![]() ![]() This group has been around since at least 2017 and the Tor Project's efforts to remove them have been ineffective. With that many nodes, they can easily decloak hidden services and track individual users. ![]() Similarly, this year Tor researcher Nusenu found that one persistent threat group (KAX17) had managed to create thousands of Tor nodes. This censorship also means that these ISPs could easily detect Tor bridges (as noted in my second Tor 0day blog entry.) If the Tor Project actually provided anonymous or less detectable bridges, then this filtering would never have happened. By blocking Tor access, these services reduce the number of bad actors on their networks. Tor is often viewed a bad neighborhood since it is often associated with other criminal activities, like human trafficking and drugs. To me, this looks like ISPs having a problem with Tor users. As OONI noted, the blocks followed a "recent spike in the use of Tor bridges (used for circumventing Tor blocking) in Russia." This looks like individual blocking efforts. If the censorship was government-sponsored, as the Tor Project suggested, then I would expect it to be much more widespread and consistent. In some cases though (such as on AS42437), OONI data suggests that access to is being interfered with by means of a TLS man-in-the-middle attack, while in other cases (such as on AS51570), we observe that the connection is reset once the TLS handshake has been initiated, suggesting the use of Deep Packet Inspection (DPI) technology. Moreover, each censorship instance used a different blocking method: According to OONI, it wasn't all of Russia blocking Tor it was 15 out of 65 subnets. About 10 days after the Tor Project's announcement, OONI posted their report. The Open Observatory of Network Interference (OONI) is an organization that tracks online censorship. The Tor Project's alert about Russia was really just a complaint that people were blocking their service through exploits that the Tor Project hasn't felt like fixing. ![]() Moreover, the Tor Project had known about these issues for years. SNOWFLAKE TOR BRIDGE SERIESWhat they didn't mention was that these blocks were made possible using the exact same methods disclosed in my blog series a year earlier. Earlier this month, the Tor Project made an announcement that Russia was blocking Tor. This threat vector is also seen when countries block access to Tor. For these companies, it is one thing to have a rule about "no Tor", but it's another to enforce the rule by detecting and immediately blocking anyone who violates the rule. These companies don't mind if you use Tor on your home network and home computer just not on anything that touches the company's network. This restriction prevents malware from downloading past the corporate anti-virus scanners and deters someone from potentially leaking company-confidential information. My "Tor 0day" blog series focused on one specific scenario: Can someone watching the network traffic determine if you (specifically you) were using Tor?įor example, many companies do not permit Tor within the corporate network. Snowflake introduces another connection option, but it has its own serious limitations and is far too detectable. Some of my "Tor 0day" blog entries mentioned a lack of good pluggable transports for when someone blocks direct and indirect (bridge) connections. The main Tor-specific changes were the deprecation and removal of onion v2 support (replaced by v3 addresses) and the formal release of snowflake as a pluggable transport. There were also over a dozen updates to the Tor Browser (from version 10.0.8 to 11.0.3), but most of these were basically incorporating updates from Firefox. Over the past year, there were over a dozen updates for the Tor daemon (and that's not counting the pre-releases). Of all of the vulnerabilities and concerns that I raised in 2020, the Tor Project didn't address any of them. (The last blog entry begins with a summary of the vulnerabilities.) Other issues were brand new and first disclosed on my blog. Many of them were well-known to the Tor Project (some nearly a decade old!) but had never been addressed and had no viable mitigation options or alternatives. Back in 2020, I wrote nine blog entries about Tor that covered a wide range of vulnerabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |