Saturday, June 5, 2010

The Extra Steps That TOR Users Must Take

Praveen Dalal

The “Decloaking Engine” invented by HD Moore was one of the most effective ways of showing how exit nodes of TOR system can sniff the unencrypted, plain text and insecure information and data passing through it. A malicious or e-surveillance capable exit node is the weakest link of the privacy and security chain of a TOR user. However, the problem is not with the TOR’s system as this is the way TOR works. The real problem lies with the end user’s perception regarding TOR’s use in general and anonymity and privacy in particular.

There are various media reports that suggest that Wikileaks acquired its whistle blowing ammunition by sniffing or intercepting the traffic flowing through TOR networks. Whether this is true or not is not the real question here. The real question is what TOR is actually offering to the end users?

Interestingly, TOR is very clearly and openly explaining the scope of anonymity and privacy offered by it to the end users. Actually TOR is great for anonymity but average at privacy protection and poor at data security. This is because although the entry node encrypts the data and forwards it to the next node, the exit node sees it in clear text and unencrypted form. This means that although the ultimate site that you wish to access would see the IP address of the exit node and not your original IP address yet the exit node itself is very sure about the data you are sending to the website.

Think about a malicious exit node as a man-in-the middle attacker (MITM).that can sniff your traffic that you are sending to the ultimate website. It may include confidential information like bank accounts, passwords, governmental secret documents, etc. All of these travel in a plain text form and can be sniffed easily by the exit node. To some extent a malicious exit node is also a form of “Extended MITM” attack as the normal MITM attack occurs either at the local network or local wireless network/access point. But in case of MITM attack occurring at the exit node of TOR system, this is happening at a place far beyond your network(s) and jurisdiction. This scary fact must be kept in mind while sending unencrypted and unprotected data across TOR network.

The real problem is that an averageTOR user cannot differentiate between a trusted and untrusted exit node. This differentiation is not within his direct control. But he has something great that can reduce his risks of exit node attacks. The TOR users must use great services like OpenSSH or PuTTY while sending confidential information. They may also use their own preferred end to end encryption software and systems but the main idea remains the same. TOR provides the anonymity and a secured connection provides additional privacy and security.

Using Firefox after disabling Add-ons, Active X Controls, Java Scripts, Cookies, etc can also bring additional anonymity and privacy. If you need all these functionalities, you can use two different browsers with different setting i.e. Firefox for TOR and other browser for your other tasks. These steps may not make you absolutely anonymous but would definitely solve the problem of malicious exit nodes sniffing to a great extent.