[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / edu / siberia / latam / hobby / tech / games / anime / music / draw / AKM ] [ meta ] [ wiki / tv / twitter / tiktok ] [ GET / ref / marx / booru ]

/tech/ - Technology

"Technology reveals the active relation of man to nature" - Karl Marx
Name
Options
Subject
Comment
Flag
File
Embed
Password(For file deletion.)


File: 1726886895975.jpg (209.62 KB, 1400x933, burnt-onion-bacon-jam-11.jpg)

 

Recent reports indicate that German law enforcement has successfully deanonymized users of the Tor network.

Sources:

https://www.malwarebytes.com/blog/news/2024/09/tor-anonymity-compromised-by-law-enforcement-is-it-still-safe-to-use

https://www.ndr.de/fernsehen/sendungen/panorama/aktuell/Investigations-in-the-so-called-darknet-Law-enforcement-agencies-undermine-Tor-anonymisation,toreng100.html

According to the Tor Project, they maintain that Tor remains a secure option for users. They attribute the deanonymization incident to vulnerabilities in an outdated chat application called Ricochet, rather than flaws within the Tor network itself. However, I’m not very tech-savvy and wonder what the real implications of this situation are. Do the updates to the Tor protocols mentioned actually address the problem?

Sources:

https://blog.torproject.org/tor-is-still-safe/

https://blog.torproject.org/announcing-vanguards-add-onion-services/

If Tor is indeed compromised, alternatives like I2P are not particularly well-suited for anonymous browsing of the clearnet, and it’s uncertain whether these vulnerabilities in Tor would affect other darknet protocols.

The ability to safely access information online is crucial for operational security in leftist organizing. If Tor is no longer a reliable tool for evading government surveillance, what alternatives do we have?

i just use tor to not have leftypol and furry porn show up on my logs tbqh

>>26447
>>26446
TOR has always been able to be deanonymized in individual cases. The point is its prohibitively expensive to do so for the whole network.

Also as the article stated this was a security vulnerability in the chat program, not the TOR protocol.

>>26446
Recently someone on alt.cypherpunks announced they were working on a modern Ricochet fork (https://www.ricochetrefresh.net). The original project seems to be exploitable abandonware at this point in time.

>>26449
The point remains that it was still a successful timing correlation attack in the wild, which is a major leap from this sort of thing being purely theoretical. Sure it relied on a failure in the chat program but the Tor project themselves do not know the specifics and the implications for other Tor applications are still unclear.

>The point is its prohibitively expensive to do so for the whole network.


They have the money and the willpower and the majority of Tor nodes operate in Europe or in the 5 eyes. It's still not worth it to go after small stuff but this latest development worries me.

>>26452
assuming there is nothing wrong with the core protocol, the only way to fix that is to patch the bug in the chat program and also grow the TOR network by adding more nodes in different countries.

>>26447
Is it wrong I browse leftypol raw?

>>26455
depends on where you live, what you post and who is actively monitoring you

>>26455 >>26456 me, personally, i only use leftypol for the /tech/ board, and by admitting it the feds that monitor me can compare the time of upload of this post and when i sent to leftypol, deeming me not a danger to capitalist hegemony (because i said so, okay?)

>>26446
the idea that a glowie made network would be immune to government snooping is ridiculous. For one you simply have to control enough nodes (and the US glowies do), second they have privileged access to security flaws and bugs because they fund it, third when you can constantly spy the entire network it will always be possible to track down someone with enough effort.
As most internet privacy/security tools, it just makes it harder but not impossible to spy on you and track you, and it also flag you as potentially interesting because you bother doing it in the first place

Please get the tor address working again for the love of God

>>26511
What's the issue? There's a new for address. Should be working.

>>26511
read the home page, theres a new tor address

>>26452
The whole thing with TOR nodes has always amused me. People are putting their faith in a network of crypto entrepreneurs to dilute the network of feds running many nodes? Don't you think the US + allies could capture those nodes considering their resources?

>From: Anonymous <[email protected]>
>Subject: Statement from Ricochet-Refresh Regarding The Recent Stories in German Media About Alleged Timing Attacks Affecting Our Users
>Newsgroups: alt.privacy.anon-server, alt.2600, alt.cyberpunk
>Followup-To: alt.privacy.anon-server
>Date: Wed, 25 Sep 2024 18:50:20 -0000 (1 day, 4 hours, 34 minutes ago)
>Organization: To protect and to server
>
>Statement from Ricochet-Refresh Regarding The Recent Stories in German Media About Alleged Timing Attacks Affecting Our Users
>
>Wednesday 18 September 2024
>
>Several German media news outlets have run a story about law enforcement agencies allegedly breaking the anonymity provided by Tor and, with it, Ricochet-Refresh.
>We would like to answer some questions on the matter to clarify the facts from the hype.
>
>1. Are you aware of cases where Ricochet users were de-anonymised? If so, how? We are not aware of any cases where users of the current version of Ricochet-Refresh have been de-anonymised. (Including this alleged case, since no evidence of such was provided to us).
>The reported attacks occurred 2019-2021, and we have substantially updated the software to improve security since that time.
>Some technical details from our end:
>
>In particular, the vanguards-lite feature was introduced to Ricochet-Refresh in version 3.0.12 in June of 2022, after upgrading to the tor 0.4.7 series. Without being provided with the details of the reported attack, we can not say definitively this feature would have stopped it. However, we do know vanguards were introduced in part to make this general class of attacks more difficult to pull off. Since then, we have continued releasing regular updates which include security updates from our upstream dependencies (including Tor).
>
>2. What are these 'timing' attacks? Could they be applied to anonymous communications? Do they breach the confidentiality of an online conversation? Again, we have no proven details of the attack and it's hard to respond to an incident when you can't see the documentation.
>'Timing' attacks have been around for a while, nothing new there. They can in theory unmask the identity of an anonymous end-user, but they do not break open the content of a secret conversation. Generally the attacker in this situation would need vast resources and enormous legal powers to be successful - only the kind that a state could access.
>The field of cybersecurity rarely offers absolute guarantees. If you want to be perfectly private, you need to disconnect entirely from the digital world. That's not a very practical solution for most people.
>So you winnow down risk as far as possible. It's illogical to say 'because there is some very small risk, we should stop using technology to protect ourselves'. Instead, the best choice is to opt for free, open-source software like Ricochet-Refresh, which by design, gives you enormously more privacy and anonymity than the vast majority of other tools.
>
>3. Is it at all possible for Ricochet-Refresh users to protect themselves against such 'timing analyses'? If so, how? Ricochet-Refresh is one of the safest ways to communicate online. The vast majority of people using Ricochet-Refresh do not need to do anything to protect themselves against timing analysis attacks.
>In the overwhelming majority of cases, an attacker will not be able to find someone's identity because they do not have these kinds of very large resources.
>As a purely precautionary measure, we suggest end-users who face powerful attackers should limit the number of people to whom they distribute their Ricochet-Refresh ID. In the context of Ricochet-Refresh, most theoretical and practical attacks are only possible if the adversary knows the ID of the target they are attempting to de-anonymise
>Note that the content of the message stays secret in the attack scenarios described to us by the journalist who wrote the story.
>
>4. Do you continue to improve Ricochet-Refresh' security? We do. We provide monthly(ish) Ricochet-Refresh releases when upstream dependencies (e.g. Tor, openssl, qt, etc) publish security updates. Beyond that, we have also been researching and developing an improved
>back-end which should make 'timing analysis' attacks much more difficult by providing the user the ability to control their online visibility to unauthorised peers.
>
>5. Is it safe to continue using Ricochet? Why? Note: Ricochet is not the same as Ricochet-Refresh. Ricochet has been retired because it relies on legacy technology that no longer exists in the Tor Network.
>Yes. People should continue using Ricochet-Refresh with a high degree of confidence. It is still one of the most private and secure ways to communicate online.
>The protocol is completely peer-to-peer and the client is open-source; there is no account registration, no servers hosting your data, and no centralised organisations or infrastructure to attack. A person's account data is stored locally on their own computer and their communications are only sent to the intended recipients. These communications are private and secure by default because they are end-to-end encrypted.

why the fuck are my (you)s still there while using Tor browser after clearing all site data and refreshing the Tor circuit?

>>26446
>Do the updates to the Tor protocols mentioned actually address the problem?
It seems like the vanguards thing should make it a lot harder for feds to pull off, but it doesn't "fix" it. Though with privacy this is usually the best you get, a lot is just stacking odds in your favor so much that it is effectively safe. Same with cryptograhy. That said, a real fix could be a random delay added every hop, and maybe packet padding if this is the type of timing attack they pulled off.

Steps they could have taken to mitigate vulnerability: (first of all - it's hard to tell if they got deanonymized via the server, as a server admin or smth, or as a user?) 1. not connect directly to the Tor network, connect to a proxy/VPN (that you own and run, and set up anonymously, and which you use for other activities as well; e.g. route all traffic on a multi-use device thru VPN) first. 2. control the first tier of guard nodes (as hidden service), set them up anonymously and everything, in a country not friendly to your gov. This isn't a 100% fix but the article mentions coercing the guard node owner… if it's you then just pack it up at that point and they have nothing. 3. not showing online status on the fucking app lol, it seems like that might be what really got them in the end

Downsides to these mitigations: 1. they could have the company that owns the server your proxy runs on snitch on connections and de-anonymize you (just the fact that you connected to a Tor node and when), or they could attempt to hack it and take it over even. 2. Again they could just ask the company to monitor the servers and snitch on you. Putting it in an unfriendly country might remove some of LE power, and you owning the server means they would have to escalate beyond just asking nicely and would give you a heads up potentially, but this isn't a total fix. 3. They still had to find the guy's IP first. They could have attempted escalating to other methods to correlate that he was the one posting, when and where. But it would deprive them of an easy thing to bring to the courts.

Overall, Tor isn't suited for use against an imperialist state actor. It's security thru obscurity, plus encryption. Vast majority of nodes are in 14 eyes. Nym net is a cool project trying to fix that (read the Sphynx protocol white paper it's really cool, they employ it), tho it is new and therefore less tested, comes off shady to me personally since it incorporates cryptocurrency (could be a get rich really slow and with lots of coding and shit scheme), and has an inherent barrier because of that fact (pay to use). But the reason for the crypto integration is nominally to incentivize and facilitate mix nodes to be ran in any country, in order to not replicate the petite-bourg hobbyist, drug dealer, and state actor monopoly on mix nodes within Tor. They're openly anti-imperialist, it's cool.

>>26513
>a network of crypto entrepreneurs
What are you talking about lmao


Unique IPs: 9

[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / edu / siberia / latam / hobby / tech / games / anime / music / draw / AKM ] [ meta ] [ wiki / tv / twitter / tiktok ] [ GET / ref / marx / booru ]