I didn't realize the TOR Project had their own mailing list server, though it makes sense.
I'm studying tor relays, especially obfsproxy, and I thought I'd go ahead and ask a question.
If you have a hidden service, and hide that on Server A, then have it connect via obfsproxy to Relay B, can you configure a manually-chosen list of entry guard relays to enter the wider Tor Network from Relay B?
[Hidden Server] -- obfsproxy --> [Bridge Relay] -- tor --> [Specific Trusted Entry Guard Relays] -- tor --> [TOR Network]
Is this currently possible?
On 1/8/2013 7:21 PM, Coyo wrote:
If you have a hidden service, and hide that on Server A, then have it connect via obfsproxy to Relay B, can you configure a manually-chosen list of entry guard relays to enter the wider Tor Network from Relay B?
[Hidden Server] -- obfsproxy --> [Bridge Relay] -- tor --> [Specific Trusted Entry Guard Relays] -- tor --> [TOR Network]
I should probably clarify my question.
What I mean is, if you have a hidden server with one or more hidden services, connected via obfs2 bridge protocol to a set of tor bridge relays running obfuscated bridge ports, can you choose a set of entry guards for each bridge relay for additional protection?
It may seem I'm over-engineering this to extreme levels of paranoia, but I'm not. I'm pretty sure there's more I could do.
Thank you in advance, and thank you for your time.
First of all, AFAIK, bridge relays act as entry guards, meaning they *replace* the first step of your tor circuits, they don't extend them to 4 nodes. With that in mind you might be able to do this:
your client -> bridge (obfuscated or not) -> tor node B -> tor node C -> whatever (clearnet / introduction points for your service)
If you host a hidden service, a compromised bridge on the above circuit will make you vulnerable to timing attacks whether you hand-pick trusted nodes for B&C or not.
Also in general when you talk about guard node, you mean a node that you connect directly too for your first hop on a circuit. It doesn't make sense to talk about guard nodes in the middle of the circuit, you don't really care if those are compromised or not since they don't see you IP.
So another idea would be to use Tor through Tor which unfortunately doesn't increase your anonymity much since timing attacks will still work the same way (maybe they will take a little longer to pull off though but your hidden service will be harder to reach too).
That being said you can choose your entry guards with the EntryGuards torrc command and the StrictNodes commands which you can find in the Tor Manualhttps://www.torproject.org/docs/tor-manual.html.en
If you are super paranoid you could add more latency to the connection between you and the hidden service server. For example you could rent a server anonymously in another country to host your hidden service, and only access that server using Tor from a random public WiFi and only for short durations (like just reuploading changed html code) using actually trusted entry nodes. This way even if they manage to find where the hidden service is located they will have to also start a separate attack to find where are you connecting to this server from. And if they find where you do connect from (which will take considerable time probably) you might have even switched to another public WiFi by that time. Also who are "they" in this case? Cause we are talking about an investigation that spans a ton of countries just to find you. I honestly believe this is overkill. If you need that much security then maybe Tor isn't for you.
Cheers.
----- My blog: http://www.inshame.com
My full signature with lots of links etc: http://bit.ly/trtsig
On 1/9/2013 4:41 AM, Konstantinos Asimakis wrote:
First of all, AFAIK, bridge relays act as entry guards, meaning they *replace* the first step of your tor circuits, they don't extend them to 4 nodes. With that in mind you might be able to do this:
your client -> bridge (obfuscated or not) -> tor node B -> tor node C -> whatever (clearnet / introduction points for your service)
If you host a hidden service, a compromised bridge on the above circuit will make you vulnerable to timing attacks whether you hand-pick trusted nodes for B&C or not.
Also in general when you talk about guard node, you mean a node that you connect directly too for your first hop on a circuit. It doesn't make sense to talk about guard nodes in the middle of the circuit, you don't really care if those are compromised or not since they don't see you IP.
So another idea would be to use Tor through Tor which unfortunately doesn't increase your anonymity much since timing attacks will still work the same way (maybe they will take a little longer to pull off though but your hidden service will be harder to reach too).
That being said you can choose your entry guards with the EntryGuards torrc command and the StrictNodes commands which you can find in the Tor Manual https://www.torproject.org/docs/tor-manual.html.en
If you are super paranoid you could add more latency to the connection between you and the hidden service server. For example you could rent a server anonymously in another country to host your hidden service, and only access that server using Tor from a random public WiFi and only for short durations (like just reuploading changed html code) using actually trusted entry nodes. This way even if they manage to find where the hidden service is located they will have to also start a separate attack to find where are you connecting to this server from. And if they find where you do connect from (which will take considerable time probably) you might have even switched to another public WiFi by that time. Also who are "they" in this case? Cause we are talking about an investigation that spans a ton of countries just to find you. I honestly believe this is overkill. If you need that much security then maybe Tor isn't for you.
Cheers.
for our purposes, "they" can remain undefined.
there are plenty of "they"s to pick from, what with illegal NSA wiretapping, various alphabet soup brigades targeting their own citizens, staggeringly escalated mandatory data retention, new anti-piracy techniques and legal precedants that allow various copyright owners to attack their own customers and clients, the list goes on and on.
And that's just the USA. once you include things like publically-admitted cooperative domestic espionage between allied countries, and other foreign powers such as China, Russia, North Korea, and just about every Arab country in existence, there are a multitude of "they"s to be cautious about.
Though, speaking as someone with an anarchist cypherpunk bent, I don't really need an excuse to take whatever precautions are available to me, seeing as any sort of activism or participation in social movements would cause me to be a political target.
The only reason I'm posting here at all is because I do not think I am yet a target valuable enough to actually pursue.
When I say "entry guards" i mean entry guards from the perspective of a tor node acting as a client.
Am i mistaken in believing that a tor bridge relay acts as a client on behalf of the actual tor client behind it?
Or does the short list of bridge relays act as entry guards, and connect to other tor relays as the first hop tor relay?
On 1/9/2013 2:57 PM, Coyo wrote:
On 1/9/2013 4:41 AM, Konstantinos Asimakis wrote:
First of all, AFAIK, bridge relays act as entry guards, meaning they *replace* the first step of your tor circuits, they don't extend them to 4 nodes.
When I say "entry guards" i mean entry guards from the perspective of a tor node acting as a client.
Am i mistaken in believing that a tor bridge relay acts as a client on behalf of the actual tor client behind it?
Or does the short list of bridge relays act as entry guards, and connect to other tor relays as the first hop tor relay?
Oh, I misread that. Nevermind!
Though I have another question!
How many bridge relays, with or without protocol obfuscation, can you use simultaneously?
Is there a limit? Can you configure that limit?
Are bridge relays in the list written to torrc chosen at random up to a certain limit?
Do you mean how many can you use I in parallel for different circuits? Or how many you can put one after the other?
I'm pretty sure that without changing the source code you can only use one bridge at the start of each circuit. Now if you mean in parallel I don't know how Tor behaves if you give it a list of, let's say, 10 bridges BUT, in any case, keep in mind that the more bridge nodes you connect directly to, the more you risk connecting to a compromised one which can lead to timing attacks.
BTW you should take the conversation to the tor-talk list since it's not about relays or hidden service operators anymore (and I'm not even sure if this list is for hidden service operators either).
Cheers. On 09/01/2013 11:35 PM, "Coyo" coyo@darkdna.net wrote:
On 1/9/2013 2:57 PM, Coyo wrote:
On 1/9/2013 4:41 AM, Konstantinos Asimakis wrote:
First of all, AFAIK, bridge relays act as entry guards, meaning they *replace* the first step of your tor circuits, they don't extend them to 4 nodes.
When I say "entry guards" i mean entry guards from the perspective of a tor node acting as a client.
Am i mistaken in believing that a tor bridge relay acts as a client on behalf of the actual tor client behind it?
Or does the short list of bridge relays act as entry guards, and connect to other tor relays as the first hop tor relay?
Oh, I misread that. Nevermind!
Though I have another question!
How many bridge relays, with or without protocol obfuscation, can you use simultaneously?
Is there a limit? Can you configure that limit?
Are bridge relays in the list written to torrc chosen at random up to a certain limit?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org