0

Tor has guidelines that define a set of rules/techniques to assure anonymity. Some examples are browsing in small window mode so your screen resolution can't be detected, using HTTPS everywhere, and never using third-party plugins and blocking parts of Javascript. Since Tor encrypts data, let's assume that someone uses it to be a repeat-offender (harassment, bullying, DDOS/DOS attacks/etc.), is it possible that said person could possibly be impossible to track among any means possible, even given their annoying, disruptive and destructive nature? I mean nothing that would cause a major red flag (terrorism, etc.), but that can otherwise delay, impede and ruin/torment others through anonymity?

I ask because I've heard of some online communities that say they have no options but to deal with repeat-offending trolls no matter what, and the site cannot stop them because of Tor/proxies/VPN/etc., and they are deliberating harassing, impeding and otherwise being destructive and toxic to communities.

Is it true that, given some habitual measures of abuse, you can sometimes be truly anonymous?

  • 1
    if i am not wrong, in the document leaked by Snowden there is some report on the hability of the NSA to track people and read communication through TOR. The conclusion was the NSA couldn't do much against people using TOR. – grandchamp robin Aug 17 '15 at 06:38

4 Answers4

1

ToR and associated products (e.g. Tails) provide a technological capability which will, if used consistently, allow certain actions to be taken online without any easy way to track them back to the person executing them.

So it's likely that the weak point in an anonymous browsing setup will be the person operating it. Good Operational Security (OpSec) practice is difficult to achieve for most people, and there are a wide number of actions which could reveal information about the user behind the system.

Good OpSec requires a lot of discipline (e.g. never logging in without using ToR no matter how urgent it is, never mentioning any aspects of your real life whilst trying to be anonymous online and lots more)

So the most likely way that a troll or abuser would be unmasked would be that they slip up whilst trying to be anonymous, although there they'd only get caught if someone is watching for it and also if they haven't done anything illegal their OpSec slip-up may have limited consequences.

One option that some sites take to address this kind of problem is just block known ToR exit nodes and other well known anonymous proxies from connecting to their systems. Depending on the user-base this may or may not be acceptable. Obviously people have good reasons to want to be anonymous online (sometimes to avoid abusive people) so blocking ToR isn't appropriate for a lot of sites.

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
  • "it's likely that the weak point in an anonymous… the person operating it" fully agreed. I would have added: **weakest**, and "the next weak point will be her OS". – dan Aug 17 '15 at 08:32
0

If a user has good trade craft and implements good tor hygiene by doing all the things you listed, it would be very hard to UID them..if not impossible. I know one of the most common methods that is emerging is pattern recognition that can analyze things like how a user types and then UID them from that, but that relies on things like javascript so if it is blocked it would not work.

If it is possible to trace someone who is using tor and taking extra precautions, it would require massive amounts of resources and outside of the NSA and other government security agencies I really don't know of any individual or organisation that may have that capability.

TheJulyPlot
  • 7,729
  • 6
  • 30
  • 44
0

Appart from the "100% anonymity" from your title, which seem to include government agencies and can therefore never be 100% ensured, as long as the "online communities" are concerned some of them implement special policies regarding Tor's exit nodes IPs.

For instance you can check Wikipedia where by default Tor's users are prevented from editing articles to prevent vandalism, while still trying to help the special situations where Tor's anonymity would still be legitimate.

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107
0

Can exit nodes eavesdrop on communications? Isn't that bad?

Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the Internet.

Also, JavaScript is enabled by default in Tor browser making it vulnerable to malicious crafted JavaScript codes and thus probably hindering your anonymity in some scernarii.

Recently a user imagined a scenario that could help him to enhance the anonymity that Tor offers using a VPS but as the answerer highlighted, paying a VPS harms the anonymity since the payment can lead back to you.

Also more and more actors are trying to break the anonymity of Tor network and some of them pretend to discover some vulnerabilities they do not want to reveal yet unless law enforcement has been done.

Also, may be you will be interested in reading some quite related questions.