Tor 0 days & Bridges (Snowflake)

Dr. Neal Krawetz has many good discoveries on Tor flaws in his website Hacker Factory.

Useful links: (There might be more, But the search engine is awful so i just posted what i have found)

• Tor 0day: Snowflake
• Tor 0day: Finding Bridges
• Tor 0day: Burning Bridges
• Tor 0day: Stopping Tor Connections
• A New Tor Attack
• Tor Attacks Revisited
• Behind the Tor Attacks
• Stopping Tor Attacks
• Attacked Over Tor
  …etc

He gave a reasoning behind why TPO is failing to solve these issues before hand or even not within the right time frame after have been reported: (you find it in Tor 0day: Snowflake)

Tor: State of the Onion
Earlier this year, I attended the Tor Project’s online “State of the Onion” presentation. During the presentation, different members spoke about all of the great things that the Tor Project was doing to advance online privacy, anonymity, and anti-censorship. They even praised snowflake as a success.

If you didn’t know the technical details, then you might get the impression that this was very positive and incredible forward movement. The amount of spin from the Tor Project was as good as any nation-state or political announcement.

But behind the scenes? They haven’t addressed any of their core issues. If someone wants to track you through Tor, deanonymize your network activity, or prevent you from accessing Tor, then they can do it and you cannot stop them. And if you do something illegal over Tor and you haven’t been arrested, then it’s only because there are bigger villains than you; you’re not a high priority – yet.

Today, the Tor Project seems to be more focused on fund raising than actual privacy, anonymity, or anti-censorship. I wonder if they will ever start fixing these known issues.

just to post an opposite point for debate:
Pastly (Matt Traudt) says it was not discoveries by Dr Krawetz, but rather a popularization by using the 0days sign. Anyway, it does not solve Tor’s problems.
https://matt.traudt.xyz/posts/2021-02-22-enough-about-hacker-factors-0days/
http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/2021-02-22-enough-about-hacker-factors-0days/

I think author certainly raises some valid points with some of their research however the fear-tactic of calling everything “Tor 0-Day” ad nauseam does not fit the narrative of most publications. It is not a strict convention but when research is titled “0-Day” that usually implies an exploit to attack a remote user or service. Titling posts: ex: “New research to fingerprint and identify Snowflake bridge users” and so forth could be considered less inflammatory.

Can not comment on Tor developers general attitude towards these findings and if they are trying to ignore them or not.

Knowing this, any code that I contribute back to the Tor Project can be argued as providing material support for these illegal activities. That places me in more legal jeopardy than I’m willing to risk.

The author also raises the strange idea that contributing to Tor would cause legal liability to himself for misuse of his code that would be contained in Tor. I am not an attorney and there have been certain cases of arguing the act of creating DRM circumvention tools is in itself unlawful (see DMCA et al), the general consensus is that as long as you do not directly assist and support your users in illegal activities, you are not liable for their actions. If that were not the case I am sure the known developers of certain cryptocurrencies and other “internet” projects would not be in the open.

Perhaps someone could get the organization EFF or similar with actual legal backing to comment on this.

Whonix forum bans discussion of direct penetration testing, but one could argue that if you are skilled enough to perform such actions, you know where and how to test certain gateway setups and where to seek out information elsewhere and not consume time of developers.

Thank you

EDIT:
My comment on the blog post that mixes technical issues with legal arguments:
(Not criticizing FrankGusta for bringing it up.)

It’s weird to mix legal arguments directly into the same article as technical issues. For now, it’s mostly theoretic what could be, no legal issues actually emerged for any developers outside of areas where Tor is banned?

I remember a talk by Roger. Paraphrased from memory.
audience member: “My employer doesn’t permit me contributing to Open Source / other projects.”
Roger: “Dude, I created an anonymity network. Maybe you should use it.”

Let me know if I missed something but…

It also seems weird to call most of them “Tor”. Most are not about the core, really Tor, not censorship circumvention, not Tor Browser?

snowflake, censorship circumvention (blocking Tor, VoIP or any protocol) is a difficult issue to tackle. I see that as rather a side project of The Tor Project (TPO). The core project of TPO is Tor.

Would TPO have left inventing network ISP level censorship circumvention tools to others, then now TPO couldn’t be criticized for the imperfection of such tools. TPO might be able to shield the reputation of Tor by moving censorship circumvention tools under a different project name to avoid muddling the water what is what.

Then also “Tor Browser could be seen as a side project of TPO”. In a world with omnipresent online tracking and browser vendors and other related software projects not prioritizing user privacy, it seems mission impossible to create a perfect browser fork that can fix all of that.

Some articles are about Tor onion services issues. That’s rather directly related to the core of Tor.

I am not sure this is a good fit for Whonix development forum. Good to post for popularity in case the message that further development is very much necessary hasn’t reached all potential contributors yet. Other than that, it could produce a giant discussion but no actual development progress at Whonix. Doesn’t seem to include anything realistically actionable by Whonix.

It’s weird to mix legal arguments directly into the same article as technical issues

I apologise if this is off-topic from the discussion. Just wanted to make thoughts known.

It also seems weird to call most of them “Tor”. Most are not about the core, really Tor, not censorship circumvention, not Tor Browser?

Well, some of the authors concern deal with censorship circumvention (e.g bridges and Snowflake). Else I would say you understand it.

Seems to me that trying to hide the existence of Tor traffic from a LAN adversary and/or ISP is becoming more difficult. Major companies block domain-fronting to avoid becoming ‘collateral damage’ in the war against censorship. The author of the above mentioned papers does raise some interesting side-channels with the current design of Tor allowing traffic to be fingerprinted by an adversary with network access between the user and their ‘entrance’ to the Tor network.

Thank you.

No worries. That was a comment on the blog post content. I didn’t intent to criticize you for bringing it up. I’ll slightly edit my above post now. (There will be an edit history button but I guess not a big deal.)