/g/ - Technology

install openbsd

[Make a Post]
[X]





Hidden Service Traffic Analysis Nanonymous No.3086 [D][U][F][S][L][A][C] >>3100
File: 70eb22c5b8520ca9be4fe25d5adb48a902b707c03d7b8d9b49febcb6898657ba.jpg (dl) (232.59 KiB)

Please bear with me: Imagine 10 different Tor Browser users in different parts of the world connected to Nanochan and posted the same message in a given thread at exactly the same time. All 10 users use the exact same OS, TBB version, and settings. What could Nanochan's admin potentially see that might distinguish these 10 connections from one another, however subtle or useless some of these distinctions might be for correlation and traffic analysis? If these 10 users proceeded to repeat this collaborative effort without changing circuits, posting an identical post in another thread at precisely the same time, could each new post be tied to the previous post made over the same connection?

I pose this purely hypothetical scenario because I'm not convinced my understanding of Tor and hidden services is sufficiently complete. Any clarification or insight might help me improve my online opsec.

Nanonymous No.3087 [D] >>3089

I'm no expert but there would be no persistent or real identity of any of the users exposed to nanochan. They see the last circuit hop IP and the message, including the time received. They can try and figure out who you are based on the message you sent (content and style, timezone?) but I believe they have no way to identify you unless you dox yourself through your writing style, opinions and image use.
In theory a global adversary such as the NSA could correlate all the source IPs to the message (timing analysis). They may not know who sent which message but they are all the same so no difference to them.

Nanonymous No.3088 [D]

>if I send multiple messages through the same circuit, can they be linked
Almost definitely. If you get a new circuit each time, then no. The other posters have different circuits which are obviously different.

Nanonymous No.3089 [D] >>3090

>>3087
Exit nodes don't participate when you browse Hidden Service like on the clearnet. I'm not sure if nano admin could even differentiate nodes - all he can see is 127.0.0.1 connecting to the server.
Another thing to consider would be cookies, but nano doesn't seem to use them.


Nanonymous No.3090 [D] >>3091

>>3089
Just because you don't have exit nodes doesn't mean you don't have a circuit. The server software (apache or whatever) sees 127.0.0.1, but the Tor software running on you machine sees a whole lot more. If I had to guess I'd say it can see a single node that is particular to the user connecting.

Nanonymous No.3091 [D]

>>3090
Circuit is always different, having the same would defeat the purpose of Tor.
Don't you get different last relay every time you use Hidden Service?
Remember nano also goes through 5 or 6 nodes before meeting with our last node.

Nanonymous No.3092 [D][U][F] >>3094
File: 5a863b2175dd67b69fd611d18ee7572e65d93d156470df6ba38d6888fc9a0fa1.jpg (dl) (36.87 KiB)

Tor clients pick the rendezvous points and that may be an identifier a hidden service administrator can take advantage of during a session. If you make posts one after another without renegotiating with the hidden service on a different rendezvous point, hapase (or any other hidden service operator really) can link your posts together and build a shadow profile on you. Tor builds new circuits for each new, at least a second level domain, so visiting another website alongside the hidden service is fine.

Refer to Tor Browser design documentation if you want more in-depth knowledge.
https://www.torproject.org/projects/torbrowser/design/

Nanonymous No.3094 [D] >>3095

>>3092
Is "New Tor Circuit for this Site" all you have to do to avoid correlation?

Nanonymous No.3095 [D] >>3096

>>3094
You should fully close Tor Browser and reopen it instead. It's safer than relying on the new circuit/new identity buttons.

Nanonymous No.3096 [D]

>>3095
>relying
Yeah, whatever.

Nanonymous No.3099 [D] >>3164

This is trivial to do on the HTTP level. Cookies, ETag, for example.
TBB doesn't block cookies by default, and although it seems nanochan only uses them for accounts, I see that the server does use etag, which is sufficient.

Nanonymous No.3100 [D][U][F] >>3164
File: bcacbf5d98aa7ba07b2c2439a6939807ca6dc915a4c7ad43e3126d7fb6b4ad4f.png (dl) (30.16 KiB)

>>3086
>Low-latency networks like Tor, on the other hand, are fast enough for web browsing, secure shell, and other interactive applications, but have a weaker threat model: an attacker who watches or controls both ends of a communication can trivially correlate message timing and link the communicating parties.

https://www.freehaven.net/doc/wupss04/usability.pdf

Nanonymous No.3164 [D]

>>3099
A spammer wouldn't send cookies, so while that is a good way to track regular users, it doesn't allow mass spam deletion.

>>3100
OP asked about what Hakase can get, not the NSA.