Browse code

Cleanup; added FAQ entries.

Matt Pagan authored on10/12/2013 22:46:42
Showing3 changed files
... ...
@@ -77,10 +77,7 @@ allow JavaScript by default in the Tor Browser Bundle?  Isn't that
77 77
 unsafe?</a></li>
78 78
     <li><a href="#TBBOtherBrowser">I want to use Chrome/IE/Opera/etc
79 79
     with Tor.</a></li>
80
-    <li><a href="#TorbuttonOtherBrowser">Will Torbutton be available 
81
-    for other browsers?</a></li>
82
-    <li><a href="#NoDataScrubbing">Does Tor remove personal information 
83
-    from the data my application sends?</a></li>
80
+    <li><a href="#TorbuttonOtherBrowser">Will ​Torbutton be available for other browsers?</a></li>
84 81
     <li><a href="#TBBCloseBrowser">I want to leave Tor Browser Bundle
85 82
     running but close the browser.</a></li>
86 83
 
... ...
@@ -203,6 +200,10 @@ packets,
203 200
     websites, not just IP addresses.</a></li>
204 201
     <li><a href="#BlockContent">You should change Tor to prevent users from 
205 202
     posting certain content.</a></li>
203
+    <li><a href="#SendPadding">You should send padding so it's more secure.
204
+    </a></li>
205
+    <li><a href="#Steganography">You should use steganography to hide Tor 
206
+    traffic.</a></li>
206 207
     <li><a href="#IPv6">Tor should support IPv6.</a></li>
207 208
     </ul>
208 209
 
... ...
@@ -1235,33 +1236,14 @@ horizon.
1235 1236
 <hr>
1236 1237
 
1237 1238
 <a id="TorbuttonOtherBrowser"></a>
1238
-<h3><a class="anchor" href="#TorbuttonOtherBrowser">
1239
-Will Torbutton be available for other browsers?</a></h3>
1239
+<h3><a class="anchor" href="TorbuttonOtherBrowser">
1240
+Will ​Torbutton be available for other browsers?</a></h3>
1240 1241
 
1241 1242
 <p>
1242
- We don't support IE, Opera or Safari and never plan to. There are too many 
1243
- ways that your privacy can go wrong with those browsers, and because of 
1244
- their closed design it is really hard for us to do anything to change these 
1245
- privacy problems.
1243
+ We don't support IE, Opera or Safari and never plan to. There are too many ways that your privacy can go wrong with those browsers, and because of their closed design it is really hard for us to do anything to change these privacy problems.
1246 1244
 </p>
1247 1245
 <p>
1248
-We are working with the Chrome people to modify Chrome's internals so that 
1249
-we can eventually support it. But for now, Firefox is the only safe choice. 
1250
-</p>
1251
-
1252
-<hr>
1253
-
1254
-<a id="NoDataScrubbing"></a>
1255
-<h3><a class="anchor" href="#NoDataScrubbing">
1256
-Does Tor remove personal information from the data my application sends?
1257
-</a></h3>
1258
-<p>
1259
-No, it doesn't. You need to use a separate program that understands your 
1260
-application and protocol and knows how to clean or "scrub" the data it 
1261
-sends. Privoxy is an example of this for web browsing. But note that even 
1262
-Privoxy won't protect you completely: you may still fall victim to viruses, 
1263
-Java Script attacks, etc; and Privoxy can't do anything about text that you 
1264
-type into forms. Be careful and be smart. 
1246
+We are working with the Chrome people to modify Chrome's internals so that we can eventually support it. But for now, Firefox is the only safe choice. 
1265 1247
 </p>
1266 1248
 
1267 1249
 <hr>
... ...
@@ -3568,33 +3550,100 @@ only solution is to have no opinion.
3568 3550
 
3569 3551
     <hr>
3570 3552
 
3553
+    <a id="SendPadding"></a>
3554
+    <h3><a class="anchor" href="#SendPadding">You should send padding so it's 
3555
+    more secure.</a></h3>
3556
+    
3557
+    <p>
3558
+    Like all anonymous communication networks that are fast enough for web 
3559
+    browsing, Tor is vulnerable to statistical "traffic confirmation" 
3560
+    attacks, where the adversary watches traffic at both ends of a circuit 
3561
+    and confirms his guess that they're communicating. It would be really 
3562
+    nice if we could use cover traffic to confuse this attack. But there 
3563
+    are three problems here:
3564
+    </p>
3565
+    
3566
+    <ul>
3567
+    <li>
3568
+    Cover traffic is really expensive. And *every* user needs to be doing 
3569
+    it. This adds up to a lot of extra bandwidth cost for our volunteer 
3570
+    operators, and they're already pushed to the limit.
3571
+    </li>
3572
+    <li>
3573
+    You'd need to always be sending traffic, meaning you'd need to always 
3574
+    be online. Otherwise, you'd need to be sending end-to-end cover 
3575
+    traffic -- not just to the first hop, but all the way to your final 
3576
+    destination -- to prevent the adversary from correlating presence of 
3577
+    traffic at the destination to times when you're online. What does it 
3578
+    mean to send cover traffic to -- and from -- a web server? That is not 
3579
+    supported in most protocols. 
3580
+    </li>
3581
+    <li>
3582
+    Even if you *could* send full end-to-end padding between all users and 
3583
+    all destinations all the time, you're *still* vulnerable to active 
3584
+    attacks that block the padding for a short time at one end and look for 
3585
+    patterns later in the path. 
3586
+    </li>
3587
+    </ul>
3588
+    
3589
+    <p>
3590
+    In short, for a system like Tor that aims to be fast, we don't see any 
3591
+    use for padding, and it would definitely be a serious usability problem. 
3592
+    We hope that one day somebody will prove us wrong, but we are not 
3593
+    optimistic. 
3594
+    </p>
3595
+    
3596
+    <hr>
3597
+
3598
+    <a id="Steganography"></a>
3599
+    <h3><a class="anchor" href="#Steganography">You should use steganography to hide Tor 
3600
+    traffic.</a></h3>
3601
+    
3602
+    <p>
3603
+    Many people suggest that we should use steganography to make it hard 
3604
+    to notice Tor connections on the Internet. There are a few problems 
3605
+    with this idea though: 
3606
+    </p>
3607
+    
3608
+    <p>
3609
+    First, in the current network topology, the Tor relays list <a 
3610
+    href="#HideExits">is public</a> and can be accessed by attackers. 
3611
+    An attacker who wants to detect or block anonymous users could 
3612
+    always just notice <b>any connection</b> to or from a Tor relay's 
3613
+    IP address. 
3614
+    </p>
3615
+    
3616
+    <hr>
3617
+
3571 3618
     <a id="IPv6"></a>
3572 3619
     <h3><a class="anchor" href="#IPv6">Tor should support IPv6.</a></h3>
3573 3620
 
3574 3621
     <p>
3575
-     That's a great idea! There are two aspects for IPv6 support that Tor needs. 
3576
-     First, Tor needs to support exit to hosts that only have IPv6 addresses. 
3577
-     Second, Tor needs to support Tor relays that only have IPv6 addresses.
3622
+    That's a great idea! There are two aspects for IPv6 support that Tor needs. 
3623
+    First, Tor needs to support exit to hosts that only have IPv6 addresses. 
3624
+    Second, Tor needs to support Tor relays that only have IPv6 addresses.
3578 3625
     </p>
3579 3626
     <p>
3580
-The first is far easier: the protocol changes are relatively simple and isolated. 
3581
-It would be like another kind of exit policy.
3627
+    The first is far easier: the protocol changes are relatively simple and 
3628
+    isolated. It would be like another kind of exit policy.
3582 3629
     </p>
3583 3630
     <p>
3584
-The second is a little harder: right now, we assume that (mostly) every 
3585
-Tor relay can connect to every other. This has problems of its own, and 
3586
-adding IPv6-address-only relays adds problems too: it means that only 
3587
-relays with IPv6 abilities can connect to IPv6-address-only relays. This 
3588
-makes it possible for the attacker to make some inferences about client 
3589
-paths that it would not be able to make otherwise.
3631
+    The second is a little harder: right now, we assume that (mostly) every 
3632
+    Tor relay can connect to every other. This has problems of its own, and 
3633
+    adding IPv6-address-only relays adds problems too: it means that only 
3634
+    relays with IPv6 abilities can connect to IPv6-address-only relays. This 
3635
+    makes it possible for the attacker to make some inferences about client 
3636
+    paths that it would not be able to make otherwise.
3590 3637
     </p>
3591 3638
     <p>
3592
-There is an  IPv6 exit proposal to address the first step for anonymous 
3593
-access to IPv6 resources on the Internet.
3639
+    There is an <a 
3640
+    href="https://gitweb.torproject.org/tor.git/blob/HEAD:/doc/spec/proposals/117-ipv6-exits.txt">
3641
+    IPv6 exit proposal</a> to address the first step for anonymous access to 
3642
+    IPv6 resources on the Internet.
3594 3643
     </p>
3595 3644
     <p>
3596
-Full IPv6 support is definitely on our "someday" list; it will come along 
3597
-faster if somebody who wants it does some of the work.
3645
+    Full IPv6 support is definitely on our "someday" list; it will come along 
3646
+    faster if somebody who wants it does some of the work.
3598 3647
     </p>
3599 3648
 
3600 3649
     <hr>
... ...
@@ -167,8 +167,8 @@ Even if your torrent application connects only through Tor, you will
167 167
 often send out your real IP address in the tracker GET request, 
168 168
 because that's how torrents work. Not only do you <a 
169 169
 href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">
170
-deanonymize your torrent traffic and your other simultaneous Tor web traffic
171
-</a> this way, you also slow down the entire Tor network for everyone else. 
170
+deanonymize your torrent traffic and your other simultaneous Tor web 
171
+traffic</a> this way, you also slow down the entire Tor network for everyone else. 
172 172
 </p>
173 173
 </li>
174 174
 <li><b>Don't enable or install browser plugins</b>
... ...
@@ -285,8 +285,8 @@ Even if your torrent application connects only through Tor, you will
285 285
 often send out your real IP address in the tracker GET request, 
286 286
 because that's how torrents work. Not only do you <a 
287 287
 href="https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea">
288
-deanonymize your torrent traffic and your other simultaneous Tor web traffic
289
-</a> this way, you also slow down the entire Tor network for everyone else. 
288
+deanonymize your torrent traffic and your other simultaneous Tor web 
289
+traffic</a> this way, you also slow down the entire Tor network for everyone else. 
290 290
 </p>
291 291
 </li>
292 292