First miss concept is most of users think TOR hides (encrypt) our data from the outer world. Which means most of people expect the VPN function with TOR. Main object of TOR is the ANONYMITY which ensures the source of information won't reveal. And it is not ensuring secure of information. But as a result of it's mechanism it encrypts our data and will not revealed to others in some cases.
There is a wrong concept about the TOR mechanism. Some explains about TOR, it make sense that TOR is vulnerable. Common teach is TOR client encrypt data and send it to the guard relay. Then guard relay encrypt the received data and so on. This is totally wrong.
TOR is a network consists thousands of relays which is working as nodes connected to the normal network. These nodes/relays can be divided into three parts.
- Entry/Guard Relay - This is the entry point to the Tor network. Relays are selected to serve as guard relays after being around for a while, as well as having shown to be stable and having high bandwidth.
- Middle Relay - Middle relays are exactly that - middle nodes used to transport traffic from the guard relay to the exit relay. This prevents the guard and exit relay from knowing each other.
- Exit Relay - These relays are the exit point at the edge of the Tor network. These relays send traffic to the final destination intended by the client.
All of this nodes are publicly available. There are lists of nodes which is available online. When we start TOR browser it finds randomly some nodes and route our traffic through them. We can see the Entry node, middle nodes and Exit node which our traffic routed. So when the TOR browser sends some data portion, it first encrypt the data (TLS/SSLv3 using AES-128) with public key of the Exit relay. Then it again encrypt the previously encrypted portion with the use of Middle relays' public keys (with order from exit node to entry node). So it may be encrypted more than two three times. Finally the existing portion will be encrypted with the use of Entry relay's public key.
This packet will be sent to the Entry relay. It will be decrypted by Entry relay and find the next hop using the decrypted information. Like that by decrypting, Middle relays will find the next nodes and this packet will be comes to Exit node. Exit node will decrypt this finally and it can see the original packet. This packet will be sent by the Exit node to the intended site. So the certain site can only see the Exit node's IP. As a result exit node can see all the data exits from it. (If data in clear text). The returned data from the certain site will be come to the client PC in vice versa as mentioned.
So with this mechanism we can see that exit nodes are suspicious for intruding our data. And it is true they are sniffing on our data. It has been proven by Swedish security researcher, Chloe. Not all Exit nodes. But some of nodes has revealed (can be other nodes too). And also it has found some compromised exit nodes by security consultant Dan Egerstad. He has found login credentials for thousands of servers.
Therefore it is a true there is a vulnerable in this network if we are expecting secure for confidential data over this network. But still it keeps anonymity. For this most of security experts recommend to be aware of HTTPS, SSH and etc for secure sensitive data (Which is giving end to end encryption).
On the other hand you have to be alarmed of exit node only if you are browsing normal sites using TOR browser. If you are using TOR browser to access .onion sites there will be no exit node, so no intruder. But still you have to follow some rules for you in order to secure yourself.
Some notes for using TOR
- You should not mention your private details any of chat threads, email, forums or any site within TOR.
- Don't use TOR to login any site which you use in your private life (or in business).
- Use services like duckduckgo, protonmail which is not requesting for private data.
- Build different profiles when you use darknet and keep them separate from your private ones.
Most of TOR plus VPN guides suppose first start the VPN and then run TOR for encrypt the data in between client and Entry relay. But it is not required because the data leave from the client has encrypted in several layers as mentioned. But it would be important if you are behind a censored connection by your government or ISP. For this reason TOR has introduced some special relays called BRIDGE.
As mentioned before TOR relays are not a secret. So exit nodes and entry nodes are known. Therefore government, ISP can filter TOR traffic with the destination IP (which is entry relay IP). On the other hand some sites can block your connection if the IP packets from a TOR exit node. In such a case TOR maintains Bridges for serve as entry and exit node which are not common. These bridges are not publicized. Therefore parties who are going to block TOR connections would not be able to recognize TOR connections.
There is another reason to use a VPN with TOR. TOR client directly connect to the Entry relay. So IP address of the TOR user is known to the Entry relay/node. That means someone who is in the entry node can see the traffic coming from you. But he/she can't see the data in that traffic because it is encrypted. If you are not sure and if you think Entry node will trace back to you, you can use VPN. Then entry node only see the VPN's IP address. But who can trust VPN owners?
My final idea is even we used number of VPNs, proxies for our anonymity or/and security they could be compromised by our own mistakes or misuse. The only way to evade these issues is learning of them. Learn, test and confirm by yourself.
If you want the truth, no one is going to tell you the truth, they're going to tell you their version. So if you want the truth, you have to seek it out for yourself.-Julian Assange-
References;
https://www.reddit.com/r/TOR/comments/5qmqw4/should_i_be_using_a_vpn_with_tor/
https://www.reddit.com/r/TOR/wiki/index#wiki_should_i_use_a_vpn_with_tor.3F_tor_over_vpn.2C_or_vpn_over_tor.3F
https://www.makeuseof.com/tag/priority-wretched-hive-scum-villainy-5-ways-stay-safe-bad-tor-exit-nodes/
https://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one/
https://tor.stackexchange.com/questions/14898/better-understanding-of-the-routing-tables-inside-each-tor-router
https://metrics.torproject.org/networksize.html
No comments:
Post a Comment