> Of course, we need to make sure that the data isn't modified on the way from the client.
Why is this necessary if every layer of the onion is a trustable encrypted link?
MzxgckZtNqX5i 66 days ago [-]
Relays can be malicious and try to tamper with the data. Think of Tor relay encryption like Signal's E2E encryption, where the relays are analogous to Signal's servers. You want to ensure they can neither see what you sent (confidentiality) nor modify it without detection (integrity).
amelius 66 days ago [-]
Yes, but if it's all encrypted tunnels inside encrypted tunnels (recursively), then those relays can't really see the data, right?
MzxgckZtNqX5i 66 days ago [-]
That is correct. But, (in general) encryption does not necessarily guarantees integrity of the data. In other words, a plaintext can be encrypted, the ciphertext given to another party, and they can tamper with the ciphertext in a way that produces predictable changes in the message obtained by decrypting the tampered ciphertext.
amelius 66 days ago [-]
Ok, but if I run (say) HTTPS over the innermost tunnel, then I suppose that HTTPS will take care of any discrepancies.
costco 66 days ago [-]
The malleability of the ciphertext matters because it enables certain circuit tagging attacks as the article explains. It means that the exit relay could confirm you are using a guard relay also controlled by them and thus discover your origin IP address.
You can indeed use HTTPS with the end server (e.g., accessing Wikipedia). This correctly hides the traffic content from all relays.
To reach this point, though, you first need to set up the Tor circuit itself. This is done in a 'telescopic' fashion: the user connects via TLS to the first relay, then sends a message to extend the circuit to a second relay, then to the third (and usually last) relay. Finally, to open Wikipedia, you send a layered encrypted message to the last relay. All this data is link-protected by TLS on the wire, but protected by Tor's relay encryption mechanism while being processed by the nodes.
47282847 73 days ago [-]
Cool! Congrats! Awesome work.
Small typo: “observing predicatable changes“
66 days ago [-]
sevg 66 days ago [-]
I think you’re getting downvoted because you’re reporting the typo in an odd and likely unproductive place.
I’m not sure what you expect HN readers to do about the typo. There is a comment section on the blog itself :)
gus_massa 66 days ago [-]
It's not unusual that the author (or someone of the team) see the trafic peak an appears in HN to reply the questions.
sevg 66 days ago [-]
Sure, that happens.
But instead of just reporting it directly, we instead get this unsubstantive comment (“Cool! Great! Btw you spelled a word wrong.”). Essentially just noise, nothing that provokes curiosity or interesting discussion.
blocchainz 73 days ago [-]
[dead]
greekrich92 66 days ago [-]
Is it quantum-proof?
vscode-rest 66 days ago [-]
Quantum isn’t the problem. Majority-internet telemetry is.
ekjhgkejhgk 66 days ago [-]
Is it alien-proof?
JoachimS 66 days ago [-]
All information is translated to Finnish at ingress, so yes.
m00dy 66 days ago [-]
hey guys, anyone believes Tor still can provide anonymity to users ? just trying to ask politely.
I mean definitely state level actor, for example, let's say you can access all data centers in EU as most tor nodes are located in EU.
jeroenhd 66 days ago [-]
There are countermeasures you can take against timing attacks, pattern analysis, and other capabilities an attacker may have if they control many relays. If you're trying to exfiltrate military secrets to the Russians, you can probably do it, but you'll have to be extremely careful. Your behaviour is as important as the network you use to communicate over, if not more important.
There is no single state actor that has access to all data centers in the EU, though. For some countries, there's barely a state actor that can access all data centers within a single country.
There is no tool that will let you become immune against a theoretical hyper powerful super government that controls all data centers, just by clicking a button. There never will be.
edgineer 66 days ago [-]
There's some neat math that shows how one could send (radio) signals which are undetectable to an observer. Last I read, the research was in specific, purely theoretical scenarios but the idea is that you could send bit impulses which stay within the noise floor. Transmit with a power less than R^2 (in discrete time and ignoring triangulation and you have to pre-coordinate the timing of the transmissions with your partner via pre-shared one time pad and use plenty of error correction) the enemy observer cannot prove that someone is sending signals at all.
Maybe no such techniques could ever apply to the internet, but I'm not sure it's proven impossible. You would need a well defined threat model but if you can show that your enemy is working with noisy data and strictly in the digital space, I don't see why statistical de-anonymization couldn't be foiled.
ongy 66 days ago [-]
Low stakes (IP violations etc.): absolutely
High stakes (military / nation state scale): no
lurker_jMckQT99 66 days ago [-]
hey, would you mind elaborating (with sources)?
jstanley 66 days ago [-]
This FUD comes up whenever Tor is mentioned on Hacker News. The answer is: let's say you think Tor isn't 100% flawless. What are you going to do? Not use Tor? It's better than any other option.
impossiblefork 66 days ago [-]
What you'd do is that you'd write a distributed remailer where fixed-size messages are sent on fixed timeslots, possibly with some noise in when it's transmitted, with a message always being sent on its timeslot, even if a dummy message must be sent.
I've been writing a system like this in Erlang, intended to be short enough that you can take a picture of the source code and then type it in by hand in a reasonable amount of time, as a sort of protest against Chat Control. I'm not sure I'm going to release it-- after all, they haven't passed it yet, and there are all sorts of problems that this thing could needlessly accelerate, but I've started fiddling with it more intensively recently.
Ah. It actually looks very sensible. I knew things like that existed, but didn't know they had dummy messages.
I guess my approach is more P2P, more simplicity, shortness and clarity focused, as well as perhaps emphasizing general networking less-- I sacrifice more, I'm fine with 3-6 second delays on all messages, for example. I guess I also emphasize scale in that I intend to have 10,000+ connection open simultaneously on every peer, and because of this you don't even always need the retransmission aspect, since the person you want to talk to might be in the group of 10,000 that you send a message to every second.
So in my thing the mixing is less important and the retransmission aspect is only needed when the network grows so big that you, when you connect don't happen to randomly end up directly peering with the person you want to talk to.
zmgsabst 66 days ago [-]
Don’t things like Freenet do similar?
Except that every user is also a node, thereby mixing their personal traffic into a share of network traffic. Or so I understand it.
impossiblefork 66 days ago [-]
I'm not sure. Freenet actually stores information, this is pure communication system. I don't think it uses dummy messages.
My target size is also <500 lines, and I think <200 is feasible, whereas Freenet is apparently 192,000 lines.
jeroenhd 66 days ago [-]
While there aren't as many services available, there are alternatives to Tor. Veilid on the protocol level seems to be quite promising, and I2P and other networks also provide some Tor-like features.
If you're trying to browse the web then you won't find many alternatives, but if you're looking to avoid the authorities doing some data exchange, you have options.
matheusmoreira 66 days ago [-]
The better option is to use Tor while being aware of its caveats and limitations. Don't be lulled into a false sense of security.
bigyabai 64 days ago [-]
It's not FUD at all. I think you would be utterly shocked how many active alternatives exist, and how small Tor is compared to it's reputation.
Rendered at 10:41:13 GMT+0000 (Coordinated Universal Time) with Vercel.
Why is this necessary if every layer of the onion is a trustable encrypted link?
There are many reasons that these cryptographic tagging attacks are a lot worse than just the timing correlation attacks that are possible if you control the guard and exit of a client: https://archive.torproject.org/websites/lists.torproject.org...
To reach this point, though, you first need to set up the Tor circuit itself. This is done in a 'telescopic' fashion: the user connects via TLS to the first relay, then sends a message to extend the circuit to a second relay, then to the third (and usually last) relay. Finally, to open Wikipedia, you send a layered encrypted message to the last relay. All this data is link-protected by TLS on the wire, but protected by Tor's relay encryption mechanism while being processed by the nodes.
Small typo: “observing predicatable changes“
I’m not sure what you expect HN readers to do about the typo. There is a comment section on the blog itself :)
But instead of just reporting it directly, we instead get this unsubstantive comment (“Cool! Great! Btw you spelled a word wrong.”). Essentially just noise, nothing that provokes curiosity or interesting discussion.
There is no single state actor that has access to all data centers in the EU, though. For some countries, there's barely a state actor that can access all data centers within a single country.
There is no tool that will let you become immune against a theoretical hyper powerful super government that controls all data centers, just by clicking a button. There never will be.
Maybe no such techniques could ever apply to the internet, but I'm not sure it's proven impossible. You would need a well defined threat model but if you can show that your enemy is working with noisy data and strictly in the digital space, I don't see why statistical de-anonymization couldn't be foiled.
High stakes (military / nation state scale): no
I've been writing a system like this in Erlang, intended to be short enough that you can take a picture of the source code and then type it in by hand in a reasonable amount of time, as a sort of protest against Chat Control. I'm not sure I'm going to release it-- after all, they haven't passed it yet, and there are all sorts of problems that this thing could needlessly accelerate, but I've started fiddling with it more intensively recently.
I guess my approach is more P2P, more simplicity, shortness and clarity focused, as well as perhaps emphasizing general networking less-- I sacrifice more, I'm fine with 3-6 second delays on all messages, for example. I guess I also emphasize scale in that I intend to have 10,000+ connection open simultaneously on every peer, and because of this you don't even always need the retransmission aspect, since the person you want to talk to might be in the group of 10,000 that you send a message to every second.
So in my thing the mixing is less important and the retransmission aspect is only needed when the network grows so big that you, when you connect don't happen to randomly end up directly peering with the person you want to talk to.
Except that every user is also a node, thereby mixing their personal traffic into a share of network traffic. Or so I understand it.
My target size is also <500 lines, and I think <200 is feasible, whereas Freenet is apparently 192,000 lines.
If you're trying to browse the web then you won't find many alternatives, but if you're looking to avoid the authorities doing some data exchange, you have options.