Saturday, July 19, 2014

[tor-talk] Does my ISP know I'm using Tor?

[tor-talk] Does my ISP know I'm using Tor?

Twitter_Twat


>> Does my ISP know I'm using Tor?
> 
> Very short answer: Yes.
> 
> If your ISP would check, they would know, unless you're using
> bridges.
> 
> The more technical explanation is this: Unless you're using bridges,
> you are connecting to a server from a publicly available list. If you
> would like to check that one out, you could open 
> http://torstatus.blutmagie.de. Even if you are using bridges, it is
> technically possible, albeit rather hard (you need DPI for that one,
> probably), to determine that someone is using Tor.

If you are unlucky and your ISP actually cares, he probably does it the
chinese way: Fetch as many bridges as possible to detect as many bridge
user as they can.

>> Does my ISP know what information I'm looking at while using Tor?
>> Let's say I use DuckDuckGo to search for suppliers of Silly String.
>> I click on a link in the search results that takes me to
>> SillyStringSupplier.com
>> 
>> Does my ISP know what I was looking for and where I went?
>> 
> 
> No. That's what Tor is good for - your ISP knows _only_ that you are 
> connecting to a Tor node to do an encrypted transmission. It doesn't 
> know where you're connecting to and also can't read the content of
> the communication.

I think 'No.' is quite a strong wording here because it seams to imply
certainty. I'd like to add some uncertainty to it to rise awareness.
Awareness should help avoid dangerous situations or at least
detect/recognize them.
If you are unlucky and using an exit relay run by your ISP, this would
mean your ISP is in the position of seeing some of your traffic (by
correlation of input+output).
'some' because you won't use the same exit all the time.
How much 'some' actually is, is influenced by the bandwidth (and other
facts) of the ISP exit (if there is one).

Tor does not aim to protect against such a powerful adversary.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Whatattacksremainagainstonionrouting