The Tor browser, which users can use to cover their tracks on the web with the help of the anonymization network behind it, should be able to bypass attempts at censorship much more easily in the future. Georg Koppen, head of the team for a “healthy” network at the Tor project, announced this on Tuesday at the virtual hacker meeting rC3 (remote Chaos Communication Congress).
There will soon be an option in the Tor browser with which preset bridges in the region can be used by clicking on a corresponding anti-censorship button adapted to specific geographical areas, explained Koppen. Such “bridges” are operated by volunteers like ordinary gate access nodes. However, their IP addresses are not publicly listed, so that it is more difficult for opponents to identify and block them. Until now, users affected by gate censorship had to contact the gate project maker to get an identifier for such hidden bridge points.
Bridges and snowflakes against censorship
During the ongoing massive Russian censorship efforts, the “Tor Project” with version 11.0.2 of the relevant browser, which is essentially based on Firefox, had already built bridges that users in Russia in particular could preset in a targeted manner. This approach is to be expanded.
In addition, the Tor community has developed a browser extension called Snowflake, which should also help to avoid censorship more effectively. Relevant bridge nodes are configured by default. Several thousand corresponding proxy servers should be available every day, which are difficult to locate and block. Koppen described Snowflake as “the next stage in the arms race with censors”. The number of users of the extension has risen significantly since July to over 6,000.
Next year the focus will be on securing the add-on, updating the Tor browser more quickly and making more bridges available more or less automatically, emphasized Koppen. With a “Snowflake Fix” with version 11.0.3. of the Tor browser, the use of the extension has already increased significantly – especially in Russia – added Gustavo Gus, head of the community team. Then there was a brief server crash, but since then Snowflake has been working well again and demand has continued to rise.
According to Koppen, a kind of Virtual Private Network (VPN) is also planned, for which the team is still looking for a better name. The planned approach is similar to a classic VPN, explained Koppen. The network traffic of an entire device or specific apps classified as secure should be routed via Tor. This is especially important for cell phones so that they can also be used anonymously in countries where the network is censored. The tool, which Tor developers are currently working on with the help of the Guardian Project and the LEAP Encryption Access Project, is expected to initially be available for Android devices by the end of 2023.
Trust and control
The Tor team continues to take care of malicious servers from the network, emphasized Koppen. “We removed several large groups of exit relays in early 2021.” In addition, a lot of time and energy went into setting up the relevant scanners and test arrangements. It was only two weeks ago that further malicious relays were identified and banned, even though they were “perfectly configured” and contained contact information. In response to inquiries, however, it quickly became apparent that the operators were not up to anything.
According to Koppen, the project to strengthen trust within the community requires a “technical and social approach”. Corresponding experiments were successful. One focus in 2022 will be to determine a “logical group of trustworthy relays” and to feed them more network traffic. It will be carefully observed how this affects overall performance. In recent years, the gap between the displayed and used bandwidth in the network has grown, although many have complained that Tor is too slow. A bottleneck control and a better load distribution with messages to server operators should counteract this.
Previously, an IT security researcher with the pseudonym Nusenu, who is himself a member of the Tor community, discussed his recently published findings on the mysterious actor KAX17 with the hackers. He relied on a recorded lecture with an alienated voice and without personal images, and then answered questions. Nusenu announced that he could not say exactly whether KAX17 was carrying out large-scale deanonymization attacks on Tor users. But it is problematic in itself if an individual or a group operates over 800 relay stations, tries to blur the connections between them and, after removing such servers, simply adds new ones and lets them run without the official Tor software.
At the same time, the expert revealed some as yet unknown characteristics of the apparently threatening teammate. This probably uses a German keyboard setting and uses Swiss-German words such as “Grüezi”. He claims to work for a large access provider. The time zone could be identified through his emails, Nusenu reported, without giving any details. Among other things, KAX17 used more than 400 IP addresses with Microsoft’s Azure cloud service, which are mainly registered in North America and Europe.
Self defense
Nusenu underpinned his plea that Tor clients should be able to preset the use of “trustworthy operators” or get to know them via “trust anchors”. Over 60 percent of the exit nodes are already geared towards such a self-defense procedure with the Authenticated Relay Operator ID. In this way, a list of comparably secure relay points can be generated and a new way of excluding suspected malicious network nodes can be pursued. This could restrict anonymity somewhat, but would offer more security. Which method should be used depends on the threat model.
In response to questions from hackers, Gus said he saw no problem in the fact that the non-profit sponsoring company of the Tor project was based in the United States. Other important institutions in the network have their headquarters in other countries around the world. There is also “currently no pressure” from the US government. It is important, however, to “ensure sustainable funding” in order to no longer depend mainly on US funding for human rights and Internet freedom projects.
(jk)