Re: [tor-talk] Tor DNS Deanonymization

2016-11-03 Thread Flipchan 
I have been running dnssec over tor a month now and i am very happy havent had 
any problems

Michael  skrev: (3 november 2016 08:20:18 CET)
>There are many ways for your browser and other network traffic
> to betray your activities; it is not just DNS leaks ya got to be 
> worried about, checkout the browser cache attacks that where 
> shown at the BlackHat convention about two months ago.
>
>Title: I Know Where You've Been: Geo-Inference Attacks...
>Link: https://www.youtube.com/watch?v=lGb0AACAk1A
>
>Also be aware that DNS records are not the only way of linking
> specific users (or groups behind the same NAT) of a web
> server or multiple servers over time.
>
>Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser?
>Link: https://www.youtube.com/watch?v=OwxhAjtgFo8
>
>Stay safe y'all.
>
>On November 2, 2016 10:13:00 AM PDT, sajolida 
>wrote:
>>Alec Muffett:
>>> On 14 Oct 2016 1:29 pm, "Justin"  wrote:
 Not too long ago, a paper was published that talks about how Tor
>>users
 can be deanonymized through their DNS lookups. Is this something I
>>should
 be concerned about?
>>> 
>>> That is an excellent question! What are you doing, and who are you
>>afraid
>>> of?  :-P
>>
>>I bet Justin was referring to [1] which has been announced by its
>>authors on tor-dev [2] but I couldn't find an analysis of it by the
>Tor
>>community (and I don't have the skills to do it myself).
>>
>>[1]: https://nymity.ch/tor-dns/tor-dns.pdf
>>[2]:
>>https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html
>>-- 
>>tor-talk mailing list - tor-talk@lists.torproject.org
>>To unsubscribe or change other settings go to
>>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-11-03 Thread Michael 
There are many ways for your browser and other network traffic
 to betray your activities; it is not just DNS leaks ya got to be 
 worried about, checkout the browser cache attacks that where 
 shown at the BlackHat convention about two months ago.

Title: I Know Where You've Been: Geo-Inference Attacks...
Link: https://www.youtube.com/watch?v=lGb0AACAk1A

Also be aware that DNS records are not the only way of linking
 specific users (or groups behind the same NAT) of a web
 server or multiple servers over time.

Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser?
Link: https://www.youtube.com/watch?v=OwxhAjtgFo8

Stay safe y'all.

On November 2, 2016 10:13:00 AM PDT, sajolida  wrote:
>Alec Muffett:
>> On 14 Oct 2016 1:29 pm, "Justin"  wrote:
>>> Not too long ago, a paper was published that talks about how Tor
>users
>>> can be deanonymized through their DNS lookups. Is this something I
>should
>>> be concerned about?
>> 
>> That is an excellent question! What are you doing, and who are you
>afraid
>> of?  :-P
>
>I bet Justin was referring to [1] which has been announced by its
>authors on tor-dev [2] but I couldn't find an analysis of it by the Tor
>community (and I don't have the skills to do it myself).
>
>[1]: https://nymity.ch/tor-dns/tor-dns.pdf
>[2]:
>https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-11-02 Thread sajolida 
sajolida:
> Alec Muffett:
>> On 14 Oct 2016 1:29 pm, "Justin"  wrote:
>>> Not too long ago, a paper was published that talks about how Tor users
>>> can be deanonymized through their DNS lookups. Is this something I should
>>> be concerned about?
>>
>> That is an excellent question! What are you doing, and who are you afraid
>> of?  :-P
> 
> I bet Justin was referring to [1] which has been announced by its
> authors on tor-dev [2] but I couldn't find an analysis of it by the Tor
> community (and I don't have the skills to do it myself).
> 
> [1]: https://nymity.ch/tor-dns/tor-dns.pdf
> [2]:
> https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html

Oops, sorry for the noise: I still had the answers from Philipp and Nick
in the backlog accumulated at the OTF summit and just saw them now. Hi hi :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-11-02 Thread sajolida 
Alec Muffett:
> On 14 Oct 2016 1:29 pm, "Justin"  wrote:
>> Not too long ago, a paper was published that talks about how Tor users
>> can be deanonymized through their DNS lookups. Is this something I should
>> be concerned about?
> 
> That is an excellent question! What are you doing, and who are you afraid
> of?  :-P

I bet Justin was referring to [1] which has been announced by its
authors on tor-dev [2] but I couldn't find an analysis of it by the Tor
community (and I don't have the skills to do it myself).

[1]: https://nymity.ch/tor-dns/tor-dns.pdf
[2]:
https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-19 Thread Nick Mathewson 
On Tue, Oct 18, 2016 at 10:39 AM, Philipp Winter  wrote:
> On Sun, Oct 16, 2016 at 01:15:32AM -0400, Nick Mathewson wrote:
>> On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter  wrote:
>>  [...]
>> > There are two ways to mitigate the issue.  First, we need better
>> > defences against website fingerprinting, so an attacker learns less by
>> > observing the connection to your guard relay.  Second, we need to
>> > improve the DNS setup of exit relays.  I would like to see less relays
>> > use Google's resolver, and we need to move towards encrypted DNS.
>>
>> Thanks, Philipp!
>>
>> Could you comment at all about whether our current exit side dns
>> caching approach makes the attack harder, easier, or doesn't matter?
>
> Generally, the longer exit relays cache domains, the less precise the
> attack.  The trade-off is illustrated in Figure 10b in our paper [0].
> At the moment, exit relays cache domains for only 60 seconds [1],
> regardless of the domain's TTL.  If that bug is fixed, the attack
> becomes a bit harder to mount.  It can become even harder if exit relays
> were to cache each domain for, say, 10 minutes or more.
>
> [0] 
> [1] 

Thanks!  I've just pulled #19025 (and its sibling, #19769) into
consideration for 0.3.0.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-18 Thread Philipp Winter 
On Sun, Oct 16, 2016 at 01:15:32AM -0400, Nick Mathewson wrote:
> On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter  wrote:
>  [...]
> > There are two ways to mitigate the issue.  First, we need better
> > defences against website fingerprinting, so an attacker learns less by
> > observing the connection to your guard relay.  Second, we need to
> > improve the DNS setup of exit relays.  I would like to see less relays
> > use Google's resolver, and we need to move towards encrypted DNS.
> 
> Thanks, Philipp!
> 
> Could you comment at all about whether our current exit side dns
> caching approach makes the attack harder, easier, or doesn't matter?

Generally, the longer exit relays cache domains, the less precise the
attack.  The trade-off is illustrated in Figure 10b in our paper [0].
At the moment, exit relays cache domains for only 60 seconds [1],
regardless of the domain's TTL.  If that bug is fixed, the attack
becomes a bit harder to mount.  It can become even harder if exit relays
were to cache each domain for, say, 10 minutes or more.

[0] 
[1] 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-15 Thread Nick Mathewson 
On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter  wrote:
 [...]
> There are two ways to mitigate the issue.  First, we need better
> defences against website fingerprinting, so an attacker learns less by
> observing the connection to your guard relay.  Second, we need to
> improve the DNS setup of exit relays.  I would like to see less relays
> use Google's resolver, and we need to move towards encrypted DNS.

Thanks, Philipp!

Could you comment at all about whether our current exit side dns
caching approach makes the attack harder, easier, or doesn't matter?

Best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-14 Thread Philipp Winter 
On Fri, Oct 14, 2016 at 07:29:17AM -0500, Justin wrote:
> Not too long ago, a paper was published that talks about how Tor users
> can be deanonymized through their DNS lookups. Is this something I
> should be concerned about?

I am one of the authors.  While the attack is very precise in our
simulations, it only works in a specific situation.  On the complexity
spectrum, the attack is in between website fingerprinting (the attacker
observes or is your guard relay) and end-to-end correlation (the
attacker sees both ends).

In our setting, the attacker must observe traffic to your guard (or be
your guard) *and* your DNS requests.  That's easier than end-to-end
correlation because, depending on an exit relay's setup, DNS requests
can traverse quite a lot of autonomous systems, which benefits
network-level adversaries.  Summing up, your neighbour will have a hard
time mounting the attack, but not necessarily your government.

There are two ways to mitigate the issue.  First, we need better
defences against website fingerprinting, so an attacker learns less by
observing the connection to your guard relay.  Second, we need to
improve the DNS setup of exit relays.  I would like to see less relays
use Google's resolver, and we need to move towards encrypted DNS.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-14 Thread Flipchan 
I have asked around and ppl tell Me that dns over tls is the best , anyhow this 
is how i solved it https://github.com/flipchan/Nohidy/blob/master/dns

Justin  skrev: (14 oktober 2016 14:29:17 CEST)
>Hi,
>Not too long ago, a paper was published that talks about how Tor users
>can be deanonymized through their DNS lookups. Is this something I
>should be concerned about?
>Thanks,
>Justin.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-14 Thread Yphone 
Using Tails for secure coms. I don't want the NSA to have an easy time of 
spying on me. 

- Justin

> On Oct 14, 2016, at 07:32, Alec Muffett  wrote:
> 
>> On 14 Oct 2016 1:29 pm, "Justin"  wrote:
>> 
>> Hi,
>> Not too long ago, a paper was published that talks about how Tor users
> can be deanonymized through their DNS lookups. Is this something I should
> be concerned about?
> 
> That is an excellent question! What are you doing, and who are you afraid
> of?  :-P
> 
>- alec
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

2016-10-14 Thread Alec Muffett 
On 14 Oct 2016 1:29 pm, "Justin"  wrote:
>
> Hi,
> Not too long ago, a paper was published that talks about how Tor users
can be deanonymized through their DNS lookups. Is this something I should
be concerned about?

That is an excellent question! What are you doing, and who are you afraid
of?  :-P

- alec
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk