22 Dec 2019 - tsp
Note: Since I’ve written that blog post somewhere deep in the night please don’t freak out because of grammar- and orthography mistakes …
First what’s this post about? Since I often hear that there is much confusion about the level or type of privacy when I talk with people about onion routing services like TOR, tunneling services like VPN, DNS encryption via DOH, using proxyservers, using alternate DNS services, using encryption and signature, etc. I’ve decided to write a short blog post about that different stuff and what it provides - and what not (from my own personal point of view and experience).
First one has to understand the different threats that one’s exposed to when using the network.
As one can see part of the fear is about an attacker being capable of reading or spoofing the content of communications. The other part of the attacks is about being threatened by exposing metadata (i.e. social network structure) and the ability to infer information about entities by having collected huge amounts of information about similar entities. The defense against all of that is of course done using different technologies (or not using some services).
Note that - in my opinion - laws do not provide any defense against data collection and manipulation. They might help to mitigate the resulting effects whenever something goes wrong but one can be sure that anywhere on the worldwide network under some legislation data gathering is either legal or people simply are doing it illegal. The only area where laws are somewhat effective is preventing the buildup of such datasets by the public sector - in any other case technical solutions are - in my opinion - way more effective.
Basically encryption simply prevents a third party of sniffing the network and reading traffic content. As long as one finds a way to exchange keys for this encrypted stream the attacker can see that traffic is flowing from a given source to a given destination (i.e. can gather traffic metadata) and is with most systems also capable of detecting when traffic is produced (i.e. is capable of gathering chronological metadata) as well as how much traffic is produced (which also lead to some interesting types of data leaks).
Encryption of course also requires authenticity (i.e. digital signatures) to proof the entity who receives data is who they claim they are.
There are basically two classes of encryption:
Encryption is worthless without the ability to know that traffic really originates from the source it’s claimed to. Signatures solve that problem. They are similar to asymmetric encryption methods - the message is hashed and the hash is encrypted using the private key of the sender. Anyone can then decrypt the signature using the public key from a public directory and check if the hashes match (at least that’s the idea - please look at specific signature and encryption schemes before implementing such stuff).
Signatures are most of the time effective (but cryptosystems have to be crafted with care) - but to be effective someone has to establish a trust relationship to a given signature keys. There are currently three major approaches:
httpsor signing and encrypting mail with S/MIME. One has to fully trust all certificate authorities that one has configured (look into your system settings and many will be suprised how many companies they in fact trust to certify identities). A single compromised certificate authortity can establish keys for nearly all identities (there are mechanisms for example in DNS that reduce the attack surface but they do depend on DNSSEC to be established and secure too - which is a special kind of highly hierarchical certificate authority that starts with the root zone and trust into the local domain zone operators).
The onion router is the currently most effective tool against metadata collection that is available. The basic idea is that there is a collection of community operated nodes (in fact it would be ideal if every user operatates his node in that way when not hosting an own hidden service) that pass data from one node to another - and a bunch of nodes that passes received traffic into the public network. When routing into the clearnet the basic idea is to encrypt the IP packet that should be routed into the internet with the public key of an exit node and attach it’s adress to the packet. Then this packet is encrypted again with the key of an intermediate node and sent to this intermediate node. The intermediate node never is capable of accessing the real IP packet inside and only sees which node the traffic originates from and to which exit node it should be sent. The exit node only sees the intermediate node as originator and which target it should send the traffic to. Since the exit node sees public traffic content the content should be encrypted and authenticated as usual (there are malicious exit nodes but since the internet itself is inherently untrustable and insecure this doesn’t matter in any way - one has to protect against that anyways).
To protect against traffic analysis TOR relays normally forward traffic of third parties and additionally random traffic. This prevents timing and traffic correlation attacks (which is also the reason why normal clients should always operate in relay mode). Of course normal clients should not run in exit node mode - since these nodes are (because TOR is also used by people doing illegal stuff) exposed to inquiries by law enforcment - one should never run an exit node from home (in most countries house searches are the logical step when one traces traffic for major crimes back to them) and only operate them with enough legal background (i.e. consult a lawyer before doing so).
There is another kind of service provided by the onion router - hidden services. These work similar but instead of the public internet via an exit node an internal node is the target. They introduce themself to an relay node and publish an service descriptor. All nodes connecting to the service connect to the relay node. This provides protection of metadata from the client and from the service operator. On the other hand hidden services provide authenticity by establishing the trust relationship via an fingerprint directly in the URI as well as authenticating the clients for stealth hidden services.
A more detailed explaination of TOR for endusers and and guide on how to run hidden services and why one would want to do that can be found at the previous linked blog articles.
Of course TOR is only effective as more and more people use it - also for legitimate traffic and not only for illegal stuff. Since TOR provides so much more than just anonymization there are many reasons (see above linked articles for some of them).
What can TOR provide?
What it cannot do?
First off - a VPN is nothing more than a virtual private network that allows to bridge different private networks by the means of a public network. It’s normally realized by an encrypted and authenticated tunnel between two routers (in the source and destination network). The best comparison to a VPN is a virtual network cable between two locations. Techniques that can be used for VPN start with simple unencrypted generic routing encapsulation (GRE) tunnels that simply add an additional IP header to the packets and pass them over IP to the other router up to encrypted solutions like IPSEC (AH and ESP) and custom VPN protocols like OpenVPN or my personal favorite (tinc)[https://www.tinc-vpn.org/]. The most important part to remember is: A VPN just transports your traffic. Most of the time encrypted and authenticated but potentially also not.
If one thinks about the big VPN providers often seen in advertisements the idea is slightly different. They provide the service to be the destination network and allow you to set your default route through them - i.e. you hand them all traffic that you would previously directly hand over to your internet connection and they route it into the internet instead of your provider or your own border router. There is exactly one thing that you gain from that: Your entry point into the inherently untrusted and unrelieable internet is a different one - instead of your ISP or the network you’re currently running inside you choose that everything should be passed over the VPN provider. Nodes on the internet then see this VPN providers network as originator of traffic that reaches them instead of your ISP.
Why should one do that:
Why one shouldn’t do that:
This is something one currently hears on a large scale since many larger browser vendors work on DNS over HTTPS support. The claim is that DoH uses HTTPS an additionally encrypts DNS queries. The signature part of DoH would also be supplied by techniques like DNSSEC (but in a different way). What DoH can provide is an encrypted connection to your DoH server and it is capable of authenticating the DoH server (i.e. you know the response really comes from your selected DoH server). Note that it doesn’t authenticate that the response is valid - this is something DNSSEC does. Trust is established either by using standard X.509 certificates (DoH) or via a hierarchical approach (DNSSEC). They are not a substitute for each other. The major addition DoH provides is transport encryption between the client and the DoH server which prevents evesdropping onto DNS queries (i.e. leaking metadata) by other users on the same network or on any network that’s passed by traffic till the DoH server.
What can DoH provide?
What doesn’t DoH provide?
Short summary: They don’t really help. They just clear your browser history when closing them and normally they create a separate set of cookie store and history when queried by webpages or performing requests. This provides some basic protection against webpages tracking users (but not against advanced methods like browser fingerprinting - the best and most effective thing one can do against that is disabling scripting and only storing session cookies - oh and of course disabling stuff like java and flash plugins).
What they can do:
What they can’t do:
Tails is The Amnesic Incognito Live System. It provides a live Linux distribution that doesn’t store any data outside of a memdisk by default and can be downloaded for free.
This is similar to the browsers private mode tab. Since no information is stored by default (if not using an external storage device) the device always looks clean and doesn’t transmit any tracking information from previous sessions. Of course the hardware doesn’t change - but the default settings of the software are somewhat more secure than with other operating systems. And of course the routing of all network traffic via the onion router (TOR) provides the previously mentioned advantages - and also disadvantages. Another advantage of using tails is that - since everything is by default read only except the memory disk - potential malware is not kept over more than a single session. One should of course limit the time one’s using such a distribution per session.
What it can do for privacy:
What it cannot do:
This is definitely worth the effort. It doesn’t protect any metadata and with the most used schemes also not the subject of your mails but it effectively protects message payload and provides (using signatures) authenticity. There are currently two well established methods for protecting mail:
Encrypting and signing mail provides way more protection than any safe or claimed to be privacy preserving mail provider can. And it removes the requirement of any mailprovider to be trustworthy (except metadata collection).
What it can do:
What it cannot do: