[tor-talk] A security concern about Tor.

grarpamp grarpamp at gmail.com
Sun Dec 22 23:06:42 UTC 2019


On 12/16/19, Jason Long <hack3rcon at yahoo.com> wrote:
> Hello Tor Team,
> I read some articles about Tor security and some of them said that if the
> governments see your real IP address then they can't see
> the Tor traffic or websites that visited by Tor and if they can sniff Tor
> traffic then they can't see your real IP.
> Is it true?
> How Tor team members are sure about it? If the governments use any special
> devices for sniffing Tor traffics then why
> they should reveal it?
> If a user use the Telegram messenger with Sock5(Tor) proxy, then is it
> secure?

That 'secure' is an absolute word, there are no absolute
yes or no answer in security, only relative, except for
proverbial cutting the cable or never using one.

These questions are not specific enough for anyone
to answer. Links to the articles would be needed if
you want people to comment on those.

Governments won't reveal or stop using secret devices
unless the entire world's people demand them to.
Governments do use parallel construction.
It's not too difficult to come up with plausible and even
very likely estimates of what tools global governments,
spy entities, corporations and others are using.
If you can create devices in your mind, so can they.
Snowden and others already revealed parts of the spying.
For examples of what governments and other attackers
can and are doing since many decades...
search: Tor Stinks slides, read some of the network
traffic analysis, Sybil, and design whitepapers mentioned
in the "anonbib", some books "No place to hide",
"Permanent Record", "Puzzle Palace", etc.

There are lots of uses, and ways of using, where people
might be wise to consider not only Tor but all of todays
overlay networks to be unsafe and not suitable for
their needs.


https://en.wikipedia.org/wiki/Telegram_(software)

Can users plug all sorts of messengers, browsers,
filesharing, cryptocurrencies, applications into tor... yes.
(If you need UDP or IPv6, then add in OnionCat or VPN.)

Do some use cases for tor and other overlays provide a
layer of some level of additional protection against some
adversary attacks, beyond just raw clearnet... yes.

Should users panic about simply chatting with friends and
surfing the web over tor... no of course not, unless tor itself
is illegal for them to be using. If it's fine, then use it for that
and have fun :)

Is Telegram over tor 'secure'... that's a blanket absolute
statement, no one would say it like that, or really speculate
or analyze on it without details on usage and threat model.


More information about the tor-talk mailing list