[tor-talk] using a VPN, proxy or ssh can make you actually less anonymous

Paul Syverson paul.syverson at nrl.navy.mil
Mon Jul 11 10:05:17 UTC 2016


On Fri, Jul 08, 2016 at 08:17:05AM -0400, Sci Fith wrote:
> 
> I've tested for research purposes running both proxychains and
> openvpn setups using 2-3 VPSs with private ip addresses from bolt vm
> for really cheap per month. Worked really well as an alternative to
> using Tor.
> 
> Question, If you run your own relays couldn't you just force your
> host to connect to your relays only, thus ensuring that you won't
> randomly hit a malicious exit or be de-anon by nefarious actor? Yes
> this assumes you have a guard and exit relay running as well, but
> still wondering the security of that versus other setups.


Assuming that your client-guard connection is not observed _and_ your
adversary cannot learn through observation that those relays are
yours, then you would (mostly) avoid de-anon. The problem is that this
association is not easily hidden. If, e.g., your exit's ISP notices
repeated patterns from certain circuits, it can form a pseudonymous
profile of you. Now if there is ever a single link to your actual IP
or other sensitive identifier that whole profile is linked to
you---probably worse than a single connection de-anon.

This is a major basis for Tor in the first place. When we created
onion routing, we noted that a Navy only network would identify
traffic into/out of the network as for the Navy. So one had to carry
traffic for diverse parties to protect against this. And since
limiting traffic to those trusting an entirely Navy run network is
similarly problematic, you have to let diverse others run some of the
network. And since they won't just trust your code, it has to be open
source. That is how we have been doing it since the nineties.

One could, as you suggest, just use your own trusted relays within
that larger network. But that brings you a long way back towards the
original problem we were looking at in 1995. Leveraging trust safely
and efficiently turns out to be hard. We've been looking at this for a
while now. For our latest publication on incorporating trust in
relays, ISPs, etc. into routing decisions see "20,000 In League
Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea
Cables" Jaggard et al. Proceedings on Privacy Enhancing Technologies 1(1).
https://www.nrl.navy.mil/itd/chacs/jaggard-20000-league-under-sea-anonymous-communication-trust-mlats-and-undersea-cables-proceedings

HTH,
Paul


More information about the tor-talk mailing list