[HN Gopher] Is "KAX17" performing de-anonymization Attacks again... ___________________________________________________________________ Is "KAX17" performing de-anonymization Attacks against Tor Users? Author : Tomte Score : 168 points Date : 2021-12-06 18:30 UTC (4 hours ago) (HTM) web link (nusenu.medium.com) (TXT) w3m dump (nusenu.medium.com) | amatecha wrote: | Lightweight frontend alternative: https://scribe.rip/is- | kax17-performing-de-anonymization-atta... | nabakin wrote: | Front ends are getting more common around here. I like this | change. If they reach mainstream, maybe websites will finally | become more responsive | jerheinze wrote: | Instead of messing with your path selection a better strategy | would be just run your own guard nodes that you trust (a guard | node is the first node that you connect to in a Tor circuit) and | to stick with them. Remember, de-anonymization attacks require | the attacker to control both the guard node and the exit node at | the same time. | pstrateman wrote: | That only works if the attacker doesn't know the guard node is | you. | | If they do all you've done is made the middle mode the guard. | jerheinze wrote: | > That only works if the attacker doesn't know the guard node | is you. | | That's not how Tor nodes work. Once you setup a guard node | (and it got enough reputation) you won't be the only person | using the guard node. Also de-anonymization attacks require | you to know the traffic coming to the guard node (and if you | run a trustworthy one yourself and you're not dealing with a | global passive adversary then there's no way the attacker | will be able to see the incoming traffic to the guard node). | VWWHFSfQ wrote: | Running your own node and "sticking with it" is not a great | idea especially if you're the only one using it. You will be | spotted and identified pretty much instantly | jerheinze wrote: | > especially if you're the only one using it | | That's not how Tor nodes work. Once you setup a guard node | (and it got enough reputation) you will NOT be the only | person using it. | yardstick wrote: | > > just run your own guard node that you trust | | I guess this approach works fine for an individual, but if | everyone has to run their own guard node to be safe, why | would anyone connect to your guard node (given it would be | risky from their perspective since they aren't running it | themselves). | | In other words, if you accept you can't trust anyone else, | why would anyone else trust your node too? | | (Edit: Sorry I'm wording it poorly but I hope you get the | idea) | jerheinze wrote: | The overwhelming majority of people don't customize their | path selection in Tor, so you will always get traffic to | your new guard node. | p_j_w wrote: | I think what GP was getting at is that your solution is | not a global one. Not everyone can employ it. | int0x2e wrote: | If you want your guard node to be helpful in anonymizing your | traffic, you should really make sure it's public and used by | some % of the global user base (so that your traffic blends in | the noise). Once you do that though, you will always have to | trust that node a little less than you could if it was walled- | off so it would only serve you, just because it is another | machine serving connections on the internet that will likely be | targeted by adversaries who would benefit from turning many of | the guard nodes into part of their Tor de-anonymization | service. | | If I had endless resources and was truly paranoid, what I'd do | is build my set of public guard nodes, make sure they're | serving Tor traffic, etc. But then, I'd "borrow" those IPs | occasionally for trusted nodes which will only accept | connections from me (ideally both sets of machines will be live | and routing traffic simultaneously). | | In theory, you could apply the same tricks with similar success | to exit nodes of course (though as usual, running an exit node | is generally a slightly riskier / harder thing to do) | kingcharles wrote: | What was the email address they were using? | fdhfdjkfhdkj wrote: | This author going to either get recruited by or murdered by this | malicious actor | hereforphone wrote: | Question from someone outside the Tor loop: how do they know that | these various nodes are correlated with one another / belong to | the same entity? | mmastrac wrote: | It's not specified, but related to the software they are | running: | | "In autumn 2019 I stumbled on something odd: Tor relays doing | something that the official tor software is unable to do." [1] | | [1] https://nusenu.medium.com/the-growing-problem-of- | malicious-r... | rsync wrote: | "... how do they know that these various nodes are correlated | with one another ..." | | The OP alludes to this: | | "... and the fact that someone runs such a large network | fraction of relays "doing things" that ordinary relays can not | do (intentionally vague), is enough to ring all kinds of alarm | bells." | | ... and the OP is "intentionally vague". | | I, also, am very interested to know how they correlated them | and what the interesting behavior was that they exhibited ... | password4321 wrote: | In very small part: | | > _Some of KAX17 's relays initially had used that email | address in their ContactInfo but soon after these relays were | setup the email address got removed from their configuration._ | qeternity wrote: | Nice try, KAX17 | tn890 wrote: | Surprised to see a quality post on Medium. I'd be interested to | know why the author chose Medium? | drugones wrote: | Medium was good when it started, then got overhauled by low | quality; you can still find good content here and there. | tantalor wrote: | Weird how this article has a "hashtag" but its not a link, so its | not actually a hashtag. | | Medium actually has a "tag" feature, but this ain't it: | https://medium.com/tag/KAX17 (404 Page Not Found) | sp332 wrote: | Twitter users started using hashtags well before the Twitter | platform automatically turned them into links. The important | part of a hashtag is the syntactic # and not the HTML <a> tag. | wlesieutre wrote: | That's useful if you can do exact text searches, which are | increasingly not supported | russh wrote: | Of course, it's Medium.com policy never to imply ownership in | the event of a hashtag. We have to use the indefinite article, | "a hashtag," never ... your hashtag. | analognoise wrote: | https://youtu.be/GfqEBVFHnTg | [deleted] | saurik wrote: | FWIW, as much as people love to rag on cryptocurrencies, I feel | like this is where they shine. ( _Of course_ --as someone like me | always shows up--I work on Orchid, a cryptocurrency market for | bandwidth that is intended to support various use cases including | those similar to Tor.) | | The issue is that no one entity should be able to just sit around | and dominate the directory of nodes by claiming "I'm a million | nodes, wheee!!!", and so that needs to be "expensive". However, | for it to be expensive, they also need a way to make money | running the nodes. | | In our case, people have to lock some money up in a shared pile | in order to gain control over percentages of the directory, and | what you get in return is that you randomly will get people using | you to relay their traffic, for which they will pay you fees | (likely close to cost). | | (Essentially, instead of Tor's mechanism where, when you want to | find a relay node, you randomly select between all entries with | equal weight, you would select between market participants | linearly weighted by the amount of money they have locked up in | the directory.) | | And that's really what most of these cryptocurrencies are doing | in this generation of new decentralized protocols (which I've | seen people hate on): dealing with the reality that there are bad | actors and not everyone is going to run the software without evil | changes. | | This is also the core of Ethereum: you want a decentralized | database capable of transactions? OK, well, the order of | operations matters (as transactions can preclude the ability for | later incompatible ones) and so we need to limit the influence | that any one operator has... | | ...so you build a system where nodes have to spend something-- | either doing some silly math constantly (proof of work) or | locking some money up in a pile (proof of stake)--to gain control | over percentages of the directory, and in return they get to | charge fees to commit transactions. | | (There is additionally often an inflation-based block-rewards | component, in the case where no one is paying fees. I'm honestly | not for these and have a way-too-complex-for-here argument for | why they might even be "evil" in most cases, but that's kind of | irrelevant anyway.) | | The reality is that, if you want to build a decentralized system, | and you want to figure out how to make it hard for bad people to | do bad things, you have to raise the cost of doing said bad | things; but, to do that will require programmable money... | leading you to crypto. | NikolaNovak wrote: | >>"The issue is that no one entity should be able to just sit | around and dominate the directory of nodes by claiming "I'm a | million nodes, wheee!!!", and so that needs to be "expensive". | However, for it to be expensive, they also need a way to make | money running the nodes. " | | I always feel either I'm stupid or I'm missing something when | it comes to crypto, Because I understand words and I feel I | understand concepts but I don't understand linkages others take | for granted, as it pertains to problem at hand of anonymous | communication. | | If nodes are expensive, doesn't nsa have more money than any | given privacy focused individual or organizing? | | If they make money how is it expensive in a useful way | | I genuinely don't understand how that solution solves a | problem, unless they problem is "we need another way to | transfer money (ideally to ourselves and early adopters from | late adopters)." | saurik wrote: | > If nodes are expensive, doesn't nsa have more money than | any given privacy focused individual or organizing? | | So, two things are going on here. | | The first is that I doubt KAX17 is the NSA... they might not | even be a government! Most systems people build that rely on | altruism are so easily attacked that a grad student can take | control of them using resources at a University. I appreciate | that the bar to prevent the NSA (or the CCP, or whatever | other government surveillance network you are most concerned | about) taking over your network is high, but the bar right | now is just _so low_ for most of these protocols that it | should be embarrassing. If the NSA were really the only | problem for Tor, I 'd call that "a wild success". | | The second, though, is that the goal should be to get big | enough that the NSA would actually have a hard time | dominating the resources of the pool. This requires being | pretty large, but isn't insanely impossible. Let's look at | Bitcoin for a moment: I am one of the first people to agree | that "proof of work is probably an immoral way to solve this | problem" (due to the externalized environmental effects of | electricity usage and the such), but damn if it isn't | effective, right? Bitcoin uses 0.5% of the world's | electricity. That means to take control of half the Bitcoin | network the NSA would have to build out the infrastructure | for buying an equivalent amount of the world's electricity | usage... I bet that's hard, even for them. | AlexanderTheGr8 wrote: | > The reality is that, if you want to build a decentralized | system, and you want to figure out how to make it hard for bad | people to do bad things, you have to raise the cost of doing | said bad things; but, to do that will require programmable | money... leading you to crypto. | | So to create a decentralized system like crypto, you need | crypto (as programmable money)? | | Also, can you elaborate on locking money in a pile? Do people | lock money as the currency? How does it demotivate people | (whose money is locked) to do bad things? | hnarn wrote: | The adversaries mentioned in the article are highly | sophisticated and seem to have access to a great amount of | resources. They may be, and some would probably say they likely | are, working for nation states. | | Given a situation where your adversary is a nation state, how | does crypto fix anything? How is crypto not in the end just | "proof-of-resources"? Nation state wins. | | The article touches on trust models and personally I think it | would be a better solution to introduce some kind of manual | trust into the routing. If there's one thing Tor does not need, | it's crypto-"currencies". | saurik wrote: | I just-about-concurrently to you asking this question | answered a similar question someone else had posed already | (using the NSA as their specific example) here: | https://news.ycombinator.com/item?id=29466855 . ___________________________________________________________________ (page generated 2021-12-06 23:00 UTC)