[tor-talk] Making TBB undetectable!

sh-expires-12-2015 at quantentunnel.de sh-expires-12-2015 at quantentunnel.de
Sat Oct 3 04:44:34 UTC 2015


On Fri, Oct 02, 2015 at 04:58:12PM +0000, behnaz Shirazi wrote:
> As I said it won't happen. It doesn't make sense to use
> undetectableizer when using a public Tor exit node because that will
> compromise you are using Tor thereby minority of undetectable users
> won't hurt anonymity of major detectable users nor themselves.

Since TBB uses the consensus this discussion is quite nonsensical, 
you can't hide the fact that you use tor from the site you visit, 
not with an addon or a bridge, while using tor.

Since the consensus data is available, I do 
grep "^r " /var/lib/tor/cached-consensus | cut -d \  -f 7
and have a handy list. For historic data one uses exonerator.
Since this list contains all kind of nodes (6651 atm), we make
sure not to miss anyone involved using tor or someone getting
promoted. :)

Want to know how may Exits are available? 1081 atm, to verify try
grep "^s Exit" /var/lib/tor/cached-consensus | wc -l

So, detecting Tor usage at an endpoint is a very trivial exercise.

By using a private exit, you are actually increasing chances to become
a victim of a correlation attack, since an adversary needs to observe
the private exit only, may inject patterns and try to observe
this patterns somewere. For enduring connections like bitcoin, it may be
enough to interrupt/shape/reset connections and look for whom bitcoin
isn't working anymore - there aren't much full nodes anymore.

It may work for a mining pool, but not for an individual miner. I am
not going into the subtle details of different, easy to detect
fingerprints within the protocol.

Lets not digress, back to TBB: if you allow cookies, caching or javascript 
this gets even worse. If you authenticate (like using a password or a public 
key), you are unique. If you use data of an oob protocol within tor 
(like a bitcoin) chances are  pretty high you become unique and traceable 
(reddit provides a neat list of mistakes made with tor and bitcoin).

Btw., TBB isn't designed to hide usage patterns. If you want that,
invite some friends over to surf or run a node, a relay, bridge or exit.

The benefits of tor are few but they are still awesome, you can hide the
fact that you use something from a local authority, like your ISP or an 
upstream adversary and you can hide your location/origin.

If you involve a bridge, you may hide the fact that you use tor from
a local authority, but you can't hide this fact from an endpoint.

Try hiding the fact, that you use tor from a hidden service. :)

Thats all, TBB is limiting that to https, if you use http you
become vulnerable against malicious exit nodes.

So, please forget about hiding the fact that you use tor, by using
tor, from an endpoint - it won't work.


More information about the tor-talk mailing list