Tor anonymity/security at exit node

[redmon]

I have recently started using Tor and am still trying to understand the limitations. One is that Tor does not encrypt traffic between the exit node and final destination.

If the main benefit of Tor is anonymity, and if the number of people seeking anonymity potentially includes a higher percentage of political dissidents, etc., and if an organization wanted to detect and monitor political dissidents, etc., would not that organization be more likely to set up a Tor exit node to monitor Tor traffic than to monitor non-Tor traffic? If that is true, then would using Tor potentially provide less anonymity and security than using higher traffic volume non-Tor connections?

Hope that makes sense.

[|{urse]

Tor is great, if you are worried about exit nodes being sniffed try i2p.

http://www.i2p2.de/how_networkcomparisons

"Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information."

Not foolproof but a little safer. At this point you have gotten into the 'paranoid dimension' of security. If you actually need this level of anonymity I'd be shocked.

Also, i2p is relatively new and not yet blocked by many of the sites that block tor so more of the net will be accessible.

[redmon]

Maybe my hypothetical situation was too extreme. Still trying to understand the level of anonymity of Tor. Also when and when not to use Tor.

If I understand correctly, an exit node could read what is sent, but will not know who sent it. How does webmail fit in? Could an exit node read email sent from the gmail website? If purchasing something through a website, could the exit node read confidential information such as a credit card number?


A reply to a thread in another forum stated that Tor should not be used for webmail or anything personal. Which leads back to my question: when and for what should I use Tor?

[winh8r]

Tor is a great resource for those requiring short periods of "anonymity" such as sending a report out of an oppressive regime or something along those lines. It is however not such a great proposition for general everyday use. That and the fact that it can potentially cut your connection speed by a considerable amount, coupled with the points you raised in your first post about "rogue nodes" sniffing traffic passing through.

I would agree that it would be unwise to send sensitive personal data through a tor network, due to the fact that it is "secure" it therefore tends to attract an interest from those with a desire to circumvent "security", generally speaking.

I usually advise people that unless you actually NEED to use Tor, it is best to avoid using it. By need, I mean those people who for whatever reason cannot communicate through "normal" channels for fear of reprisals.

A well configured operating system using encrypted connection and pgp keys , coupled with a sensible operator is just as secure as a Tor connection.

As I said earlier, it is good at what it does, so long as what it does is what you need.

There is virtually no way to use the internet in "Total Anonymity", there are ways to disguise who you are and where you are but the truth is , wherever you go you leave a digital fingerprint somewhere along the trail.

[imagecko]

For a few years ago a swedish guy started to "listen" to what what was sent in Tor.
He had a large list of working passwords to different mailboxes and stuff on his harddisk after a while.

[ottosykora]

People sometimes confuse TOR with some kind of vpn.

OK, we can to certain limit see it as vpn between the user and the exit node.
But remember: it is asymmetric encryption between the nodes involved and this can not be understood by anyone or anything else then other tor node.
So the traffic has to be decrypted at the end and delivered in its normal standard language to the called web servers. Because the web servers do not understand anything else.

However the origin of the original request to the web server is wiped, it is non existent and can not be reconstructed.
Traffic between the TOR nodes can not be monitored or decrypted, no such technology exists so far.
The actual traffic between the exit node and the destination can be read as if there was no tor involved.
Everybody who knows to operate some network sniffer efficiently can monitor all traffic as he can do otherwise.
(If ssl is involved, he might have slight problems here too.)

Webmail:
thinking about it. The browser in users computer sends requests, gets data back , then user writes text and mail commands, sends it to the webmail server. All is normal web server! Therefore also here, the origin is wiped completely, but after exit node, everything can be monitored, all data going back and forth as the webmail server does not understand anything else, in some cases it understands ssl, so tor will use it.

SMTP Mail:
one can make the mail client to use the tor subsystem too. But then again, it will travel highly encrypted from the users computer to an exit node. From there it has to go again as normal SMTP, if the server understands some ssl, then tor will use it too.

Few things has to be considered. Today a browser does not only send requests to port 80 on some destination and asks for some picts and texts.
Browser will employ number of other programs as plugins and addons and those can find their own communication, using own way to communicate with some servers where ever.

Have met someone who complained that in the bundle tor browser he can not use flash for youtube videos...

[ottosykora]

would not that organization be more likely to set up a Tor exit node to monitor Tor traffic than to monitor non-Tor traffic? If that is true, then would using Tor potentially provide less anonymity and security than using higher traffic volume non-Tor connections?

Hope that makes sense.

sure, but let think it to the end. This is the same as 'authorities' will just monitor encrypted traffic . They will just estimate from the amount of traffic what could go on.

There is no problem in setting up an exit node and monitor all traffic leaving it. If the contents of the traffic do not give any indication of who is the originator of the traffic, then the info is of limited use.
One could get the idea to set up a number of nodes and hope so to get some traffic from beginning to the end. But tor network is build to avoid this possibility. It forces the traffic via different parts of the world so such scenario can not happen.
The standard today is set to 3 hops, but it can also be increased to 5 or 6 and it would be essential to monitor the first entry point, all intermediate points and the exit node at the same time and even then the actual reconstruction of the original ip could be not easy.

[ottosykora]

For a few years ago a swedish guy started to "listen" to what what was sent in Tor.
He had a large list of working passwords to different mailboxes and stuff on his harddisk after a while.

so what?
everybody can do this, you can do it too. Where is the problem?
There is no intention to prevent this at all.

[redmon]

ottosykora,

So if the webmail uses https, does that mean that the text in the messages is encrypted?

If the email client uses SSL/TLS for both incoming and outgoing, is the text in the emails encrypted?

Then the exit node would not know either source or contents? If that is true, then Tor could be used for safely sending confidential information?

[ottosykora]

ottosykora,

So if the webmail uses https, does that mean that the text in the messages is encrypted?

If the email client uses SSL/TLS for both incoming and outgoing, is the text in the emails encrypted?

Then the exit node would not know either source or contents? If that is true, then Tor could be used for safely sending confidential information?

hmm , have to be careful, the thing with the https is such that if I tell you, yes 100% encrypted, I may earn some flames here... as they are real experts around here.



but ok, the communication is encrypted, so if someone intercepts the traffic, he will not be able to read anything unless he is able to run some of the attacks against ssl in reasonable amount of time.
What is probably wrong term is that the text is encrypted. The communication is encrypted as such, provided the server uses it all the time and not only during authentication process etc. which some of them do.

It does not say what does happen with the mail when it leaves the server however. In fact, webmail is just kind of remote control of mail client on other computer and therefore you would need to know what does happen with the mail when you click on the send button in that 'remote mail client'.

If you manage to use tor for mail protocols too, then clearly ssl/tls will remain as they are, the traffic will be encrypted by them.


BTW: there exists an addon for firefox which will test if a target server is able to understand ssl and will force ssl communication in such case.
This addon is also included in the tor browser bundle already.