[tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

proper proper proper at secure-mail.biz
Fri Mar 2 01:20:30 UTC 2012

--- Ursprüngliche Nachricht ---
Von: Moritz Bartl <moritz at torservers.net>
Datum: 02.03.2012 01:27:58
An: tor-talk at lists.torproject.org
Betreff: Re: [tor-talk] Operating system updates / software installation  behind Tor Transparent Proxy

> On 02.03.2012 00:12, proper proper wrote:
> > You ask the user not to use
> Bittorrent over Tor, as the network can not handle the load.
> The problem
> is that Bittorrent opens a lot of concurrent connections to
> download many
> pieces at once. And all those "Tweak your Torrent client
> and get mighty
> mighty speed" add to that.
> The second reason to avoid Bittorrent over
> Tor is that there is no
> audited torrent client. There is none because of
> the first reason. There
> have been studies about various torrent clients leaking
> information
> directly leading to the deanonymization of users (IIRC the packets
> contained local interface
IPs), and Tor cannot stop an application from
> doing
> that.

If that were not the case... The same traffic over a single http server wouldn't be such as problem?

> But, yes, in general it holds that the Tor network could use more
> relays.
> >> Operating system updates over Tor are the main reason that
> >> transparent proxying is not recommended -- automatic update
> >
> installers are likely to leak information about the software they are
> >
> trying to update, whether due to malicious design or due to lack of
> >
> consideration for users' location privacy.
> Everyone has a "customized"
> operating system. Windows users not so much
> because Microsoft's greatest
> failure was to never add package
> management. Still, knowing about the updates
> itself is already a risk
> for your anonymity.

Why? I see a risk for Tor bandwidth. But what's the risk for anonymity when downloading
updates over Tor? Of course, the downloads have to be verified, Linux and Windows do that by default.

> Ideally, all Tor users would
> use the exact same
> version of some static operating system like TAILS, and
> update all at once.

> >  If someone were to promote an easy-to-use per-configured
> anonymous
> > torified operating system

I respect that project very much. It's not a full operating system with transparent proxy. It's a Live CD and it doesn't have persistent storage (yet). Applications are socksified and everything else is dropped. As soon as an attacker gets root, they can find out the users real IP address.

In contrast this is not the case with a torified operating system behind a transparent Tor proxy. Even malware with root would still have to hack the Tor-Gateway. And no applications have to be socksified, all are working out of the box. Only application level
leaks (TorButton for web) apply for both ways.

Therefore TAILS can not be compared with a torified operating system. It's a different approach.

powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

More information about the tor-talk mailing list