/tech/ - Technology

This part always confused people.
Tor opperates in two ways.

Unlike i2p tor has the capability to exit the network and proxy your ip through a tor node. Essentially still hiding your real IP.


When you visit, say, leftychans onion address what you are doing is you are never exiting the network. Your traffic stays encrypted through the tor protocol and never is decrypted through the exit node. This is what confuses people and even me when I first got into encryption with tor.

Think of it like this:

leftychan.onion

Traffic: -> Guard node, Node 1, Node 2, Node 3, node 4, (onion domain)

leftychan.net:

Traffic: -> Guard node, node 1, Node 2, Node 3, Node 4 (decrypted clear net address)

>>1117
>Your traffic stays encrypted through the tor protocol and never is decrypted through the exit node.
I would think the Tor project mentions that in its section on Onion services, but it doesn't ( http://xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2ioyd.onion/onion-services/overview/ https://community.torproject.org/onion-services/overview/ ). Furthermore, watching the talk linked to on The Tor Project's channel has the developers talking about an attack to reveal an onion's guard node to then find out the onion's location, which would not be possible if it was still encrypted.

>>11117
One more counterpoint. If a client's traffic is always encrypted through the Tor network for an onion site, then how does the onion site understand the client's traffic/requests; I would think that requires decryption.

>>11127
The encryption link is just between each node. So each node know only the other node they're connected to and not the final destination.

>>11117
One more counterpoint. If a client's traffic is always encrypted through the Tor network for an onion site, then it seems impossible for the onion site to understand the client's traffic/requests; I would think that requires decryption of said traffic. The only other alternative I can think of is to send the encrypted traffic along with the way to decrypt it but then anyone intercepting that connection could see the way to decrypt it, the only way I can see for this to be secure is to somehow send the decryption method while making it unclear that it is the decryption method, so interceptors wouldn't know they have it.

>>11128
Sorry, my comment was incomplete hence >>11129.
I don't see how this answers my question. If it is just between each node, then between the final node and the destination is unencrypted; otherwise it would be between each node and the final node and its destination. If it is unencrypted it leaves the Tor network; if it is encrypted then I don't see how the onion site can understand the requests made.

>>11126
No you can find the location of onion services by pinging a lot of packets on the ISP and then correlating traffic between the onion and IP's on the ISP. That's how you can de-anonymize people on the network. Not to mention that the guard relay is the entry point so it wouldn't surprise me if there were some theoretical vulnerabilities but regardless of what you think traffic is encrypted through the tor network.

>>11129
Every node on the chain has a public private keypair to the next. It is decrypted but only between nodes and your machine nothing else.

>>11131
>you can find the location of onion services by pinging a lot of packets on the ISP and then correlating traffic between the onion and IP's on the ISP
If you know the ISP then you've already deanonymized them.

>>11128
>The encryption link is just between each node
The encryption is for each node using public keys.
<Node2 address -> encrypted with Node1's key.
<Node3 address -> encrypted with Node2's key.
<Final destination -> encrypted with Node3's key.
So each node can only decrypt the next hop in the chain.
With 3 nodes there is no node that knows both the source and final destination.

>>11127
>If a client's traffic is always encrypted through the Tor network for an onion site
For onion sites both sides build a chain of 3 nodes towards a rendezvous node. That's why onion sites are slow, they are 6/7 hops instead of 3 because both sides are trying to stay anonymous.

>then how does the onion site understand the client's traffic/requests
Because it is encrypted with the onion site's public key so only the onion site can decrypt it.

>>11153
>For onion sites both sides build a chain of 3 nodes towards a rendezvous node.
huh, didn't know that
in Nyx I can see max 5 hops circuits with 3 middle nodes
does rendezvous node counts as end node in a circuit?

>>11156
>does rendezvous node counts as end node in a circuit?
I guess. The client and the onion site both build their own circuit to the rendezvous node and the rendezvous node proxies traffic between them. What makes it different from an exit node is that the traffic is end to end encrypted from the client to the onion site. So there is no opportunity to spy or modify traffic.

>>11158
You also for got that every node is encrypted and only the node Infront of the node behind has the encryption keys.

>>11160
>You also for got that every node is encrypted and only the node Infront of the node behind has the encryption keys.
Nope because then you would have to know where the onion site is to build a circuit directly to it. It's a 3 hop circuit from client to rendezvous node, 3 hop circuit from onion to rendezvous node and neither side knows where the other is.

>>11161
No you don't. That's retarded. The chain only needs to know the existence of the next link.

>>11163
If clients can pick the whole chain up to the hidden service they can just pick 3 nodes they control and the hidden service is not hidden anymore.

>That's retarded.
You're not as smart as you think you are.

>>11164
is correct and you can verify this without reading through the protocol simply by clicking the small circuit icon at the very left of the browser's URL field.
I didn't know this but what anon says makes sense.

>>11153
Voluntaryist is correct too
You have the private key of the destination so nothing is decrypted between hops except for the IP address of the next hop.
Tor isn't RetardRetroShare where "end-to-end-encrypted" file transfers are only encrypted between nodes and each node can read the content of the transferred files. (This actually got someone convicted in court in a country where by law you are not permitted to transmit illegal content if you can read it and therefore know that it is illegal.)

The NSA can conduct timing attacks on tor (control the guards, watch traffic) but this becomes more difficult the more people use it, even if it's javascript-using normie scum.