Can someone help with my understanding of TOR (The Onion Router)?

[davejusrox]

Hi there all, i am a newbie on this forum. Can someone help me with this question please, if they know the answer? Thanks

When someone has TOR enabled (green "TOR Enabled" in the corner of the screen and combine that with Privoxy running in the background) does an IP address only appear anonymous on a browser level (for surfing the net) or does it anonymise your IP address on an application/software level too (such as using Roxio, WMP, MS Office, Bit Torrent Apps etc)

I log onto website www.cmyip.com and it does come up with an alternative one to the one my computer was given statically but i just wanted to know whether when TOR is enabled, it works for applications or just web surfing activity?

I would never use such an anonymiser for an application such as Bit Torrent because i heard how its considered bad form to use and hog the bandwidth of TOR in this way. My main enquiry is into asking whether regardless of all this, applications being used are anonymised just as much as browser internet pages

Thanks so much

D
UK

[f0dder]

Only works with software that is able to connect using proxy - which rules out things like bittorrent.

Theoretically I guess it would be possible writing a network card driver that would make it possible to route all traffic through TOR, but it would be a nontrivial task, and it's not how the system currently works.

[Lashiec]

Errr, actually several torrent clients allow connections using proxies, including BitTorrent as it's based on µTorrent (unless they stripped such feature).

I guess that for those programs not allowing connections through proxies you could use Torcap.

[city_zen]

Great info, Lashiec!  I didn't know about Torcap

As for µTorrent supporting connection through proxies, apparently it (still) has that feature. From their website:

Does µTorrent support proxies?
Yes. Open the options and go to Connection. It supports SOCKS4, SOCKS5, HTTP Connect, and HTTP proxies. Peer communication proxying is supported with SOCKS4, SOCKS5, and HTTP Connect. HTTP Connect is HTTP proxies that allow arbitrary TCP connections. Not all do, which is why it's a separate item in the list.

[f0dder]

Lashiec: isn't the proxy support only for the tracker HTTP connection, though? Or does it work for the p2p connections as well? (If it does, I've severely misunderstood things ).

Thanks for the Torcap link, didn't know about it

[Lashiec]

By default µTorrent only allows the connection to the tracker to be proxified, but it has an option to specify if you also want the peer to peer connections to work through the proxy as well. I can only imagine how immensely slow that must be though, even more if someone uses Tor.

[f0dder]

By default µTorrent only allows the connection to the tracker to be proxified, but it has an option to specify if you also want the peer to peer connections to work through the proxy as well. I can only imagine how immensely slow that must be though, even more if someone uses Tor.

-Lashiec (November 30, 2008, 06:40 PM)

Thanks for the clarification!

And yeah, you'd likely get abysmal speeds if you routed all torrent traffic through TOR. If you only routed tracker requests, it would be pretty pointless, though.

[Gothi[c]]

Sometimes anonymity is more important than speed, so it can still be a useful feature. I'm sure it works fine with downloading text files. BT doesn't always have to be about music, movies, and games, etc...

Routing only your communication to the tracker over TOR is indeed quite pointless.

Running all BT traffic over TOR when downloading anything other than small text files is not only uselessly slow, it's also very unfriendly to your fellow TOR users, and harms the TOR project in general, by consuming loads of very limited bandwidth for no sensible purpose.

One note of warning when using TOR: Never ever never ever ever use TOR for browsing to any websites that require authentication and never have any sensitive information transmitted while using TOR.

Any one can run a tor server, thus any one could potentially be sniffing or MITM'ing your traffic. While they would only get fragments of your traffic, and not know where it came from, you don't want to log into your bank account with tor

Many people don't understand that, since it may seem like a contradiction. They think TOR makes them more secure, while the opposite is true. It makes your traffic anonymous, but it also means that your traffic is readable by guy running the tor endpoint.

[f0dder]

Also, I wouldn't depend on TOR making me 100% anonymous, iirc there was some article about clever trickery that can be - sometimes - used to track a TOR connection... didn't sound like it was super easy to pull off, but if you're paranoid enough to use TOR, it's definitely something to keep in mind. IOW: TOR + anonymous wifi hotspot.

[Gothi[c]]

Yes, Tor should indeed not be relied upon for 100% anonymity, but then again, pretty much anything shouldn't. I2P and freenet etc, all state the same.

FreeNet is probably the most anonymous of them (but also the slowest, downloading a text file takes about the time of downloading a movie on a normal connection ), but don't quote me on that.

With any one having the ability to run tor proxies and help out their project, it would be trivial to someone serious about SIGINT to run tons of these servers, and combine all the information, and get the real source of a packet 50% of the time or more, or run traffic analysis etc...

In other words, it will protect you from your IP showing up in the casual log files, but it won't protect you if someone is really after you.

I think the vulnerability you're referring to, f0dder, is a method of finding the source of a TOR anonymous server. (which is different from it's typical client usage). And this method is probably feasible for some individual with lots of persistence, without the need of massive resources. I don't know if that one has been patched yet or not, but if it was, it doesn't really matter. I'm sure other holes will pop up eventually, as is the nature of the cat and mouse game in this business.

[f0dder]

Gothic: I was thinking of the "run lots of servers" (and iirc do some timing and other stuff) in order to be able to control both an entry- and exit-node, and thus determining the source of a packet... something like that, it's been quite a while since I read about the 'attack'