Silk Road forums

Discussion => Security => Topic started by: Mistersketch on November 24, 2011, 07:23 am

Title: Connecting to TOR
Post by: Mistersketch on November 24, 2011, 07:23 am
So up until now I have been connecting to tor via public wifi but have heard that this could raise red flags, although there are many who use the wifi I have read that connecting to tor over one can be easily hacked or seen by others

I was wondering if i purchase a 3G USB with a visa gift card and used fake information would this be better than using public or home connections? does anyone do this already?

looking to get some insight from others
Title: Re: Connecting to TOR
Post by: CrunchyFrog on November 25, 2011, 12:24 am
Quote from: Mistersketch
I was wondering if i purchase a 3G USB with a visa gift card and used fake information would this be better than using public or home connections?
To me, it would depend on what you're most concerned about having discovered (and by whom): the fact that you're using Tor or what you're doing with it.

If the former, then wireless would *not* be the way to go.  Wireless (radio broadcast) connections are observable by anyone with the right tools, enough time and expertise, and sufficient interest.  Wired connections require physical contact with -- not just proximity to -- your data path, which is usually more difficult to obtain.  However, wired connections via local area network -- LAN, or home network -- *are* observable by others on the network with the capabilities mentioned above.

If the latter, I don't see any advantage either way; the most that any (non-NSA) adversary is going to see is encrypted data┬╣ flowing between you and a Tor relay.  They would have little chance of knowing where the data ultimately goes or comes from (or what it is) once it's on the Tor network.

┬╣ triple encrypted in the case of data transmitted by you
Title: Re: Connecting to TOR
Post by: pannerjack on November 25, 2011, 08:35 am
This may seem naive, but assuming you are accessing TOR via a public wifi access point and someone does detect that you are accessing TOR, and even assume they can decipher what you are saying, still so what?  I would assume such an attacker might be able to get your MAC address, but how would LE be able to determine who in a library or coffee shop with 30+ people in it is the person with your MAC address?  Or even that who is definitively using that device?   Think of it like when someone smokes a joint at a concert.  Sure there's the smell of pot in the air, so a cop might know there is dope being smoked, but finding who exactly is doing the smoking in a crowded area isn't that easy.  I appreciate wanting to be as off the radar as possible, but at least in the US LE has to prove their case beyond a reasonable doubt, and at least build enough probable cause to make an arrest.  It just seems to me if LE wanted to do a sting, they would wait until they could make a controlled delivery in the case of buyers, and that would mean requiring a signature upon delivery, and as we all know you never sign for nothing bought on SR.  Remember, they have to not only prove the communications came from your computer, but you were the individual making those communications on that computer. 

Please correct me if I'm wrong.  I don't claim to have all the answers or even the best advise, just thinking....
Title: Re: Connecting to TOR
Post by: Mistersketch on November 25, 2011, 08:57 am
Although tor seems like it can be trusted I always go with the assumption that nothing can be, I try to make sure every precautionary measure is thought of and planned out incase anything were to happen. I understand the beyond reasonable doubt thing but in my experience if your face to face with a federal agent  they arent stupid and simple loopholes to the law really wont do shit with them, just because you have the rights doesnt mean that they wont do everything in their power to find out what you were doing it is their job

so throw away 3g usb keys are not as useful as I thought what would be the best possible way to truly remain anonymous? I was thinking about hacking a wifi signal from a couple miles away from me, at least that way if it is traced it is not me who is actually getting in trouble, 
Title: Re: Connecting to TOR
Post by: pannerjack on November 25, 2011, 09:16 am
Hacking a wifi access point from a distance sounds safer to me than 3g USB.  With a 3g key LE could triangulate your location when your device pings two or more cell towers.  At least it would seem to me.  I am not the most technologically sophisticated person on this form by a long shot, but I do have some experience evading LE in the physical world. 

Cheers,
Title: Re: Connecting to TOR
Post by: j789745 on November 25, 2011, 06:49 pm
Your ISP is capable of seeing that you're using TOR, just not what you're doing with it. If you're just buying some personal use quantities every now and then, I don't think you have to worry about it. You can do it at home, really.
Title: Re: Connecting to TOR
Post by: rise_against on November 27, 2011, 06:24 pm
would an ISP go as far as to block your access to tor?
Title: Re: Connecting to TOR
Post by: CrunchyFrog on November 27, 2011, 10:14 pm
Quote from: pannerjack
...I would assume such an attacker might be able to get your MAC address, but how would LE be able to determine who in a library or coffee shop with 30+ people in it is the person with your MAC address?  Or even that who is definitively using that device?...

Unless you paid for the laptop with paper currency, gave a fake name, and never registered it for warranty, I think it's likely they could find out who you are through manufacturer, store, and credit card records.  That would tell them who's laptop it was, but not who was using it.  (Assuming you didn't file a police report in advance, claiming it was stolen.)

Unless you've never been issued a photo ID and never put your photo on a social networking site, once they know who you are they'll also know what you look like.  Now, if your coffee shop or library creates and retains security tapes -- and what places *don't* these days? -- they can place you where and when the MAC address was obtained while carrying (or using) a laptop.

Although that doesn't *prove* that it was you using your laptop -- and not some stranger with whom you happened to (temporarily) swap laptops just outside range of the cameras -- I'll bet it would convince most prosecutors and juries.

Would they go to all that bother?  Maybe; it depends on what (they think) you're doing.

If nothing else, the fact that people have created applications to disguise a computer's MAC address suggests that it's important in at least some circumstances.
Title: Re: Connecting to TOR
Post by: Variety Jones on November 27, 2011, 10:23 pm
Your ISP is capable of seeing that you're using TOR, just not what you're doing with it.

Yeah, not so true.

Tor disguises itself as SSL traffic, and Iran recently figured out that their Cert expiries were too short-term, and used that to recognize and block Tor traffic.

Tor devs responded the same day.

From ames on the Tor dev blog:

Quote
How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.

There are plenty of interesting discussion points from the research angle around how this arms race should be played. We're working on medium term and longer term solutions, but in the short term, there are other ways to filter Tor traffic like the one Iran used. Should we fix them all preemptively, meaning the next time they block us it will be through some more complex mechanism that's harder to figure out? Or should we leave things as they are, knowing there will be more blocking events but also knowing that we can solve them easily? Given that their last blocking attempt was in January 2011, I think it's smartest to collect some more data points first.

And keep in mind they are talking about filtering out Tor traffic, not identifying it exactly. There are other ways to filter out Tor traffic, but that also takes out other important, business like traffic, and even Iran is hesitant to do that.

Your ISP will have no idea you are using Tor, although they could say you *might* be, or maybe you just have a lot of SSL traffic, or a VPN, or encrypted transport torrents...
Title: Re: Connecting to TOR
Post by: DrBenway on November 28, 2011, 03:20 am
Quote from: pannerjack
...I would assume such an attacker might be able to get your MAC address, but how would LE be able to determine who in a library or coffee shop with 30+ people in it is the person with your MAC address?  Or even that who is definitively using that device?...

Unless you paid for the laptop with paper currency, gave a fake name, and never registered it for warranty, I think it's likely they could find out who you are through manufacturer, store, and credit card records.  That would tell them who's laptop it was, but not who was using it.  (Assuming you didn't file a police report in advance, claiming it was stolen.)

Unless you've never been issued a photo ID and never put your photo on a social networking site, once they know who you are they'll also know what you look like.  Now, if your coffee shop or library creates and retains security tapes -- and what places *don't* these days? -- they can place you where and when the MAC address was obtained while carrying (or using) a laptop.

Although that doesn't *prove* that it was you using your laptop -- and not some stranger with whom you happened to (temporarily) swap laptops just outside range of the cameras -- I'll bet it would convince most prosecutors and juries.

Would they go to all that bother?  Maybe; it depends on what (they think) you're doing.

If nothing else, the fact that people have created applications to disguise a computer's MAC address suggests that it's important in at least some circumstances.

It is completely trivial to change the MAC address you connect from on any secure setup. Many anonymity minded Linux distros even automatically select a different random MAC address at every boot.
Title: Re: Connecting to TOR
Post by: CrunchyFrog on November 28, 2011, 05:32 am
And, to anyone reading this who'd be interested in changing their MAC address (but isn't sure how to do so), the article "Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X" [ irongeek.com/i.php?page=security/changemac ] may be helpful.
Title: Re: Connecting to TOR
Post by: Mistersketch on November 28, 2011, 08:01 am
I appreciate the feedback from those who have posted, id like nothing more than SR to get bigger as the more dumb people there are on SR the more likely that the smart individuals will get away with what we do here,

As for changing my MAC address what would that accomplish?

I also am aware that VPNs are good to use some out there accept BTC which offers even greater anonymity,

Evading the police is not a big problem for me since anytime they run into someone that knows the law they give in and walk away but federal agents are more of what im worried about, they wont walk away as easily and All of them are college educated, although giving some excuses and looking innocent may work with cops federal agents are used to this sort of behavior and really the only way you get out of their grasps is literally giving them no evidence,

no evidence, no case
Title: Re: Connecting to TOR
Post by: bionic1 on December 08, 2011, 12:19 am
What if you want to use TOR through a public wifi (or any wifi that is not yours and therefore wired isn't an option) and you want to prevent any wireless observation, analysis or even decryption of that traffic? (I'm talking about the tor/other-traffic that is then broadcasted wireless, and not about the wireless signals itself). As pannerjack already wrote it would be hard to track it back to you even with the MAC-address, but I'm interested in this for theoretic reasons.

I know that no matter what you do, the wireless signals can always be analyzed. My suggestion to protect one's traffic anyway is: not access directly through the the wifi but to use a highly encrypted ssh-tunnel (or whatever is best for this purpose) for the whole traffic.
By analyzing the wifi the only thing that can be seen is the (encrypted) ssh-traffic and nothing else. The "actual traffic" is hidden in the ssh traffic, and it is almost impossible for anyone in the wifi to detect or analyze it.


Now, my questions are:

- Is this possible after all? Am I talking about the right thing, or is there something that is better for this purpose?
- What is the strongest encryption that can be set?
- Is it possible to use TOR through this ssh tunnel (or whatever is best)?

Please note that I'm not an expert on this subject, and all that I've written above comes from random phrases that I catched up over the years =) So maybe I just posted some bullshit, but that's the reason why I ask. I hope you understand what my idea is.

Thanks in advance