this post was submitted on 26 Apr 2024
284 points (85.7% liked)

Technology

59201 readers
2994 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
  • Deloitte confirms PIA's no-log claims, with servers running on RAM-only system for maximum privacy.
  • Independent audit verifies PIA's infrastructure is not vulnerable to third-party exploitation, ensuring online activity remains private.
  • PIA offers full transparency with open-source apps and regular third-party audits, proving its commitment to data protection.
you are viewing a single comment's thread
view the rest of the comments
[–] henfredemars@infosec.pub 54 points 6 months ago (18 children)

Hey, if your adversarial model does not include nation states, it’s a great service. Totally fine against basic IP tracking, and I haven’t received a nastygram for sharing movies in years.

[–] db2@lemmy.world 9 points 6 months ago (15 children)

Which one is good against nation states? Asking for a friend.

[–] henfredemars@infosec.pub 20 points 6 months ago (11 children)

Use the one they’re using: Tor.

There’s a long list of reasons why you might not want to use it though.

[–] 13262483@lemmy.wtf 29 points 6 months ago (2 children)

By default, Tor doesn't protect you from nation states. It's a start, but you have to be an intelligent user who understands statistics to have some protection from nation states.

Let's assume there's two teams, because in geopolitics, it seems like we divide into "west" and "east." Let's assume team 1 controls 10% [1] of the relays, they have more than enough budget to pay for the entire network 100x over. That means, on entry, there's a 10% probability that you will land on their entry node.

Now, to do traffic analysis, they need you to also land on their exit. The probability of that is also 10% in the example. In other words, 10% of the time that you have their entry, you will also have their exit. (or, for 1 in every 100 circuits, you will have a compromised circuit) If you use Tor everyday for a year, you'll likely have a fucked circuit at least once. If you use something like Whonix that spawns like 10-20 circuits at start, you'll have a compromised circuit weekly.

A compromised circuit isn't the end of the world. Most internet traffic today uses end to end encryption, [2] so as long as the service is outside of team 1's jurisdiction, your communications are safe... but team 1 knows who you are, and that you are talking to someone they don't trust. If it's in their jurisdiction, they can get a warrant, and they can fully de-anonymize the traffic between the service that you were using.

All of this is to say, it's hard to stay in the dark if your adversary is information intelligence. The best way to stay invisible is to use the network as infrequently as possible, and to make the time correlation very far off. (Use custom relays that delay when the traffic travels so that traffic analysis like this example is not possible)

By the way, in the US, the NSA has multiple sites where they copy the traffic on the backbone for analysis. They're performing some deep packet analysis. These systems are going to improve in the future with machine learning. As an example, in China, it's not exactly simple to connect to Tor as some methods of concealing Tor traffic result in detection from machine learning that they're performing on all traffic.

[1] This is a hypothetical. They could control 0%, 5%, 25%, etc. It's publicly unknown how much they control or if they try to control the network at all.

[2] Be careful with your assumptions about https. Where are the root authorities? Why should we trust them? It's better security to never trust them.

[–] brbposting@sh.itjust.works 5 points 6 months ago

Fascinating. Thank goodness my life doesn’t depend on that kind of threat modeling.

[–] Socsa@sh.itjust.works 2 points 6 months ago

They don't actually need to control the entrance nodes if they control the ISP. You can track TCP fingerprints through Tor with just exit nodes

load more comments (8 replies)
load more comments (11 replies)
load more comments (13 replies)