9 comments

[ 3.1 ms ] story [ 32.5 ms ] thread
Don't use Bittorrent over Tor, people. It's bad for the network itself.
Basically, Tor only works if the protocol you're running on top of it doesn't do stupid things. For instance, Tor doesn't work if your browser helpfully sends geolocation information. Likewise, Tor doesn't work if you happily make un-Torred connections to possibly malicious IP addresses retrieved via a Tor link, which is more or less what the vulnerable Bittorrenters were doing. (You can run the entire Bittorrent protocol over Tor, but it's painfully slow and a big load on the network.)

In short, Tor may have real issues, but this is not Tor's fault.

I was a big proponent of Tor circa 07-09ish. However, I don't think it's really the best solution out there for those who need/wish-to-have private, anonymous internet usage. There are a number of issues I could list including how slow and unreliable it can be, but the worst by far is the fact that vast majority of the exit nodes are sniffed on or are honeypots to catch dissidents.

There is no way to know who the hell you're tunneling your traffic through, and it's really unsafe. It's much, much more safe to setup your own VPN service on another outside box/server that you personally control and tunnel everything that way.

And yes, don't ever use bittorrent on Tor, not just for the security exploit mentioned here, but the fact that that eats up __alot__ of bandwith and slows things down for everyone, dramatically.

The UofWash project mentioned in the end is a better alternative to straight bittorrent btw, in that there is __trust__ and you know who you're connecting to. Or you could just get an astraweb account, but I digress...

Anonymity is not the same as privacy. Tor is more about anonymity than about privacy.

That exit notes can sniff traffic has been known for a long time. Compromised exit nodes do not compromise anonymity as long as you don't give up personally identifiable information in traffic that gets routed via exit nodes.

More problematic is that compromised exit nodes could inject or run man in the middle attacks on your outbound traffic. These could then make you give up your real IP. This is why you shouldn't run exploitable protocols when exiting via Tor (ie. don't use javascript, flash, etc. if you want to remain anonymous).

If you're engaging in sensitive escapades via Tor to conceal your true identity, shouldn't the intentions and identity of who you're tunneling all your traffic through be one of your top priorities?

How do you know if that node with the pretty flag saying it's in Switzerland isn't logging all IPs, DNS requests, and packet headers straight to another Room 641A?

I just dislike when people suggest things like Tor without having used it themselves and seen the glaring issues and essential deficiencies with the tool.

Especially when there are such better and faster solutions available.

Because of Tor's design there's no need for trust at the exit node. Plus, you hop between exit nodes at 10 minute intervals, giving any one node at best a scrappy picture of your activities. You can also blacklist exit nodes that you consider suspicious.

Even if an exit node's logs are compromised an adversary wouldn't know your identity if you haven't given it up in the compromised traffic.

What better solutions are available? As far as I know Tor is still the most resilient option out there.

Jeez, did anyone read the article? It said that bitorrent users commonly only use TOR to access the trackers, then use a NON-TOR connection to the peer.

The researchers then recorded the user's IP address from the non-TOR traffic. Nothing magically going on here.

I have some questions about the significance of this claim. If I'm reading this correctly, the attack is that someone hosting a malicious Tor exit node (and we assume that all exit nodes are compromised -- just common sense) can correlate tracker requests over the Tor network to chunks being sent to the non-anonymous IP not over Tor.

In other words, this isn't really groundbreaking at all -- if you're requesting data to be sent not over Tor, and instead only proxying your tracker requests, of course that data can be correlated. You're anonymously asking for chunk 5429817, but telling the tracker to send it to your real IP address. An interesting issue, to be sure, but it's certainly not "breaking" the Tor network.

A lot of people are complaining about how one shouldn't BitTorrent over Tor anyway, for courtesy of the network--and I agree--however, this is just the tracker data being proxied. That is, if you were actually sending the BitTorrent data over Tor (which would slow the network), then you're protected from this kind of attack because your unprotected IP would not request data from the honeypot.

From the article:

When one of the malicious exit nodes sees an attempted connection to a BitTorrent tracker, it intercepts the response and adds the IP address of one of the honeypot clients under researcher control. The user's BitTorrent client then attempts to make a data connection directly to the honeypot without using Tor, thus revealing the user's IP address to the honeypot.

The article goes on to mention that users who do tunnel their traffic through Tor are still vulnerable if they use DHT, because DHT works over UDP while Tor only proxies TCP traffic.