TOR Security Concerns and Considerations

June 3, 2019 posted by

hello again as you know I am Eli the computer guy in today's class is tor security concerns and considerations so there are a lot of people out there now that are trying to maintain their privacy on the internet for good and nefarious reasons basically they want to do whatever it is they want to do on the Internet but they do not want to be tracked either by governments or by corporations and so they have been turning to tor basically at the end of the day what tor is is it is a mesh of proxy server so what happens is your computer connects into the tor network and then any traffic you sent out to the Internet gets bounced through three relays or nodes before it goes out to the Internet so it goes from your computer to somebody else's computer to another person's computer to another computer Sion's computer and then out to the Internet to I'll cheer accom whatever so a lot of people think that this is a very safe and secure way of going out and exploring the Internet and the reality is just like everything tor is simply a tool that can be manipulated and compromised just like any other technology tool so when you are using something like tor you have to realize that it can be compromised and that you may need to use multiple layers of security in order to make sure that your privacy is kept so so again with a lot of security things when you're dealing with your computer you do not simply put an anti-virus piece of software on your computer and say that's it that's all I do right you put a firewall on your computer you put anti spyware stuff on your computer you put anti-virus software on your computer plus you may do security policies you do a number of things to maintain your security on your computer and if you're going to be using something like the Tor network you should be using multiple layers of security also because again the Tor network can be compromised in a number of different ways so let's go over to my little whiteboard right now kind of so we can talk our way through the tour Network and so you can understand what the different security issues are with tor so basically the idea with tor is normally you have your computer and you have whatever internet site you're going to such as so what normally happens the way we think about it is your computer connects to the internet cloud and basically goes directly to when this link happens that means or anybody monitoring this connection can see where the traffic is coming from they can go oh this is 208 50 5.66 or they can look up that information and then they can find out who you are so when you're just serving the the web normally all of this information can be tracked so the idea with the Tor network is that you're going to bounce that that traffic through three other computers on the Internet and when we're looking at the globe these three other computers may be in many different geographic places one might be in the US one might be in Europe one might be in Africa so basically when your computer goes to connect to it'll bounce to your computer in the US then it'll bounce to your computer in Africa then it'll bounce to through a computer up in Europe and then it will go to anybody is monitoring this connection to this website or this website is set itself is trying to monitor this information basically what they are going to see is they are going to see the information for the exit node so this final computer when you bounce out to the internet they will be able to see that information so they'll see that this computer's address is I don't know two 10.55 22.4 so they will be able to see this computer's information they will not be able to see your computer's information so this is why people think that the Tor network maintains your privacy and anonymity but as with all things there can be problems with this so basically there's a number of ways to get around the security that tor is trying to offer now once you get into the Tor network once you're dealing with the three computers your traffic is getting bounced through this data is encrypted so this data is not sent in the clear it is encrypted so when your computer connects to the Tor network all of this all these data links here and all this information is encrypted now the issue is that people don't think about is when you bounce out from the Tor network and you're going to go to something like this final link itself is not encrypted by default so if you're trying to navigate a website in a country where they they monitor your internet traffic whether it be China or apparently the United States basically all this data being sent right here if you do not use another layer of security can be read passwords can be grabbed email information can be read anything getting passed in this final link to whatever website you are going to that can be read because it is in the clear now one of the ways that you can prevent this is by using something like VPN so if you can use a Virtual Private Network all the way to the final endpoint that you're getting to that might be might secure it but basically the thing that you have to realize when you're using the Tor network is while you are within the Tor network your traffic is encrypted but as soon as you go out of the Tor network your traffic is not encrypted by default and anybody that can just sit here between the exit node and wherever you're going can read literally all of the things that you are doing on your computer so we're on the on the on the internet so that is the the first one of the problems that we have with the Tor network the next problem we have with the Tor network is your computer itself so everybody's thinking like Eli I'm using so much security I understand security so I'm bouncing through this tor network and all this information is increasingly did and then I'm using SSL or VPN or something so this final link is encrypted I am encrypted end-to-end well one of the things many people don't think about is what happens if your computer is infected with spyware malware or a key logger basically that information can be collected immediately as as you type it in to your computer and it can be sent out a different way so basically instead of somebody trying to capture the information from your data stream they can just go and they can grab the information literally as you type it into the computer so one of the issues with tor they have to worry about is security spyware and malware on your system now a lot of the Americans out there gonna be like well Eli I use Norton it Eli I use Kaspersky and I know my computers are secure well being that my fan base is you know a global fan base some of you guys I know for a factor in Syria and Iraq and all those kind of wacky ass fun places the issue is is a lot of places in the world you guys are using a cyber cafe so basically you go to a place where they have ten computers and you rent the computer by the hour now again as I talked about you know if I was in charge of a of a super-secret Intelligence Agency you can bet the first thing that I would do is I would go to every single cyber cafe in my country and infect every single computer in those cyber cafes with key loggers and spyware so the one thing again like I say I know I have fans in the Middle East right now and you guys are going through all kinds of fun if you are going to cyber cafes realize once you connect to the Tor network this may technically be secure but when you're typing all of that information into your computer the the intelligence agencies in your neck of the wood may be grabbing that information literally before it even gets passed to the network so that's one of the problems that you're going to be having with with with the Tor network now beyond that one of the things that people don't think about is is that hackers are not just quote-unquote people are anti-government people a lot of times hackers are in fact government types themselves so one of the things that happens is sometimes the servers that you are trying to connect to actually get infected with viruses that the that government agencies have created the specifics it this specifically find out who's on things like the Tor network so you're going through and you go through your internet connection you connect to a server that has been compromised that server itself can try to read information off of your computer much the same way that if you go to a bad porn site or a bad torrent site that they will try to compromise your computer and do kinds of things of that of that sort so one of the things that you have to think about whenever you're using tor is again how much do you trust the computer that you are connecting to on the other side this was just proved the FBI did some nifty neato things where they were able to compromise some tor servers and that caused all kinds of problems for people trying to do lots of kiddie porn so this is something that you should be thinking about so the question that you're probably having like well eli then then then what can we do to protect ourselves on tor so if we're going to be using tor tor is a tool what are the things that we can do to protect ourselves while using tor be is very important that you understand tor tor isn't just like this one thing that protects you you have to be thinking about all these other security precautions when you're going to be using tor now the first thing that you should do if you're going to be using tor is that you should use the tor browser so the guys to come up with tor the the the nonprofit organization not only do they have the Tor network but they came up with something called the tor browser why it's very important to use a tor browser is because these servers can try to trick normal web browsers into providing confidential information so basically you know through things like flash through things like JavaScript through QuickTime plug-in through all the kinds of plugins that you have installed in Google Chrome or Firefox or Internet Explorer that you don't think anything about they are there and they are so seamless you don't even realize that they are separate from the web browser all of those things can give away information about you and compromise your systems so whenever you're going to be using the Tor network use the tor browser this is a version of firefox that has been customized to try to maintain your anonymity whenever you're out on the internet and doing things the other thing with using the tor browser is all the tor factsheet they explained you should read that so they have a security thing that you should read there but make sure not to use multiple pieces of networking software while you are using tor so when you connect to the Tor network use the tor browser and then that's it don't use tor and chrome at the same time don't be like using tor to go look at BitTorrent sites or whatever and then use Chrome at the same time to be logged into your gmail account the way networking works is sometimes the servers that you're connecting to can try to trick other pieces of networked software on your computer that are currently open to try to connect to it not using the Tor network so basically right now you're connected to the server using tor that server can send a request and then if you have something like Google Chrome open Google Chrome that is not currently using the Tor network may be able to connect to that server using your normal internet connection and then all of your security is compromised so that is a bad thing so when you're going to be using tor use just the tor browser and that's it essentially if you download software or anything from any of the sites you go to with tor the first thing as always just be careful you're not downloading malware spyware viruses or any of that kind of stuff again as I say when you're dealing with a hacking community the first thing you learn about the hacking community is hackers really love to hack hackers I don't know everybody thinks like all hackers are in it together and they're very gentlemanly with themselves and then they hack everybody else let me tell you real hackers hack the hell out of other hackers it's just kind of what they do so when you're going to be using something like tor and you're gonna go to hidden services and deep web websites and all that kind of crap just realize those sites all that may be being run by hackers who are more than happy to hack the hell out of your computer so anything you download and install on your computer make sure it's coming from a trusted source released as a source you trust um because you may be downloading bad stuff the other thing is make sure that whenever you're going to be looking at documents or any kind of multimedia file that you disconnect your computer from the network entirely we had a class before where I showed you iframes where I frames are basically these little snippets of HTML code that can go out and grab information or grab commands from servers whenever that iframe is called you can do things such as embedding iframes into documents so even though you're not on tour anymore even though you are not using the tor browser you don't have Google Chrome open you don't have any of that open you open a document that's web enabled if it has an iframe it will call out to the internet call to the server for wherever it's programmed and then it can grab information about you and send it to the server so be careful with that if you download any of these documents make sure that you don't read them while you're connected to the network and I mean don't not connected to the network as in pull the network cable disable your NIC card that is what I'm talking I'm not I'm not saying don't have Outlook open I'm not saying don't have Google Chrome or Firefox open I am saying literally pull the cable out of the back of your computer if you are going to be reading any documents that you find going um while you're on the Deep Web the final thing is with tor you can use more networked pieces of software networking type software other than the tor browser web browsers you can use things like FTP and you can even use a been told a BitTorrent basically using something called Sox cs o– c KS if it is sox compliant you can actually use that piece of software using the the tor network just be careful because if you're going to be using things like FileZilla FTP BitTorrent any of that you have to make sure you can figure it perfectly right you know as we've talked about in the past if you miss a checkbox if you miss some stupid little thing when you're configuring a server any piece of software whatever you're doing may not work right well the issue is if you're using tor to maintain your privacy and on emiti and you're off in a place where they'll break down the door and beat you in the head with the stock of their gun if you make a mistake and the check box is not checked properly um that mistake may be very very costly to you so do realize that with torie any Sox compliant software can use tor to route network information but make sure you configure it perfectly now the final thing that I'm going to talk about with the tor security concerns in considerations is one of the problems that I see whenever I see that my fan base talking or the hackers talking is that for some reason they have a very small view of how the real world works when they think about the government when they think about how they're going to circumvent systems they don't quite think big enough about how the real world actually works and how much money and resources that they are up against so the one thing as I've talked about with it the Tor network the may the biggest the most massive weakness in the Tor network is the latter final leg of network traffic from the exit node to whatever a website that you're going to write that that's the weak point because anything coming out of that exit node if there's any kind of man in the middle attack there if there's any kind of logging attack there all of that information can be grabbed and read one of the things that you have to think about when you're when you're when you're thinking about interaction with things like nation-states when you're thinking about you know intelligence agencies is they have billions and billions and billions of dollars to spend so when you're thinking about exit nodes you may be thinking about one exit node being compromised or hundred exit nodes being compromised or a thousand exit nodes being compromised with modern virtualization right you could you could you could spin up in an exit node basically a computer that all it does is be an exit node and log all traffic that goes through that exit node you could spin that up for a buck in about five minutes so imagine with intelligence agencies and nowadays you know static real IP addresses only cost about ten bucks apiece if they were willing to spend a million dollars a year they could spin up ten thousand exit nodes not that hard like if somebody gave me the money I could spin up ten thousand exit nodes within a month with all the configurations and all of the logging and just logging everything that would go through there so that is something that you have to to be concerned about again if you are if you're especially if you're in the Middle East if you're in a these authoritarian countries you know with those exit nodes you know if you go to Egypt who knows if 50 percent of the exit nodes are actually owned by the government that's one thing that you don't know with the Tor network you do not know who owns all those exit nodes and whether or not the exit nodes are literally logging every single piece of traffic that goes through them now imagine if the u.s. owns a million exit nodes and Russia owns five hundred thousand exit nodes and and Egypt owns I don't know fifty thousand exit nodes pretty soon he gets really really really really really scary to use tor the final point let's go back to the whiteboard again is I want you to be thinking about again when you're dealing with nation-states to think about the size of the things that they're doing so when you're thinking about using the Tor network to maintain your anonymity you know this is how we think about it so we think about you know there there are three computers in the cloud you connect to the cloud you connect one computer two computers three computers and then you go out to whatever website it is that you are going to be dealing with but the reality is this isn't really how the internet works from from the real structural point of view what really happens is you have this cloud here you have your computer and you have whatever website you're going to right and then you have the three computers that your traffic is going to go through so we think of it as kind of a straight line well what's really happening is you are connecting to the cloud to the Internet and then from there their computer is connected to the cloud and the traffic goes down to their computer and then it goes up from computer number one into the cloud and down to computer number two up from computer number two down to computer number three up from computer number three and out to or whatever going to all of these points here are being run by ISPs Internet service providers Verizon quest Egypt Telecom right and again in a lot of countries the the telecom service is either either totally controlled or basically controlled by the government so one of the things that the way that tor is trying to maintain your anonymity is by routing all the data through these different computers so the final point can't see where the traffic came from well if all of these computers connect to a single ISP let's say Verizon Verizon can then actually track all of that traffic so Verizon could that's it then see okay I see where this guy's computer connects up to Verizon and then the data goes down to this computer and then up and then down up and then down up and then out and so Verizon can actually track all of this data again as with everything in security and hacking and all that it yes it it depends on how many resources are involved but this is eminently doable now if you're dealing with something like NSA right you know NSA is trying to track all that data basically you have your computer you know the wherever you're going to and what can happen is you have these three computers in the middle and we have the cloud well let's say you go up and you connect to Verizon and then it goes down and basically this guy is using quest and then it goes up and this guy's using Egypt Telecom and then it goes down and this guy's using I don't know French Telecom and then it goes up and then it goes out to well why what the NSA is doing doing right now is important is if they put little logging computers at each of these ISPs and then send all of that data back to a main database server so it can be data mined basically they can piece together this data transmission they can see at this millisecond the traffic came from your computer up to Verizon which went down to quest and at the next millisecond it went from this computer over to Egypt in the next millisecond went from Egypt to France and for next millisecond blah blah blah blah blah and then all that information goes into their big servers so that they can Mayer now this is not an inexpensive solution this is not something that they're going to be doing to absolutely everybody on the internet because it is difficult and it does take resources but it is something that is eminently imminently so these are the considerations that you should be thinking about if you're going to be using tor this is one of the reasons as I say I don't give two craps about tor because yeah I don't know it's it's just at playschool I mean like yeah I can't imagine why I would use tor other than to paint a bull's-eye on my forehead because there are just so many issues with this particular tech nology and in order to use it properly in order to use tor so that is truly secure and truly provides anonymity and privacy you need to add so many other layers of security I have to believe that there is just simply a better solution out there really that that is my personal opinion opinion of tor so if you're going to be using tor the things to worry about is is remember that that final exit node that a final link from the exit node to whatever site you're going to that information is sent in the clear unless you do something else all that information can be read if your computer is infected with malware or spyware or you go to a cyber cafe that has spyware keyloggers already installed all of that information can be grabbed before it's even sent to the Tor network the information that is sent in the Tor network one of the things that you also need to be thinking about now is basically all the information that's sent but from computer to computer in the Tor network can be logged and can be captured now one of the things that people say is yes you lie but all that information is encrypted if you have been following though that everything with NSA leaks and all that you will know that NSA is doing their darndest to not just break encryption but trying to to actually push out faulty encryption that they already know the the problems with so even though that data is encrypted you do have to question what is that encryption really worth one of the other interesting things that has come up with the the whole encryption dynamic is that the NSA from what I've read I'm not a lawyer don't be very specific with us but as I understand any data that is encrypted that the NSA is not able to immediately dismiss one way or the other they can actually hold that indefinitely so we're think about computers we're thinking about technology right the iPhone the iPhone that I have in my pocket is about as powerful as the computer that I had on my desk twelve years ago you know decrypting encrypted data right now it may be encrypt to the point that it can't be decrypted if the NSA thinks that's valuable data they put it on their servers and they let it sit for seven or eight years until a new piece of technology comes down that can just shred through the encryption that you put on there that may cause you some very severe issues a long way down the road if they keep that data for ten years then they're able to decrypt it then you've done something bad you may get a knock on the door from the police or the intelligence services so again something to think about there and also remember we're talking about the NSA there's other you know Egypt Iran Russia who knows how long they're going to be keeping the data and how far in the future they might might come back to you and cause you problems now again if you're going to be using the Tor network do remember use the tor browser it's very important that you use a tor browser Google Chrome Firefox Internet Explorer they can be secure they can be hardened but they already have the tor browser so why bother again the Goethe the docs any documents that you download make sure if you're going to be reading them unplug your computer entirely from the network when you do and again you will notice if you go into the documentation for tor that any Socks compliant networkable software can use tor to send and receive data just make sure that you can figure that software absolutely and utterly perfectly because if you don't you don't want to be releasing information by mistake and not realize it I would suggest if you're going to be using other software FTP software BitTorrent software whatever trying to use the the Tor network build your own server connect to your own server from your client that you configured and see if you are leaking data that way I would do a trial run with your own servers to make sure that you're not leaking data that you don't realize and again with any of the servers that you're connecting to if they are compromised if they have malware on them if they have viruses on them if hackers have taken them over and are trying to grab information from you again the Tor network it does not protect you from those kinds of attacks so those are the things that you need to be thinking about when using I know a lot of my fan base is all like tours also let me tell you again if you have one ounce of respect for me what you don't have to have two ounces you respect for me if you have one ounce of respect for me just realize I would not use tor if I had a reason to use tor I would still not use tor there's gotta be better solutions so as you know I am Eli the computer guy in today's class was tor security concerns and considerations as always I enjoy taping this class and look for to see the next one

Tags: , , ,

39 Replies to “TOR Security Concerns and Considerations”

  1. Edwin says:

    Hi Eli would you say using different OS helps with safety and security, well would it be safer to do banking using a banking app on an Android or IOS mobile over using a web browser to do banking on a windows computer, ps just deleted for from my mobile I don't see the point for it 👍😎🇦🇺

  2. Orkan Gündogdu says:

    6:00 a VPN will not encrypt the traffic between the webserver and the vpn itself.. and there is something like SSL in HTTPS which always encrypt the connection !

  3. Wilmer Henao says:

    If you're reading this from anywhere where there's repression. I salute you!. You're a hero.

  4. Lisa Wallerstein says:

    How important can a short visit by one individual to the dark net be to the nsa 7 years from now?

  5. Zim says:


  6. Eternal Being33 says:

    "you put antivirus, anti spyware software on your computer" okay, well you forgot to mention that these will leak your ip address. Im not a tech expert and i know that.

  7. Michel Bisson says:

    What otehr than tor

  8. Michel Bisson says:

    And if we are on wifi?

  9. Michel Bisson says:

    What about android from tablet and cell phone?

  10. nikola niki says:

    He said that someone can track info. from exit node to CNN , but what if my traffic is in TOR network , for example some .onion site ?

  11. Hasan Othman says:

    You are really computer's guy !

  12. TEN4 GAMING says:

    You stated to not have chrome or internet explorer open, Would you press ALT DEL CTRL and Turn off internet explore that way or simply just pressing the X button on the internet window to exit the window? There can be internet notifications that pop up on your screen even when there is no internet window open such as a facebook notification on bottom right of your computer screen.

  13. Sergio Ropo says:

    You should write Hollywood movie scripts.

  14. Skylake says:

    feel like I am watching jason statham movie

  15. Rob-karen Kennedy-parker says:

    Kick ass video. TY.

  16. eduardoig17 says:

    so if your computer was the last node in the relay that was used to do something illegal how do the authorities know whether or not it was you or just someone else on the tor network?

  17. Haley Euphemia Praesent says:

    I don't really use TOR for privacy more to just get around censorship which my country has started doing more of in recent years.

  18. Soulwrite7 says:

    Hey Eli, if you needed to or felt the need to mask your internet traffic how would you go about doing it?? You mentioned Tor with many additional layer on top, like what?

  19. dopplegangerdavid says:

    You have to use SOCs? That SOCs!!!

  20. Developer 198 says:

    web root

  21. grungeisdead says:

    What do you use then?

  22. Brainwash Effect says:

    Eli has a really bad vision of tor. If I could sit down with him for an hour, I promise you he would look at tor much better than how he does now. Great vid nonetheless, but all these problems have been fixed.

  23. Sizifus says:

    For the maximum paranoids out there, here's a little list on how to be practically undetectable on the net (serious list):
    1. Buy yourself a new or used netbook from people and pay up the transaction in cash
    2. Make sure it has no camera or other recording devices on it, if it does, remove or disable this hardware through BIOS if it is possible
    3. Install Tails OS
    4. Install TOR
    5. Use Cafe Wi-Fi spots. Rarely use your own Wi-Fi spot
    6. Alternative names, alias should be used that have little to no connection to your surf net shenanigans
    Bam, you're ready to be the ultimate hacker supreme!

  24. 0x1A3C3E7 says:

    I have Windows 10 Pro with DEP enabled for all applications. I use Firefox with "AdBlock PLus", "NoScript" and "HTTPS Everywhere" addons, I use a VPN for all bittorrent traffic, and I scan all downloaded files with Windows defender before opening them.

  25. ExclusiveCrazyExpert says:

    Great Encryption only encrypt the payload of the packet 🙂

  26. truesonic33 says:

    end to end encryption
    makes it hard for them to read the content. the FBI hates when people do that and trying to find a back door

  27. Joe Pagano says:

    do you get paid by CNN

  28. Frank Black says:

    Lazyness and apathy has given the government too much power. Its 1984 …

  29. literatious says:

    Thanks Eli. You're an awesome teacher.

  30. Rocket Steve929 says:

    Tails OS on a thumb drive, which deletes all files upon booting down. VPN. Burner laptop, never connect to wifi at a network where you are on the billing info. Ship to a burner address, opsec when on the web, and when picking up package. You'll be A-Okay. Watch out for government paid shills who spread dis info and fear to the uneducated. Also, US Government is trying to compromise and run exit nodes, which could compromise a physical location and IP address. As long as you provide adequate opsec when logging in to the deep web, E.I. not being electronically surveyed you are okay.

  31. Sir Esquire says:

    If i have a VM running VPM is it still unsafe to run it (and browser stuff) alongside tor inside a different VM?

  32. Draakie100 says:

    The most beautiful "thing" about a person is their minds. Freedom of mind makes the human race evolve into something better. The internet can be such a amazing tool for a better world…but money hunry corporations corrupt it (jmho).
    Thanks for making people think 😉

  33. itchykami says:

    Hehe, 6:40, realizing this video is from before heartbleed.

  34. Shelly Robinson says:

    thank you for this information.  I have been tempted to try TOR but I have been having serious doubts.  Just watching the other people surf the web and watching for Sharks before I go in.  This opened my eyes into thinking I am not that proficient at this computer stuff so I am going to stay on the beach thank you very much.  I learned about TOR and I2P from House of Cards second season.  So I asked my son who started using the computer when he was like 2 or 3 years old about it all and he just shook his head and told me "Mom, not a good idea you can find yourself in a lot of hot water." sweet of my son to tell me that and I found you on You Tube talking about it so here I am learning.

  35. MRW2276 says:

    So buy a t-mobile hotspot and laptop cash. Use disinformation and working prepaid cell number to sign up with tmobile (again buy the refill cards cash). No need for tor just make sure you don't do your dirty work from home (GPS on the hotspot). Then you should truly be safe and less suspect since your not using TOR and they think they are seeing who you are, but your info is all fake. In fact any site worth a damn will think your fishy seeing how many nodes in the link when you use stuff like TOR.

  36. Scott Gallant says:

    The FBI Cyber team came to my last job and actually advised us all to use TOR to protect privacy.

  37. Nick Richardson says:

    I am in South Africa 😀 Thanks for your Videos! Best Computer guy! 😀

  38. HelixsoulX says:

    Is it possible to spoof entrance nodes, so even if your packets get mined, the router will lead to a garbage IP, or would that be pointless.

    I'm just asking. I already came up with a few problems with this; the fake node will probably have to be created from a proxy server anyway and that server would probably have all the information on exactly how it built that fake IP(which would probably have the randomizing algorithm and be easily brute force mined). Also that request would have to sent from the host, and even if the router sees the request, it's still up to the router to even do it. The request would also have to be decrypted by that router, but then even if the request is a separate packet from your data, and the key to process the request is just metadata, that could still be mined easily. But maybe if entrance node spoofing became a big thing, the information on how to build the fake IP could be stored on a specialized router instead of sent from the host. But then those proxies would be gold mines filled with keys, and if an intelligence agency opens one-OH GOD, I NEED TO STOP THINKING.

  39. Silica says:

    i really hope that someday project meshnet replaces the internet. nl need for an isp because everyone is their own isp.

Leave a Comment

Your email address will not be published. Required fields are marked *