logs archiveIRC Archive / Oftc / #tor / 2015 / July / 27 / 1
blabla
hi, i've got a question
if you download something with tor, and somebody else is checking a website at the same time
woossa
downloading from the same website ?
blabla
if somebody wanted to check who was checking their site at that time, how would that show up in the isp's logs?
no, just some random website
Giora
Your isp wont see it
woossa
not sure what ur asking
blabla
i mean the website knows you checked it at a time, and assuming they know whoever used tor used this isp cause it has to be from a certain area
the isp logs would show you connecting to tor at that time
if somebody else was randomly using tor for something else, like downloading a file
Giora
It would be it cannot indicate where you went through tor
blabla
how would those show up in the logs
mrphs
when you have Tor Browser open, beside another browser, and downlading x on your Tor Browser, while browsing y on your other browser, your ISP would see that you're connected to Tor network (without knowing what you're doing there) and y website.
         

blabla
yeah, but they know that at that time tor was being used, and the website was checked by someone using tor
woossa
there are like a million people using tor every second of the day
blabla
yeah i know, i mean if they knew it had to be from a certain area
mrphs
if your isp and that website isp is the same, and you're the only person visiting that website at that time and also the only person who's using tor at that time
yes they can do timing attack on you
blabla
yeah that's what i mean
mrphs
but only if all of above is true
blabla
if somebody else was using tor, to download something, how would that show up?
mrphs
two people are connecting to tor, and someone is checking x website over tor (again, assuming they've control over the website or its uplink)
they wont be able to tell whether this user that is coming from tor network is indeed you
you could be visiting a third website
and that user who touches their server could be coming from another part of the world
that attack is very unlikely to ever work
blabla
is it like every time i click i send something to the website, it goes packet sent at this time to tor
mrphs
given the size of tor network
blabla
or it's continuously sending random packets and they can't tell when i sent something to the website
mrphs
yeah, and tor sends packets in a fixed size (IIRC, 256bit)
so if you're sending 200 bits, it adds 56 bits to it
if you're sending 300 bits, it sends two 256 bits
blabla
if i were to download something in a tab using the same nodes, would be make it ambiguous at which times i sent something to the other website?
or it would be obvious that i'm downloading something and sending other info at times?
mrphs
different tabs use diff paths
blabla
no they don't..
mrphs
are you using tor browser?
blabla
yeah
mrphs
you can check it for yourself, if you click on that green onion
it shows your path
blabla
you can have a separate path for a tab if you want, but by default it uses the same, at least it says so in the path thing
mrphs
"tor circuit for this site"
         

blabla
yeah
mrphs
oh are you talking about the same domain?
blabla
i don't know what you mean
mrphs
if you're visiting twitter.com on two tabs, they'd use the same path
blabla
oh
is there a way to stop timing attacks?
ncl
stop time
mrphs
tor browser already defends it to a good extent
blabla
it looks like it uses the same first node if you open a new tab
mrphs
it's your guard node.
blabla
what do you mean?
it's the node the isp knows about and communicates with right?
mrphs
seems like you should take a better look at tor design i cant explain all of it on irc
all of tor relays are public, except for bridges. anyone can know about them
blabla
yeah
but i mean the isp only knows about that one, and doesn't know where the other node is right?
mrphs
right
GeKo
nodes
blabla
yeah
if i open another tab and download something, could they still do a timing attack?
mrphs
your isp can only tell you're connecting to tor network. cant tell what you're doing on it
blabla
would it be noticeable at what time i was sending data to the other site?
mrphs
I'm afraid I confused you with timing attack
blabla
how so?
mrphs
blabla: your ultimate answer is that, if you want to be more secure and more anonymous, you should get more people on your network to use tor browser
blabla
if i download something from site a it would be obvious data passed through from the guard node to me at said time
mrphs
nope
blabla
how so?
mrphs
when tor browser is open, it sends and receives data, even if you leave it idle
to make circuits, etc
blabla
but how much data?
mrphs
it's always in a fixed size
blabla
it's open right now and it literally sent/received like 400bytes maybe in 10 seconds
mrphs
so the nework observer, cant tell how much traffic is acutally being sent over tor
blabla
if i send data to a website it would be pretty obvious no?
hmm?
mrphs
a) they wont know what website it is. 2) they wont know anything about the nature of your activity - it could be updating your tor browser, chatting on irc, or downloading from a website
s/what website/which website/
blabla
i know
mrphs
they also wont know how much traffic it is exactly. since tor adds padding
blabla
yeah but it would be way more than the 300bytes every 10seconds
mrphs
they also wont know whether it's one website, or one service or many
yeah, so?
blabla
let's say you want to download something from site a, you have to use a computer in a certain area and whoever sees that you downloaded it knows you have to be in that area
mrphs
nope
blabla
if you download at time x, they ask the isp who was using tor at time x
mrphs
they have to ask every isp in the world
blabla
they see data from tor to you at time x
mrphs
you're mixing different things
blabla
no, i'm not
mrphs
if you were the only tor user around the world, yes
blabla
i said they know somebody from a certain area accessed
mrphs
how do they know that?
blabla
but they don't know who
because the website is very specialized
and it had to be someone from that area
mrphs
the fix is, to have more people in that area run tor
blabla
at least they will check the isp
« prev 1 2 3 4 next »