Is Anonymous Access to TOR Attainable?

Donate for the Cryptome archive of files from June 1996 to the present

7 December 2013

Is Anonymous Access to TOR Attainable?

Date: Sat, 07 Dec 2013 11:02:10 +0000
From: Ron Leach <ronleach[at]tesco.net>
To: cryptography[at]metzdowd.com
Subject: Re: [Cryptography] Anonymous messaging [was: Email is securable within a coterie]

On 07/12/2013 05:24, StealthMonger wrote:

"Bob Simmons"<bsimmons[at]compassnet.com> writes:

Of course, if I were to use this for real, I would have to be sure dizum.com isn't a honeypot.

Hence the virtue of using CHAINS of remailers, so that if even just one of them is good, your anonymity is secure. (And the step after that is to operate a remailer yourself so you KNOW one of them is good.)

Are we sure? I read Bob's post as being wary in case the *first* remailer, dizum.com in his case, which receives his connection and therefore has some idea who he is, were to be a honeypot. Yes, the CHAIN might ensure his anonymity at point of posting to the newsgroup, but disclosure will have occurred at point of first entry to the chain (and, potentially, subsequently for any honeypots following in the chain until the first genuine remailer).

It's the same problem with TOR, isn't it? The first TOR server knows who is accessing the network.

Anonymity of *access* is becoming desirable, I think. But is it attainable?

regards, Ron

Date: Sat, 7 Dec 2013 21:26:41 +0000
From: Ben Laurie <ben[at]links.org>
To: Ron Leach <ronleach[at]tesco.net>
Cc: Cryptography Mailing List <cryptography[at]metzdowd.com>
Subject: Re: [Cryptography] Anonymous messaging [was: Email is securable within a coterie]

On 7 December 2013 11:02, Ron Leach <ronleach[at]tesco.net> wrote:

It's the same problem with TOR, isn't it? The first TOR server knows who is accessing the network.
Anonymity of *access* is becoming desirable, I think. But is it attainable?

You mean anonymity of using TOR is becoming desirable, surely? Because everyone is accessing the network.

Date: Sat, 07 Dec 2013 23:21:37 +0000
From: Ron Leach <ronleach[at]tesco.net>
To: Cryptography Mailing List <cryptography[at]metzdowd.com>

Subject: Re: [Cryptography] Anonymous messaging [was: Email is securable within a coterie]

On 07/12/2013 21:26, Ben Laurie wrote:

You mean anonymity of using TOR is becoming desirable, surely? Because everyone is accessing the network.

Yes, in the general sense of accessing any anonymity service (including remailers, not only TOR). I'd used the word 'network' in the sense of the 'service' (Tor network, remailer network, etc).

Simply meant that *anonymity* of *accessing* TOR, or the 1st remailer in a chain, is becoming desirable [because the first server could be a honeypot and reveals the IP address of the accessor, and IP address leads to substantially more identifying leakage].

May I add this next clarification, simply because readers of this public list have varying depths of experience with security and anonymity, and may not be aware of the underlying issues? TOR and remailers attempt to solve the problem of anonymous deposition of messages or website access, by routing randomly through other servers. The use of multiple links in a TOR or remailer chain was (historically) assumed to make more difficult any association between (i) access to the first server, and (ii) the exit node. But either, or both, of the entry and exit servers of that service may themselves be honeypots, and, moreover, capable of sharing their traffic data - even if operated by different entities - thus facilitating identification of the source of anonymous traffic.

The TOR project, in their documentation, makes this risk very clear. While it has always been possible for honeypots to masquerade as genuine severs, as TOR project explains, it is becoming clear that traffic analysis across different honeypots operated by different entities is quite possible. This increases substantially the effectiveness of traffic analysis to identify the sources of anonymous website accesses or message deposits, etc.

If anonymity is a goal, the anonymity of *use* of such schemes may be desirable, to try to protect against that type of traffic analysis. Whereas the use of such services is (relatively) easy to achieve, I was thinking about whether anonymous access to the first server, however desirable, might or might not be attainable. As already mentioned, installing the 1st server on one's own machine might be a way forward, but at a security loss. The opportunity for random traffic routing through the remainder of the network is reduced, perhaps substantially. For example, TOR, as I understand it, only uses 3 nodes including entry and exit so, when hosting one's own entry server, one's own traffic would only be randomly routed through the last 2 servers, instead of through a randomly-selected 3 servers, and hence might perhaps be more susceptible to traffic analysis.

Back to the topic; yes, I meant access to the anonymising service, rather than access to the network, in the internet-wide sense, which as you say everyone is accessing.

regards, Ron

_______________________________________________

The cryptography mailing list
cryptography[at]metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography