Connect through own TOR relay, make edge node traffic unreadable

encryption tor nodes relay

Solution 1:

Tor uses multi-layer encryption that addresses this very problem.

From the Tor Project FAQ :

Tor passes your traffic through at least 3 different servers before sending it on to the destination. Because there's a separate layer of encryption for each of the three relays, Tor does not modify, or even know, what you are sending into it. It merely relays your traffic, completely encrypted through the Tor network and has it pop out somewhere else in the world, completely intact.

A bad first of three servers can see encrypted Tor traffic coming from your computer. It still doesn't know who you are and what you are doing over Tor. It merely sees "This IP address is using Tor".

A bad third of three servers can see the traffic you sent into Tor. It won't know who sent this traffic. If you're using encryption, such as visiting a bank or e-commerce website, or encrypted mail connections, etc, it will only know the destination. It won't be able to see the data inside the traffic stream. You are still protected from this node figuring out who you are and if using encryption, what data you're sending to the destination.

To summarize : The first relay sees your IP but not your message, while the third relay sees your message but not your IP (and this also only if the message is not encrypted via https). So, unless the authority manages to get its bogus relays used as both first and third relays, it cannot fully trace your activities. And given the enormous number of Tor relays in the world, the authority will need to set up an enormous number of relays to have a good statistical chance of having its relays randomly selected as both first and third in the Tor chain.

Tor even has a protection against this scenario as well : You can I control which nodes (or country) are used for entry/exit. Tor also uses "entry guards" : each Tor client selects a few relays at random to use as entry points, and uses only those relays as first hop.

Conclusion : Tor is quite well protected, and one can further calibrate it to make it very safe from any one particular national agency. Using https (when possible) ensures even better protection.

Solution 2:

No. The limitation is mitigated by using an encrypted protocol over Tor such as HTTPS and making sure the certificate of the system you are connecting to is legitimate.

Other things you can do include:

  • making sure your transmissions don't leak information if you choose to leave them unencrypted. For a web browser/HTTP traffic this means: no Javascript (or selectively enable it with an add on such as No-Script), no cookies, and no plugins.

  • making sure your DNS lookups are over Tor as well as the protocols dependent on DNS. For a web browser/HTTP traffic, make sure the browser can SOCKS5 proxy DNS to Tor. Firefox+FoxyProxy can do this.

  • introducing random periods of time where you are not using Tor if you use Tor on a continuous long term basis

  • randomizing times that resources are accessed if you access resources over Tor on a periodic basis. For example, if you use Tor to check a website on a daily basis, don't check it at the same time every day.

Related

How did UNIX multitasking work without virtual memory? [closed]
How can I apply environment variables without reboot?
Is it possible to use one large SSD as both system disk and Intel Smart Response caching
How do I apply a patch to my Linux kernel?
Abort drag-and-drop from a busy program
Is there a way to recover bookmarks after Chrome Sync deletes them?
Export list of mails in Thunderbird
How much power does a Western Digital Passport Essential SE require?
Dotty shows all labels as dots (period) instead of text
Extract a sub djvu file of multiple pages
Why is my swap used even if my physical RAM isn't full?
How do you Open a "Task Manager" (as in Chrome) in Safari?