Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Open Source Tortilla For Tor To Be Released At Black Hat

Comments Filter:
  • by i kan reed (749298) on Monday July 15, 2013 @04:17PM (#44288599) Homepage Journal

    The real problem is that nefarious governments locate physical locations connecting to TOR by complicit ISPs and go after the people and hardware.

    • by Anonymous Coward on Monday July 15, 2013 @06:29PM (#44289915)

      Nefarious government hunt down Tor users.

      Smart governments, like the U.S., run Tor nodes. In fact, it's been conjectured by cryptographers and analysts--not just Bruce Schneiner, but other academics--that the U.S. government runs a plurality of all Tor nodes. We know for a fact that they use Tor to hide some of their own surveillance and exfiltration traffic, but undoubtedly they also log all traffic on their nodes for analysis so they can figure out who else is using it.

      Because Tor doesn't use constant-rate traffic padding, it's actually easy to trace Tor traffic if you can analyze a substantial number of Tor messages. Thus, the easiest way to defeat Tor if you have a decent budget is to just run as many Tor nodes as you can. (Because the NSA's taps into major exchanges, they're probably capable of doing it the hard way, too; specifically, by simply recording IPs and timing of traffic to and from all known Tor nodes.)

      When I ran a Tor exit node on a gigabit Cogent link, I was constantly inundated with DMCA takedown letters and other legal harassment, primarily because of bit torrent users*. The EFF actually provides legal support, but I can't believe that there are enough people willing to put up with the hassle of running long-term, high volume Tor exit nodes. Rather, it seems far more plausible that the government runs many or most of them because they're effectively immune to legal harassment, not just because they're the government and actually immune, but because they have a limitless number of lawyers to fight the challenges without necessarily revealing their identity.

      * You guys suck, BTW. Stop downloading all that crap. I hate you not because I believe in the legitimacy of copyright, but because you guys are being lazy about it and causing all kinds of other headaches, e.g. making it impossible to run a Tor exit node. Here's an idea--for every piece of media you download in contravention of copyright laws, why not at least send the money equivalent to the EFF, ACLU, and other organizations who will lobby to change the laws for the better, even if not perfectly.

      • it's been conjectured by cryptographers and analysts--not just Bruce Schneiner, but other academics--that the U.S. government runs a plurality of all Tor nodes.

        That sounds about par for the course. I remember hearing that in the later decades of the 20th century the US government, at the behest of the NSA, made sure that it was cheaper to route international phone calls going from Europe to Asia or from South America, Asia and Africa to just about any other destination through the United States by subsidizing the connections so that the fees would be cheapest. This ensured that a majority of the world telecom traffic made it's way through the United States at some

      • by zix619 (802964)
        I wonder though if you use plugins like HTTPS everywhere (encrypting your traffic) in conjunction with Tor (giving you the anonymity) then you should be OK? Assuming obviously that no one can break your SSL encryption!
  • by HeckRuler (1369601) on Monday July 15, 2013 @04:24PM (#44288709)

    Alright people, we've got the tortillas and the onions [wikipedia.org], all we need are some bell peppers and some meat and we've got ourselves a fajita.

    • Alright people, we've got the tortillas and the onions [wikipedia.org], all we need are some bell peppers and some meat and we've got ourselves a fajita.

      Don't forget TACO [mozilla.org]....

    • Version 2.0 will be named "the whoop ass fajita"
  • You can achieve the same result today with Whonix [whonix.org] which allows you to "torify" basically any network I/O traffic from the workstation VM. Heck, you can even have a Windows VM go through the Tor gateway for that matter.
    • by Anonymous Coward

      Whonix is a Linux operating system. Everything that can be done in this new Tortilla program can be done 20 different ways if you're using Linux, but Tortilla claims to be the first to do it on Windows.

      • by Anonymous Coward

        In case you missed the news, using Windows is already game over for you.

      • by Natales (182136)
        No, Whonix is a system. The key part of the system is the Gateway which is indeed Linux, but the Workstation portion can be easily swapped by Windows or anything else [whonix.org]. Read a bit more before you comment.
        • Re: (Score:2, Informative)

          by Anonymous Coward

          No, Whonix is a system

          Yes, it is an operating system.

          The link you gave has instructions on how to run Whonix in a virtual machine. It's still a Linux operating system. Like I said, if you can run Linux, then you've already got a ton of options to run Tor. (tsocks, iptables transparent proxy, manual proxy settings with filters for unconfigured programs, etc.)

          Tortilla claims to be the first program to transparently route your connections on Windows.

  • Twould be nice if this could be turned into a pfSense plugin/filter
  • If not on https://www.torproject.org/ [torproject.org] then it does not exist.
  • Not New (Score:5, Interesting)

    by Afecks (899057) on Monday July 15, 2013 @07:25PM (#44290341)

    I wrote a tool like this ages ago called Torcap; http://freehaven.net/~aphex/torcap/ [freehaven.net] and it does all of that plus works on Windows and is open source.

    • Very interesting, I appreciate you taking the time to develop this. I also appreciate that you opened the source. Thank you.
    • Well done...i've been looking for something along the lines of this for a while now. i'll definitely give this a go!
  • “I’m hoping ..... the tool will be used,” Geffner said

    You can bet it will !!

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...