So my current setup is basically as follows:
I have an internet cable plugging into a modem which is then plugged into a router (duh) from there i have ran a wifi repeater with a different ssid and encryption key. So network 1 is repeated as network 2 with a new password of 4 instead of 3. from there i have a onionpi system then picking up and re transmitting the repeated network now encrypted through the tor network. I then start up my pc. i spoof my MAC address as well as change my username pc name and hdd serial number. i then connect to the onionpi. After connecting to the onion pi i then run my Vpn service. i then open a virtualization software and run Tails inside of a virtual machine. once tails is open i will never save any data to the tails thus never needing persistence and hand key in every address that i have written on a sheet of paper. What is wrong with my setup? How can it be better? How "anonymous" am i right now?
If you're doing illegal stuff and someone want to find you, they can easily get your VPN service logs of the time and ammount of data you use and use plenty of compromised tor netdwork enter/exit nodes to identify you and your ISP to get your identity.
>After connecting to the onion pi i then run my Vpn service
Wrong order. Connect via your VPN to TOR.
>i will use a free wifi hotspot in a busy high traffic area
Anon please don't.
Now that I think of it, they wont even need your vpn logs to find you, they can just measure the amount of data and times that goes to the vpn and exit the tor node to match the identity to a person, then start an investigation on the suspet.
That if they want to find you.
They just need to monitor tor enter/exit nodes, your trafic goes to tor, and exit tor, so they just match the timestamps and amount of data to identify the user, pretty simple overall, there was a paper leak explaining how the nsa/fbi use this to track targets.
So they'd have to 1) control the end site OP is trying to access (to see amount of data transmitted), 2) ask every ISP in the world "hey find me some dude who txed about 500kb around 2pm today", and 3) pray that anon is doing nothing else on his connection (no other devices connected, no background data usage).
PET researcher who has done shit with Tor before here.
This is correct. Timing attacks are a known vulnerability of Tor (and of any low-latency proxy system) and are outside the threat model. If your adversary can watch both ends of the network (i.e. your end and the server's end, for any reasonable definition of "you" and "server"), Tor will not protect your identity. This is actually how they caught Jeremy Hammond: They had access to the IRC room that lulzsec was using, and they suspected him, so they turned off his internet at certain times to see what the resulting effect was on the IRC channel. Well what do you know, "anarchaos" never responds when Hammond's internet is down.
So Tor does not and cannot work against global passive adversaries (adversaries who can watch the WHOLE network), and targeted adversaries (who watch you specifically and the target server specifically, either through physical surveillance at both ends, by owning the entry and exit Tor relay, or whatever else). Everyone from Dingledine to Applebaum will admit as such. Furthermore, it is provably true no other system that provides what Tor does (low latency network connectivity) can preserve privacy from these sorts of attacks. If you remove the low-latency requirement, then systems can be built that defeat these attacks, but TCP has timeout so it couldn't connect to the web, for example. Advanced remailers, for email and other high-latency networked systems, defeat these attacks, for example.
Silicon poisoning can circumvent all software based strategies you proposed, as does your very CPU trough seemlingly RNGs whose randomness cannot be trivially disproven/proven.
You have five approeaches on this problem:
1) Resign and be satisfied with your level of anonymity which is probably going to protect you aggainst anything but a handful extremelly resourceful government agencies such as the NSA and/or the producers themselves (such as Intel, AMD, Asus, etc..)
2) Trash your hardware per use (very expensive). Your anonymity is directly proportional with number and kind of the thrashed pieces
3) Change the location you connect every single time. Your anonymity is inversely proportional to the times you connect at the same place more than once
4) Abandon the internet and other Intranets outside your direct control and coat all important machines with a faraday cage with holes smaller than 1.4 cm. Your anonymity is directly proportional to the ammount of coated machines at your premisses
5) Produce your own hardware or befriend those who do so in such a way that you'd have access on priviledged information regarding the harvesting and storing of user data. Regarding the the latter your anonymity is directly proportional to the trust you put on your new friends
That said, some things you can do:
The advantage of a VPN is that it is more trusted than random exit nodes, and will most likely not do shit like replace your downloads with malware. So that's nice. However, they can open up side channels and vulnerabilities that Tor by itself does not have. I know that most of the Tor devs recommend not using one in combination of Tor, but if you know what you're doing, it is an option. If you do, it only makes sense to put it as the last hop, and obviously, if they know your real name or originating IP (e.g. when you were registering), you just hurt yourself more than you helped.
One way to improve privacy on Tor is using endpoints that have greater anonymity sets. For example, from a public library, where all an attacker would learn is that you were at the library at a particular time, instead of your home address. DPR did this, which is why they arrested him at a San Francisco public library. But really, if your threat model includes global passive adversaries or targeted adversaries, you need more help than what can be given over 4chan. Tor, by itself, is more than good enough for 99% of cases though.
>Well what do you know, "anarchaos" never responds when Hammond's internet is down.
This is more of an issue with him being a massive NEET autist that always responded to everything instantly.
1. They can shut off the internet as long as they want
2. That was a demonstrative example. If he was directly connecting to IRC, then they could just look at whether the heartbeat packets were being sent or not. If he was using some sort of proxy or VPN between him and Tor, then they would have subpoenaed that as soon as they got the IP from the chat room, then looked for the TCP traffic to that. Again, this is a problem with how the Internet itself is structured, Tor cannot do anything to fix it.
*VPS, not VPN. If it were a VPN, then there wouldn't be any need to do anything special, just treat it as a direct connection from "Tor". The point I'm trying to make here is he could have plausibly kept the connection to the IRC channel alive while his connection was dead, but that in the end, that wouldn't have helped much against his adversary.
Yup. Not against extremely powerful adversaries, but it's significantly better than just using a straight connection to the Internet. Your ISP, for example, has no idea what you're doing other than the fact it's being done over Tor. Unless you're connecting to a website that also uses your ISP and they decide you're worth some effort to track for some reason... but anyway, yes, you are making tracking you significantly more expensive.
Turth is you can only go so far on the anonymity scale because the hardware is the real bottleneck. The Five Eyes are still beyond the reach of what a single normal user can do unless the guy in question is a fucking grasshoper with no steady job, no place, no ID, steady phones, notebooks and such
If you're using Windows, AV is not a bad idea, *especially* if you're using Tor. If you accidentally download something from a non-https connection and run it, for example, you want something to scream at you, since an exit node could have replaced it with malware (this isn't theoretical, it has happened). In general, the whole "I just use common sense!", while more reasonable than it used to be (Windows used to be fucking awful at keeping its shit locked down), is still not good enough.
>Do these even exist?
Well, until Snowden, I would have said no. But it looks like the NSA is trying its damned hardest to be. Chances are they wouldn't tilt their hand and actually use it for anything other than international spying stuff, but with parallel construction, who can really say for sure.
>What's stopping a target from exiting in Russia?
Ahh, but they adversary doesn't have to compromise the exit relay (though that would work, and really the NSA could easily run exit relays in Russia), the adversary only has to be *somewhere* between the exit relay and the server. So even if I connect through a safe, Russian exit relay, if the IRC channel is hosted in the UK, or anywhere that requires traffic go through a backbone with NSA malware, or to a company complying with FBI requests, etc. etc., so long as it's after the exit relay, they have all they need.
So you trust a random VPN company which is more vuln against attacks then Tor ?
I wonder if they can time attacks when there is constant loads of Tor Traffic going out from my network ( Tor relay ) if there is 24/7 going traffic from my network by running a relay they can time all they want but there is no way you can find out when i am browsing or not, they can assume i'm browsing 24/7 but unless my machine is compromised there is no way to tell difference between Tor traffic
>So you trust a random VPN company which is more vuln against attacks then Tor ?
You trust them to not tamper with traffic. Basically, the idea is since the VPN company is financially motivated, if someone noticed them doing that, they would go out of business. Tor exit relays are run by volunteers, and there's no real way to vet them. As soon as someone notices it's misbehaving, they take it down, but due to the magic of dynamic IP addresses or VPSs, it can pop right back up again and we wouldn't know. Not to say that this happens often, but it is a thing that happens. You obviously don't trust the VPN more in terms of its status as a proxy.
>I wonder if they can time attacks when there is constant loads of Tor Traffic going out from my network ( Tor relay )
That does help mitigate it, yes. What you're doing is adding more noise to your timing. However, notice that this would have done absolutely nothing against the attack performed on Hammond. It also would have done nothing against the attack on the guy who made that bomb threat to his school to get out of a final (which consisted of "there was one person using Tor at the school when the threat was made, let's go play good cop bad cop until he confesses"). In general, adding noise makes timing attacks take longer, but does not eliminate them (just like if you were trying to get a certain number of sig figs on a scientific experiment, which is basically what these attacks are. The more variability you get in your results, the more rounds of the experiment you perform to get the desired precision). It does help though, especially against website fingerprinting.
Ah, yeah paid single-hop VPNs are basically replacing your ISP: they see all unencrypted traffic, they know who you are (or could find out if they tried), and you're counting on financial motivation not to screw with you, which will only take you so far. Tor is much much safer in terms of privacy, just not in terms of integrity.
How would they know the total data through the exit node? and thats assuming the same exit node. Also not all data exits the exit node; some enters to the vpn thats part of the overhead of using a vpn