[tor-talk] Thoughts on proxy setup wrt insecure connections

thecarp thecarp at gmail.com
Mon Feb 28 21:32:49 UTC 2011 

On 02/28/2011 03:30 PM, Robert Ransom wrote:
> On Mon, 28 Feb 2011 15:02:40 -0500
> thecarp <thecarp at gmail.com> wrote:
>
>> After the whole discussion about "gatereloaded" and "badexits" I was
>> thinking a bit about the discussion and wondering if there is a way to
>> add a bit more protection to people who are, well, newbs. As one article
>> pointed out:
>>
>> "many who use Tor mistakenly believe it is an end-to-end encryption
>> tool. As a result, they aren't taking the precautions they need to take
>> to protect their web activity. "
>>
>> This is a similar, but not exactly the same problem. Clearly blocking
>> all port 80 would be pretty harmful to a lot of use. However, for
>> protocols like pop3 or imap, the case for allowing them is clearly not
>> as strong, though, the case for banning them completely or requiring
>> exit nodes to carry both is... pretty dubious (especially given that
>> some people will run things on non-standard ports anyway).
> Connections to the plaintext POP3 and IMAP ports may be secured using
> the STARTTLS command.

I always forget about STARTTLS

You are absolutely right of course, and that applies to other protocols
as well.
>> So here is my thought, what do people think of a configuration item in
>> tor, setup to be "on" by default, which blocks attempts to go to certain
>> ports at the proxy level, but allows users to turn this "protection" off
>> if they wish to? Maybe make the list of blocked ports configurable.
> This enables attacks against users' anonymity -- for example, a web
> page at <http://evil-site.example.com:80/> could include
> <http://evil-site.example.com:110/foo.png> as an inline image to
> distinguish users who have configured their Tor client to allow
> connections to port 110 from those who have not.
>
The only hole I would shoot in that is that, as I mentioned, polipo is
already blocking access to many ports by default, and so this sort of
attack is already possible for some of those ports. Actually that makes
a good case for not running anything on ports that polipo blocks by
default, since any change there could be detected so easily. I never
thought of that.

Good anonymity really is a much harder problem than it would seem. It
really is amazing the number of ways it can fail.... and in such simple
ways.

More information about the tor-talk mailing list