Tor vs Privacy Service
I frequently receive questions similar to the following:
“I came across this link (http://cryptogon.com/?p=877), and was wondering if you folks were aware of this type of activity; also, can your Proxy/Tunnel service help to mitigate my exposure.”
Some questions also mention Tor and ask which is better protection. I recently answered another of these and thought the (now slightly edited) answer was a good entry for this blog.
The answer:
No proxy service can guarantee to hide you from governments or guarantee flawless anonymity, there are too many areas of potential compromise in every one of them. The closest to anonymity out there is Tor, due to it’s design, but because it still has to be as real time as possible to be functional it is subject to traffic analysis (an entity who sees both sides can time your packets going in and match them to packets coming out by factoring in the delay it takes to pass through. In an overly simplistic analogy, cars maintaining the same steady rate of speed enter a tunnel staggered, you know that they will slow down in the tunnel and by how much, you can calculate when each one of those cars will exit that tunnel even if they change lanes inside).
One must also assume a large number of hostile exits with Tor (a researcher recently set up Tor exit nodes and published captured passwords and usernames (PDF), I have to believe that he’s not the only one who ever thought of this). Yet even given these pitfalls, Tor is still the closest you can get to anonymity because of its decentralized approach and onion encryption. That makes it the best protection from an entity who can only see the exit, which is most. Unfortunately given the nature of it’s setup (untrusted and potentially hostile end users running servers), it’s going to be slow and you should probably never use it to log into bank accounts, etc. Even though many of those are end to end encryption you place yourself at a greater risk of man-in-the-middle attacks. Your safest bet with those types of accounts is direct access, you lose little as theoretically they already have your personal information.
Paid services and single hop proxies are even more vulnerable to traffic analysis because they are more centralized, strive for as little delay as possible (speed is everything to them), and pass through fewer hops. Its much easier to match the packets going in to those coming out (the faster the proxy the easier the traffic analysis). They suffer somewhat like Tor in the way that you must trust that the service you are using is not capturing your login and passwords or compromising you itself (ie. maliciously being a man-in-the-middle), which you can trust most well known paid services in this manner (I would not easily trust free single hop proxies, I have to wonder what they get in return for the cost). Where paid services really fall behind Tor is back tracing from an entity that can only see the exit. Tor is going to provide you with better anonymity there.
Both Tor and paid services/single hop proxies can protect you from the unwashed masses as well as snooping ISPs. Both can also provide you ways of accessing data you might not otherwise be able to access. Tor will provide you with better anonymity than a paid service/single hop proxy will for an entity that only sees the exit, at the cost of speed. But neither can protect you from a government that wants to get you. To be honest, they likely wouldn’t even need traffic analysis in either case. Their preferred mode of intercept for proxy users appears to be to trojan their machine via a vulnerability in either the browser software and/or plugins and through email or messaging client vulnerabilities (see: http://blog.wired.com/27bstroke6/2009/04/fbi-spyware-pro.html)
It all means that if you want to hide from a government focused on catching you, it’s going to take a lot more than just a proxy.
