Delivery-Date: Sat, 03 Oct 2015 16:52:28 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B95691E0437;
	Sat,  3 Oct 2015 16:52:26 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3EA3F37F4B;
	Sat,  3 Oct 2015 20:52:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8FA6C37EED
 for <tor-talk@lists.torproject.org>; Sat,  3 Oct 2015 20:52:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fqbe0QVcAtLc for <tor-talk@lists.torproject.org>;
 Sat,  3 Oct 2015 20:52:16 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 6092D37EA0
 for <tor-talk@lists.torproject.org>; Sat,  3 Oct 2015 20:52:16 +0000 (UTC)
Received: from localhost ([149.202.42.188]) by mail.gmx.com (mrgmx101) with
 ESMTPSA (Nemesis) id 0M8qOm-1ZuWzw0AX6-00C8pO for
 <tor-talk@lists.torproject.org>; Sat, 03 Oct 2015 22:52:12 +0200
Date: Sat, 3 Oct 2015 22:51:34 +0200
From: "sh-expires-12-2015@quantentunnel.de"
 <sh-expires-12-2015@quantentunnel.de>
To: tor-talk@lists.torproject.org
Message-ID: <20151003205134.GB28860@localhost.localdomain>
References: <CAKcCSXohYs-2CiRiaMpObDkvvRRhOg23YDnOZA+wr6+=+1kqRw@mail.gmail.com>
 <CABMkiz6_nnMpghj-Q4yxKZHKhAdEschZAMybGC_JHjxVR_aJWw@mail.gmail.com>
 <CAKcCSXrv9iDswGGwmBdRvv6Z06zURAVS3V6Yox-wT_RJFscH=g@mail.gmail.com>
 <CAKcCSXpanhF9O2bGOgfitC2yZic0RJ8QM3jBReCZaD+-OwFfNQ@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAKcCSXpanhF9O2bGOgfitC2yZic0RJ8QM3jBReCZaD+-OwFfNQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:PsthQMlAk49F752OZCbd19Dv+j8IQg+pcKruHfuplIeSd8/joDC
 YRiEaymcFNFw7Y0gV0RQB/6oqmWZS/UmDSmIwWOK7u3paLSKRJiz2xAtlKx1ruGEjxssB3s
 CN3EjZR0R3KahITt5X24nWEblfZS1bjBJ+F2OP1B0cgLO/+HOkydY2q/RyQIbBU5TRJqh/Y
 hZX6ohydeZTJDvPlUdHNw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:BDUHRStyvYQ=:DXB1g0yoS4hrdxv2YSuK6O
 ICGtNEU/CF8NDiDJFJVgELc5rAsP0HmVGe3uVhQ38sn67zFlGIll1o/POOEerr7HYk0XyPtNb
 fKHxUKJkqO4lrjWayKRivD6BW+kYAUDaPKJ48OPm7xvFyyBIS/xG8DdiwTBVGGIeaIGMdWgjD
 nTiw6k8xDob/spOmE2cdPitDOQqNUZgvx8iHz+MWMccbojN2WFbVSKfxuDHw0bbFqPTdEAvUy
 9WDPTtXDdCxyISm5vdWCwyDYHc/RgdtATcDVoxn5OeDWFPQrsV2O9f9daus0Ca2dGEIqEeO7Z
 yFg1geyIuG/8XbO7E47blxMPXH++wSMGFdmiDl/mhMcJwYvm52/k/0rUh/Majc8KCqu44Nv4X
 c+Mbxh4tnm1BsemFaR8RjSYGs/UYrMGvIF5uRWh3bAJCgrJfMa5ViWBkdiihiC2RfYSLmI1ET
 ISyMIvfs9Q6vqvsWpXctp/e2drs6ewSkCKvmpWMeXwmN83PxNg39OIw59bm35muhpD2fmBAyZ
 2DojhMGeVp3r1Uj3sukmgzFblu4Ayd6mPooShx+axlztnglPtVjbG4PJgUxpl2CHKa2S+xVYg
 Nv7xvn6PrAv3WzSiX7RuAZGisTBZAn0k9PQ16iXBTapkFfv7a14dATpuT9XzYeUpeetJAOpe2
 bEcrBzIa5GfZUMHsf7P2UwAmHjPM8IP3ifTBMAVF1BctSzWL3pb6eOL8Dvouzt4Q2ye7vlQDw
 /GrqSVOLhFw/gdlHp1fifbrKmR2yYucszGbEDJz444f2hZIIIftkouWhK5PAYrhxG+uqcl8Ds
 MB+0bd1
Subject: Re: [tor-talk] Making TBB undetectable!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Oct 03, 2015 at 09:16:50AM +0000, behnaz Shirazi wrote:
> If we use a socks proxy server to talk with destination instead of a
> private Tor exit node then such an attack becomes as dangerous as when
> you are using a detectable TBB over a public Tor exit node because the
> number of socks proxies available out there won't be less than public
> Tor exit nodes today.

Actually, you are much easier to differentiate for an adversary
since you use tor in combination with socks proxies, you stand out
and now no longer belong in the group of the merry tor users. You have 
done an advesary actually a favor. Plus you induce more latency into your
connections, which makes it easier to induce or deduce addional signal
from your connections and makes you even more distinguishable.

A exit-, site operator or a cdn can observe that latency and
clearly  differentiate that behavior from tor and regular users.
They'll tag you "slowpoke on an open proxy". If they hire me, I'd
explain to them, how they can ban or tarpit you, if you annoy
them too much so they provide better services to their honest
visitors.

Tor protects you from all that by using different circuits, with
different latencies which results in different exits that needs
much more effort to observe and tag indivdual behavior.

You completly subvert that protection, since you always use a
proxy or maybe a series of proxies, or an exclusive exit, no matter
which destination, you have constant endpoints, if you prefer a
bridge and obfuscation, you may also attach attributes to your
connetction that may be observable (haven't worked with bridges
yet, I leave them for the people who need them). Maybe next
summer holiday.

Your overreliance and misplaced trust in open proxies sticks
properties to your tor connections you don't want. A clever adversary
will attack you from the open proxy due to previouls accumulated 
usage patterns. If you try to circumvent exit policies, a
smart proxy operator will downgrade or MITM you.

He may deny you updates for TBB when you need them, using his proxies
he may drop an exploitkit and ransomware on you.

To make it short, instead of ~999 possible exits you rely on one, or
few. If you addionally try to obfuscate TBB, congratulations, you are
pretty unique, and you won't notice in any fingerprint tools, since they
don't correlate and accmulate all that stuff that the open proxy can
learn from you.

On the list of historically stupid things to do with Tor, I rank you
second place, behind the dude who tried to give out his "pre-warmed keys"
and beating the folks that try to torrent with tor, to it.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

