Library Defeats Tor

Scott Bennett bennett at cs.niu.edu
Fri Sep 28 02:20:42 UTC 2007


     On Thu, 27 Sep 2007 19:05:27 -0700 mark485anderson at eml.cc wrote:

>On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett"
><bennett at cs.niu.edu> said:
>>      On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd
>>      <watsonbladd at gmail.com>
>> wrote:
>> >mark485anderson at eml.cc wrote:
>> >> Then after agreeing to the TOS, you are able to connect to tor servers,=
>> >
>> >> but all dns requests go through a library computer IP, such that they
>> >> can see and record where you are going. I am not sure if they can see
>> >> the TCP content, but the UDP (which I assume is the dns lookups are all=
>> >
>> >> being monitored and probably logged by the library server through which=
>> >
>> >> you are connected. Firewall logs clearly show the outgoing and incoming=
>> >
>> >> DNS packets to the library IP. Rest of connections to Tor servers in th=
>> >e
>> >> firewall log appear normal.
>> >Make sure to run DNS queries over tor if anonymity is important.
>> 
>>      Absolutely.  Check your privoxy configuration file to make sure its
>> first line is
>> 
>> forward-socks4a / localhost:9050 .
>
>already is
>
     Okay.  Good.
>> 
>> If you're using some other port than 9050, change that accordingly. 
>> Other
>> programs, e.g. PuTTY, will need to be configured, too, if you use them.
>> In the case of PuTTY, each remote login site that you configure to be
>> proxied through tor will need to be set to use socks5 and to do DNS name
>> lookups at the proxy end (see "Proxy" under "Connection").
>> 
>> >>=20
>> >> I have not run a sniffer yet on this, because my laptop is old and it
>> >> might not be able to handle it. But tor anonymity is obviously shot whe=
>> >n
>> >> connecting to their wifi nodes. I believe I tried to block the DNS
>> >> lookups to the Library IP with privoxy generic block rules and then I\
>> >Using socks-4a should fix this.
>
>already set to sock 4a
>
>> 
>>      Right.  Or socks5, though privoxy doesn't yet appear to support
>>      that.
>
>did you just start using tor?
>
     About 2.5 years so far.
>> 
>> >> could not load any web pages, indicating again that the dns requests ar=
>> >e
>> >> first being routed to the library machine, where they are, of course,
>> >> logged (and maybe sent off to the FBI, if your reading muslim materials=
>> >,
>> >> haha).
>> >Now are these DNS requests for sites you are browsing? It sounds like

     I think the question posed here may reveal the answer.

>> >that is the case, but I just want to make sure.
>> 
>>      Most public wireless locations use no encryption at all.  In these
>> situations, things like tor and SSH are about the only significant
>> privacy
>> protection most users have.
>
>no problem with tor and other wifi connections, dns goes to tor, hence
>my OP title LIBRARY DEFEATS TOR
>Tentative Conclusion: Tor cannot be used with any confidence on
>publically maintained machines, but there is no reference to this on the
>tor website; nor any real illumination from this group, so far.  I
>suppose now someone is going to tell me to disable javascript and
>cookies, ;-) The encryption is SUPPOSED to occur at the client before it
>even gets to any outside server, but obviously this is not happening as
>the dns requests are being subverted. Perhaps the traffic is being
>shuttled from the kernel OS to a library server. IOW tor should provide
>the encryption necessary and no wifi encryption should be needed. I will
>see if I can run a sniffer to find out exactly what's happening.
>
     Yes, and I think that may be why Watson asked the question I noted
above.  Tor does its own name server queries for two purposes:  1) to
provide exit service when running in server mode, 2) to look up addresses
of other tor servers, regardless of mode.  These are normal operations
and reveal only those activities.  When you are using it in a public
location, I assume that it is running only as a client.  So that returns
us to the question of exactly what kinds of addresses is tor looking up?
Are they only the addresses of other tor servers?  Or do they also
include the addresses of the web sites you're trying to reach?
     Would you also please double check your browser configuration to
make sure it is forwarding everything through privoxy?  If you're using
a firefox plug-in module like Torbutton, switchproxy, or foxyproxy, have
you accidentally disabled the proxy?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list