Clever Geek Handbook

How NOT to use I2P and TOR

Or, a tale about unexpected ways to disclose users of distributed anonymizing networks.





Users of anonymous networks and browsers probably use them to visit mostly blocked / protected sites. At the same time, not all of them expect that the fact of this visit will remain anonymous. If the anonymity does not bother you, then, the further content of the article, most likely, will not interest you.





I ask the rest of the users under the cat, where you can familiarize yourself with the abstract reasoning of a beginner paranoid about how users of anonymous browsers can be exposed.





Statement

The author assumes no responsibility for any paranoia you may experience while reading this publication. Well, and, for the reliability of the information contained in it.





Attack vectors

In our reasoning, we will not go into the intricacies of the functioning of the listed networks and try to hack them. As you know, even in the most perfect means of protection, the bottleneck is a person. Therefore, we will talk about methods that bypass distributed protocols, exploit typical errors of users, settings, or the software itself.





By de-anonymization, we mean the disclosure of the user's real IP address.





Fingerprinting

"" , . "" , , Google, Facebook , , , .





, , , , . "" . , , .





, "" . , " ", , onion/i2p . HTTP, DNS,WebRTC ..





, - , Firewall IP localhost , .





, .





, - , , , API DNS ...





wireshark tcpdump.





, http:// https:// , . file:// smb://, / .





, http:// https:// .





GPS //

, , .





, , , . . , . .





. . . , , , , .





. ?





onion/i2p /. . , "" , , , . , .





. , , "".





, ( tor|i2p) IP .





. , , .





:





  1. - I2P/TOR , . , IP .





  2. - , . . "" , , . , , Windows Windows Update .





    ( , Windows , , , .)





  3. - . . , , , ( ) , - . , "", / . , "", " ". , " " .





-, . , , MAC , . , . , .





/

- . , . , - , .





"" , - ( ) .





Interestingly, this information can be extracted even from a secure / encrypted TCP / HTTPS user session by measuring the intervals between IP packets.





A microphone (for example, in your cell phone) within range can do the same. Based on this, a special index can be compiled, which, by analogy with the service for determining the name of a musical composition playing in the background, will be able to determine that it is you who are typing the message.





Disabling JS partially saves, but mouse clicks do not disappear when navigating through the pages, so keep the microphones away from your workplace.









P.S. Good paranoia, comrades!







More articles:


All Articles