full node – What are the safe ways to connect to bitcoin network using tor?

by

[ad_1]

FIRST POST
What are the safe ways to connect to bitcoin network using tor?

What are the safe ways to connect to bitcoin network using tor?

I would recommend using bridges with pluggable transport. Circumvention techniques https://tb-manual.torproject.org/circumvention/ , explaining bridges, pluggable transport and their description.
China can’t block meek-azure as they would lose microsoft services, snowflake is experimental (included in the next Tor Browser release) and public obfs4 bridges are already blocked by them.

This is a text I wrote (partially) for a project https://github.com/radio24/TorBox/blob/master/text/help-bridges-text:

WHAT ARE BRIDGES AND PLUGGBLE TRANSPORT?

  • Bridges, unlike ordinary relays, however, they are not listed publicly,
    so an adversary cannot identify them easily.
  • Using bridges in combination with pluggable transports helps to disguise
    the fact that you are using Tor, but may slow down the connection compared
    to using ordinary Tor relays.
  • Direct access to the Tor network may sometimes be blocked by your Internet
    Service Provider or by a government. Tor Browser includes some
    circumvention tools for getting around these blocks. These tools are
    called “pluggable transports”.
  • TorBox only will use bridges with pluggable transport, as they help you
    bypass censorship against Tor, being more secure than normal bridges.

PLUGGABLE TRANSPORTS BRIDGES:

  • OBFS4 is a randomizing transport, it adds an extra layer of specialized
    encryption between you and your bridge that makes Tor traffic look like
    random bytes. It also resists active-probing attacks, where the censor
    discovers bridges by trying to connect to them. obfs3 and scramblesuit
    are similar in nature to obfs4.
  • MEEK makes Tor traffic look like a connection to an HTTPS website. Unlike
    the other transports, it doesn’t connect directly to a bridge. meek first
    connects to a real HTTPS web server (in the Amazon cloud or the Microsoft
    Azure cloud) and from there connects to the actual bridge. Censors cannot
    easily block meek connections because the HTTPS servers also provide many
    other useful services.
  • SNOWFLAKE sends your traffic through WebRTC, a peer-to-peer protocol with
    built-in NAT punching. For censored users, if your Snowflake proxy gets
    blocked, the broker will find a new proxy for you, automatically.

WHICH TRANSPORT SHOULD I USE?

  • Countries with moderate internet censorship: Use OBFS4
  • China or countries with similar internet censorship: Use SNOWFLAKE or MEEK

HOW CAN I CHECK THE VALIDITY OF A OBFS4 BRIDGE?
Go to https://metrics.torproject.org/rs.html and search for the fingerprint (this is the long number between the ip:port and cert=). Tor Metrics should then show you the information of that particular server. If it doesn’t show up, the bridge is no longer valid.

HOW DO I KNOW IF IT IS WORKING?
Follow the logs. PLEASE BE PATIENT! The process to build circuits could last for several minutes, depending on your network! In the end, you should see “Bootstrapped 100%: Done”.

SECOND POST
https://bitcoin.stackexchange.com/a/98773/123554

I would like for a more experienced person or even TPO volunteer to respond this rather than me, but they already have answered Dr. Neal Krawetz AKA “Hacker Factor” points. https://matt.traudt.xyz/posts/enough-about-hackerfactors-0days/ and https://twitter.com/torproject/status/1288955073322602496.

If you want volunteers to link material for you to read more of their answers to this Krawetz blog post, you definetely should ask in the IRC channel (I need more sources too).

Unfortunately, I did too believe everything was mentioned in this in this blog post in Hacker Factor before, his points are obvious already disclaimed by TPO, given enough visibility of the network, an attacker that can watch both sides of the connection, can (continue here). But Tor does not solve all anonymity problems (addressed in the point 11).

I see your point of defending a person physical integrity, but I do believe that if they need to access the Tor network by any chance, they should be educated about it, as you did on the last part of your post with the photos, good 🙂

  1. The author asks not to use unlisted or private bridges which is contrary to what Matt said in the above mentioned tweet in question.

Attacker knows the listed bridges, if User prefers unlisted bridges, his chances are slightly better, else they have no protection.

  1. Harvesting the unlisted bridges: http://hackerfactor.com/blog/index.php?/archives/892-Tor-0day-Finding-Bridges.html

Matt Traudt’s point:
Perhaps surprisingly, this is known. It’s also an important problem. It’s being worked on at a pace slower than HF finds acceptable.
But HF presents variations on known attacks without evidence that they work at a large scale. Two possible issues: too much state to keep track of, or too many false positives such that the adversary is unwilling to deploy it. Luckily for HF, the bar for publishing “science” in a blog post is on the ground. He can say things confidentially and non-experts believe him. Shame on you, HF.
He further shows that he barely looked into this before putting pen to paper (or fingers to keyboard?) by:
admitting to not knowing of any prior work (in response Tor Project points him to some),
citing a paper to support the claim that the Great Firewall can detect obfs4 when the paper say the opposite,
citing a blog post about obfs4 bridges being blocked in China, then ignoring that the issue discussed therein is about bridge distribution. Remember HF, in this section you were talking about fingerprintable network activity.

  1. an adversary can see that you are using Tor, but not what you are doing over the Tor network

Yes, but (public bridges) are not a possible solution if in China, public bridges are blocked before being released.

  1. Using Tor places you at risk sometimes

Agree.

  1. If Tor’s use can be uniquely associated with you, then you are identifiable. Being identifiable means you may be monitored. How you connect to Tor allows you to be identified. In high-risk areas, using Tor makes you a suspect, and unlisted bridges make you easy to track. However, if you are arrested, then the official charge will probably on a non-Tor related topic (circumventing censorship, spreading unrest, etc.).

How you connect to Tor allows you to be identified

How? Given onion routing, the attacker would need to watch both sides of the connection. If he just watches the User and find it his connection suspect, it is not possible to assure every time he is using Tor.

In high-risk areas, using Tor makes you a suspect,

Yes, if you are identified, or at least suspected.

and unlisted bridges make you easy to track.

How? They are not known. Yes, there is the claim to be sniffing the traffic and alarm that this ip was not reached before. But this happens every time you reach a new server too.

  1. Unlisted and Private bridge users are also the most at-risk because they are in censored areas that forbid direct and public bridge connections

I disagree again, as explained in the points 1 and 5. Unlisted and Private bridges are the only option for people in this situation. Yes, there are risks, but it is lower when than using public bridges. He might not be able to connect to the network otherwise, there is the trade-off of never using it or risking to have more access to free information.

  1. If they are blocking, then they are explicitly looking for Tor user.

Great possibility that this is connected, or they are not looking for Tor users, but preventing from having them. Who knows? Joking, yes.

  1. Internet disruptions in Belarus Internet shutdowns in India

Fact, unfortunately.

  1. Unlisted bridge set is very distinct and effectively unique

This was addressed in my responses to 1,2,3,5,6.

  1. If you configured the Tor Browser to use bridges, then during the startup, it immediately connects to all of the configured bridges. An observer on the network will see connection requests from your current real IP address to the “very distinct and effectively unique” set of bridges. This allows an adversary that is tracking you to know that the IP address making the connection is explicitly you. Combined with historical sightings, they can determine when you first requested the set of bridges, where you were each time you accessed Tor, and where you are currently located.

I responded the first half before. The “very distinct and effectively unique” are new ips possibly never seen before or ips that have been seen before but couldn’t be correlated or identified as bridges, so they are no banned.

The second half you are embracing the Hacker Factor blog post. My response is simple, giving enough power to watch the network, it becomes compromised. This has not been proven to be done before. Also, after you connect to Tor with Bridges, know you have easier access to requesting new unlisted bridges than before.

  1. It doesn’t disconnect from an established bridge connection until the browser shuts down.

Yes.

An adversary can see exactly which bridge set you had and to which set you switched.

Addressed in the second half of point 10, given enough power….
Also a quote extracted from here https://2019.www.torproject.org/about/overview.html.en#stayinganonymous

Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.

  1. If all of your bridges match a set of bridges that I collected, then I know exactly which Tor exit node you were using and a timeframe when you were using it. While you are not unique, you are very distinct. This allows me to associate your real IP address with traffic from a known Tor exit node.

I disagree. Knowing the bridges you used is possible, as it is always your first connection, but even by connecting to unlisted bridges, they are not always in the blocklist.
Addressed in point 11 some portions.
About associating the real ip address with traffic from the exit node, yes, tor does not protect if the attacker can sniff the first and last hop at the same time. But circuits changes every 10 minutes or less if you prefer to reinforce change signaling a NEWNYM. The first bridge can change if the User configure more than one bridge, the exit node also could change (but not always, newnym changes circuit, but not always every ip change. Extracted from here https://stem.torproject.org/faq.html#how-do-i-request-a-new-identity-from-tor

Tor periodically creates new circuits. When a circuit is used it becomes dirty, and after ten minutes new connections will not use it. When all of the connections using an expired circuit are done the circuit is closed.
An important thing to note is that a new circuit does not necessarily mean a new IP address. Paths are randomly selected based on heuristics like speed and stability. There are only so many large exits in the Tor network, so it’s not uncommon to reuse an exit you have had previously.
Tor does not have a method for cycling your IP address. This is on purpose, and done for a couple reasons. The first is that this capability is usually requested for not-so-nice reasons such as ban evasion or SEO. Second, repeated circuit creation puts a very high load on the Tor network, so please don’t!

  1. Your set of unlisted (or private) bridges is stored to disk. If you use a system that never saves to disk, such as Tails, then you’re fine. Just don’t re-use bridge sets. But if you use the Tor Browser for the desktop or for mobile devices, then you are unique enough for tracking.

The problem of not reusing bridge sets, is always configuring new bridges, this is not possible every time to ensure this. About using Tor browser, the best modified firefox browser to protect from fingerprinting and tracking, but you don’t become unique, you become just like every other user, the same screen size, canvas, you become indistinguishable as far as it can do for you.

  1. The adversary has placed users in a corner: use Tor with unique tracking attributes, or don’t use Tor. (Why are they not blocking all unlisted bridges? Maybe they don’t have a LUB yet. Or maybe it is better to track and identify internal dissidents than it is to stop their connectivity. They may be intentionally blocking the safe and anonymous ways to connect to the Tor network in order to flush you out.)

Possibly, this questions are important to think of possible outcomes of this situation, is all about making you choice at the end of the day.

  1. From a practical viewpoint, Tor users should consider the trade-off between discovery and connectivity. If you are in an environment that does not permit direct connections, and does not permit the public bridges, then it probably isn’t safe enough to use the Tor network.

It is not safe enough to live in those places or acquire enough privacy, as you are under surveillance. About not being safe enough to use Tor network, probably you will be hunted if they discover, but without it, you would be an public ip node, which is even worse.



[ad_2]

Source link

Leave a Comment