Persistent Tor Entry Guard Relays can make you trackable Across Different Physical Locations

Originally published at: News - Whonix Forum
https://www.whonix.org/wiki/Warning#Persistent_Tor_Entry_Guard_Relays_can_make_you_trackable_Across_Different_Physical_Locations

Good day,

nice read, though I’ve got a question regarding this:

This attack is less severe that now upstream (The Tor Project) has moved from using three relays to a single one.

When did that change happen? Because this totally passed by me… Also, do you know there logic behind that step? Was it simply saving resources otherwise wasted?

Have a nice day,

Ego

2 Likes

Hello everyone :slight_smile:

That is a quiet interesting problem. And I would like to convert it into a ‘bigger’ problem which named ‘the differences between different ways to connect to the Tor network’

To make it clear I made a table shown below (please correct me if there’s anything wrong) :

As you can see above, using an encrypted proxy/VPN to connect to Tor network is not a bad idea from many aspects, so I REALLY would like to see a proxy will be added into the WhoinxGateway, which will definitly benifit users (especially users from coutries like China) a lot. If you ask my advise, I would recommand a free (Both in price and freedom) proxy named lantern which is very popular in China, here’s the link (GitHub - getlantern/lantern: Lantern官方版本下载 蓝灯 翻墙 代理 科学上网 外网 加速器 梯子 路由 - Быстрый, надежный и безопасный доступ к открытому интернету - lantern proxy vpn censorship-circumvention censorship gfw accelerator پراکسی لنترن، ضدسانسور، امن، قابل اعتماد و پرسرعت).

I do appreciate your work and if there’s any problem I can help with just tell me :slight_smile:

Good day,

sorry but trying to be polite, what you write there is completley non sensical. First of all, Pluggable transports are just one variant of bridges, why these are sperate I don’t know. Second, why would a proxy/VPN not be able to see my IP? That is simply not possible. They may not tell anyone, but they do know it and almost always also keep records of these (HideMyAss debacle, etc.). These is especially the case for those in the US and China, which you recommended. Asside from that, a free Proxy needs to make its money back as well, so…

Also, trusting an unproven, private, non verified proxy over the heavily fail proven entry guards provided by Tor is really naive to say the least. Furthermore, both VPNs and proxies have massive design issues, see here: News - Whonix Forum

The only thing you may do, is run your own entry guard and only use that. This however only works if you own a server/PC you may run the entire time, as well as a safe internet connection and find a way to circumvent the tracking based on that fact, mentioned in the first post, which if you’d do this would be even more dangerous and telling.

Have a nice day,

Ego

Quote:

We are not aware of any http(s) or socks4(a)/5 proxies that offer an encrypted connection between itself and the user.

From…

Also see:

Related:

FYI
research non-persistent Tor directory guards
https://phabricator.whonix.org/T469

(2xiangzi’s post should probably be in a separate thread.)

In @2xiangzi’s defense, I think by “Pluggable transports”, he meant “Bridge + Obfsproxy”, which does have different characteristics than using a bridge alone.

Also, unless his image was edited, he doesn’t deny that a proxy can see your IP.

I agree that VPNs really engage in FUD (Fear, Uncertainty, and Doubt) marketing. But in his threat model, I think they are certainly viable. I would guess that nearly any non-Chinese VPN provider would be more trustworthy than the Chinese security apparatus. Additionally, VPN encryption is likely more difficult to crack than obfsproxy fingerprinting. Does the Great Firewall not block VPN connections though?

As mentioned previously, bundling any type of proxy with Whonix is problematic for multiple reasons.

Thanks for mentioning Lantern. Had not heard of that before but will look into it. Briefly glanced at the User & Dev FAQ, Git Documentation, Google Groups user forum, and Reddit (start here). Basically, it’s a:

  • foss project aimed at promoting human rights
  • non-profit, funded primarily by US Department of State (who also supports Tor)
  • peer-to-peer volunteer network of nodes
  • give & get modes to provide or consume bandwidth
  • “blocked” traffic routed through network via https
  • “unblocked” traffic is untouched
  • runs transparently or per-application

How does Lantern detect if a website is blocked or not?

Lantern detects a combination of conditions including timeout, reset,
redirect and fake response to consider a site being blocked.

Not sure if that includes Cloudflare captchas?

How does Lantern relate to Whonix?

From FAQ:

Lantern is not an anonymity tool. Lantern was built for fast and open Internet access. If you feel you need to be anonymous online we recommend using Tor. Otherwise, Lantern will give you faster access to blocked sites.

In which situations are there no consequences for evading intentionally placed blocks? Watching cooking shows on NetFlix? Even if the block is placed by NetFlix and not by the Chinese Government, I would guess many videos on NetFlix are censored by the GFW for political reasons. Certainly, anonymity would be helpful/required for browsing Facebook/Twitter unless we’re talking purely about leisurely pursuits.

Very strange mission that Lantern has indeed. Seems best geared for gamers living in Western Europe and Japan - being curious about Western culture (ie cooking shows) may get you executed in North Korea. The Lantern team makes references to N. Korea, China, and Iran on the linked Reddit page. I hope they take great care in outlining the potential dangers of using their product.

I have serious reservations about trying to use Lantern to gain access to Tor. What if you connect to a new Entry Guard that hasn’t yet been blocked? Or you connect to a Bridge that’s later classified as belonging to the Tor network? Using Lantern, you would connect directly and be flagged as a Tor user. Even if you could enforce --always-use-lantern-network, you could still be discovered as a Tor user because your destination is unencrypted through the network. The resilience of the network to attacks is orders of magnitude less tested than Tor (which is encrypted anyway).

If anything, Lantern should be used to exit Tor, not enter it. Might be useful to evade Tor bans but might also introduce additional risks. You would be setting up a P2P network in your Workstation and potentially stressing the Tor network the way torrenting does. Still might be worth testing in client (get) mode and not server (give) mode. It’s free, anonymous (when tunneled through Tor), and I’ll do almost anything to get rid of these f@^*$^7#@-Cloudflare-bodies-of-water-crap… Has anyone tried this?

EDIT: Actually, I think my post needs to be moved as well to a new thread discussing Lantern.

Hello Ego Good to see you again :slight_smile:

First of all, Pluggable transports are just one variant of bridges, why these are sperate I don’t know. Second, why would a proxy/VPN not be able to see my IP? That is simply not possible.

The first two question have been answered by entr0py:)

They may not tell anyone, but they do know it and almost always also keep records of these (HideMyAss debacle, etc.). These is especially the case for those in the US and China, which you recommended. Asside from that, a free Proxy needs to make its money back as well, so…

I agree with you that most of the proxies or VPNs are doing what you said and that’s the reason why I would like to recommend some good ones.

Also, trusting an unproven, private, non verified proxy over the heavily fail proven entry guards provided by Tor is really naive to say the least.

I’m sorry that I didn’t make it clear enough. By saying “Using encrypted proxy/VPN”, I mean using it to connect to the Tor network(not using it instead of Tor). And in that case, the proxy/VPN at least knows your IP/Location and the fact that you’re using Tor. However, it doesn’t know which website you are surfing(the destination it can see is your entry guard IP).

To Patrick

We are not aware of any http(s) or socks4(a)/5 proxies that offer an encrypted connection between itself and the user.

That is exactly what I would like to discuss with you! I mean, as far as I see, a lot of proxies/VPNs are ‘user-to-proxy encrypted’. And please let me introduce some of them:
1. VPNGate: VPN Gate - Public Free VPN Cloud by Univ of Tsukuba, Japan
2. Psiphon3: Psiphon | Open Source
3. ShadowSocks: GitHub - Long-live-shadowsocks/shadowsocks
4. Lantern: GitHub - getlantern/lantern: Lantern官方版本下载 蓝灯 翻墙 代理 科学上网 外网 加速器 梯子 路由 - Быстрый, надежный и безопасный доступ к открытому интернету - lantern proxy vpn censorship-circumvention censorship gfw accelerator پراکسی لنترن، ضدسانسور، امن، قابل اعتماد و پرسرعت

Good day,

That is the whole concept of an entry guard and the reason why the Tor network always uses three relays, as I’ve mentioned. So there would be no benefit only disadvantages.

Have a nice day,

Ego

To entr0py

Thank you very much for helping me answer the questions:)

I would guess that nearly any non-Chinese VPN provider would be more trustworthy than the Chinese security apparatus.

That’s right! And some foreign VPN providers will cooperate with CCP by providing their logs or just using weak encryption.

Additionally, VPN encryption is likely more difficult to crack than obfsproxy fingerprinting.

That’s true :slight_smile: By the way, proxy encryption can be strong, for example, you can choose to use ‘aes-256-cfb’ when using ShadowSocks.

Does the Great Firewall not block VPN connections though?

GFW does block VPN connections but not all of them:
Some of them use weak encryption providing CCP a good way to understand what people are doing/thinking;
Some of them are widely used by foreign company so that it would hurt China’s economy a lot if CCP simply blocks it.

Very strange mission that Lantern has indeed. Seems best geared for gamers living in Western Europe and Japan - being curious about Western culture (ie cooking shows) may get you executed in North Korea. The Lantern team makes references to N. Korea, China, and Iran on the linked Reddit page. I hope they take great care in outlining the potential dangers of using their product.

Fun Fact: There’re about 1 million people able to circumvent the Internet Censorship in China and nobody has been arrested for reading/watching political sensitive materials. What the CCP really care is people who express themselves.

“blocked” traffic routed through network via https
“unblocked” traffic is untouched

Well, there’s an option called ‘Proxy ALL Traffic’ and if you turn it on, most of the problem you mentioned can be solved:)

Even if you could enforce --always-use-lantern-network, you could still be discovered as a Tor user because your destination is unencrypted through the network.

I’m sorry. I don’t understand ‘because your destination is unencrypted through the network’, dosen’t that mean your ISP is not able to know where you are going by using an encrypted proxy?

Not sure if that includes Cloudflare captchas?
Lantern should be used to exit Tor

You can use it to avoid Cloudflare captchas :slight_smile: And as you mentioned, Lantern sever will get the same information that Tor exit node can get.

You would be setting up a P2P network in your Workstation and potentially stressing the Tor network the way torrenting does

I’m wondering if Lantern is a strict P2P network because you can use it without contributing to it actually. And if you are not satisfied with the P2P features you can try other proxies I mentioned above:)

Has anyone tried this?

A lot of people I know have tired it.

Good day,

Sorry but this provider actually keeps logs of everything, see here: VPN Gate Anti-Abuse Policy So, there is no advantage over the normal “entry guard design”, as if this’d be used to access Tor, they’d now as much as such an entry guard.

Have a nice day,

Ego

Then you should try ShadowSocks which the encrypted proxy provider can be yourself(all you need is a VPS) :slight_smile:

To Ego
I’m sorry but I don’t understand you :frowning:

Maybe you can understand something by answering the questions:

1. What information your ISP will get when you are using an encrypted proxy/VPN over Tor?
2. What information the provider will get when you are an encrypted proxy/VPN over Tor?
3. What information your ISP will get when you are using Tor without an encrypted proxy/VPN over Tor?

Good day,

For such things, I prefer to use OpenVPN, simply because it is per design more flexible than a proxy of any kind. However, like I’ve said, for accessing the Tor network that is not necessary, because, as the name suggests, inside “the onion router”, all traffic is already encrypted, in layers resembling an onion. There are at the moment simply no VPNs or proxys which are able to even get close to the encryption Tor provides by design.

Have a nice day,

Ego

Good day,

Depending on where you “use the proxy/VPN”, either you accessing the proxy/VPN or you accessing Tor via an entry guard.

What do you mean by “when you are an encrypted proxy/VPN”? Do you mean, when I provide one? Because otherwise, how may I “be” a proxy/VPN?

You accessing Tor via an entry guard.

Have a nice day,

Ego

To Ego
Sorry for my mistakes :frowning:

The question should be :

  1. What information your ISP will get when you are using an encrypted proxy/VPN to access to Tor?
  2. What information the provider will get when you are using an encrypted proxy/VPN to access Tor?
  3. What information your ISP will get when you are accessing Tor without using an encrypted proxy/VPN?

In China all ISPs are totally controlled by government and it will make you suspicious when they know you’re using Tor. So you have to use something to cover the fact that you are using Tor. For me, it is OK to use VPNGate because:

  1. The logs probably won’t be given to CCP;
  2. The traffic through it has been encrypted by Tor.

By the way, OpenVPN is great but the traffic characters of it is so obvious that GFW has blocked all the connections of it :frowning:

Good day,

You connecting to a proxy/VPN. Depending on the encryption used by the proxy/VPN they may be able to still deduce that you want to connect to Tor. The Chinese govnerment is allegedly able to do this via very advanced “deep packet inspection”. Some VPN providers are allegedly able to bypass this by using technology which builds on the concept of “pluggable transport” found in Tor, though this working has yet to be proven.

Your IP, as well as the place you want to connect to. When using a normal entry guard the fact that you want to connect to Tor. When using a bridge this is harder but depending on the situation can still be possible, when using “pluggable transport”, this is, at the moment, not possible.

You connecting to Tor. When using a bridge, this may be harder though not impossible. When using pluggable transport, this isn’t possible, even with “deep packet inspection”, as far as recent information is to be believed.

Have a nice day,

Ego