[tor-talk] Tor users trackable with common proxy?

Daniel ".koolfy" Faucon koolfy at koolfy.fr
Tue Feb 21 13:26:06 UTC 2012

On 21/02/2012 12:09, miniBill wrote:
> Il 21 febbraio 2012 09:09, Andrew Lewman <andrew at torproject.org> ha scritto:
>> On Mon, 20 Feb 2012 16:15:37 +0800
>> Koh Choon Lin <2choonlin at gmail.com> wrote:
>>> "The authorities in Singapore are understood to have the ability to
>>> track down a person online even if he or she uses anonymizing
>>> facilities such as Virtual Private Networking, TOR onion routing, or
>>> other forms of proxy servers, and even if encryption is involved. This
>>> is because all internet traffic in Singapore is directed through a
>>> common proxy choke with date, time and IP stamping operation in
>>> place."
>> It's plausible they record all transit through their single internet
>> connection to non-Singapore world. Here are my thoughts, sort of based
>> on https://www.torproject.org/docs/faq.html.en#Torisdifferent faq
>> answer.
>> This collected information could give them tor clients talking to the
>> public list of tor relays or known tor bridges.
>> They have deployed a DPI device that can recognize the tor handshake
>> and are recording the tor client to relay handshake.
>> In both of these cases, they can only identify that you may be using
>> tor, not what you're doing.
>> Using obfsproxy could defeat both of the above issues.
> Paranoid mode: on
> They intercept the initial bootstrapping and make you connect
> to a "fake" tor network composed of malicious nodes only.
> Is it feasible?
As far as I understand it, as long as you check the tor software's signature, and use obfsproxy, I don't see how they would do such a thing.

Checking the software's signatures should ensure that you are not bootstrapping from harcoded malicious fake nodes or looking at the wrong
nodes list, and obfsproxy makes sure there is no recognizable handshake pattern. Even if they suspect it to be tor traffic there is no way
they can MITM an obfsproxy communication.

But again, I might be totally wrong here :)

Daniel ".koolfy" Faucon

Tel: Belgium: (+32)(0)487/898.774
     France : (+33)(0)658/993.700
PGP Fingerprint : 485E 7C63 8D29 F737 FEA2  8CD3 EA05 30E6 15BE 9FA5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120221/f6204231/attachment.pgp>

More information about the tor-talk mailing list