An element of bad advice in this is the recommendation that you leave your cell phone turned on at home during your activities.
If "the feds" considered the possibility that this pattern of Tor activity in various wifi networks around the area all correlate to one person, they could then correlate the set of Tor uses with cell phones that sit motionless during those activities. This will completely out you unless you leave the cell phone in the same location all the time or for extremely large portions of time (a (1 - O(1/n))-sized proportion of your time) where n is the number of Tor sessions you want to perform. That's a bit pessimistic -- you could improve things by scheduling your Tor activity at times you would never be moving your cell phone anyway, and at times other people would consistently never be moving theirs -- a certain hour of the day. For example, suppose you never move your cell phone between 5 and 6 AM -- that's just a pattern in your life, and a pattern in others' lives, and if you scheduled your activity in that hour, you'd leak information much more slowly. But eventually, as more and more active cell phone users have the occasion to use their phone in the wee hours, it'll leak.
You also need to treat your personal internet activity and also perhaps electricity consumption (depending on metering technology) the same way as cell phone activity in this regard. You can't be going out using Tor at 5-6 AM some days and then be home browsing YouTube at 5-6 AM a small-ish proportion of the other days -- they'll nab you with 99.9999999% certainty in no time.
Edit: And you can't even be tired, or energetic, or have any measurable change in social activity before or after the Tor session either, of course.
I don't think the article mentions it, but in addition to the tips in the article, stay away from wireless or bluetooth connections, remove the card(s) if possible... While it might seem tin foil hat, any over-the-air communication is fairly trackable (not saying wired isn't). And while your computer or device tries to connect to a network, The control packets sent out to channel 0 will even send a list of preferred networks you've connected to in the past...
That's one that I do think it's cool to be paranoid about. Cellular networks were designed with lawful intercept in mind. Combine that with the work published recently about baseband processors and it looks to me like staying off of 4G networks is a good idea if you are doing something security sensitive.
That is an issue but how do you combine this with not connecting from your home? I would hope that as long as you keep care with your preferred networks and only connect over Tor the idea of using lots of cafe wifi spots is better than just using your own wired internet?
I really don't understand any of the points in "Your Environment".
> Never use Tor from home, or near home. Never work on anything sensitive enough to require Tor from home, even if you remain offline. Computers have a funny habit of liking to be connected…
How exactly? The entire point of Tor is that such stuff should not matter since the first node doesn't know what you have requested.
> And while the jackboots are very unlikely to show up the same day you fire up Tor at Starbucks, they might show up the next day. I
Yeah, no. Wait, what?
> I recommend for the truly concerned to never use Tor more than 24 hours at any single physical location; after that, consider it burned and go elsewhere.
Tor is far from perfect. Even if Tor does everything it's meant to. People can still compare when you're using your internet on Tor and when you doing activities online (on Tor). What this person is saying does make sense.
"using your internet on Tor" and "doing online activities (on Tor)" sound like the same thing to me.
But this whole article sounds to me like the author's expecting people to only ever use Tor when they want to hide something. What we should be doing is encouraging everyone to use Tor all the time for everything, delays be damned. That totally obliterates any correlative analysis.
This only stops the simple correlative analysis. You could probably still do correlative packet timing attacks(correlating the sent/recieve time of packets from you and from the server) , and active attacks(by adding some data to your/server packet at the ISP and watching this packet flow across the network).
Ya the anonymity sometimes isn't because I'm doing anything illegal. I've been considering setting up Tor on my firewall/router and starting to funnel connections to google, bing, facebook and things like that through it. Probably eventually funnel all http and https through it.
Logs subpoenaed from your ISP show that you were using Tor between 3:10 and 5:23 PM on 02/05/2012.
Logs from forensic analysis of a breakin to EvilCorp show that the attacker came in from Tor and was downloading secret data from 3:10 to 5:23 PM on the same day.
Not enough to prove anything, but there's definitely some circumstantial evidence there.
You've still got the spike in network activity, and if you're running a relay, you've still got the spike in outgoing activity minus incoming activity.
Yes, but the local and remote activity can't be connected. Were somebody to connect and disconnect from Tor in the time surrounding an attack, you could; but you couldn't say that a Tor user is a culprit of an attack that went over the Tor network because they were using the Internet at the time. Perhaps they're just using Facebook or HN as they do many times each day.
Um, yes it can be connected. You have a graph that looks like /\_/-\_ of bandwidth differential on one machine and you have the graph that looks like /\_/-\_ of bandwidth used on the targeted machine. Case closed. The occasional connection to Facebook isn't going to obfuscate that.
OTOH, you can also run a Tor node and your ISP wouldn't be able to see anything (other than you running a Tor node). For added security, run a Tor Exit Node and your ISP wouldn't be able to determine when you stop using the regular internet, either.
Don't really like Whonix, a bunch of VMs stacked on each other for critical isolation. I'd rather use a hardware firewall box running openbsd or portal by thegrugq. What kind of RNG is being handed out by the Tor daemon Whonix VM that has no human interaction too.
There are too many third party requests/tracking scripts (Google Adsense, Analytics, webfonts; icon font from bootstrapcdn.com; Twitter avatars) in this blog.
The blog itself is hosted in Wordpress.com. I don't if this is good or bad for visitors' privacy, but it feels bad.
(I know this kind of comment — X advocates Y but does Z, where Z != Y — is often annoying and shortsighted. That said, hypocrisy, even when it's unintended, reduces your authoritativeness.)
While reading advice like those in the article, they seem to always leave out the most central aspect of security - the threat model. Doing some guessing, the following threats are mitigated by the article:
• An attacker has access to zero-day vulnerabilities to the software running on your device¹.
• You are storing non-Tor files on your device that can be used to build a profile against you. That or you are running OSX².
• That Flash and Java are horrible messes of software, and will break your security³.
• That Online tracking of your anonymous activities can later be used to connect your real identity with an anonymous session of tor usage. Deanonymization is a big research area but with rather little known results in the real world. Search data, social network profiles and large written texts have all been subject of deanonymization research.
• That Correlation attacks are practical if an attacker knows the entry node traffic and the exit node traffic. This is also a hot research subject, and the threat model can be created by for example reading the linked research on the tor blog⁴.
• Mixing you real identity with anonymous identity can cause harm.
• If you rent time at virtual hardware, the real hardware owners can see everything you do.
• An attack, presented in a 2013 research paper⁵, to verify if a hidden service is using a guard node owned by the attacker. It then assumes that a hidden service will randomly pick at least one of of 23 tor nodes with a probability of 90% if run under a period of 8 months for the cost of 60 USD per node per month.
I could not guess a threat model for "Your workstation must be a laptop". As a last line of defense, my workstation hard drive is equally easy to destroy with a hammer as my laptop. The cell phone advice is also quite bad - see SamReidHughes comment.
"1. don't use windows"...I realize how unpopular it is to question the groupthink on this site but this strikes me as simplistic. The public takedowns related to tor have been more about firefox than windows. But I get that Linux fans like to think that this is their sole bailiwick.
If you are using tor and you are using a web browser as your primary means of communication AND YOU REQUIRE SAFTEY you have already made a serious mistake.
Using a JSON or XML based API would be much safer since you aren't having to trust any level of javascript, css, or html...fetching executable code over the internet from a third party is the ROOT of the problem.
It all comes down to what you are trying to do...why are you using tor? who is your adversary?
Just using tails or whonix and being super paranoid...because security...is kind of a shit lifestyle decision. It can also lead to a false sense of security.
> The public takedowns related to tor have been more about firefox than windows. But I get that Linux fans like to think that this is their sole bailiwick.
It's not exactly fanboyism that makes security-conscious people prefer Linux. In fact, anybody with even a basic understanding of infosec knows that Windows should be considered wide open: Microsoft has backdoors, they give the NSA backdoors, and their code isn't open to peer review. Moreover, the Tor Freedom Host attack only exploited Firefox on Windows.
> Just using tails or whonix and being super paranoid...because security...is kind of a shit lifestyle decision.
Don't you think this is a little rude? Or even just presumptive?
He is right though, FF 0day is probably not expensive regardless of O/S. A life on the run or using multiple safe houses is also a shitty lifestyle when you could just avoid all tracking cookies and executable 3rd party code with a terminal script and not have to wear a fake beard at a different starbucks everday
I love that "Microsoft has backdoors"...no one credible has said that they have proof of that. They give the US Government early access to vulnerability data...they give those updates to several governments and large corporations early as the result of agreements they have made with big customers. They also let these same entities audit the source code for windows. Look it up. If you have the money and its important to you then, yes, you can audit the windows code base.
"security-conscious people prefer Linux"...That's kind of a sweeping statement. What does security conscious even mean?
To me it sounds like this..."People who talk about security a lot use Linux by and large"..."but some of them are really partial to OpenBSD"..."and lots of Windows security experts really use Windows a lot."
I say that its a shit lifestyle decision because what is it accomplishing? You use this really restricted platform to make sure that people can't track you doing ??? What exactly? Communicating with your team of spy's??? Downloading midget porn??? Why do you think that you can have a single workstation that's good for every security corner case? What in the history of computer security makes you think that is a good idea or even desirable?
Let's take the example of the Iranian dissident trying to avoid the oppressive badies in their weird ass government...what does tails or Linux buy you? You are better off with the "throw away laptop" plan using good opsec and running tor from public places. Don't use it for anything but tor and tweeting your pics of black helmeted assholes. Get a new one as soon as possible. Rotate them with other people. The OS means next to nothing.
People keep conflating tor's uses with every possible InfoSec edge case. The dissident has different needs than a guy trying to make sure that the NSA doesn't catch him posting documents. The whistleblower has different needs than the guy buying drugs.
In all cases applying some critical thinking about what you are trying to do is a bigger exercise than "Winblows is the suxor at securitehz!"
Unix doesn't have a monopoly on security. I'm not saying windows does, but Unix people are kind of crazy about their pet platform.
ah, come on. If someone comes up with "Microsoft has backdoors", you can always counter with "the NSA developed SELinux". Still, how many articles, strike that, theories did you read, that SELinux might not be as SE as "they" say?
Just because someone points out a flaw, he is not (necessarily) an employee who wants to discredit the argument.
I'm not a MS employee or even a stockholder. I just get tired of the group think around here. It doesn't do anybody any good to let some of these "everybody knows" style truisms pass unquestioned.
The accusations of being a shill are also pretty annoying...but hey...
What do you need Windows for anyway? Especially in a "secure computing" context, modern distros are cheaper, easier and quicker to install than Windows, and yes, often more secure. Plus, learning GNU/Linux will make you a better programmer and a more capable team player. What do you have to lose?
Learning Linux makes you a better programmer? That's what I'm talking about in a nutshell. "Learning GNU/Linux" doesn't make one a better programmer. I'm not even sure how that's supposed to work...you know that there are really good programmers that use other platforms, right?
Ever heard the term, "don't knock it til you try it"? What do you have to lose by trying free operating systems? It costs nothing to run GNU/Linux in VirtualBox on Windows, and learning to interact with your machine from the command line will expand your skillset and your horizons, making you a better programmer and more valuable team player. Regardless, you're bashing people for using free operating systems in a security context, which is just asinine. This is not the holy war you're making it out to be.
Do you honestly think that I have never tried Linux? Seriously? The first time I installed Linux I had to download the floppy images over a 2400 baud modem connection to a bulletin board.
I'm not bashing people for using Linux...I'm saying that its not good security to say..."Linux is secure"...and not review your security needs from the standpoint of what you are actually trying to accomplish. I'm not making it out to be a holy war...I'm saying that people are just accepting that "Linux is more secure" on blind faith.
>"1. don't use windows"...I realize how unpopular it is to question the groupthink on this site but this strikes me as simplistic. The public takedowns related to tor have been more about firefox than windows. But I get that Linux fans like to think that this is their sole bailiwick.
The OS provides a number of security mechanisms which make exploitation harder, Windows' reputation for security (or lack thereof) is somewhat well-deserved, ask anyone who has done exploit R&D.
Even if you have an FF 0day, you still need to be able to weaponize it, bypass ASLR/DEP/etc and this may be more or less difficult depending on the target OS
Does Windows enforce ASLR on every process now? You only need one non-ASLR library to leverage with ROP. Though, you could say this falls under configuration (and I'm pretty sure the vsyscall table on x86_64 linux is still non-ASLR and that seems like a pretty trivial source of ROP gadgets), but I guess my point is its not as simple as supporting ASLR, not all implementations are created equal.
That's actually the new security model that Metro apps use. They are sandboxed by default with a declarative privileges model. I think its called AppContainer?
It looks like author of this article is doing some shady shit. Using TOR and moving so much in different locations O_o Seems like his very paranoid. I think he forgot about "Faraday cage".
"For personal reasons, I do not browse the web from my computer. (I also have not net connection much of the time.) To look at page I send mail to a demon which runs wget and mails the page back to me. It is very efficient use of my time, but it is slow in real time."
The only real reason people use Tor at all is for shady shit. They'll deny it all they want and bullshit on about "freedom", but not even Stallman is this autistic. Come on.
