Entry and Exit nodes

General Tor and Anonymity Talk
1

Good day
I read a topic that says: if I use a vpn, rdp o socks at the end that keeps logs of my tor exit nodes, someone that have the capabilities to track entry and exit nodes can know who I am. Is it possible?

Thank you

2

Good day,

Not sure whether I understand. Are you asking, whether an adversary who can control both the entry and exit node you use, is able to track you if you use a VPN? If so, no, because the connection is still encrypted between the VPN and your exit node. Even if your VPN keeps logs saying that an exit node has connected to them. They may of course keep logs and scan the traffic but your VPN provider can’t link them to you if you have the Tor network in between and haven’t linked the VPN to you in any other way.

Have a nice day,

Ego

3

Good day
I mean about a third part (if there is somebody that have the capability to track entry and exit of Tor, I don’ t know {not vpn, it knows hardly what is an ip address :grinning:} can discover where/who am I?

Thank you

4

Good day,

Please regard this: Stream Isolation

Have a nice day,

Ego

5

I believe what I’m about to write is correct - but would be helpful if someone else could confirm or refute.

If your adversary can observe both your entry & exit points to Tor, then they can conduct timing attacks to link traffic at both ends (as described here: How can we help? | Tor Project | Support). In practice, this is difficult because Tor randomly chooses new circuits and monitors for entities that acquire a large proportion of Tor nodes.

However, if you place a static proxy (vpn, socks, etc) at the end of your chain, it makes this attack significantly easier since your connection is long-lived and therefore, continues to use the same Tor circuit during its lifetime. Your adversary now has more chances to correlate traffic between the start and end points.

Your adversary is signficantly more powerful if they happen to be a government that also has access to the nation’s ISPs. Now your adversary no longer needs access to your entry guards, since it can view traffic patterns at your origin - your ISP. If your destination (proxy, website) is also in the same country, the government can observe the encrypted traffic as it arrives to your destination’s ISP. Tor: The Second-Generation Onion Router

Conclusions / Best practices:

  1. Don’t hinder Tor from doing its job by altering traffic flows. Stream isolation and circuit rotation are important.
  2. Don’t connect to destinations that you can’t trust to protect your privacy. If you connect to a backdoored or collaborating website, half the battle is lost. Adversary only needs to have visibility on your origin.
  3. It doesn’t matter how many hoops you jump through in the middle (or how many countries you route through) - it’s the ends that matter: How can we help? | Tor Project | Support
  4. Against an adversary with full visibility, anonymity is compromised (though of course, content remains encrypted).
6

Good day
This is the answer that I was waiting (believing that it is correct :slightly_smiling:)

If I understood well an adversary can view the origin of traffic during the connection.
Instead from the logs of vpn,proxy etc… (not during the connection) can an adversary (the most powerful on the planet) find the origin? (To view some website I use VPN or socks)

Thank you

7

Please consider sending this to the tor-talk mailing list to get input on that.