having a PhD in Computer Scince, aren't you required to know pretty much everything and keep yourself updated on the new theories and papers since he is doing research, or am I mistaken
Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.
You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.
Nautilus1972 Using VPN with tor actually decreases anonymity. Tor project doesn’t recommend it. VPN server IP addresses are known, so you have a known exit point when using them.
Since I downloaded Tor the browser has links saying that people should stop using Facebook and other similar apps. Again that came from a few places on Tor.
@@jessicablack5306 well yeah everyone should be saying that, Facebook is horrible with how invasive they are, in Australia there's already videos up of police with papers in their hands and those pages have the persons Facebook information they're using it to justify arrests now. Also if you use any Amazon products like Alexa, hook up your Alexa to your computer and browse the files, you might not know it but there's numerous files being made of recordings of you, even when it's off.
What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]
the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.
I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services? The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.
It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.
Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.
"is TOR worth the criminality that is on there and so on" is the same argument governments make eroding fundamental rights in the name of terrorism. If your moral compass is based on legalities I'd suggest you have chosen a poor foundation. Let me re-frame your statement: is it worth letting the law diminish your fundamental right to choose how to live your life (non aggression principle withstanding)?
@@MintyLime703 not sure your counterpoint makes sense. because a government agency developed the first onion routing protocol references, government should not be questioned? I was also referencing the tone and questions raised in the video.
@@ChunkyWaterisReal because you have some activities you do there, or clients you do for. It's a big network and you don't necessarily have to use your real personal information to use their services.
I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.
Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?
Martin Pisz it's to do with mouselogging. Basic keyloggers will take mouse location and click points. People who log into Bank Account using on-screen keyboards may be keylogged via positions. Obviously the are other ways to mouselog but basic ones dont bother
Sites (or anybody sniffing around hard enough) can see your browsers dimensions (in full-screen your screen dimensions) and it might prove useful in finding you. There might be other reasons but this what I know of. If anybody has more info, your contribution would be appreciated.
Just disable JavaScript inside the TOR Browser, then it doesn't matter. No hidden service worth anything actually requires JavaScript to work, some even explicitly tell you to turn it off.
IF(!) you have JavaScript enabled (which is a very very very very bad idea when you want anonymity), a script can detect your resolution/browser size. This does not mean that thousands of others might have the same one, but it's one puzzle piece for identifying someone. You should google panopticlick and/or browserleaks.TorBrowser is a hardened Firefox, with lots of stuff disabled or tweaked to make identifying someone harder. But the biggest problem is JavaScript - as proven by some FBI hack some years ago.
As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.
They can't prove that with certainty, but they can with some degree of confidence. If A puts in a packet, then after a semi-constant delay it comes out on the other side, and it's happened a lot of times in sequence already, then it's probable that B is relaying A's traffic.
It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...
Please make a video about h265 and h264. I understand that h265 is more efficient? and should give a better quality at the same bitrate.. but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?
All of that is a debate based on nonsensical assumptions. "Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.
You can't get rid of it (well..), but that's no reason to make it easy. Every system can be changed to make surveillance possible. If half of the population works for the police, it is possible to eliminate 'normal' criminality. It is just that everybody outside of North Korea agrees that it is not worth it. You can allow or remove anonymity, which will have an effect on how difficult crime becomes. (to be clear: I'm for TOR staying legal)
Followed by a shitty analogy I guess. If I take away your guns you're going to stab someone with a knife. If I take your knives you'll club someone to death with a stick. Making tor illegal will just spurt out other services that do the same thing. Take away my tool to achieve anonymity, i'll look for something else.
"You cannot save a single live, so you better not use that as an argument to also beat every second persons face in." Would be more aedequate a phrasing. I am not saying "you cannot get rid of it completely", i am saying "it would not make a cents worth of difference, hence its not an argument."
An easier way to break down what this guy is saying. A client(the user on a computer) makes a request to send packets to a server over the internet. Lets say there is three routers(A,B,C) that the packets have to go thru in order to get to the service. Client -> Router A(Router A knows the packets came from the client. Now Router A will "peel back the information that the packets came from the client"). Now the packets are at Router B(Now Router B will "peel back the information that the packets came from A"). Then router C does the next thing. These routers are picked completely at random in the Tor network. The whole time that the packets are traveling to the service, none of the routers have the ip address destination of the service. In addition, the nodes(aka the routers) do not record the path that the packets traveled in , adding to its anonymity. An Onion address is how the packet gets there.
With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?
Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?
pepeledog Yes, they can, and yes, they've done this. It kinda like the 50% attack on Bitcoin, eg. if you own a sufficient fraction of the network you control it's destiny
I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.
Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to? And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?
I'm not 100% sure so take this with a grain of salt, but when you create an onion service, the only thing you store locally is the public and private key and the hostname (the .onion address itself). There's no information stored locally about the descriptor or introduction points, so I assume they're determined every time tor is restarted
Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?
Tiesproductions yes this is an issue with tor in general - a sufficiently powerful adversary with global knowledge of the network could (theoretically) correlate all the network's input and output messages to identify the users and their destinations. however this is already the situation of the internet without tor, so by using tor you are increasing an adversary's effort by a significant margin.
I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.
The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.
You made a small mistake ._. The RP doesn't connect to one of the introduction points, it only receivces the one time secret at the beginning. Afterwards the client sends the one time secret and the address of the RP to an introduction point, encrypted with the public key of the server, through a tor circuit. The introduction point sends the package to the server, which connects through a new circuit, but with the same Guardian Node to the RP and tells it the secret. The rest of the video should be correct. (check the torproject docs, if you don't believe me)
I know next to nothing going into this, so forgive my ignorance with this question. You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?). Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation. What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point. Again, forgive me if I've completely misunderstood something (or several things).
i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?
Another missleading video where they say correlation attacks cant be done might wanna use google once in a while because that should be common knowledge for anyone using tor that correlation attacks can work and have done so in the past. (Atleast he pointed out that tor is mostly used for good not bad thats a start)
Unrelated, but I think it's very interesting that he writes left-handed, but uses a mouse in the right hand. Most likely this isn't his desk or office, but if any lefties out there have any insight or reasoning to this, reply! I'm curious. (also note the amount of fingerprints on the right side of the monitor, egregious as touching a screen may be)
Ted Chirvasiu there are lists of them that you can find on the regular internet, but if somebody wants to keep their service hidden (and just give it out to select few people) then they can keep it that way
Does Tor have one Master server that handles assigning the circuits of clients on initial setup or is that all done automatically? Like how does it know that this server is a circuit? Does the first circuit you connect to know your IP?
If you set up two onion routers yourself, isn't there a teeny tiny chance that there could be an encrypted message sent between them, and therefore they possess the encryption key to decrypt that message? Or if you had 6 of them, an even teenier tinier chance that you'd possess all 6 to decrypt them. Not a computer scientist or anything, but with more thought: if you had a huge bank of routers - like say, you were the NSA developing the onion router network - that were able to communicate both as routers and to observe the traffic in and out of each individual router (without compromising it), could you set up something to observe the huge network and matching keys sent with keys received between units (no decryption necessary, just matching), occasionally possessing all 6 communicating nodes of traffic for a connection and therefore being able to track both the server and user side from the first and last node?
5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services
thanks. exited with the content of your channel , am a big fan. ....please i wish to ask ,are websites on the dark web coded with normal web languages???.
So did anyone consider what *Facebook having one foot in the cloud* actually means? They have the resources and financial backing to sort thru all of the "encrypted stuff." Major sideeye 😒
I use hidden services to host my iKVMs on the public internet. Nobody else needs access to that, and there's nothing illegal about it... But not making it any easier for someone to pry into that network session and PWN my boxes for their use is very important!!!!
So hidden sites have their ip addresses hidden but you can still use a common address to connect to the site using TOR. If I had the hidden sites direct IP address, could I theoretically just connect directly through something like google? If not I guess I just don't understand.
Tor's hidden services are alright, but how about a video or two about I2P which is designed for "hidden services" instead of browsing the clearnet anonymously like Tor was designed for?
If the routers are publicly listed can someone actually go to the introduction router and demand that they give them the address they forward the messages to and keep doing that along the 3 nodes until the reach the server? Also is a vpn just a 1 router onion router?
The thing I like about this guy is that I get it, and it all makes sense in one pass. He's got a gift.
It's because he's English hehe
@@minimoto2883 ห
หนังเรื่องใหม่
@@minimoto2883โอเวอร์
@@minimoto2883 เส้นเลือดข
Can this guy just take over the channel, I think its about time...
agreed xd
still does't mean he can't take over the channel lol
++
He can't. He has knowledge for some things, but not all.
having a PhD in Computer Scince, aren't you required to know pretty much everything and keep yourself updated on the new theories and papers since he is doing research, or am I mistaken
These professors on Computerphile are just amazing. I wish I would have had the oportunity to learn from people like these when I was in uni.
Every time I see Dr Mike Pound in my subscription feed, I have watch the video
Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.
"Facebook is trying to protect their customer" - *laughs in 2018*
But isn't Goldman Sachs their main customer?
Liberals will get angry
Facebook is trying to protect their data, from other data horders
Facebook: We care about you, your data 2020
Just wait til 2020 😂
This dude is my favourite on Computerphile. He's one step away from being a criminal mastermind
_uses two colors_
well im out of colors, so im going to use a third color, orange.
oh, ok
That orange was a highlighter. The others were markers.
*colour
Carrotman no. im canadian and its or for me. has saved and will continue to save countless seconds
Doctor Robotnik, I like your use of countless :)
You're quoting an English man.
So would it count as a translation?
You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.
Marcos Vinícius Petri and third party scripts
You must protect your entry into the TOR network and your exit from it - you are vulnerable at both points e.g. with a VPN as another layer.
Nautilus1972 Using VPN with tor actually decreases anonymity. Tor project doesn’t recommend it. VPN server IP addresses are known, so you have a known exit point when using them.
Meta data. contact lists. You are identified by your associations you make through most app/servers
Watch the hated one. He makes vids about that
"Stuff happens here, encrypted stuff..."
I don't even use TOR, but damn, it's design is clever and interesting. Good job on the videos!
@@MattInIllinois many people don't mind that, or even like that
@@MattInIllinois so just dont use google, you dont need tor.
What do you use instead of tor ?
"It's Facebook, we know where their server is. Their business is protecting their customers."
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
"wait you are serious?" *bender laughs even harder*
I am the product😑
Since I downloaded Tor the browser has links saying that people should stop using Facebook and other similar apps. Again that came from a few places on Tor.
@@jessicablack5306 well yeah everyone should be saying that, Facebook is horrible with how invasive they are, in Australia there's already videos up of police with papers in their hands and those pages have the persons Facebook information they're using it to justify arrests now. Also if you use any Amazon products like Alexa, hook up your Alexa to your computer and browse the files, you might not know it but there's numerous files being made of recordings of you, even when it's off.
I’m so sick of Facebook and that’s why I deleted my account. I couldn’t be happier and should’ve done it years ago.
Seven words:
Professor Brailsford, Tom Scott and Mike Pound
Like if you agree!
Who are them?
That’s eleven words.
Tom Scott! My teacher
@YASH TRIVEDI He has his own channel, just put Tom Scott into youtube
What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]
from the storage room in this university I'd imagine.
the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.
All these onions are making me cry
He is right; i found Onion cookies recipe in the deep&dark web. Excellent video, thank you
An episode about firewalls would be awesome.
Or your could read about them and get far more detail.
Bakipll you mean virtual broken condom.
@@obfuscated3090 Booo...
I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services?
The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.
It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.
That is why Tor is better with more legit nodes, they make Tor more resilient
You guys should do a video on some of the weakness of TOR that have come out in the past year!
Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.
press C
"is TOR worth the criminality that is on there and so on" is the same argument governments make eroding fundamental rights in the name of terrorism. If your moral compass is based on legalities I'd suggest you have chosen a poor foundation. Let me re-frame your statement: is it worth letting the law diminish your fundamental right to choose how to live your life (non aggression principle withstanding)?
@@MintyLime703 not sure your counterpoint makes sense. because a government agency developed the first onion routing protocol references, government should not be questioned? I was also referencing the tone and questions raised in the video.
I think it's interesting how Facebook is embracing Tor users while other sites deny service to them altogether.
ElagabalusRex yes we are lucky Alec Muffett is in the organization.
Why the would you use Facebook on tor anyways? I mean...seems counterintuitive, cause anonymity.
Oh wait.. firewalls and such I
Imagine.
@@ChunkyWaterisReal because you have some activities you do there, or clients you do for. It's a big network and you don't necessarily have to use your real personal information to use their services.
I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.
Does this guy have his own channel?
yes but he has no vids on it
This is his channel now
Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?
Martin Pisz it's to do with mouselogging. Basic keyloggers will take mouse location and click points. People who log into Bank Account using on-screen keyboards may be keylogged via positions. Obviously the are other ways to mouselog but basic ones dont bother
Martin Pisz In addition, browser window resolution is information used in producing a browser fingerprint for the purpose of identifying a user.
Sites (or anybody sniffing around hard enough) can see your browsers dimensions (in full-screen your screen dimensions) and it might prove useful in finding you. There might be other reasons but this what I know of. If anybody has more info, your contribution would be appreciated.
Just disable JavaScript inside the TOR Browser, then it doesn't matter. No hidden service worth anything actually requires JavaScript to work, some even explicitly tell you to turn it off.
IF(!) you have JavaScript enabled (which is a very very very very bad idea when you want anonymity), a script can detect your resolution/browser size. This does not mean that thousands of others might have the same one, but it's one puzzle piece for identifying someone. You should google panopticlick and/or browserleaks.TorBrowser is a hardened Firefox, with lots of stuff disabled or tweaked to make identifying someone harder. But the biggest problem is JavaScript - as proven by some FBI hack some years ago.
As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.
They can't prove that with certainty, but they can with some degree of confidence. If A puts in a packet, then after a semi-constant delay it comes out on the other side, and it's happened a lot of times in sequence already, then it's probable that B is relaying A's traffic.
It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...
I'd love a video on the fall of silk road and transaction malleability. Keep up the great videos!
Please make a video about h265 and h264.
I understand that h265 is more efficient? and should give a better quality at the same bitrate..
but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?
Been wondering how it worked for some time now and was too lazy to search. This video is gold
All of that is a debate based on nonsensical assumptions.
"Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.
You can't get rid of it (well..), but that's no reason to make it easy.
Every system can be changed to make surveillance possible. If half of the population works for the police, it is possible to eliminate 'normal' criminality. It is just that everybody outside of North Korea agrees that it is not worth it. You can allow or remove anonymity, which will have an effect on how difficult crime becomes.
(to be clear: I'm for TOR staying legal)
"You can not save all lives, so it is noth worth it to save any lives."
Shitty argument.
Rik Wisselink Basically, any surveillance just moves the problem up. What prevents criminals from abusing it? I mean, any system can be broken into.
Followed by a shitty analogy I guess.
If I take away your guns you're going to stab someone with a knife. If I take your knives you'll club someone to death with a stick. Making tor illegal will just spurt out other services that do the same thing. Take away my tool to achieve anonymity, i'll look for something else.
"You cannot save a single live, so you better not use that as an argument to also beat every second persons face in."
Would be more aedequate a phrasing.
I am not saying "you cannot get rid of it completely", i am saying "it would not make a cents worth of difference, hence its not an argument."
An easier way to break down what this guy is saying. A client(the user on a computer) makes a request to send packets to a server over the internet. Lets say there is three routers(A,B,C) that the packets have to go thru in order to get to the service. Client -> Router A(Router A knows the packets came from the client. Now Router A will "peel back the information that the packets came from the client"). Now the packets are at Router B(Now Router B will "peel back the information that the packets came from A"). Then router C does the next thing. These routers are picked completely at random in the Tor network. The whole time that the packets are traveling to the service, none of the routers have the ip address destination of the service. In addition, the nodes(aka the routers) do not record the path that the packets traveled in , adding to its anonymity. An Onion address is how the packet gets there.
1:08
Sniffing
1:28
Hidden Service
3:33
Onion routers
4:03
Connections
5:57
Request.
7:08
Connection.
7:51
Final circuit.
Is there something in place that prevents the IP and the RP from being the same router?
Onionymous services
Another amazing video. Do you know the details about how Silk Road was taken down?
Worse, he was using that account to advertise the site. Also he used the same username on several such accounts.
Could you randomly divide the traffic (every 8,16 or 24 bits) between 3 different, unconnected circuits?
With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?
I see you found something to do with those reams of dotmatrix paper... :)
I think I still have a case of that stuff somewhere in my office
Send me those boxes! This is extremely cool, I was wondering what was that paper
This channel provides a better education than my computer science degree smh
Shout-out to Ross Ulbricht
Shout out? Just email him...he likes to post his email apparently...and takes terrible photos. Unless he was practicing for prison..then yea ok
00:17
"A lot of what happens... is illegal"
Yeah, like entrapment❗
Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?
pepeledog Yes, they can, and yes, they've done this. It kinda like the 50% attack on Bitcoin, eg. if you own a sufficient fraction of the network you control it's destiny
@@mduckernz
And what if intelligence agencies actually helped start projects like Bitcoin and Tor?!
this guy has the most soothing voice
Who captioned this? 10:18 is complete garbage.
best books for networking and cloud computing ?
phoenix go to hidden wiki and search for library links
I literally fell asleep to this. not in a bad way at all. it calms me
I just installed Tor on my phone and now getting this video recommendation.
So when do we get an I2P video?
Where can I read more about Facebook's integration?
Is this just something an `.onion` service can choose to do - connect directly to rendezvous node?
I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.
Yet another great overview!
Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to?
And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?
I'm not 100% sure so take this with a grain of salt, but when you create an onion service, the only thing you store locally is the public and private key and the hostname (the .onion address itself). There's no information stored locally about the descriptor or introduction points, so I assume they're determined every time tor is restarted
Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?
Tiesproductions yes this is an issue with tor in general - a sufficiently powerful adversary with global knowledge of the network could (theoretically) correlate all the network's input and output messages to identify the users and their destinations. however this is already the situation of the internet without tor, so by using tor you are increasing an adversary's effort by a significant margin.
0:53 I haven't seen that paper in a long time. Great explanation. Thanks,
I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.
The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.
Yes , the dealer is trying to stop you seeing the supplier.
@@boboften9952 ææp 8 8kg lo
You made a small mistake ._.
The RP doesn't connect to one of the introduction points, it only
receivces the one time secret at the beginning. Afterwards the client
sends the one time secret and the address of the RP to an introduction
point, encrypted with the public key of the server, through a tor
circuit. The introduction point sends the package to the server, which
connects through a new circuit, but with the same Guardian Node to the
RP and tells it the secret.
The rest of the video should be correct.
(check the torproject docs, if you don't believe me)
I know next to nothing going into this, so forgive my ignorance with this question.
You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?).
Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation.
What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point.
Again, forgive me if I've completely misunderstood something (or several things).
Jacob Harrison yes this is a worrisome future, in fact the FBI employed such a measure in attempt to track activity of tor users.
This video when over my head.
I would be appreciate if you made a video about I2P and Freenet too.
Thank you for all the services you provide free of cost and it is not even hidden :P
Can you make a video explaining the math behind onion routing?
i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?
heyandy x ah ok then. so those other protocols you mentioned, are they used by other dark web browsers then?
Would that slow traffic down to a slower crawl? Don't know just asking
Another missleading video where they say correlation attacks cant be done might wanna use google once in a while because that should be common knowledge for anyone using tor that correlation attacks can work and have done so in the past. (Atleast he pointed out that tor is mostly used for good not bad thats a start)
Unrelated, but I think it's very interesting that he writes left-handed, but uses a mouse in the right hand. Most likely this isn't his desk or office, but if any lefties out there have any insight or reasoning to this, reply! I'm curious. (also note the amount of fingerprints on the right side of the monitor, egregious as touching a screen may be)
Computerphile can you please add subtitles? English is not my first language and I find some of your videos tough to comprehend.
well, it's gonna take a while. the viewers are the people who end up creating the subtitles
"It's Facebook, we know where the servers are" that did not age well (4th of october, 2021)
i love this channel.
Was Facebook's Involvement with TOR a cause of the sort of recent lawsuit?
5:30 - Until recently? So it means now there's an easy way of finding secret services?
Ted Chirvasiu there are lists of them that you can find on the regular internet, but if somebody wants to keep their service hidden (and just give it out to select few people) then they can keep it that way
Does Tor have one Master server that handles assigning the circuits of clients on initial setup or is that all done automatically? Like how does it know that this server is a circuit?
Does the first circuit you connect to know your IP?
This was really well articulated thank you
W00t thanks for this follow-up as we requested!!!
Had no clue this much was going on with Tor. Didn’t really know what was going on at all before this.
create your own channel Dr Pound!
If you set up two onion routers yourself, isn't there a teeny tiny chance that there could be an encrypted message sent between them, and therefore they possess the encryption key to decrypt that message? Or if you had 6 of them, an even teenier tinier chance that you'd possess all 6 to decrypt them.
Not a computer scientist or anything, but with more thought: if you had a huge bank of routers - like say, you were the NSA developing the onion router network - that were able to communicate both as routers and to observe the traffic in and out of each individual router (without compromising it), could you set up something to observe the huge network and matching keys sent with keys received between units (no decryption necessary, just matching), occasionally possessing all 6 communicating nodes of traffic for a connection and therefore being able to track both the server and user side from the first and last node?
clear video👌
5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services
thanks. exited with the content of your channel , am a big fan.
....please i wish to ask ,are websites on the dark web coded with normal web languages???.
Yes. they use the same web languages.
How can the dark web be so bad if people are just sharing "cookies"?
Cookies are dangerous!!!
What if the introduction point is compromised?
it won't matter because the communication is encrypted with public encryption, think of it like TLS.
Somewhere out there someone is having a fit because the title says TOR instead of Tor.
So did anyone consider what *Facebook having one foot in the cloud* actually means? They have the resources and financial backing to sort thru all of the "encrypted stuff." Major sideeye 😒
What I study in college: 00:01 - 09:24 .
My answer in exams: 09:25 !
Does anyone know the name of orrecognize that C++ book on the bookshelf in the background?
Why you need 3 nodes between RP and S? 2 nodes would work as well, didnt it?
Less chance that the Chinese government could own all of the nodes involved, as one example.
I use hidden services to host my iKVMs on the public internet. Nobody else needs access to that, and there's nothing illegal about it... But not making it any easier for someone to pry into that network session and PWN my boxes for their use is very important!!!!
Is a Rendezvous point kind of like a VPN or is it different
So hidden sites have their ip addresses hidden but you can still use a common address to connect to the site using TOR. If I had the hidden sites direct IP address, could I theoretically just connect directly through something like google? If not I guess I just don't understand.
If I controlled the entrypoint of the client, and the entrypoint of the server then I should be able to perform a heuristic analysis or not ?
neumde neuer yes tor is vulnerable to a sufficiently powerful adversary with global knowledge of the network
Tor's hidden services are alright, but how about a video or two about I2P which is designed for "hidden services" instead of browsing the clearnet anonymously like Tor was designed for?
The use of I2P isn't safe in some countries. You could held responsible for encrypted traffic of others containing illegal data..
If the routers are publicly listed can someone actually go to the introduction router and demand that they give them the address they forward the messages to and keep doing that along the 3 nodes until the reach the server? Also is a vpn just a 1 router onion router?
theres thousends of connections and are random, this is only works with clear net, traffic corelation only works in the clearnet, when using tor.
I would like to see a video about pluggable transports and how they work
I would love to watch this guy have a conversation about TOR with Eli the computer guy. That would be interesting :)
Have you got the link to the dark web video?
Awesome channel, especially this guy do explanation so easy.