On Sat, Oct 03, 2015 at 09:16:50AM +0000, behnaz Shirazi wrote: > If we use a socks proxy server to talk with destination instead of a > private Tor exit node then such an attack becomes as dangerous as when > you are using a detectable TBB over a public Tor exit node because the > number of socks proxies available out there won't be less than public > Tor exit nodes today.
Actually, you are much easier to differentiate for an adversary since you use tor in combination with socks proxies, you stand out and now no longer belong in the group of the merry tor users. You have done an advesary actually a favor. Plus you induce more latency into your connections, which makes it easier to induce or deduce addional signal from your connections and makes you even more distinguishable. A exit-, site operator or a cdn can observe that latency and clearly differentiate that behavior from tor and regular users. They'll tag you "slowpoke on an open proxy". If they hire me, I'd explain to them, how they can ban or tarpit you, if you annoy them too much so they provide better services to their honest visitors. Tor protects you from all that by using different circuits, with different latencies which results in different exits that needs much more effort to observe and tag indivdual behavior. You completly subvert that protection, since you always use a proxy or maybe a series of proxies, or an exclusive exit, no matter which destination, you have constant endpoints, if you prefer a bridge and obfuscation, you may also attach attributes to your connetction that may be observable (haven't worked with bridges yet, I leave them for the people who need them). Maybe next summer holiday. Your overreliance and misplaced trust in open proxies sticks properties to your tor connections you don't want. A clever adversary will attack you from the open proxy due to previouls accumulated usage patterns. If you try to circumvent exit policies, a smart proxy operator will downgrade or MITM you. He may deny you updates for TBB when you need them, using his proxies he may drop an exploitkit and ransomware on you. To make it short, instead of ~999 possible exits you rely on one, or few. If you addionally try to obfuscate TBB, congratulations, you are pretty unique, and you won't notice in any fingerprint tools, since they don't correlate and accmulate all that stuff that the open proxy can learn from you. On the list of historically stupid things to do with Tor, I rank you second place, behind the dude who tried to give out his "pre-warmed keys" and beating the folks that try to torrent with tor, to it. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
