Friday, February 02, 2007

Tor: Lies or Ignorance?

I went to a symposium on Search and Seizure in the digital age at Stanford last week.

One topic that kept popping up was the so called "Creepiness Factor" of various surveillance technologies. Just like the 'ol government standard for obscenity, we can't quite define creepy surveillance, but we know it when we see it.

One of the last speakers of the day was an Assistant US Attorney - based in Silicon Valley, and who focused on cyber crimes. I'm fairly sure that his name was Matthew Lamberti. Fairly early into his talk, it was plainly obvious that his opinions did not mesh too well with the rest of the room - at least after he quite proudly announced that he didn't think it was in any way creepy to go through someone's trash. Facial expressions around the room quickly changed.

After his talk was over, I walked up to him, introduced myself, and asked him what he thought of Tor.


(I'm paraphrasing here)

"What's that", he asked.

I explained that it was an anonymity preserving system that enabled hundreds of thousands of Internet users to browse the web and communicate anonymously.

He replied that he wasn't familiar with the technology, so he really couldn't answer my question.

----

Back in November, when I met with the Cybercrime specializing Assistant US Attorney in Indianpolis, his eyes lit up at the mere mention of Tor, and he proceeded to give me a long lecture on the evils of the technology, and how Indiana University has no business doing anything that even comes close to anonymity-promoting research.

I find it shocking, yet amazing that an Assistant US Attorney who works out of the San Jose DoJ office - who prosecutes Internet/IP crime cases all the time - in possibly the most high-tech areas in the country, and who has never heard of Tor.

Are the Indianapolis DoJ more Internet Savvy than those in Silicon Valley? Did I catch Mr Lamberti on an off day, or what?

And that's where my latest FOIA request will come in handy ;-)

2 comments:

Mark said...

Kind of curious... has anyone bothered to bring up the fact that nothing about TOR makes crusing the web anonymous? Websites you visit will still log the requesting device's IP address regardless. So there's no anonymity with TOR whatsoever. Does it make the CONTENT of your request secure... yes. But is your identity secure, no.

Just from the TOR FAQ directly:
---------------------
Staying anonymous
Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy while web browsing to block cookies and withhold information about your browser type.

Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.
-------------------

Keep in mind that your ISP has your IP address and any requests you make, get logged. Period. Will someone know you're cruising Child Porn... yes, will they know where a DoS attack came from... yes. In reality, all TOR is, is a large VPN network. That's it. It's an encrypted network. It doesn't "hide" your location from anyone.

So, unless my CCNA knowledge is failing me someone else can feel free to chime in.

Mark II said...

You are correct in saying that it is like a VPN network. The only problem is that each node only knows information about the node it's receiving packets from and information about the node it's transmitting packets to. When there is thousands of nodes it is impossible to analyze network traffic without some sort of long term statistical analysis. Your browsing is anonymous if you follow the TOR FAQ.