[tor-talk] ISP surveillance.

Seth David Schoen schoen at eff.org
Thu Jul 24 18:04:40 UTC 2014

Marcos Eugenio Kehl writes:

> Hello experts!
> TAILS, running by usb stick, protect me against forensics tecnics in my pc. Ok. 
> TOR, running as a client only or as a relay, protect (theoretically) my privacy. Ok.
> But... if my static IP, provided by my ISP, is under surveillance by a legal requirement, what kind of data they can sniff?
>  I mean, my connection looks like a simple HTTPS, or they know I am diving into the Deep Web, "hacking the world"? Could the ISP capture the downloads dropping into my pc when running TAILS? 
> If so, TOR Socks (proxy + TOR) is the pathway to deceive and blindfold my ISP? 
> https://www.torproject.org/docs/proxychain.html.en

Oi Marcos,

Normally Tor doesn't try to hide the fact that you are using Tor.  So,
your ISP can see that you're using it, and when.  Tor only tries to hide
the particular details of what you are doing.

Although some Tor connections do "look like simple HTTPS" in some ways,
the connections are always made to the IP addresses of Tor nodes, and
the complete list of those addresses is openly published.  So it's easy
for the ISP to notice that you're using Tor, and some firewalls and
kinds of surveillance equipment can be programmed to detect Tor use if
the person operating them cares about it.

There are other methods to try to hide the fact that you're using Tor,
especially meant for people on networks that block Tor.  The main method
of doing this is called bridges, which you can read more about on the
Tor web site.


Most people who use bridges are on networks where Tor is blocked
completely, so they have a very practical reason to try to hide the fact
that they're using Tor.

One of the benefits of Tails is that it will send all of your
communications over Tor.  So, if you believe that Tor is appropriate to
protect you in a particular situation, you can get that protection
automatically when you are using Tails.  Your ISP will not directly see
what you do, although someone who can see both ends of the connection
can try to use information about the time of the connection to identify

Torsocks and configuring Tor to use a proxy are not very relevant to Tails
users.  Torsocks has to do with getting other applications apart from
the Tor Browser to communicate over Tor (which Tails does
automatically!), while configuring Tor to use a proxy is mostly relevant
if you're behind a firewall which doesn't allow direct Internet
connections.  (Sometimes it's an alternative to bridges, but it may not
be a particularly strong way of hiding your activity from your ISP --
it doesn't add any additional encryption or obfuscation.)

Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107

More information about the tor-talk mailing list