Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Tor Users Should Be Cautious About P2P Privacy

Posted by timothy on from the but-this-computer's-in-a-safe-location dept.

An anonymous reader writes "I went across your post a few days ago saying that a machine connected to the Internet was all one needed to spy on most BitTorrent users of the Internet. I followed the link to find out that those researchers from INRIA claimed their attacks also worked for BitTorrent users on Tor. I didn't believe it at first, but then today I found this link on the Tor Project. It seems their attacks don't only link your real IP to your BitTorrent files on Tor but also to the web pages that you're browsing! Tell me it's a joke." No joke, but according to Jacob Appelbaum (a Tor developer), the security flaw is more nuanced — and the fault of software outside of Tor. Read on for his explanation of how the privacy benefits of Tor can be easily lost. Appelbaum writes "This isn't a failing of Tor, it's a failing of BitTorrent application designers and a privacy failure of their users too. The BitTorrent clients don't appear to double check the information that's ripe for tampering. When combined with common BitTorrent applications that aren't designed for privacy, it's possible to cause a BitTorrent client to leak information about their actual source IP. The BitTorrent protocol is difficult to anonymize with a simple proxy. Ironically, one of the best points of the paper is that those BitTorrent clients also harm the anonymity of the users' web browsing. The user's browsing will often leave the same Tor Exit Node as their BitTorrent traffic; the user is using the same circuit for browsing as they are for BitTorrent. If the user isn't practicing safe browsing techniques, they're probably going to reveal some more of their traffic to the authors of the paper. This is just like the normal internet too. If you browse unsafely, people can observe you or tamper with the data in transit. So in conclusion, this paper isn't about busting anonymity networks as much as it is about busting BitTorrent client privacy." Additionally, he says, "Tor can't keep you anonymous if you don't actually use Tor for your connections. ... The real key is that if they had done transparent proxying (that failed closed) and they had a privacy-aware BT client, the user would probably be fine. Please don't use BitTorrent and Tor together."

24 of 122 comments (clear)

  1. Pardon my ignorance... but tor for P2P? by Anonymous Coward · · Score: 5, Insightful

    Pardon my ignorance, but using Tor for P2P stuff is at best abusive, at worst highly destructive. Tor wasn't designed for high bandwidth applications. It was designed for Web browsing and ensuring that packets from an exit node would be very hard to trace back to the sender as the first priority.

    Of course, even with the best anonymization methods, if someone has cookies, Flash shared objects, or shared objects stored by add-ons that positively identifies their Web browser, their browsing history can be linked together, and some sort of profile be built.

    Tor is half the battle. The second half is making sure your Web browser is anonymous. I prefer running it in a VM which rolls itself back, and has as little customization as possible, so it fits in with the millions of other people running IE with standard XP installs.

    1. Re:Pardon my ignorance... but tor for P2P? by santax · · Score: 5, Insightful

      Not everyone uses torrents to download movies... I can even imagine someone trying to watch a recorded news-show or documentary that could get him in trouble... in that case I would say, use of TOR is fine. But in the case of just downloading your average movie, you are right, don't use TOR for that! But there are lots of cases where I feel the use of TOR for torrents is allowed.

    2. Re:Pardon my ignorance... but tor for P2P? by CharlyFoxtrot · · Score: 3, Interesting

      I prefer running it in a VM which rolls itself back, and has as little customization as possible, so it fits in with the millions of other people running IE with standard XP installs.

      I'd like to see some way of tor-ifying all network connections coming out of a VM to make sure there is no leakage instead of running tor inside the VM. I've toyed with the idea of using one VM with tor installed as a router for another VM used for browsing but that seems like overkill.

      --
      If all else fails, immortality can always be assured by spectacular error.
    3. Re:Pardon my ignorance... but tor for P2P? by alen · · Score: 4, Funny

      so maybe Tor should upgrade their infrastructure like every other ISP has had to do to keep up with demand

    4. Re:Pardon my ignorance... but tor for P2P? by Anonymous Coward · · Score: 4, Informative

      That's easy enough to do with iptables or pf.

    5. Re:Pardon my ignorance... but tor for P2P? by buchner.johannes · · Score: 2, Interesting

      Well you could put the Bittorrent tracker traffic over Tor. It doesn't have to be responsive, and it is low-bandwidth. It occurs repeated though (probably every minute or so).
      Client-to-Client communication is encrypted anyway, so one can plausibly deny it has anything to do with (certain) torrents.

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    6. Re:Pardon my ignorance... but tor for P2P? by Anonymous Coward · · Score: 4, Insightful

      FFS... use Freenet for that, not Tor!

      Tor is preferable if you need low latency; Freenet is preferable for transferring large amounts of data (due to its cache nature).

    7. Re:Pardon my ignorance... but tor for P2P? by Bigjeff5 · · Score: 3, Insightful

      He did not say "Circulate video through bittorrent/tor simply because it's a documentary" or anything like that. It's easy to misread him, but he went out of his way to say he wasn't supporting that.

      You're completely missing why it's a dick move to download torrents on TOR. The AC said exactly why in his post, and everybody has subsequently ignored it.

      Downloading torrents eats away at Tor's bandwidth in large chunks. Tor is a free service, but they have to pay for bandwidth. One person downloading torrents uses the same bandwidth as 100 people or more actively browsing the web. Most people don't actively browse either, they sit on a site and dick around for a while, so it's very possible someone with a high bandwidth connection downloading torrents could use the same bandwidth as several hundred people browsing. This is the same complaint cable companies make, and it's legitimate, but we pay a lot for the service so we tell them to piss off and upgrade their network. Tor is totally different, you are abusing someone's network who is letting you use it for free.

      Ergo, downloading torrents on Tor is a real dick move.

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    8. Re:Pardon my ignorance... but tor for P2P? by Anonymous Coward · · Score: 2, Insightful

      Yeah, but Freenet fills a large local cache with child porn, no ifs, ands, or buts about it. Get accused of something, get your HD seized, and good luck explaining to a 60-year-old judge or jury members who likely can't configure their own e-mail clients that you didn't *really* download that stuff.

      TOR carries plenty of nasty material, but it isn't cached locally in such quantities. A cache-heavy tool connected to unknown users intrinsically has some nasty drawbacks.

  2. Using Tor securely by Dr.+Sp0ng · · Score: 5, Insightful

    There's really only one way to do it - run it on a freshly-installed (probably virtual) machine (so there's no personal data on the system) with a non-public IP address, and then firewall it off so it cannot make any non-Tor network connections. Then apps can leak all the data they want, but they have no useful info to leak.

    1. Re:Using Tor securely by Anonymous Coward · · Score: 3, Informative

      Here are the instructions for doing transparent Torification.

    2. Re:Using Tor securely by physicsphairy · · Score: 2, Funny

      Overheard at the CIA...

      "Sir! We have analyzed that connection and found it to originate from a public access point. We hacked the system and found it to be a blank virtual machine. It's disconnected now and we don't have any other identifying data. This guy was pretty slick."

      "Excellent! Find Dr. Sp0ng, arrest him, and lock him up. No one else would anonymize themselves that effectively, so he is obviously the culprit!"

      --
      When things get complex, multiply by the complex conjugate.
    3. Re:Using Tor securely by Dr.+Sp0ng · · Score: 2, Insightful

      Find Dr. Sp0ng, arrest him, and lock him up.

      Good thing I'm only College-Dropout Sp0ng. They'll never find me.

  3. Way to avoid this security problem by Anonymous Coward · · Score: 2, Insightful

    Surrender and go Amish!

  4. a tor-friendly p2p alternative: http://anomos.info by keneng · · Score: 4, Interesting

    Anomos' Key Features:
    --------------------
    1)UNLIKE BITTORRENT, NO PEERS DIRECTLY UPLOAD/DOWNLOAD TO OTHER PEERS.
    Every peer relays to other peers just like Tor. This makes it more difficult for the prying eyes.
    2)The more peers connecting to the same tracker, the stronger the anonymity for everyone.
    3)runs on windows, mac os x, and linux
    4)Based on the original python-based bittorrent sources
    5)Tweaked to be tor-friendly

    For more information:
    http://anomos.info/

    Anomos torrent sites are on their way. Seek and you shall find.

  5. Re:Privacy to hide Piracy by Anonymous Coward · · Score: 4, Funny

    Just like thieves wear black mask so that they are not recognized when stealing.

    FYI, cartoons are not real life.

  6. Re:a tor-friendly p2p alternative: http://anomos.i by BitZtream · · Score: 3, Interesting

    Wow, you realize at some point it becomes easier to just buy the content you're trying to hide transfering than what you're doing right?

    By the time your transfer is complete, the copyright will have expired, even at lifetime + 75 years.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  7. Re:Someone should invent a new p2p program by BitZtream · · Score: 2, Interesting

    1. The court tends to call bullshit when its obvious you're going out of your way to facilitate breaking the law and using ignorance as an excuse.
    2. Thats a simple option for the software of all p2p software, the Internet had ways to deal with flow control before you ever connected to it.
    3. So use SSL ... already done.
    4. Again, already done.
    5. This creates a way to figure out who is hosting what, defeating #1 Of course, its kind of a requirement to know who is offering what so that you can figure out where to ask for it.

    If you want something public to be useful, its not going to be private or completely anonymous, you're asking for mutually exclusive features.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  8. Re:Global "Lawful Interception" break Tor anyway by Ux64 · · Score: 3, Interesting

    True. Problem with Tor is that it is LOW LATENCY network. There is no way to hide traffic by adding hops on low latency network, if all connections are monitored. And even if there are some unmonitored nodes, traffic can be still easily monitored.

    That's why all links between peers should use constant bandwith method. Every link need to maintain same utiliation level, even if no traffic is being passed. This is very old method, but rarely being used with P2P.

  9. This isn't a 'flaw' in BitTorrent... by laird · · Score: 2, Insightful

    In case anyone is thinking that this is somehow a 'security flaw' in BitTorrent, we should be clear that privacy is not a design goal of BitTorrent; BitTorrent was designed to provide extremely reliable, efficient file delivery. So while BitTorrent has many strengths (efficiency, etc.) there is a tradeoff between its goals and the goals of a network such as Tor. Specifically, in order to maximize efficiency, BitTorrent distributes your IP address quite openly, has consistent and obvious torrent IDs, etc., which make it efficient and reliable, but pretty much the OPPOSITE of concealing what you are doing from your ISP and the rest of the p2p network. Anyone who was surprised that it's easy to monitor BitTorrent traffic hasn't read the protocol spec - it is EXTREMELY easy to monitor activity in BitTorrent networks, because BitTorrent intentionally distributes everyone's IP addresses, transfer activity, etc., in order to allow the protocol to operate efficiently. So if you want to monitor BitTorrent, you just find tracker addresses and torrent IDs (which are in the .torrent files) and ask the trackers and for the addresses of all of the peers in each torrent, and get back a nice list of peers.

    There are other p2p networks that do attempt to conceal what you are doing in the network, but the cost of that is that they generally are inefficient (wasting tons of CPU and bandwidth) and thus perform badly, making them unpopular with people who want to rapidly download files.

    And I will second the note that running BitTorrent through Tor is a terrible idea. You end up with the worst of both networks - terrible performance and not much security. Worse, doing so damages the rest of the Tor network, interfering with people who are using Tor for what it is designed for.

    --
    Enable 3D printed prosthetics!
  10. Re:I2P? by Mathiasdm · · Score: 2, Informative

    Yes, I2P has a number of clients specifically made for it. Also, since the traffic stays inside the network, there's not the same issue as with Tor (that bittorrent basically ruins the outproxies). That upside is also a downside, since it means you can't torrent traffic from regular sites, you have to stick to internal I2P torrents.

    --
    Join the anonymous, help develop the network: http://www.i2p2.de
  11. Re:a tor-friendly p2p alternative: http://anomos.i by santax · · Score: 2, Insightful

    Yes and when you're in China I am sure the local library will be quite happy to lend you that copy of the dvd on Tankman, just as long as you can show your ID ;)

  12. Re:Tor is hopeless by Anonymous Coward · · Score: 2, Informative

    Why was this marked Flamebait? Most of it is true.

    Even dealing with all the points in the first sentence, the last part is impossible to fix.
    Tor, by its very nature, is open to attack from any company with enough money to buy a couple hundred servers and bandwidth for all of them.
    Trusting Tor is like trusting some guy in a mask who looks "important".
    It is not a matter of proving that most of the nodes, or a good chunk of the nodes are from agencies of some sort, it is the fact that you CAN'T.
    Trusting an unknown is the worst thing you can do when it comes to privacy.

    This goes for all those random anonymizer services you pay for as well.
    Pretty much all of them can't be trusted simply because they are unknowns.
    Unless you know the people behind the project either directly or indirectly (think that VPN from TPB), you are putting yourself at serious risk.

    Just because you haven't heard of people being caught by using said services, doesn't mean that it fails to happen.
    There is a lot of stuff that fails to leave courtrooms, and some plain don't even go near them due to it being settled outside court. (that happens significantly more often, actually)

    Remember: it could be you next.
    You hear about people getting screwed over by doing something on the internet, whether it was illegal downloads, child porn, protests, revealing secrets, blah blah etc, but you never think it will happen to you until it is either too late, or someone you know is fucked

  13. Re:a tor-friendly p2p alternative: http://anomos.i by QCompson · · Score: 2, Informative

    Stop your spamming. The tracker sees your real ip, game over. It's disingenuous to name something "anomos" when it is anything but anonymous (not even pseudo-anonymous).