Why Tor Users Should Be Cautious About P2P Privacy

An anonymous reader writes "I went across your post a few days ago saying that a machine connected to the Internet was all one needed to spy on most BitTorrent users of the Internet. I followed the link to find out that those researchers from INRIA claimed their attacks also worked for BitTorrent users on Tor. I didn't believe it at first, but then today I found this link on the Tor Project. It seems their attacks don't only link your real IP to your BitTorrent files on Tor but also to the web pages that you're browsing! Tell me it's a joke." No joke, but according to Jacob Appelbaum (a Tor developer), the security flaw is more nuanced — and the fault of software outside of Tor. Read on for his explanation of how the privacy benefits of Tor can be easily lost.

Appelbaum writes "This isn't a failing of Tor, it's a failing of BitTorrent application designers and a privacy failure of their users too. The BitTorrent clients don't appear to double check the information that's ripe for tampering. When combined with common BitTorrent applications that aren't designed for privacy, it's possible to cause a BitTorrent client to leak information about their actual source IP. The BitTorrent protocol is difficult to anonymize with a simple proxy. Ironically, one of the best points of the paper is that those BitTorrent clients also harm the anonymity of the users' web browsing. The user's browsing will often leave the same Tor Exit Node as their BitTorrent traffic; the user is using the same circuit for browsing as they are for BitTorrent. If the user isn't practicing safe browsing techniques, they're probably going to reveal some more of their traffic to the authors of the paper. This is just like the normal internet too. If you browse unsafely, people can observe you or tamper with the data in transit. So in conclusion, this paper isn't about busting anonymity networks as much as it is about busting BitTorrent client privacy." Additionally, he says, "Tor can't keep you anonymous if you don't actually use Tor for your connections. ... The real key is that if they had done transparent proxying (that failed closed) and they had a privacy-aware BT client, the user would probably be fine. Please don't use BitTorrent and Tor together."

Re:Pardon my ignorance... but tor for P2P?

[Anonymous Coward]

Slow down, cowboy. Read the comment instead of just quoting it, and you'll notice that he only said there are legit reasons to use TOR for torrents, not that he actually does so.

Re:Using Tor securely

[Anonymous Coward]

Here are the instructions for doing transparent Torification [torproject.org].

Re:Pardon my ignorance... but tor for P2P?

[Anonymous Coward]

That's easy enough to do [torproject.org] with iptables or pf.

Re:I2P?

[Anonymous Coward]

What about i2p [wikipedia.org]? As it uses modified p2p programs (including BitTorrent), is it vulnerable to this flaw or not?

Not if you use the BitTorrent client that comes with I2P, or Robert, which is another BitTorrent client for I2P. There is a paragraph on torrenting in I2P on the Wikipedia page you linked to:

http://en.wikipedia.org/wiki/I2P#BitTorrent

However, if you use a BitTorrent client that is not written with I2P in mind, it will reveal your IP the same way it does over TOR.

Re:I2P?

[Mathiasdm]

Yes, I2P has a number of clients specifically made for it. Also, since the traffic stays inside the network, there's not the same issue as with Tor (that bittorrent basically ruins the outproxies). That upside is also a downside, since it means you can't torrent traffic from regular sites, you have to stick to internal I2P torrents.

Re:I2P?

[Anonymous Coward]

I'm sorry, but that is just plain FALSE.

Torrent clients for I2P don't leak your IP address at all (I2P trackers don't even work with IP addresses anyway).

Your comment is misleading because the issue here is NOT the transport layer (i.e. Tor), but the fact that regular torrent clients (i.e. non-I2P torrent clients) *may* leak your IP address.

tl;dr: present proof of what you're saying or STFU

Re:Tor is hopeless

[Anonymous Coward]

Why was this marked Flamebait? Most of it is true.

Even dealing with all the points in the first sentence, the last part is impossible to fix.
Tor, by its very nature, is open to attack from any company with enough money to buy a couple hundred servers and bandwidth for all of them.
Trusting Tor is like trusting some guy in a mask who looks "important".
It is not a matter of proving that most of the nodes, or a good chunk of the nodes are from agencies of some sort, it is the fact that you CAN'T.
Trusting an unknown is the worst thing you can do when it comes to privacy.

This goes for all those random anonymizer services you pay for as well.
Pretty much all of them can't be trusted simply because they are unknowns.
Unless you know the people behind the project either directly or indirectly (think that VPN from TPB), you are putting yourself at serious risk.

Just because you haven't heard of people being caught by using said services, doesn't mean that it fails to happen.
There is a lot of stuff that fails to leave courtrooms, and some plain don't even go near them due to it being settled outside court. (that happens significantly more often, actually)

Remember: it could be you next.
You hear about people getting screwed over by doing something on the internet, whether it was illegal downloads, child porn, protests, revealing secrets, blah blah etc, but you never think it will happen to you until it is either too late, or someone you know is fucked

Re:a tor-friendly p2p alternative: http://anomos.i

[QCompson]

Stop your spamming. The tracker sees your real ip, game over. It's disingenuous to name something "anomos" when it is anything but anonymous (not even pseudo-anonymous).