Delivery-Date: Sat, 03 Oct 2015 00:45:30 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C52C61E0DF7;
	Sat,  3 Oct 2015 00:45:27 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8A92237EE1;
	Sat,  3 Oct 2015 04:45:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 210A537EDF
 for <tor-talk@lists.torproject.org>; Sat,  3 Oct 2015 04:45:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Shufx9RtSDKW for <tor-talk@lists.torproject.org>;
 Sat,  3 Oct 2015 04:45:18 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id DF88237EDB
 for <tor-talk@lists.torproject.org>; Sat,  3 Oct 2015 04:45:17 +0000 (UTC)
Received: from localhost ([96.47.226.20]) by mail.gmx.com (mrgmx003) with
 ESMTPSA (Nemesis) id 0Ldq9D-1aPa8Y1xul-00j04j for
 <tor-talk@lists.torproject.org>; Sat, 03 Oct 2015 06:45:14 +0200
Date: Sat, 3 Oct 2015 06:44:34 +0200
From: "sh-expires-12-2015@quantentunnel.de"
 <sh-expires-12-2015@quantentunnel.de>
To: tor-talk@lists.torproject.org
Message-ID: <20151003044434.GA14776@localhost.localdomain>
References: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
 <CABMkiz6_nnMpghj-Q4yxKZHKhAdEschZAMybGC_JHjxVR_aJWw@mail.gmail.com>
 <CAKcCSXrv9iDswGGwmBdRvv6Z06zURAVS3V6Yox-wT_RJFscH=g@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAKcCSXrv9iDswGGwmBdRvv6Z06zURAVS3V6Yox-wT_RJFscH=g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:x5EbPVbhE0bn+rjbPBS30XKt6wnbxY/okbEpV9YK6W8KIOVPxnc
 Ujo/rZfvB164B589J6oG+0eHGDY5wAxzvWHtHgDkfZ5xKpzZlTZS3Vb1JQKhltS3/nCcwO3
 lSqS1tbZJE/2rUXEv5WLI0ae9v4Rm1lf2ptVXpfwvbAkScsLA6yrSIqKIp1sa5bT7YWEsIY
 vRwYORWrVBbxA2D6+5qvA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:jEIRTnw4mYs=:P4JawpJiBSD9ONklI0jzHF
 LEr+CdPeD1ivwX4VOV6FJP4Tqk4ihETQ5RePtyZjEl48lwnv+JO/0xorQ7GTNXBeyw49Qs8PU
 o3ECZ8QEyPQBn9n4zOV9ml/pJSeFoaKvM2AVrzfW04RT5Gfi3N/PNokJ09PiauenM7cBr64H4
 iG7HmdpI2R45jTEcF7d2jp2Fshl0qbuf9lqsW+8qQQ2fWT/4c5qMajlV+mAYNo50cjvOHXYhO
 9rt/VUJBlugTLExLAg4pD3sRW3tPMePrBKvFfoofeJeTc/AgZkPhvdp9cTJlsZr9G9eHq4dUd
 F7KWzL8Xx4fFKaysoBVzI+mWq+J743BMFh0dJVsV8jHO4n3sV99kelMFeg9DiE6PetsjUlcaU
 NV8i7L6Ho4SsVkr1ANW73PyRR/3KacO1Fy2V7az/Fzk0RclLP50LaHdFMAxLwWsoDsmA/Lwmk
 OgP6JRZUB7x/06XmT7NGbGlObH5lZSCc6ZISzzFT8rbQC4JsqSAydUGquX+6CRc9y3DZIKkgH
 M4zCvtgn6yq/hqhxXK/xrH8JzpVS6HcRdbvetyQ+DhEayrfyHZ4uw94Hm8xQ/ILgh0HGKA3Cc
 jfFxH0orLbq3OJ5kGjlyL2VR3+PvEUE0ZPNcGZjO9gov57g71zHKcB+kWiXOgR4nNntE56v5Y
 ULVYWvb84JMuo1p98SzQO0LThF41KGghn2X+PC/WcNCDBseXjvLTBF2f4NlrdulGFJkPD+vaa
 sAs0Il6OmAbfqI4NGkxwHCqys5qiQVhYVlMOCU9V1IzHMF/oHUwNAVWZoMw+QOvH7432oF5za
 t81Iexk
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Oct 02, 2015 at 04:58:12PM +0000, behnaz Shirazi wrote:
> As I said it won't happen. It doesn't make sense to use
> undetectableizer when using a public Tor exit node because that will
> compromise you are using Tor thereby minority of undetectable users
> won't hurt anonymity of major detectable users nor themselves.

Since TBB uses the consensus this discussion is quite nonsensical, 
you can't hide the fact that you use tor from the site you visit, 
not with an addon or a bridge, while using tor.

Since the consensus data is available, I do 
grep "^r " /var/lib/tor/cached-consensus | cut -d \  -f 7
and have a handy list. For historic data one uses exonerator.
Since this list contains all kind of nodes (6651 atm), we make
sure not to miss anyone involved using tor or someone getting
promoted. :)

Want to know how may Exits are available? 1081 atm, to verify try
grep "^s Exit" /var/lib/tor/cached-consensus | wc -l

So, detecting Tor usage at an endpoint is a very trivial exercise.

By using a private exit, you are actually increasing chances to become
a victim of a correlation attack, since an adversary needs to observe
the private exit only, may inject patterns and try to observe
this patterns somewere. For enduring connections like bitcoin, it may be
enough to interrupt/shape/reset connections and look for whom bitcoin
isn't working anymore - there aren't much full nodes anymore.

It may work for a mining pool, but not for an individual miner. I am
not going into the subtle details of different, easy to detect
fingerprints within the protocol.

Lets not digress, back to TBB: if you allow cookies, caching or javascript 
this gets even worse. If you authenticate (like using a password or a public 
key), you are unique. If you use data of an oob protocol within tor 
(like a bitcoin) chances are  pretty high you become unique and traceable 
(reddit provides a neat list of mistakes made with tor and bitcoin).

Btw., TBB isn't designed to hide usage patterns. If you want that,
invite some friends over to surf or run a node, a relay, bridge or exit.

The benefits of tor are few but they are still awesome, you can hide the
fact that you use something from a local authority, like your ISP or an 
upstream adversary and you can hide your location/origin.

If you involve a bridge, you may hide the fact that you use tor from
a local authority, but you can't hide this fact from an endpoint.

Try hiding the fact, that you use tor from a hidden service. :)

Thats all, TBB is limiting that to https, if you use http you
become vulnerable against malicious exit nodes.

So, please forget about hiding the fact that you use tor, by using
tor, from an endpoint - it won't work.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

