jones, always a pleasure talking to you.
-
explain to me why its not safe to use p2p while using tor
Because that's what the core community wants you to think (consumes too much bandwidth). And of course the media blog sites like to run with catchy headlines such as "Not anonymous: attack reveals BitTorrent users on Tor network" .. the truth being, its the incorrectly configured torrent clients that revealed identities.
12 Apr 2011 "Not anonymous: attack reveals BitTorrent users on Tor network" - Arstechnica
24 Oct 2011 "Rumors of Tor's compromise are greatly exaggerated" - Torproject
25 Oct 2011 "Tor anonymizing network Compromised by french researchers..." - The Daily Attack
28 Oct 2011 "New Tor Release Fixes De-Anonymization Attack " - Threatpost
And on and on.....
-
in Laymans terms can someone explain to me why its not safe to use p2p while using tor. thanks
- which p2p (torrents, file sharing..etc ?!) did you have in mind?
-
Experience and sorts of issues with Torrents and Tor which may or may not still be the case :-
{p2p azureus torrent app} I2P & TOR Networks not enabled :
Right click on torrent in My Library >> Advanced >> Networks >> Public IP Network (not anonymous)
........................................................................................... >> I2P Network
........................................................................................... >> The Onion Router (Tor) Network
Q:The Public IP Network (not anonymous) is always checked but the other two are not, how do set things up so that they are always enabled for every torrent download
A:In short: You don't.
Hardly anyone is using it because it is slow. Tor is not ment for that amount of data and I2P requires special torrent files and all participants (tracker, seeds and peers) to use it.
i2p forum:
Updated 2010-01-03 for release 0.7.8
- What clients are supported on I2P?
I2PSnark, I2P-BT, I2P-BOB-BT, I2PRufus, Robert, PyBit, I2PSnarkXL, Transmission, and Azureus (but see below for more information on Azureus).
- What client do you recommend?
I2PSnark. It is built-in to I2P so it requires no installation. Also, it is under active development, and support is available. The others are standalone applications which are more difficult to install and use. Azureus in particular is a challenge to set up. New users in particular should try I2PSnark first. To use i2psnark go to link: http://localhost:7657/i2psnark/ in your browser.
After you have tried out i2psnark, and feel comfortable with i2p bittorrent in general, try out some of the standalone clients that have advanced features and are under active development. Try out Robert, for example.
- How do I get Azureus and its I2P Plugin to work?
We don't know. We've heard from numerous people who followed the published instructions and couldn't make it work. We haven't heard from anybody who _did_ get it to work in a long time. And there's nobody around I2P that does know how. We strongly recommend that new users start with the built-in I2PSnark. Once you have become familiar with I2P, if you decide you really really want Azureus, feel free to try. If you are successful, let us know how you did it.
- Why are downloads so slow on I2P torrents?
Two reasons. The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. Also, most torrents on I2P have very few peers compared to torrents on the standard internet. However, it's a lot faster than it used to be, and we continue to work on performance improvements.
- How do I make it faster?
Two key settings are the inbound and outbund bandwidth limiters on link: http://localhost:7657/config.jsp . With the default settings of 32KBps you will generally get no better than 15KBps data transfer in I2PSnark. Increasing the settings (but keeping within your actual connection limitations) will increase the potential transfer rate for I2PSnark.
Bittorrent uses a "tit for tat" algorithm. The more you upload to other people, the more they will download to you. One of the best ways to get faster download speeds is to increase your upstream bandwidth. This is part of the bittorrent protocol, it is not unique to I2P.
Tunnel length settings are a tradeoff between performance and anonymity. The default length of 2 + 0 in i2psnark (i.e., tunnels of length 2) works fine for most people. Feel free to adjust the settings if you want more performance or more anonymity. Increasing the number of tunnels may also help performance.
If you are on a high bandwidth connection (greater than 1 Mbit upstream), it may help to increase tunnel quantities each direction to 4, 5, or even 6.
If you are running lots of torrents you should increase the maximum memory size in wrapper.config to avoid out-of-memory exceptions (OOMs). Change wrapper.java.maxmemory from 128 to 256 or even higher. You must completely shutdown the router (not just a restart) and then start it again for this to take effect.
- Can I use a non-I2P Bittorrent client with I2P acting as a proxy to connect to peers outside I2P?
No.
- Can I use a non-I2P Bittorrent client with I2P at all?
No.
- Can I connect to non-I2P torrents or peers from within I2P?
No.
- Can I connect to I2P torrents or peers from outside I2P?
No.
- Do any I2P Bittorrent clients support DHT within I2P?
No.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<,
- slow
- security overhead..
- not all apps work
- "probably not designed for or not ready for torrent load"
- configuration
- need to share bandwidth to get something in return..
..we're the points i was trying to get across.
-
Yeah read this:
https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
Also, the hidden wiki says "Running P2P protocols within Tor requires OnionCat. Therefore, see the OnionCat section for those P2P services."
http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page#P2P_FileSharing
It also says "IMPORTANT: It is possible to use Tor for P2P. However, if you do, the right thing must also be done by giving back the bandwidth used. Otherwise, if this is not done, Tor will be crushed taking everyone along with it."
The OnionCat section is here:
http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page#OnionCat_Addresses
And the following pages related to OnionCat are on the hidden wiki:
http://kpvz7ki2v5agwt35.onion/wiki/index.php/BitTorrent_via_OnionCat_VPN
http://kpvz7ki2v5agwt35.onion/wiki/index.php/OnionCat_BitTorrent
http://kpvz7ki2v5agwt35.onion/wiki/index.php/OnionCat_BitTorrent_Tracker
http://kpvz7ki2v5agwt35.onion/wiki/index.php/OnionCat_Gnutella
http://kpvz7ki2v5agwt35.onion/wiki/index.php/OnionCat_Instructions
http://kpvz7ki2v5agwt35.onion/wiki/index.php/OnionCat_VPN_IPv6_addresses
I personally don't know anything about it though.
Although from reading that ("Otherwise, if this is not done, Tor will be crushed taking everyone along with it.") it sounds like LE could crush TOR by running P2P all the time.
AFAIK it's fine to be running a torrent client while using the Tor Browser Bundle, because you have to specifcally configure your torrent client if you want it to work over TOR.
-
so if i'm understanding this correct, its probably safe to use p2p while browsing TOR sites, as longs as your p2p software is not connecting thru the TOR network.
-
^ p2p is a rather broad definition. Your system will be as safe as the apps you run on it. With or without TOR doesn't matter.
The important distinction is whether you trust the p2p apps enough to risk your SR account and bitcoins in the case that the app is compromised (0day or pre-trojaned etc).
-
I'm curious as to how people rate both the speed and security of the following:
BTGuard
TorrentPrivacy
Anomos
Also if you could tell me if there's any i haven't listed, and any VPNs/Seedboxes that are reputable for customer anonymity.
Cheers.