logs archiveIRC Archive / Oftc / #tor / 2015 / July / 2 / 1
jjweiss__
annonch: I was referring to the HSDir issue
a malicious node that becomes the HSDir for the onion site you're visiting can track the site back to where it lives, making it no more secure than a clearnet site
cacahuatl
What?
No
jjweiss__
this: http://www.idigitaltimes.com/deanonymizing-tor-hidden-service-traffic-through-hsdir-cake-walk-say-researchers-hitb-445328
cacahuatl
And that's A) not what that attack does and B) not what you just explained
You need to be both the HSDir and the guard for this to work, an HSDir alone does not know where an onion service "lives"
jjweiss__
Sorry, I abbreviated because I figured it was pretty common knowledge by now
the point was that you can't count on any given onion also being its own HSDir to mitigate the issue, and also that (from the client standpoint) the risks are roughly the same
cacahuatl
No
jjweiss__
that's not a very good rebuttal :/
cacahuatl
I don't really care to debate with you because it's always been folly before, I just thought I'd clarify for others reading it.
jjweiss__
"On the side of the Hidden Service providers, the best solution currently is to become ones own HSDirs. You can trust your own node so being your own HSDirs makes the most sense. This gives providers a form of detection as well. If they see other HSDir relays competing heavily for those positions, it could be a red flag."
^ that is what you need the rebuttal for, right from the provided link
         

cacahuatl
If the problem is that the HSDir knows where it lives, then if you become your own HSDirs then your relays that are doing this A) look weird and B) are publically listed, meaning you show who you are anyway.
As the rearchers pointed out, this only works for sites like facebook who do not have reason to hide the hosters identity
jjweiss__
cacahuatl: did the stable flag patch land yet?
cacahuatl: I leafed through the slides and I didn't see anything corroborating that statement
I did see this in them to corroborate the article's version though: "Hidden service users face a greater risk of targeted deanonymization than normal Tor users."
they also talked about government level adversaries and control over ISPs in their hypothetical situation, which is exactly what the OP would be facing
cacahuatl: if you believe I'm misreading it, it shouldn't be that difficult to set me and tfa straight. I have very little use for HSes in my particular use cases, so I'm just going off of what I've read
"because I say so" and other hand waving tactics aren't likely to end in the result you want
Warr1024
it does sound a bit theoretical.
forcing yourself to be chosen as an HSDir would require you to manipulate the global list of available relays, wouldn't it?
seems like an attack on that scale would require considerable resources...
cacahuatl
No, it works, it does require resource.
but it's feasible, but you need to know the onion and know who's hosting it, then become the majority of their HSDirs, then target the end user, then you have a possible correlation attack to know within a % of certainty that a certain user wanted the descriptor of an onion.
However you don't know if they ever actually contacted it, when, what you said, for how long, or even with 100% certainty that it was them.
Warr1024
yeah, I've heard a lot about correlation attacks, but are they really *practical*? I don't think I've heard any figures on that using real-world data.
I mean, yeah, you can correlate traffic on your tiny research network with only a handful of nodes with some success, given long-term use...
...but how does the noise of millions of real-world users with changing habits affect the practicality of correlation attacks?
cacahuatl
For good reason, people don't use real world data because it's damaging to users (obligatory 'Fuck CERTCC!' *spit*)
Warr1024
it might be nice to have some kind of opt-in or something, though, to tag otherwise-theoretically-"real" traffic as available for research purposes...
...though I guess then you can't be sure that there isn't a bias between traffic characteristics between those who volunteer and those who NEED the protection.
cacahuatl
yes, lets tag our traffic and make it distinguishable ;) what could go wrong
http://freehaven.net/anonbib/topic.html#Traffic_20analysis
Warr1024
well, obviously it'd have to be done right; there are nuances to it that would be annoying to try to summarize in here.
for instance, you'd probably make it a fairly non-obvious opt-in for "experts" only so that we avoid leaving only a small fraction of users with untagged traffic.
and, of course, maybe when you get to the bottom of the rabbit-hole, you find that it doesn't lead anywhere... I'm not all that up-to-date on all the research, after all.
jjweiss__
Warr1024: I specifically limited my arguments to JUST unmasking hidden services because that is apparently the easiest thing to do thanks to the HSDir issue
The OP was asking about onions for whistleblowers as if that offered any real protection over just accessing comparable clearnet sites over tor, and that assumption is dubious at best
Warr1024
Maybe I should dig around in the proposals repo and see if I can find what they have planned for next gen HS's that addresses the issue.
cacahuatl
it's easier to target, you still need to use some kind of end-to-end correlation and it needs to be targeted against a specific onion. IE, the adversary knows the onion and has a suspect user, and even if all goes well they don't know much about what actually happens.
Warr1024
it sounds like onions ARE safer, though, at least, operationally; it's easier to screw up communications when the destination is clearnet...
cacahuatl
if I put <iframe src="http://foo.onion"> onto a website, then lots of people request the descriptor and don't do much with it, the attack, even if successful, wouldn't be able to distinguish the user from the person who rendered the iframe
jjweiss__
cacahuatl: I kind of wish I had bookmarked the original article now. they went through and explained how becoming the HSDir for a given HS allowed for the eventual correlation of specific hidden services to specific tor nodes
Warr1024
cacahuatl: that's a pretty interesting mitigation, though with potentially non-trivial cost to the network...
cacahuatl
it's not a "mitigation", it just shows that the attacker even if it all went well for them, has little to no context for the request.
jjweiss__
it would be mostly a non-issue if you could guarantee any arbitrary site was acting as their own HSDir, but afaik, that's not possible at present
pwnstar
can anyone here connect to oftc with tor? i haven't been able to do that in one week almost
jjweiss__
I'm connected via tor at this very moment
         

Warr1024
cacahuatl: it's a mitigation in that it reduces the usefullness of the information that an attacker might get so theoretically provides some protection for people accessing it in a way that IS meaningful.
pwnstar: oftc periodically blocks tor access, but you might be able to log in using CertFP or something.
fberet
is this channel OK to ask for torbrowser-launcher related problem?
RolaCola
sure
fberet
Alright here is my problem, I'm trying to use TBB with torbrowser-launcher, but everytime I launch it (the torbrowser-launcher), it starts downloading the latest TBB but then fail to launch it. Even if the files after that are there, it re-downloads everytime the TBB and fail again to launch it at the end. Here are the logs of what's happening: http://pastebin.com/7ypswYgL
cacahuatl
Are you running an old version of it?
(if it's in the debian repos, the answer is probably "yes")
fberet
cacahuatl: I'm running the version in Debian Jessie (0.1.9-1+deb8u1)
cacahuatl
oh, I think the download is failing
fberet
cacahuatl: are you sure? because I can go to "/home/mark/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/" and launch it manually
cacahuatl
"Running /home/mark/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser" <- should be "/home/mark/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser"
it's targeted at the old tor versions, so yes, the issue is it's an out of date torbrowser-launcher
around 4.5~ they moved start-tor-browser script into the Browser/ directory
fberet
cacahuatl: thats what I though too because its a first launch setup located at "/home/mark/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser"
+t
got you
cacahuatl
you can edit line 148 of common.py in TBL and add in /Browser/ before start-tor-browser
https://github.com/micahflee/torbrowser-launcher/blob/283fdf1e0ee0fbaa59bcfe27e7d3069346aa9768/torbrowser_launcher/common.py#L148
fberet
cacahuatl: where is this file located? I can't find it
cacahuatl
'/usr/lib/python2.7/dist-packages/torbrowser_launcher/common.py'
it might become a total mess though, if you're using apparmor, and be worth seeing if there's a backport from sid?
`apt-get install -t jessie-backports torbrowser-launcher`
mancha
apt-get install real_distribution
(Action) ducks
fberet
mancha: whats your real_distribution alias pointing to? :)
cacahuatl
plz no distro wars :P that for certain is for #nottor, tbl is kind of borderline as it is.
mancha
heh. i actually use several. i was just poking for fun.
the same reason i always tell ubunters to "sudo make me a sammich"
fberet
cacahuatl: everything works fine (even the 56k modem sound...), thank you for the workaround
cacahuatl
np
mancha
i love that sound
fberet
yea but it blocks my home phone now
mancha
V.92 is the bestest.
I didn't know people still used dial-up modems.
Warr1024
they should play that sound while the "connecting to tor" progress window displays when opening TBB.
mancha
heh. that does take somewhat long
setting up a tor circuit is very fast on *nix. why is it so slow on windows?
fberet
Warr1024: if you use torbrowser-launcher on Debian you have it ;)
Warr1024
fberet: checking it out now ... damn, that's a lot of python deps.
fberet
but yea I'm already connected the sound hasnt finish yet
Warr1024
what's it do, just download and verify the official TBB package or something?
fberet
Warr1024: yes I found too...
Warr1024: yes
Warr1024
thanks for the heads up, sounds useful, maybe less error-prone than the manual route.
mancha
(Action) MITM's the download and injects his own .asc
now what?
web of trust folks, WeB 'o TrUsT
fberet
Warr1024
have they brought back the torproject.org hidden service yet?
« prev 1 2 next »