Wikipedia:Reference desk/Archives/Computing/2016 June 1
| Computing desk | ||
|---|---|---|
| < May 31 | << May | June | Jul >> | June 2 > |
| Welcome to the Wikipedia Computing Reference Desk Archives |
|---|
| The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
June 1[edit]
logging in to regular google account in tor[edit]
I used the Tor Browser (Firefox bundled with tor) to post a reply to a comment on youtube (using my regular google account), because the video was made inaccessible where I live since I had made the initial comment to which the person was replying (surprisingly, it worked.) Then it occurred to me that this may have been a bad idea. I don't mind if I compromised my tor installation since I only ever use it for stuff like circumventing geo restrictions, and even that rarely. But could they try to tie me to the (presumably nasty) stuff that went through the same exit node while I was logged on? Am I in for some Kafkian stuff? Asmrulz (talk) 01:11, 1 June 2016 (UTC)
- That is very unlikely, because Tor isn't very anonymous (especially if you don't configure your computer optimally [1]). The NWO is a wrestling stable; they don't do electronic mass-surveillance. Any well-funded organisation can easily make the Tor network less anonymous, simply by setting up lots of exit nodes. Governments that are willing to spend loads of money can know what you do online, and using Tor isn't going to change that. Operating a Tor exit node that is used for bad stuff is far more likely to get you in trouble. [2][3] There are quite a few people who have set up a Tor exit node to spy on those who use it. [4] [5] [6] In Russia being guilty or innocent seems to be irrelevant. The Quixotic Potato (talk) 02:51, 1 June 2016 (UTC)
- I know that about Russia (not first-hand, Cthulhu be praised) - legal nihilism it's called, I think. But I've no illusions about the West either. Your own Austrian guy link is proof. It's roughly like Brezhnev's USSR, minus the economic growth. Asmrulz (talk) 19:49, 1 June 2016 (UTC)
- WP:WHAAOE: Legal nihilism. I live in Amsterdam, the Netherlands. Unfortunately there are people in this country who are locked up for stupid reasons. Luckily the country is so small that everything happens on a much smaller scale than in places like the USA or Russia. I remember being sad when I learned what happened to Дании́л Ива́нович Харм. It may be a good idea to get a cheap VPN to circumvent geo-restrictions; I have used a VPN to watch BBC iPlayer. The Quixotic Potato (talk) 21:32, 1 June 2016 (UTC)
- Long time later but remember that while VPNs are useful, the cost may not be worth it if you only want to view one or two Youtube videos. The relative cost also depends on your wages (or whatever), cost of living etc which may very well be different for someone living in Russia than it is for someone living in the Netherlands. Notably, and this gets to the heart of the issue, there's no reason to think you're more vunerable to malicious prosecution for using a VPN than for using Tor. As I said below, there's also the issue of why they would want to target you. If they just don't like you and they have enough resources, in a place like Russia it's unlikely what you do really matters, they'll find a way. If they are looking for a scape goat, well there is a very minor risk, but it's very, very, very, very, very minor. I mean seriously, there's probably a far, far, far, far, far greater risk that your Youtube comment will offend some uber rich and powerful person, or perhaps the child of a uber rich and powerful person and they'll get someone to make you pay for offending their poor son or daughter, perhaps with your life. And as we've well established, under the conditions outlined it's clear it won't be difficult for the Youtube identity to be tied to Asmrulz real life identity since all evidence suggests that's not something they're trying to hide. Actually that's part of why they're concerned. Nil Einne (talk) 07:03, 5 January 2018 (UTC)
- WP:WHAAOE: Legal nihilism. I live in Amsterdam, the Netherlands. Unfortunately there are people in this country who are locked up for stupid reasons. Luckily the country is so small that everything happens on a much smaller scale than in places like the USA or Russia. I remember being sad when I learned what happened to Дании́л Ива́нович Харм. It may be a good idea to get a cheap VPN to circumvent geo-restrictions; I have used a VPN to watch BBC iPlayer. The Quixotic Potato (talk) 21:32, 1 June 2016 (UTC)
- I know that about Russia (not first-hand, Cthulhu be praised) - legal nihilism it's called, I think. But I've no illusions about the West either. Your own Austrian guy link is proof. It's roughly like Brezhnev's USSR, minus the economic growth. Asmrulz (talk) 19:49, 1 June 2016 (UTC)
- Could they tie the exit node to your YouTube comment? It depends. If they have access to Google's internal logs, or if you connected over HTTP (not HTTPS), then yes. Otherwise they would have to analyze the timing of the network traffic to and from YouTube at the moment that that comment appeared. I'm pretty sure it would be impossible for a site with that much traffic, if you only comment (through Tor) once, and you'd probably have to be a person of interest before they'd even try it.
- If they do tie them together, will they link you to other people's traffic through that exit node because they're too stupid to understand how Tor works, leading to a Kafkaesque nightmare? I think that's out of the scope of the computing desk, though I'll point out that they would then also be confused by Internet cafes, houses inhabited by more than one person, dynamic IP addresses, etc. -- BenRG (talk) 23:54, 1 June 2016 (UTC)
- The claim "Otherwise they would have to analyze the timing of the network traffic to and from YouTube at the moment that that comment appeared." is not true. The Quixotic Potato (talk) 00:05, 2 June 2016 (UTC)
- If they don't have access to Google's internal logs and were unable to spy on the traffic because it was encrypted how would you propose? Or are you suggesting they have compromised Google's HTTPS but not their server logs? Nil Einne (talk) 00:17, 2 June 2016 (UTC)
- There are several ways to accomplish this goal without looking at Google's server logs, even if someone has been using HTTPS. You don't even have to analyze the timing of network traffic. For example, page 4 of this PDF describes how browser plugins can leak information. It is also possible to use NetFlow. For more information about attacking Tor you can read this. And remember, a well-funded organization can easily buy some zero-day exploits that we are unaware of. It is very unlikely that Asmrulz has spent a lot of time configuring his computer to ensure that it leaks as little information as possible. It is quite complicated, it requires technical skill and this kind of information is not easily accessible to the average computer user (and most of the information that is available is incomplete and/or outdated). Here is another interesting article. I am certain that some of the people who got hired by organizations that want to understand Tor are smarter and better informed on this subject than I am; nothing I say here is news to them, and they probably know many tricks that I am not aware of. I am just a n00bish potato; but I do know that the Tor Browser Bundle and Vidalia have been mocked and criticized by people who know what they are talking about. The Quixotic Potato (talk) 01:00, 2 June 2016 (UTC)
- Attacking Tor means tying client-side connections to server-side connections. Asmrulz indicated that he (guessing a pronoun) doesn't care much about that, since he usually doesn't use Tor and used it here only to circumvent a regional block. His worry is that They can link his account to the exit node but can't break Tor's anonymity, since that's the only situation in which they might tie other activity on that node (that isn't his) to him. In fact, they would only do that if they don't understand how Tor works at all. -- BenRG (talk) 01:50, 2 June 2016 (UTC)
- I can imagine several other reasons to tie activity on that node to someone who is not responsible for that activity. For example, read the articles scapegoat and ticket quota (arrest quota is a redirect to that article). Like I wrote before, "In Russia being guilty or innocent seems to be irrelevant.". While writing this comment I was listening to this song (NSFW, 18+). The Quixotic Potato (talk) 02:04, 2 June 2016 (UTC)
If guilt or innocence doesn't matter then there's no reason to think they'd care the people's traffic came from that particular exit node. Actually more to the point, "guilt or innocence doesn't matter" is a fairly unclear assertion. Do you mean it doesn't matter some times or it never matters? While I haven't read that much all I have read before including the article you linked to suggests to me you're mistaken if you think it never matters in Russia. Having lived in a country with a fairly flawed legal system (Malaysia) I can say it can matter there, it's just that sometimes it doesn't matter as much as it should and other things matter which shouldn't, like precisely who's being charged and their relationship with the political and business elite and who paid the right bribe, political or other pressure to get someone for the crime etc. Maybe Russia is really so bad that there's never any concern at all about guilty or innoncence but I find that unlikely.
Really it's far more likely Russia would come back to a scapegoating scenario. In the scapegoat scenario there is a slightly possibility it would happen, but there would still need to be a reason why they'd target you instead of the thousands of other people using the exit node, or the owner of the exit node or someone else they can scapegoat who never even used that exit node. (E.g. wrong country, unlucky.) Perhaps if your comment was something offensive like "frankly most police are criminal and shouldn't be trusted" but you'd still need to consider whether they're more likely to scapegoat you as opposed to the fellow who was talking about how he'd like to rape all the pig's daughters or whatever. The scapegoating would also need to be successful meaning you'd also need to be in a case where your courts do care to some extent about guilt or innocence (although as I've said I think that's most places), yet would have to be inept enough (or you'd need an inept enough defence) that you're unable to convince them the fact that you posted Youtube comment. Perhaps this is possible in Russia, but again would they target you or the person who talked about how Putin is destroying Russia or whatever?
Also I don't think there's much evidence that most scapegoats are just chosen because they're convient or the authorities don't care. From all that I've seen and read, both in countries with fairly flawed legal systems and countries with better ones, a lot of people who may be called "scapegoats" are actually more complicated. The authorities may genuinely believe they have the right person. They may also do many things wrong to try and prove it, including ignoring evidence etc which would make them realise they have the wrong person, which is bad and may add concern in a case like Tor, but does complicate any analysis of risks. Or maybe they're sure the person is guilty of some major crime (correctly or not) and so pursue them for a crime they know they're not guilty. There are cases when the authorities have actually no one and they just find a convient scapegoat due to pressure even if no one really believes it's true. And especially in countries like Russia or Malaysia, they may also find a convient scapegoat when there's that pressure and they know who it is but for some reason e.g. political connections they aren't able to go after the genuine perpetrator. But notably in both cases scapegoats tend to be not just people they can find some tenous like, but also people who have difficulty countering them. For example, poor migrants etc. In fact this will often be more important than a tenous connection. While I don't know much about Asmrulz personal situation, what they've said before doesn't give a reason to think they'll make a great scapegoat. And as said, I don't think there's any reason to think these make a majority of cases which may be called "scapegoats" compared to as I said the more likely case where they genuinely think the scapegoat is guilty (at least of something).
Note that ticket quota also implies scapegoating since the scenario outlined suggests that the comment wasn't actually of legal concern. In the classic case of a ticket quota, the people have actually broken the law, but it's felt they're only being punished due to some quota. So we get to an even more extreme situation where they'd not only need to be scapegoating, but they'd need to be scapegoating someone who didn't do anything illegal when they surely have many many people who did do something illegal who they could go after instead (since it's unlikely we're just talking about that single exit node instead).
And the reason why these factors matter is as BenRG has already mentioned. The relative risk is important here. Sure maybe it's possible the authorities in some country will somehow tie Asmrulz Youtube activity to the exit node and then for whatever reason also tie him to illicit activity from that exit node. OTOH, they could also for whatever reason somehow tie their Youtube activity to something somewhere without using Tor. Or for that matter their wikipedia activity. Or they could go after them for using Tor point blank. Or for circumventing geo-restrictions. Or so many other things. There is a weak possibility for all these things, perhaps the possibility of Tor-Youtube-exitnode issue is more likely than any one of them but even if it is (and that's a big if IMO), there's no reason to think it's more significant than all the other possibilities. And there's a fair chance it's more likely Asmrulz will die in a traffic accident in the next year or two.
- I can imagine several other reasons to tie activity on that node to someone who is not responsible for that activity. For example, read the articles scapegoat and ticket quota (arrest quota is a redirect to that article). Like I wrote before, "In Russia being guilty or innocent seems to be irrelevant.". While writing this comment I was listening to this song (NSFW, 18+). The Quixotic Potato (talk) 02:04, 2 June 2016 (UTC)
But you seem to be conflating different things. There may very well be problems trusting Tor too much in certain circumstances, but that's different from what's possible and likely in a certain scenario.
Firstly, the browser plugins would need to be either not using HTTPS or accessing servers who's logs they do have access to so at most where'd need a minor clarification. You'd also need a way to link the browser plugin activity to the specific comments in question at around the time of posting. It may be true that most people don't appreciate the risk of browser plugins (although the Tor browser does go to some lengths to warn about the risk of browser plugins) but that's besides the point of the scenario.
Similarly the point about Netflow seems to related to tying a user of Tor to someone accessing a server controlled by the adversary. So this is completely unrelated to the point of discussion, since by definition if you adversary is Google then they have access to their own server logs. If you later access these servers, it's still not going to help them figure out you were the one who posted on Google earlier in the day unless something you did on the server tells thems so. But even in that case, what you're saying doesn't make much sense. If you were using the same exit node, then there's zero reason for them to go to these lengths since the whole point of the scenario was whether they'd be able to tie your Youtube comments to a certain exit node. They aren't even specifically tying those Youtube comments to that exit node, but rather they're tying your later activity to whatever exit node you're using at this later time, they still have great difficulty proving what exit node you actually used for the Youtube comments (without access to Google's server logs) even though it doesn't actually matter to them.
Likewise zero day flaws aren't magic. You still need to find a way to use them. If you don't have access to Google's server logs then it's extremely unlikely you can put this exploit on Google's servers. You could put it on a different server which the user happens to visit. Or on a middle or exit node but you'd need an exploit which is able to work this way probably attacking the Tor proxy. But in either case you'd still need to either somehow magically do it the time of the attack or the computer would have be compromised beforehand. And targetting this attack is difficult. Remember the whole point was without access to Google's server logs you don't know which exit nodes let alone middles nodes were actually used for the comment nor is it likely you can guess what servers they're going to visit beforehand so it would need to be incredibly broadbrushed. And if they were in sufficient control over this exit node, this implies they probably compromised a whole lot of people so getting to my point in the other comment they'd need to decide to target you for your Youtube comments instead of everyone else they compromised using this exit node for the illicit activity coming from that exit node. And also, they'd be able to do the timing attacks anyway even if it wasn't really needed.
More to the point, since this is a discussion about security scenarios, it should go without saying if the computer is compromised then yes anything it does in the future can be uncovered. So the precise scenario only needs a few minor clarifications. "Without access to your computer and without access to Google or anyone else's server logs which tie the comment to you, and where all traffic between your computer and these servers was encrypted."
In addition as BenRG has already said, in many case of what you're suggesting they'd be aware that you weren't the originator of the traffic that actually concerned them. The whole thing is really weird since mostly you're coming up with a lot of extreme scenarios when in reality it's much more likely that they'll have or obtain access to Google server logs. Particularly since in the scenario outlined, it sounded like the OP recognised that there was a risk their Youtube username could be tied back to them personally. This may be because it's their real name or a username easily tied to their real name, but even in such a case, it's fairly likely they'd want to confirm this by getting Google's records. To be fair, this may only happen after they tied the OP's Youtube activity to the exit node of concern but still imagining a adversary of this sort isn't going to go the simpler route of somehow obtainhing access to Google's logs doesn't IMO make much sense. It reminds me of that famous beat him with wrench comic [7]. As I said at the beginning, it seems to me the root of the problem is that you've read about problems with Tor in general and then trying to apply them to a specific scenario where these are actually of little relevance.
Don't get me wrong, I understand how easy it can be to confuse yourself. For example I initially said if they compromise your computer later this would be a concern too. But actually there's a good chance it wouldn't be. Sure they'd be able to figure out you're user X on Youtube but as I later remembered this wasn't what we're concerned about here, in fact it was implied this would be no problem. The question was whether they could tie your Youtube comments to the exit node they came from and then go after you for other illicit activity on the exit node which didn't come from you. After you've left the comments this could easily be difficult. Okay you will probably be using the exit node for a while longer and I think they can probably figure out if it's likely you're still using the same exit node but this is a very short window. After that, even if they compromise your computer I'm not certain it would be easy for them to figure out which exit node you used to post those Youtube comments from any records lingering. Google by default those inform you if you sign in from a new IP, so if you have that they could use it to figure out. But thein again what's happening there is they're obtaining one of Google's server logs through you .... But ultimately it's important to consider what actually applies to the specific scenario. If you want to to raise other concerns, sure, but be careful to think whether they apply to the specific scenario and if they don't then don't make it sound like they do.
Nil Einne (talk) 03:43, 3 June 2016 (UTC)
- I am a bit too lazy to deal with this wall of text line by line. Please carefully re-read what I wrote, you misinterpret it. The Quixotic Potato (talk) 01:07, 7 June 2016 (UTC)
- Yes this is an old post, but I found it when searching for something. And I have now I reread it, and no I don't think I did. The trouble is you were conflating different things. No one ever suggested that Tor is a perfect defence against a very well funded adversary. And plenty of people misuse Tor or misunderstand the protection Tor provides. And many smart people have criticised some aspects of Tor and some uses of Tor. But many smart people have also said, Tor does have its uses and they do use it. In fact, if you read between the lines of some of the leaked NSA etc stuff, it does seem even they are aware that Tor is a major annoyance, not because they can never break it but because it makes the sort of routine surveillance of all traffic all the time that they like to do basically impossible. (It's impossible to prove these comments aren't disinformation, but most evidence suggests the leaks are well internal documents that the NSA etc weren't happy about being leaked and there's little reason to think this isn't just the real world view of some of the people involved.) Your posts made none of this clear, and brought up a bunch of not particularly relevant stuff ignoring more important things, as me and others explained. Nil Einne (talk) 07:28, 5 January 2018 (UTC)
- I am a bit too lazy to deal with this wall of text line by line. Please carefully re-read what I wrote, you misinterpret it. The Quixotic Potato (talk) 01:07, 7 June 2016 (UTC)
- Attacking Tor means tying client-side connections to server-side connections. Asmrulz indicated that he (guessing a pronoun) doesn't care much about that, since he usually doesn't use Tor and used it here only to circumvent a regional block. His worry is that They can link his account to the exit node but can't break Tor's anonymity, since that's the only situation in which they might tie other activity on that node (that isn't his) to him. In fact, they would only do that if they don't understand how Tor works at all. -- BenRG (talk) 01:50, 2 June 2016 (UTC)
- There are several ways to accomplish this goal without looking at Google's server logs, even if someone has been using HTTPS. You don't even have to analyze the timing of network traffic. For example, page 4 of this PDF describes how browser plugins can leak information. It is also possible to use NetFlow. For more information about attacking Tor you can read this. And remember, a well-funded organization can easily buy some zero-day exploits that we are unaware of. It is very unlikely that Asmrulz has spent a lot of time configuring his computer to ensure that it leaks as little information as possible. It is quite complicated, it requires technical skill and this kind of information is not easily accessible to the average computer user (and most of the information that is available is incomplete and/or outdated). Here is another interesting article. I am certain that some of the people who got hired by organizations that want to understand Tor are smarter and better informed on this subject than I am; nothing I say here is news to them, and they probably know many tricks that I am not aware of. I am just a n00bish potato; but I do know that the Tor Browser Bundle and Vidalia have been mocked and criticized by people who know what they are talking about. The Quixotic Potato (talk) 01:00, 2 June 2016 (UTC)
- If they don't have access to Google's internal logs and were unable to spy on the traffic because it was encrypted how would you propose? Or are you suggesting they have compromised Google's HTTPS but not their server logs? Nil Einne (talk) 00:17, 2 June 2016 (UTC)
- The claim "Otherwise they would have to analyze the timing of the network traffic to and from YouTube at the moment that that comment appeared." is not true. The Quixotic Potato (talk) 00:05, 2 June 2016 (UTC)
Apple Project[edit]
I want to know how to make a DVD of a new slideshow (which Apple call Projects for some odd reason). How do I do it please?92.26.100.153 (talk) 16:52, 1 June 2016 (UTC)