Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,330 --> 00:00:06,910 Web site traffic fingerprinting against Tor traffic it is possible that Tor is vulnerable to attack 2 00:00:06,910 --> 00:00:13,900 called Website Traffic fingerprinting which you may recall I mentioned in the section on VPN. 3 00:00:13,890 --> 00:00:21,060 It is a passive eavesdropping attack that looks at the size and timing of encrypted data streams where 4 00:00:21,060 --> 00:00:28,560 although the adversary only sees encrypted traffic the adversary can still guess what web page is being 5 00:00:28,560 --> 00:00:33,300 visited because all web pages have specific traffic patterns. 6 00:00:33,300 --> 00:00:38,780 They can only guess if they know the pattern of the web page in advance though. 7 00:00:38,820 --> 00:00:42,640 So if you're going to pages they were not aware of. 8 00:00:42,690 --> 00:00:44,920 They wouldn't have a patent for it. 9 00:00:44,940 --> 00:00:49,080 The content of the transmission is still encrypted and hidden. 10 00:00:49,200 --> 00:00:57,270 But to which web page you connect to or even the site because they know the page isn't private or secret 11 00:00:57,270 --> 00:00:57,970 anymore. 12 00:00:58,110 --> 00:01:05,160 There are multiple research papers as I've mentioned from what I've read I think the attacks against 13 00:01:05,190 --> 00:01:12,990 Tor are overstated and not a problem yet but something definitely to watch. 14 00:01:13,350 --> 00:01:19,420 And this is the latest paper that I'm familiar with on the topic of Tor fingerprinting. 15 00:01:19,620 --> 00:01:21,410 And for more information on this. 16 00:01:21,450 --> 00:01:31,170 There are some links here to mitigate this you could use multiple chained anonymizing services and or 17 00:01:31,260 --> 00:01:38,700 offsite connections which we will discuss later exit node eavesdropping this has been mentioned in a 18 00:01:38,700 --> 00:01:42,450 couple of videos told by design there's nothing to make private. 19 00:01:42,450 --> 00:01:48,040 The data that comes out of the exit no to the final destination to surf the web. 20 00:01:48,150 --> 00:01:55,140 Anyone running an exit node will be able to see on encrypted traffic and much worse inject into that 21 00:01:55,140 --> 00:01:55,830 traffic. 22 00:01:55,830 --> 00:02:02,180 Things like zombie super cookies to track all malware to try to exploit your device. 23 00:02:02,190 --> 00:02:09,540 The obvious mitigation to this is ending scription TLR us for example and PGE pay etc.. 24 00:02:09,660 --> 00:02:15,870 Tor does however provide end to end encryption when you're using hidden services or the darkness or 25 00:02:15,870 --> 00:02:16,830 the dark web. 26 00:02:16,850 --> 00:02:24,300 The dot on Ewan's is there is encryption they're making these more private to use than using the surface 27 00:02:24,300 --> 00:02:27,660 web traffic analysis attacks. 28 00:02:27,660 --> 00:02:35,370 Tor has been shown in the past to be susceptible to analysis of the traffic by passive observer. 29 00:02:35,370 --> 00:02:42,510 If they can see enough relays and this is the last report that I've found on the subject if you want 30 00:02:42,510 --> 00:02:49,620 to read more about traffic analysis attacks toy is susceptible to man in the middle and man on the side 31 00:02:49,620 --> 00:02:50,300 attacks. 32 00:02:50,310 --> 00:02:52,370 This is not really a witness of Tor. 33 00:02:52,390 --> 00:02:58,740 But the weakness of the fundamentals of the Internet and adversary with sufficient means and reach can 34 00:02:58,830 --> 00:03:03,790 intercept your requests and respond to them before the destination. 35 00:03:03,810 --> 00:03:11,100 Fooling you into thinking you are communicating with the real destination the NSA are known to do this 36 00:03:11,100 --> 00:03:11,130 . 37 00:03:11,130 --> 00:03:14,680 This is a known technique of the quantum system. 38 00:03:14,700 --> 00:03:22,440 Your client would then be subject to active attacks such as trying to exploit vulnerabilities in your 39 00:03:22,440 --> 00:03:32,280 browser and in a zombie super cookies to track you Tor is susceptible like anything else to vulnerabilities 40 00:03:32,610 --> 00:03:35,650 in the underlying technology that it uses. 41 00:03:35,730 --> 00:03:41,490 And one such vulnerability could be discovered to erode the anonymity of the service. 42 00:03:41,490 --> 00:03:46,670 A previous example of a widespread bug is the Heartbleed bug. 43 00:03:46,890 --> 00:03:52,560 If you don't run your toll connection permanently It's obvious to an observer when you're attempting 44 00:03:52,560 --> 00:03:55,790 to do something private or anonymous. 45 00:03:55,800 --> 00:04:00,870 This can draw close attention to when you are using Tor. 46 00:04:01,590 --> 00:04:03,960 As we avoid discussed but it is a weakness. 47 00:04:03,960 --> 00:04:06,210 Relays and bridges can be blocked. 48 00:04:06,210 --> 00:04:11,480 It is trivial to block all relays preventing people from using Tor. 49 00:04:11,490 --> 00:04:18,790 It is also not so difficult to block hidden bridges using tools like Zad map. 50 00:04:18,900 --> 00:04:21,000 Not really a weakness but an issue. 51 00:04:21,000 --> 00:04:28,290 Ports are blocked some ports are blocked by some relays on Tor ports you might need to use for example 52 00:04:28,290 --> 00:04:33,470 to get through a firewall could be blocked by many of the relays. 53 00:04:33,480 --> 00:04:41,490 You will then have to use a circuit that is often slower directory authorities or a single point of 54 00:04:41,490 --> 00:04:43,200 security failure if at all. 55 00:04:43,200 --> 00:04:44,990 This is a known issue. 56 00:04:45,030 --> 00:04:53,970 If these directory authorities are compromised then Tor is fully compromised DNS leaking when using 57 00:04:53,970 --> 00:04:57,960 other applications with Tor you risk protocol leaks. 58 00:04:57,960 --> 00:05:03,070 This has been demonstrated many times in many applications including Thunderbird. 59 00:05:03,090 --> 00:05:12,240 Years ago and bit torrent now and while on a topic no bit turns on Tor bit torrents can leak your IP 60 00:05:12,240 --> 00:05:12,940 address. 61 00:05:12,970 --> 00:05:16,030 There's a blog post on it here and a research paper. 62 00:05:16,140 --> 00:05:23,210 If you want to understand more about how bit torrents leak on tour you get captured. 63 00:05:23,210 --> 00:05:30,810 Pop up slowing you down and your language can be preset incorrectly when you're visiting various sites 64 00:05:30,810 --> 00:05:33,250 and doing searches. 65 00:05:33,360 --> 00:05:40,740 The signs you use and access your accounts with can flag you as being suspicious or having suspicious 66 00:05:40,830 --> 00:05:47,180 activity and then block lock or suspend your accounts because you are using Tor. 67 00:05:47,260 --> 00:05:53,670 Maybe the IP address of the exit node has a tainted history or they may know you are using tool and 68 00:05:53,670 --> 00:05:59,640 they don't like that or they will see you're from a country that you're not normally from. 69 00:05:59,640 --> 00:06:06,000 All of this could be seen as suspicious activity on your account block locked suspended. 70 00:06:06,000 --> 00:06:07,100 That's happened to me. 71 00:06:07,110 --> 00:06:08,540 It's a pain. 72 00:06:08,790 --> 00:06:11,100 If you see this you are all here. 73 00:06:11,100 --> 00:06:14,170 This is a list of services blocked by Tor. 74 00:06:14,280 --> 00:06:15,220 That is a problem. 75 00:06:15,230 --> 00:06:21,610 Tor is blocked by some web site some destinations that you do want to visit. 76 00:06:21,630 --> 00:06:29,580 There is no UDP on Tor talk doesn't currently support UDP although it does provide a DNS port if you 77 00:06:29,580 --> 00:06:38,610 require UDP who provides a limited workaround for using UDP and the final weakness is speed. 78 00:06:38,610 --> 00:06:49,200 Tor is slower than some privacy stroke anonymizing services such as VPN and the clarinet that Tor is 79 00:06:49,200 --> 00:06:55,030 getting much better and much faster and the latency issues are improving. 8795