From 307882063a5d429c2b9d547415c242e6d5d061d9 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:06:09 +0200 Subject: [PATCH 01/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 853ef5f..7d5a73c 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -1,8 +1,39 @@ # Chapter 12: Using Tor -_This is currently a placeholder; Writing it in Task #15 on the current [TODO list](https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line/blob/master/TODO.md). +In this section will talk about Tor network and how to use its services that are now available courtesy of [Bitcoin Standup] (https://github.com/BlockchainCommons/Bitcoin-Standup-Scripts) + +## 1. Tor network + +Tor is a low-latency anonymity and overlay network based on onion routing and path-building design for enabling anonymous communication. When a user wants to connect to an Internet server Tor tries to build a path formed by at least three Tor nodes relays called Guard, Middle and Exit. In this building path creates a circuit that negotiates encrypted symmetric keys,that while the message goes along the circuit, each relay strips off its layer of encryption. In this way the message arrives at the final destination in its original form and each party only knows the previous and the next hop and cannot determinate origin or destination. + +## 2. How it works + +The basic architecture of the Tor network is made up of the following components: +* Tor Clients (OP or Onion Proxy): A Tor client installs local software considered as an onion proxy, which packages the application data into cells the same size (512 bytes) that it sends to the Tor network. A cell is the basic unit of Tor transmission. +* Onion node (OR or Onion Router): Onion nodes transmit cells coming from the Tor client and server. There are three types of onion nodes: +input (Guard), intermediate nodes (Middle), and output nodes (Exit). +* Directory servers: Directory servers store the information of onion routers and onion servers (hidden services), such as their +public keys. +* Onion servers (hidden servers): They support TCP applications as a service web or IRC service + +### Clear internet connection + +When a user connects to an Internet Server it shares it's ip address, location, operating system and other details with the server. Using a data-network packet analyzer like tcpdump we see how connection is established. + +``` +$ tcpdump +``` +Output + +``` +20:58:03.804787 IP bitcoin.36300 > lb-140-82-114-25-iad.github.com.443: Flags [P.], seq 1:30, ack 25, win 501, options [nop,nop,TS val 3087919981 ecr 802303366], length 29 +``` + + + +## 3. Accessing Tor services. + -This section will talk about using the Tor services that are now available courtesy of Bitcoin Standup._) * [12.1: Verifying Your Tor Setup](12_1_Verifying_Your_Tor_Setup.md) * [12.2: Changing Your Bitcoin Hidden Services](12_2_Changing_Your_Bitcoin_Hidden_Services.md) From 9dc61d96983746bd8192ed98ef42df69fdf051b3 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:24:42 +0200 Subject: [PATCH 02/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 7d5a73c..457915f 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -1,13 +1,15 @@ # Chapter 12: Using Tor -In this section will talk about Tor network and how to use its services that are now available courtesy of [Bitcoin Standup] (https://github.com/BlockchainCommons/Bitcoin-Standup-Scripts) +In this section will talk about Tor network and how to use its services that are now available courtesy of [Bitcoin Standup](https://github.com/BlockchainCommons/Bitcoin-Standup-Scripts) ## 1. Tor network -Tor is a low-latency anonymity and overlay network based on onion routing and path-building design for enabling anonymous communication. When a user wants to connect to an Internet server Tor tries to build a path formed by at least three Tor nodes relays called Guard, Middle and Exit. In this building path creates a circuit that negotiates encrypted symmetric keys,that while the message goes along the circuit, each relay strips off its layer of encryption. In this way the message arrives at the final destination in its original form and each party only knows the previous and the next hop and cannot determinate origin or destination. +Tor is a low-latency anonymity and overlay network based on onion routing and path-building design for enabling anonymous communication. Tor is free and open-source software and the name derived from the acronym for the original software project name "The Onion Router". The Tor Project, Inc. is a Massachusetts-based research-education nonprofit organization founded by computer scientists Roger Dingledine, Nick Mathewson and others. The Tor Project is primarily responsible for maintaining software for the [Tor anonymity network](https://www.torproject.org/) ## 2. How it works +When a user wants to connect to an Internet server Tor tries to build a path formed by at least three Tor nodes relays called Guard, Middle and Exit. In this building path creates a circuit that negotiates encrypted symmetric keys,that while the message goes along the circuit, each relay strips off its layer of encryption. In this way the message arrives at the final destination in its original form and each party only knows the previous and the next hop and cannot determinate origin or destination. + The basic architecture of the Tor network is made up of the following components: * Tor Clients (OP or Onion Proxy): A Tor client installs local software considered as an onion proxy, which packages the application data into cells the same size (512 bytes) that it sends to the Tor network. A cell is the basic unit of Tor transmission. * Onion node (OR or Onion Router): Onion nodes transmit cells coming from the Tor client and server. There are three types of onion nodes: @@ -28,7 +30,12 @@ Output ``` 20:58:03.804787 IP bitcoin.36300 > lb-140-82-114-25-iad.github.com.443: Flags [P.], seq 1:30, ack 25, win 501, options [nop,nop,TS val 3087919981 ecr 802303366], length 29 ``` +When a user connects to an Internet Server using tor it create a circuit using relay nodes that only nows previous and the next hop. +``` +21:06:52.744602 IP bitcoin.58776 > 195-xxx-xxx-x.rev.pxxxxxm.eu.9999: Flags [P.], seq 264139:265189, ack 3519373, win 3410, options [nop,nop,TS val 209009853 ecr 3018177498], length 1050 +21:06:52.776968 IP 195-xxx-xxx-x.rev.pxxxxxm.eu.9999 > bitcoin.58776: Flags [.], ack 265189, win 501, options [nop,nop,TS val 3018177533 ecr 209009853], length 0 +``` ## 3. Accessing Tor services. From 08e27605f645248640c1695a7463377252347d13 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:28:44 +0200 Subject: [PATCH 03/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 457915f..99b93be 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -30,14 +30,13 @@ Output ``` 20:58:03.804787 IP bitcoin.36300 > lb-140-82-114-25-iad.github.com.443: Flags [P.], seq 1:30, ack 25, win 501, options [nop,nop,TS val 3087919981 ecr 802303366], length 29 ``` -When a user connects to an Internet Server using tor it create a circuit using relay nodes that only nows previous and the next hop. +When a user connects to an Internet Server using tor it create a circuit using relay nodes that only knows previous and the next hop. ``` 21:06:52.744602 IP bitcoin.58776 > 195-xxx-xxx-x.rev.pxxxxxm.eu.9999: Flags [P.], seq 264139:265189, ack 3519373, win 3410, options [nop,nop,TS val 209009853 ecr 3018177498], length 1050 21:06:52.776968 IP 195-xxx-xxx-x.rev.pxxxxxm.eu.9999 > bitcoin.58776: Flags [.], ack 265189, win 501, options [nop,nop,TS val 3018177533 ecr 209009853], length 0 ``` - ## 3. Accessing Tor services. From 821152e105d92c5f86d5be9e08775bfb8bf10cf3 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:31:33 +0200 Subject: [PATCH 04/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 99b93be..7bb52ac 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -37,10 +37,6 @@ When a user connects to an Internet Server using tor it create a circuit using r 21:06:52.776968 IP 195-xxx-xxx-x.rev.pxxxxxm.eu.9999 > bitcoin.58776: Flags [.], ack 265189, win 501, options [nop,nop,TS val 3018177533 ecr 209009853], length 0 ``` -## 3. Accessing Tor services. - - - * [12.1: Verifying Your Tor Setup](12_1_Verifying_Your_Tor_Setup.md) * [12.2: Changing Your Bitcoin Hidden Services](12_2_Changing_Your_Bitcoin_Hidden_Services.md) * [12.3: Adding SSH Hidden Services](12_3_Adding_SSH_Hidden_Services.md) From a70da0fb9d9dd3df66fafb86c12c3766c3ecd133 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:34:59 +0200 Subject: [PATCH 05/11] Update 12_2_Changing_Your_Bitcoin_Hidden_Services.md --- 12_2_Changing_Your_Bitcoin_Hidden_Services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12_2_Changing_Your_Bitcoin_Hidden_Services.md b/12_2_Changing_Your_Bitcoin_Hidden_Services.md index 7b73d7e..c9c9d4f 100644 --- a/12_2_Changing_Your_Bitcoin_Hidden_Services.md +++ b/12_2_Changing_Your_Bitcoin_Hidden_Services.md @@ -26,5 +26,5 @@ HiddenServiceDir /var/lib/tor/bitcoin-service/ HiddenServicePort 8333 127.0.0.1:8333 HiddenServicePort 18333 127.0.0.1:18333 ``` -If you're running Tor version 3 bitcoind will configurate hidden services automatically to listen on. +If you're running Tor version 3 bitcoind will configurate hidden services automatically to listen on. If you want to change your onion id delete file onion_private_key located in bitcoin data dir. From 11feda951fc7c69180b8aedba2b00e0f04a1b0a5 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:38:02 +0200 Subject: [PATCH 06/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 7bb52ac..74f6fee 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -30,7 +30,7 @@ Output ``` 20:58:03.804787 IP bitcoin.36300 > lb-140-82-114-25-iad.github.com.443: Flags [P.], seq 1:30, ack 25, win 501, options [nop,nop,TS val 3087919981 ecr 802303366], length 29 ``` -When a user connects to an Internet Server using tor it create a circuit using relay nodes that only knows previous and the next hop. +When a user connects to an Internet Server using tor it create a circuit using three relay nodes that only knows previous and the next hop. This is the output first server or Guard node. ``` 21:06:52.744602 IP bitcoin.58776 > 195-xxx-xxx-x.rev.pxxxxxm.eu.9999: Flags [P.], seq 264139:265189, ack 3519373, win 3410, options [nop,nop,TS val 209009853 ecr 3018177498], length 1050 From f49ff66defebd53565856404ccb76cd9f49e7451 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 21:43:27 +0200 Subject: [PATCH 07/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 74f6fee..0e0085b 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -16,7 +16,7 @@ The basic architecture of the Tor network is made up of the following components input (Guard), intermediate nodes (Middle), and output nodes (Exit). * Directory servers: Directory servers store the information of onion routers and onion servers (hidden services), such as their public keys. -* Onion servers (hidden servers): They support TCP applications as a service web or IRC service +* Onion servers (hidden servers): They support TCP applications as a service web or IRC service. ### Clear internet connection From 6c86fdf62fed77099e715a9e377ec9c8a78cb5e9 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Sun, 5 Jul 2020 22:44:15 +0200 Subject: [PATCH 08/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 0e0085b..1060e2d 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -36,6 +36,82 @@ When a user connects to an Internet Server using tor it create a circuit using t 21:06:52.744602 IP bitcoin.58776 > 195-xxx-xxx-x.rev.pxxxxxm.eu.9999: Flags [P.], seq 264139:265189, ack 3519373, win 3410, options [nop,nop,TS val 209009853 ecr 3018177498], length 1050 21:06:52.776968 IP 195-xxx-xxx-x.rev.pxxxxxm.eu.9999 > bitcoin.58776: Flags [.], ack 265189, win 501, options [nop,nop,TS val 3018177533 ecr 209009853], length 0 ``` +### Bitcoin tor connections + +Using bitcoin-cli parameter getpeerinfo you can see what nodes are connected to your node and check that it swaps connections over tor. + +``` +$ bitcoin-cli getpeerinfo +``` +Output + +``` + { + "id": 9, + "addr": "nkv.......xxx.onion:8333", + "addrbind": "127.0.0.1:51716", + "services": "000000000000040d", + "servicesnames": [ + "NETWORK", + "BLOOM", + "WITNESS", + "NETWORK_LIMITED" + ], + "relaytxes": true, + "lastsend": 1593981053, + "lastrecv": 1593981057, + "bytessent": 1748, + "bytesrecv": 41376, + "conntime": 1593980917, + "timeoffset": -38, + "pingwait": 81.649295, + "version": 70015, + "subver": "/Satoshi:0.20.0/", + "inbound": false, + "addnode": false, + "startingheight": 637875, + "banscore": 0, + "synced_headers": -1, + "synced_blocks": -1, + "inflight": [ + ], + "whitelisted": false, + "permissions": [ + ], + "minfeefilter": 0.00000000, + "bytessent_per_msg": { + "addr": 55, + "feefilter": 32, + "getaddr": 24, + "getheaders": 1053, + "inv": 280, + "ping": 32, + "pong": 32, + "sendcmpct": 66, + "sendheaders": 24, + "verack": 24, + "version": 126 + }, + "bytesrecv_per_msg": { + "addr": 30082, + "feefilter": 32, + "getdata": 280, + "getheaders": 1053, + "headers": 106, + "inv": 9519, + "ping": 32, + "pong": 32, + "sendcmpct": 66, + "sendheaders": 24, + "verack": 24, + "version": 126 + } + } +``` + + + + * [12.1: Verifying Your Tor Setup](12_1_Verifying_Your_Tor_Setup.md) * [12.2: Changing Your Bitcoin Hidden Services](12_2_Changing_Your_Bitcoin_Hidden_Services.md) From 2cd899eb22be22db320e7cb0cb9fb23fc82d2059 Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Mon, 6 Jul 2020 17:10:19 +0200 Subject: [PATCH 09/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index 1060e2d..a194bc6 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -6,7 +6,20 @@ In this section will talk about Tor network and how to use its services that are Tor is a low-latency anonymity and overlay network based on onion routing and path-building design for enabling anonymous communication. Tor is free and open-source software and the name derived from the acronym for the original software project name "The Onion Router". The Tor Project, Inc. is a Massachusetts-based research-education nonprofit organization founded by computer scientists Roger Dingledine, Nick Mathewson and others. The Tor Project is primarily responsible for maintaining software for the [Tor anonymity network](https://www.torproject.org/) -## 2. How it works +## 2. ¿Why use Bitcoin over Tor? + +The Bitcoin network is a peer-to-peer network that listen for transactions and propagates them using an IP public address. When you use default configuration you share your ip address that could expose to a third party your location, your uptime and others details that becomes a undesirable privacy practice. To protect you online you should use tools like Tor to hidden your connection details. Tor allows improve your privacy online as your data goes through different nodes using cryptography and decoding one layer at a time at the different nodes. + +### Weaknesses + +Tor isn't a perfect tool and given that at the exit nodes the information of the Tor network is decrypted and sent to its final destinations, theoretically if someone is monitoring this traffic, and the data is no longer encrypted or observer can collect sufficiently metadata the anonymity is compromised and could potentially identify users. + +There are some studies about possible exploits on Bitcoin's anti-DoS protection that could allow an attacker to force other users which uses Tor to connect exclusively through his Tor Exit nodes or to his Bitcoin peers, isolating the client from the rest of the Bitcoin network. +This could expose users to attacks in which the attacker controls which Bitcoin blocks and transactions receives and lost some level of anonymity. + +Fingerprint attack Bitcoin Tor users by setting an address cookie on their nodes. This cookie allows correlate different transactions of the user exposing transactions propagated without Tor and correlating to his IP address, and later deanonymizing all his transactions sent previously through Tor. + +## 3. How it works When a user wants to connect to an Internet server Tor tries to build a path formed by at least three Tor nodes relays called Guard, Middle and Exit. In this building path creates a circuit that negotiates encrypted symmetric keys,that while the message goes along the circuit, each relay strips off its layer of encryption. In this way the message arrives at the final destination in its original form and each party only knows the previous and the next hop and cannot determinate origin or destination. From 94713d265694baa21c92d7f3a83a6c81b921bf7b Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Mon, 6 Jul 2020 22:55:50 +0200 Subject: [PATCH 10/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index a194bc6..d9c00eb 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -8,7 +8,7 @@ Tor is a low-latency anonymity and overlay network based on onion routing and pa ## 2. ¿Why use Bitcoin over Tor? -The Bitcoin network is a peer-to-peer network that listen for transactions and propagates them using an IP public address. When you use default configuration you share your ip address that could expose to a third party your location, your uptime and others details that becomes a undesirable privacy practice. To protect you online you should use tools like Tor to hidden your connection details. Tor allows improve your privacy online as your data goes through different nodes using cryptography and decoding one layer at a time at the different nodes. +The Bitcoin network is a peer-to-peer network that listen for transactions and propagates them using an IP public address. When you use default configuration you share your ip address that could expose to a third party your location, your uptime and others details that becomes a undesirable privacy practice. To protect you online you should use tools like Tor to hide your connection details. Tor allows improve your privacy online as your data goes through different nodes using cryptography and decoding one layer at a time at the different nodes. ### Weaknesses From ef87a3f0427457b524df90a90ddad6d425ff5ceb Mon Sep 17 00:00:00 2001 From: Javier Vargas Date: Mon, 6 Jul 2020 22:59:34 +0200 Subject: [PATCH 11/11] Update 12_0_Using_Tor.md --- 12_0_Using_Tor.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/12_0_Using_Tor.md b/12_0_Using_Tor.md index d9c00eb..d773faa 100644 --- a/12_0_Using_Tor.md +++ b/12_0_Using_Tor.md @@ -12,7 +12,7 @@ The Bitcoin network is a peer-to-peer network that listen for transactions and p ### Weaknesses -Tor isn't a perfect tool and given that at the exit nodes the information of the Tor network is decrypted and sent to its final destinations, theoretically if someone is monitoring this traffic, and the data is no longer encrypted or observer can collect sufficiently metadata the anonymity is compromised and could potentially identify users. +Tor isn't a perfect tool and given that at the exit nodes the information of the Tor network is decrypted and sent to its final destinations, theoretically if someone is monitoring this traffic, and the data is no longer encrypted an observer can collect sufficiently metadata compromising the anonymity and could potentially identify users. There are some studies about possible exploits on Bitcoin's anti-DoS protection that could allow an attacker to force other users which uses Tor to connect exclusively through his Tor Exit nodes or to his Bitcoin peers, isolating the client from the rest of the Bitcoin network. This could expose users to attacks in which the attacker controls which Bitcoin blocks and transactions receives and lost some level of anonymity.