Snowflake is a new circumvention system currently under development. It is based on peer-to-peer connections through ephemeral proxies that run in web browsers. Snowflake proxies are lightweight: activating one is as easy as browsing to a web page and shutting one down only requires closing the browser tab. They serve only as temporary stepping stones to a full-fledged proxy. Snowflake derives its blocking resistance from having a large number of proxies. A client may use a particular proxy for only seconds or minutes before switching to another. If the censor manages to block the IP address of one proxy, there is little harm, because many other temporary proxies are ready to take its place. https://bamsoftware.com/papers/thesis/#chap:snowflake
In particular it uses WebRTC for communicating between the censored user and the proxy that you’ll be running so one needs to have WebRTC enabled in their browser (the addon detects if you have WebRTC enabled). And here’s a schema of how the thing works:
Censored user <–[WebRTC]–> Snowflake Proxy (you) <–[WebSocket]–> Bridge <----> Middle Node <----> Exit Node <----> Web Site
Tor isn’t owned according to the NSA (at least as far as 2013, edwardsnowden . com/docs/doc/tor-stinks-presentation.pdf ). There’s a reason that Snowden is still recommending it (and using it as his daily driver).
I’m saying that if you control the exit nodes, you control the traffic.
If you control the traffic, you can de-anonymize anyone whose traffic you gather.
Tor is a cool concept and had it’s day, but it seems to be that it’s over now.
Also, Snowden isn’t anything special. He is just a man of conscience who decided to leak some very incriminating docs. I thank him for that, it’s been a service, but don’t idolize him. It’s just as bad as the Ballmer or Stallman or Torvalds worshipers.
This isn’t exclusive to Tor and will apply to any anonymity network in existence.
Seeing the exit traffic is not sufficient to de-anonymize someone, you need to see the entry traffic to make a correlation attack.
I’d like to see some proof for that since Tor keeps on getting better, for example in 2013 it didn’t even have first party isolation, now by using the Tor Browser you get a different circuit (and hence different exit node) for every first party domain that you visit, making it extremely hard for a single adversary to see all of your exit traffic.
I agree, I’m not and we shouldn’t be idolizing him.
If you control a substantial proportion of the nodes, comprising of the initial and exit nodes for any given connection, you can use timing attacks to find their originating IP address.
Now, half of that number, 3,285, is a ton of computers for someone like you and me to handle. Even one tenth of that would be a huge undertaking and very expensive. But for a nation-state? Even a small one? Peanuts.
Yes, that was my point. It’s safe to assume Tor has been completely compromised. Not because the technology is bad-- it isn’t. Because it simply isn’t popular enough to defend against governments spending a pittance on servers.
They’re being very careful about using that information, always carefully coming up with plausible explanations of how they deanonymized drug markets and such on Tor. But it’s a honeypot now.
Sure, some people have poor opsec and can be traced by the use of similar usernames and such. That’s actually the reverse-construction plausible explanation used to catch Ross Ulbricht for the original Silk Road. Could they have caught him that way? It’s possible. But more likely they deanonymized him through compromised Tor nodes.
Anyway, the problem with Tor is it’s too damn slow. It’s unusable. It’s so slow that you would only use it for seriously illegal activity. Primarily junkies, kiddie twiddlers, and people living under oppressive regimes. And that feeds upon itself-- because it’s slow, most people won’t use it, and that limits the number of nodes, which makes it slow.
Problem is more response time than bandwidth, although bandwidth is also limited. Last time I messed with it, which was admittedly a couple years back, it took 2-3s to get that first packet through. Agonizing.
Nationstates don’t need to run nodes to see Tor exit traffic.
Tor was built under the assumption that attackers control a portion of exit node traffic (See “3.2. Adversary Capabilities - Positioning 1. Exit Node or Upstream Router” in: torproject . org/projects/torbrowser/design/)
Even if nationstates are able to de-anonymize everyone (something that even the NSA fails at as it admits in its 2013 slides) Tor still protects you against your ISP, the website you’re visiting, ad networks, trackers, … In general, using Tor is better than not (if you care about privacy – but even if you don’t it’s a good idea since the more people use it the better the anonymity gets for everyone).
Correct. They also admit that is a problem, just one they choose not to defend against.
Other than protecting against your ISP tracking, I think you’re mixing up Tor itself with the Tor browser, which has a bunch of anti-fingerprinting stuff and noscript.
Also NSA attacks on the Tor Browser (as opposed to Tor itself) going back to 2007 were successful, including codename EGOTISTICALGIRAFFE.
“TOR stinks” was 2012 and does discuss exploiting/compromising nodes. It doesn’t talk about paying to host their own nodes, however. But that was 7 years ago.
No citation is needed for that claim, the NSA doesn’t need to run Tor exit nodes when it can already watch traffic directly.
It’s part of the threat model so they do take measures to defend against it.
Tor Browser (without Tor) isn’t sufficient to protect against tracking (you can be tracked with your IP address). Using a VPN won’t change that as well since there’s no first party isolation (different circuit = different IP for each first party domain = no single server can see your whole traffic).
By the way I’d be happy to hear what your alternatives to Tor are
If you’re really worried about correlation attacks you can run your OWN non-exit node/bridge and connect to it directly. Since correlation attacks require control of both the guard node and the exit they won’t be successful if you run your own guard node, hence no single entity can control both the guard node and the exit node (except a global passive adversary).
