Main Area and Open Discussion > Living Room
Can someone help with my understanding of TOR (The Onion Router)?
Lashiec:
By default µTorrent only allows the connection to the tracker to be proxified, but it has an option to specify if you also want the peer to peer connections to work through the proxy as well. I can only imagine how immensely slow that must be though, even more if someone uses Tor.
f0dder:
By default µTorrent only allows the connection to the tracker to be proxified, but it has an option to specify if you also want the peer to peer connections to work through the proxy as well. I can only imagine how immensely slow that must be though, even more if someone uses Tor.
-Lashiec (November 30, 2008, 06:40 PM)
--- End quote ---
Thanks for the clarification!
And yeah, you'd likely get abysmal speeds if you routed all torrent traffic through TOR. If you only routed tracker requests, it would be pretty pointless, though.
Gothi[c]:
Sometimes anonymity is more important than speed, so it can still be a useful feature. I'm sure it works fine with downloading text files. BT doesn't always have to be about music, movies, and games, etc...
Routing only your communication to the tracker over TOR is indeed quite pointless.
Running all BT traffic over TOR when downloading anything other than small text files is not only uselessly slow, it's also very unfriendly to your fellow TOR users, and harms the TOR project in general, by consuming loads of very limited bandwidth for no sensible purpose.
One note of warning when using TOR: Never ever never ever ever use TOR for browsing to any websites that require authentication and never have any sensitive information transmitted while using TOR.
Any one can run a tor server, thus any one could potentially be sniffing or MITM'ing your traffic. While they would only get fragments of your traffic, and not know where it came from, you don't want to log into your bank account with tor :)
Many people don't understand that, since it may seem like a contradiction. They think TOR makes them more secure, while the opposite is true. It makes your traffic anonymous, but it also means that your traffic is readable by guy running the tor endpoint.
f0dder:
Also, I wouldn't depend on TOR making me 100% anonymous, iirc there was some article about clever trickery that can be - sometimes - used to track a TOR connection... didn't sound like it was super easy to pull off, but if you're paranoid enough to use TOR, it's definitely something to keep in mind. IOW: TOR + anonymous wifi hotspot.
Gothi[c]:
Yes, Tor should indeed not be relied upon for 100% anonymity, but then again, pretty much anything shouldn't. I2P and freenet etc, all state the same.
FreeNet is probably the most anonymous of them (but also the slowest, downloading a text file takes about the time of downloading a movie on a normal connection :D), but don't quote me on that.
With any one having the ability to run tor proxies and help out their project, it would be trivial to someone serious about SIGINT to run tons of these servers, and combine all the information, and get the real source of a packet 50% of the time or more, or run traffic analysis etc...
In other words, it will protect you from your IP showing up in the casual log files, but it won't protect you if someone is really after you.
I think the vulnerability you're referring to, f0dder, is a method of finding the source of a TOR anonymous server. (which is different from it's typical client usage). And this method is probably feasible for some individual with lots of persistence, without the need of massive resources. I don't know if that one has been patched yet or not, but if it was, it doesn't really matter. I'm sure other holes will pop up eventually, as is the nature of the cat and mouse game in this business. :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version