More than 3 tor nodes is NOT bad, but a good thing

[EECL]

This was argued in the past and some tor experts agreed. It makes common sense also. The more nodes, the more breaks in the trail.

[Grant Taylor]

On 5/10/22 5:30 AM, EECL wrote:
> This was argued in the past and some tor experts agreed. It makes
> common sense also. The more nodes, the more breaks in the trail.

Is there anyone that actually argues that more TOR nodes is a bad thing
for security?

My understanding for the last 15+ years is that three was the minimum
for any modicum of security and that more was better. The only down
side to more TOR nodes that I'm aware of is slower performance.



--
Grant. . . .
unix || die

[Anonymous Remailer]

On 5/10/2022 4:30 AM, EECL wrote:

> This was argued in the past and some tor experts agreed. It makes common sense also. The more nodes, the more breaks in the trail.
>

I must have missed that.

Have you got a citation for that?

Which "tor experts" agreed?

Would love to hear more about this than rampant speculation and hearsay.

[Yamn Remailer]

Historically, the AdvOR software allowed for the addition or more Tor
nodes in a circuit.

However, their software, AFAIK, has not been updated and lacks support
for v3 onion addresses.

[Grant Taylor]

On 5/10/22 2:32 PM, Yamn Remailer wrote:
> Historically, the AdvOR software allowed for the addition or more Tor
> nodes in a circuit.

I seem to recall that the TOR software proper allowed you to specify the
number of TOR nodes to pass traffic through.

Presumably, when using it as a SOCKS proxy server, anything and
everything that used it would benefit from those settings.

[Grant Taylor]

On 5/10/22 11:58 AM, Anonymous Remailer wrote:
> I must have missed that.

I've heard / read it multiple times / places over the last decade.

> Would love to hear more about this than rampant speculation and hearsay.

It seems fairly self evident to me that each TOR node adds some amount
of anonymity to connection, and as such adding /more/ TOR nodes would
also add /more/ anonymity.

This seems logical to me and decidedly not speculation nor hearsay.

[Nomen Nescio]

On 2022-05-11, Grant Taylor <gta...@tnetconsulting.net> wrote:

> It seems fairly self evident to me that each TOR node adds some amount
> of anonymity to connection, and as such adding /more/ TOR nodes would
> also add /more/ anonymity.

Can you elaborate? I'd say your following a fallacy here.

Iff you're being stalked at a level where observing traffic flows on
internet exchanges around the world can be authorized, it doesn't matter
how many proxies you try to hide behind.

The traffic signal between exit node and "internet" will match a signal
between nodes and eventually the traffic buck stops at a connection that
does not show matching incoming signals. That's where you send the drones.

If you don't warrant such high-profile attention, even one VPN proxy or Tor
hop will usually stump any LEA unless they can put pressure on operators to
backdoor their relays. That is a very faint possibility.

> This seems logical to me and decidedly not speculation nor hearsay.

It _is_ hearsay.

[Grant Taylor]

On 5/11/22 2:59 AM, Nomen Nescio wrote:
> Can you elaborate?

I'll try.

> I'd say your following a fallacy here.

But I get the impression that there's not anything that I can say that
will sway you one way or the other.

> Iff you're being stalked at a level where observing traffic flows on
> internet exchanges around the world can be authorized, it doesn't matter
> how many proxies you try to hide behind.

That statement makes me think that you are talking to a different point
than the OP's original comment.

You seem to be talking to if the total protection is enough protection
against a hypothetical observer / set of collaborating observers.

The OP's original comment was talking about each additional TOR node
adding /more/ protection.

> The traffic signal between exit node and "internet" will match a signal
> between nodes and eventually the traffic buck stops at a connection that
> does not show matching incoming signals. That's where you send the drones.
>
> If you don't warrant such high-profile attention, even one VPN proxy or Tor
> hop will usually stump any LEA unless they can put pressure on operators to
> backdoor their relays. That is a very faint possibility.

Each TOR node knows about and can link two points.

If you use one TOR node, it can directly link between the client and the
target.

If you use two TOR nodes, neither can directly link the client and the
target. The entry and exit TOR nodes that can associate the client and
the target are aware of each other.

If you use three TOR nodes, none can directly link the client and the
target. The entry and exit TOR nodes that can associate the client and
the target aren't aware of each other.

This is why the suggested minimum is three nodes.

Adding additional TOR nodes duplicates the middle / inner node
functionality and further separates the entry and exit TOR nodes.
Thereby causing additional abstraction ~> disassociation.

> It _is_ hearsay.

I disagree.

If you selectively choose TOR nodes in disparate or even adversarial
geopolitical regimes, the chances of getting cooperation of the powers
that be to de-abstract ~> associate incoming and outgoing traffic flows
is unlikely.

Adding /more/ middle / inner TOR nodes -- especially in diverse
geopolitical regimes -- adds to the total of the necessary amount of
work to de-abstract ~> associate an end-to-end flow from through the TOR
network.

So, yes, I believe that /more/ TOR nodes /does/ improve anonymity of
traffic that goes through the TOR network.

As for if 1, 2, 3, 5, 10, 100 TOR nodes is enough to thwart a
hypothetical entity? I have no idea. That's not what the OP's comment
was about. The OPs comment was about if adding more TOR nodes helped
anonymity. I maintain that it does.

[Colonel Bleep]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

In article <t5gk51$8v2$1...@tncsrv09.home.tnetconsulting.net>

How can one add more interior nodes to a TOR chain? I'd like to try
it.


Colonel Bleep <bl...@zerozeroisland.invalid>

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIcBAEBCgAGBQJimHYkAAoJEJyrajr0Vocq7hUQANGCw5K1qo4AYTam4Xfq562j
+h4YNhZD1iUj1sYs46R/8QrZDJqw4Y5qX2hSKUY00AfUfqm1DONb75EH5HmMxPMt
1ZBG9LZsIFXwJ0EPRNH5IV5r+FNGSpMxwhesOSnQJRR4Pd0Esho/5tTR9PWggLY5
dhhu4ijw6+f+yHmpxYm9yxMhi0rGvY5KBqLxlFBXKM+xeyn8vQ3H2dEBVP1SHuWZ
LJ0FnyZ1WkkiILZqbFQZ4xS/F/6cptXtAn/vQKA480n8COHc4rXTgnu3/XvWXqvR
ADe3k5g8YOn9jp/ZxcebwlO+G5x2vtscobpNBixVUzI/SNAANwnmvIvzliaijCID
K67hQ8MjmpqihzSHZ4643aLmmxVApNW0bOKC97tNNOJTryiabahcPDZeAaZpxfSk
qngkJt5PecKuD00ys/XZ7YkFNOdsAmk/N+BirFCj8iLIIGudvm2ZxgavsccJc3wB
9PVrSIuuiwzcUnB4KdjzyzL7ngBRo0PAyWFdtJPy+SRoSbGp/4A4qC7y1RKhkz+K
pxKnC8GEIdRCT0zvs1SXNDOBelWZHaq8qBRIhhVcaIh/QG/sRq42WMlPLDb4kn98
VQompIZpGW0ju1oIeWHACTgNOk8gu9Z1XJNLX1dpW79Kt5oDLT8oBVXi+XKuocIq
X/TmRtAkP9O7x+9Zc1Kl
=soGy
-----END PGP SIGNATURE-----

[Fritz Wuehler]

Colonel Bleep <bl...@zerozeroisland.invalid> wrote:
>
> How can one add more interior nodes to a TOR
> chain? I'd like to try it.
>

I am also interested in.

[Grant Taylor]

On 6/2/22 3:14 AM, Colonel Bleep wrote:
> How can one add more interior nodes to a TOR chain? I'd like to try it.

My understanding is that simply raising the number of Tor nodes you use
accomplishes the stated goal.

It's been a long time since I've configured a Tor client for interactive
use, but I distinctly remember there being a setting for the number of
Tor nodes that you wanted the traffic to go through.

[Nomen Nescio]

Linux or Windows?

[Nomen Nescio]

On 6/2/2022 2:14 AM, Colonel Bleep wrote:

Please do read these articles. It is important before you reach
your decision.

https://support.torproject.org/misc/misc-11/

https://tor.stackexchange.com/questions/103/is-it-possible-to-make-
the-tor-onion-routing-path-longer

The decision to lengthen a Tor chain is a matter of opinion and is
controversial. That is fact.

Grant stated a very logical, well reasoned, well written case in
support of the possible benefits of lengthening a Tor circuit
beyond 3 hops.

But that is his opinion. Not everyone shares that view.

The Tor Project's official stance, is that is NOT recommended.

It is the view of the Tor Project that increasing the number of
hops is NOT recommended. Not only that, but it does increase
network load and potentially weakens anonymity.

"Anonymity is not enhanced as a matter of fact. Increasing the
number of nodes you're using to establish a circuit, if we assume
that total number of possible relays is fixed, increases the
possibility of picking some node controlled by an adversary."

That being said, there is a Windows program called AdvOR (Advanced
Onion Router) It's been around quite a few years.

https://sourceforge.net/projects/advtor/files/

It has not been updated in a few years, but it works well. In
addition, I'm not sure if it compatible with .onion v3 addresses.

However: With AdvOR there is an option to change the circuit length
with Tor.

I have not looked at it in awhile.

[Nomen Nescio]

Nomen Nescio <nob...@dizum.com> wrote:
>
>
> That being said, there is a Windows program called
> AdvOR (Advanced > Onion Router) It's been around
> quite a few years.
>
> https://sourceforge.net/projects/advtor/files/
>
> It has not been updated in a few years, but it
> works well. In > addition, I'm not sure if it
> compatible with .onion v3 addresses.
>
> However: With AdvOR there is an option to change
> the circuit length with Tor.
>

AdvOR (Advanced Onion Router Files)is *not*

[EECL]

True, but it is probably more secure than v3 because of its increased paths (can chose up to 10).

[Nomen Nescio]

Nomen Nescio <nob...@dizum.com> wrote:

>The decision to lengthen a Tor chain is a matter of opinion and is
>controversial. That is fact.
>
>Grant stated a very logical, well reasoned, well written case in
>support of the possible benefits of lengthening a Tor circuit
>beyond 3 hops.

+1

BTW, it also has to be considered, that one of these three hops is the
Tor entry guard, constant for months, even retained unchanged throughout
Tor restarts, resulting in no more than two variable nodes, and granting
an adversary plenty of time to infiltrate his target's entry server.

>
>But that is his opinion. Not everyone shares that view.
>
>The Tor Project's official stance, is that is NOT recommended.
>
>It is the view of the Tor Project that increasing the number of
>hops is NOT recommended. Not only that, but it does increase
>network load

IMO that's their main concern.

> and potentially weakens anonymity.
>
>"Anonymity is not enhanced as a matter of fact. Increasing the
>number of nodes you're using to establish a circuit, if we assume
>that total number of possible relays is fixed, increases the
>possibility of picking some node controlled by an adversary."

... though getting increasingly useless for an offender with a thereby
also increased number of (hopefully) not compromized hops. Furthermore
longer chains also provide higher latency, which makes end-to-end timing
correlation analyses increasingly difficult, at least with remailer
packet transmissions of short duration. I'd only like to know whether
Tor nodes can figure out the chain length that's used.

>
>That being said, there is a Windows program called AdvOR (Advanced
>Onion Router) It's been around quite a few years.
>
>https://sourceforge.net/projects/advtor/files/
>
>It has not been updated in a few years, but it works well.

Correct, here circuit length is set to the 3 routers standard:

| [00:00:44] [notice]
|
| Advanced Onion Router v0.3.1.5
|
| Click "Connect" to connect to the OR network.
| These are the proxy settings you can use:
| Address: 127.0.0.1
| Port: 9250
| 127.0.0.1:9250
| Use "Intercept" to be sure that your proxy settings are always used.
|
| Download locations:
| http://www.te-home.net/?do=work&id=advor
| http://sourceforge.net/projects/advtor/files/
| http://www.softpedia.com/get/Internet/Servers/WEB-Servers/Advanced-TOR.shtml
| For feature requests and bug reports use one of the following forums:
| http://www.te-home.net/?do=forum&id=advor
| http://sourceforge.net/p/advtor/discussion/
| (no registration required: anonymous posting is allowed)
|
| [00:00:49] [notice] The Tor Directory Consensus has changed how many circuits we must track to detect network failures from 0 to 20.
| [00:00:50] [notice] We now have enough directory information to build circuits.
| [00:00:50] [notice] Bootstrapped 80%: Connecting to the Tor network.
| [00:00:52] [notice] Bootstrapped 85%: Finishing handshake with first hop.
| [00:00:52] [notice] Bootstrapped 90%: Establishing a Tor circuit.
| [00:00:53] [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
| [00:00:53] [notice] Bootstrapped 100%: Connected to the OR network..
| [00:01:04] [proxy] Connection request for www.mixmin.net:443 .
| [00:01:05] [proxy] Connection request for www.mixmin.net:443 .
| [00:01:06] [proxy] Connection request for www.mixmin.net:443 .
[...]
| [00:01:10] [proxy] Connection request for www.mixmin.net:443 .
| [00:01:11] [proxy] Connection request for www.sec3.net:443 .
| [00:01:12] [proxy] Connection request for www.sec3.net:443 .
| [00:01:13] [proxy] Connection request for sec3.net:443 .

> In addition, I'm not sure if it compatible with .onion v3 addresses.

It's not:

| [00:02:04] [proxy] Connection request for gdyphuuuxv3v4o55osmruc2bypuewellgr5cgkoarks3xvwx4hlme5yd.onion:119 .
| [00:02:04] [warn] Invalid hostname gdyphuuuxv3v4o55osmruc2bypuewellgr5cgkoarks3xvwx4hlme5yd.onion; rejecting

>
>However: With AdvOR there is an option to change the circuit length
>with Tor.

With 9 hops I'm still able to (slowly) download remailer statistics:

| [00:14:33] [notice] The Tor Directory Consensus has changed how many circuits we must track to detect network failures from 0 to 20.
| [00:14:35] [notice] We now have enough directory information to build circuits.
| [00:14:35] [notice] Bootstrapped 80%: Connecting to the Tor network.
| [00:14:36] [notice] Bootstrapped 85%: Finishing handshake with first hop.
| [00:14:36] [notice] Bootstrapped 90%: Establishing a Tor circuit.
| [00:14:43] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND
| [00:14:44] [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
| [00:14:44] [notice] Bootstrapped 100%: Connected to the OR network..
| [00:15:01] [proxy] Connection request for www.mixmin.net:443 .
| [00:15:08] [proxy] Connection request for www.mixmin.net:443 .
| [00:15:09] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND
| [00:15:16] [proxy] Connection request for www.mixmin.net:443 .

10 nodes finally fail completely:

| [00:29:21] [notice] The Tor Directory Consensus has changed how many circuits we must track to detect network failures from 0 to 20.
| [00:29:22] [notice] We now have enough directory information to build circuits.
| [00:29:22] [notice] Bootstrapped 80%: Connecting to the Tor network.
| [00:29:23] [notice] Bootstrapped 85%: Finishing handshake with first hop.
| [00:29:24] [notice] Bootstrapped 90%: Establishing a Tor circuit.
| [00:29:31] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND
| [00:29:32] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND
| [00:29:32] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND
| [00:29:43] [warn] relay_send_command_from_edge(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND,EXTEND

[Nomen Nescio]

But the tor.exe binary from the latest OmniMix 2.6.6 release is.

<https://www.danner-net.de/om/OmniMix_2.6.6_Uno_Setup.exe>

It supports v3 .onion addresses and allows circuit lengths of 2 up to 9
nodes. And it's fully compatible and exchangeable with the original Tor
version with just a "RouteLength" parameter added.

I replaced my Tor Browser's ..\Browser\TorBrowser\Tor\tor.exe binary and
added a "RouteLength 6" line to the ..\Browser\TorBrowser\Data\Tor\torrc
text file. Left-clicking on the lock left to the URL field now shows me
6-hop circuits. Problem solved!

Anyone with an idea how to get rid of Tor's log CLI window, that opens
when the browser starts?

[ft...@cfa.harvard.edu]

>
> But the tor.exe binary from the latest OmniMix 2.6.6 release is.
>
> <https://www.danner-net.de/om/OmniMix_2.6.6_Uno_Setup.exe>
>
> It supports v3 .onion addresses and allows circuit lengths of 2 up to 9
> nodes. And it's fully compatible and exchangeable with the original Tor
> version with just a "RouteLength" parameter added.
>

> I replaced my Tor Browser's ../Browser/TorBrowser/Tor/tor.exe binary and
> added a "RouteLength 6" line to the ../Browser/TorBrowser/Data/Tor/torrc

> text file. Left-clicking on the lock left to the URL field now shows me
> 6-hop circuits. Problem solved!
>
> Anyone with an idea how to get rid of Tor's log CLI window, that opens
> when the browser starts?

Great info.

[Nomen Nescio]

In article <t8lk9r$28m4l$1...@news.mixmin.net>

"ft...@cfa.harvard.edu" <ft...@cfa.harvard.edu> wrote:
>
> >
> > But the tor.exe binary from the latest OmniMix 2.6.6 release is.
> >
> > <https://www.danner-net.de/om/OmniMix_2.6.6_Uno_Setup.exe>
> >
> > It supports v3 .onion addresses and allows circuit lengths of 2 up to 9
> > nodes. And it's fully compatible and exchangeable with the original Tor
> > version with just a "RouteLength" parameter added.
> >
> > I replaced my Tor Browser's ../Browser/TorBrowser/Tor/tor.exe binary and
> > added a "RouteLength 6" line to the ../Browser/TorBrowser/Data/Tor/torrc
> > text file. Left-clicking on the lock left to the URL field now shows me
> > 6-hop circuits. Problem solved!
> >
>

> Great info.

This does not work. TOR is not starting.

[Nomen Nescio]

In article <0cc94ab94dc367e9...@dizum.com> Nomen Nescio

<nob...@dizum.com> wrote:
>> > I replaced my Tor Browser's ../Browser/TorBrowser/Tor/tor.exe binary and
>> > added a "RouteLength 6" line to the ../Browser/TorBrowser/Data/Tor/torrc
>> > text file. Left-clicking on the lock left to the URL field now shows me
>> > 6-hop circuits. Problem solved!

>This does not work. TOR is not starting.

Mine works.

>Jun 21 06:24:47.125 [notice] Tor 0.4.8.0-alpha-dev (git-b733f9d6ace63c71) running on Windows 7 with Libevent 2.1.8-stable, OpenSSL 1.0.2n, Zlib 1.2.12, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
>Jun 21 06:24:47.125 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
>Jun 21 06:24:47.125 [notice] This version is not a stable Tor release. Expect more bugs than usual.
>Jun 21 06:24:47.125 [notice] Read configuration file "D:\Apps\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults".
>Jun 21 06:24:47.125 [notice] Read configuration file "D:\Apps\Tor Browser\Browser\TorBrowser\Data\Tor\torrc".
>Jun 21 06:24:47.125 [notice] Opening Control listener on 127.0.0.1:9151
>Jun 21 06:24:47.125 [notice] Opened Control listener connection (ready) on 127.0.0.1:9151
>Jun 21 06:24:47.125 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
>Jun 21 06:24:47.000 [notice] Parsing GEOIP IPv4 file D:\Apps\Tor Browser\Browser\TorBrowser\Data\Tor\geoip.
>Jun 21 06:24:47.000 [notice] Parsing GEOIP IPv6 file D:\Apps\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6.
>Jun 21 06:24:48.000 [notice] Bootstrapped 0% (starting): Starting
>Jun 21 06:24:49.000 [notice] Delaying directory fetches: DisableNetwork is set.
>Jun 21 06:24:50.000 [notice] Starting with guard context "default"
>Jun 21 06:24:50.000 [notice] New control connection opened from 127.0.0.1.
>Jun 21 06:24:50.000 [notice] New control connection opened from 127.0.0.1.
>Jun 21 06:24:50.000 [notice] New control connection opened from 127.0.0.1.
>Jun 21 06:24:50.000 [notice] New control connection opened from 127.0.0.1.
>Jun 21 06:24:50.000 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
>Jun 21 06:24:51.000 [notice] Opening Socks listener on 127.0.0.1:9150
>Jun 21 06:24:51.000 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9150
>Jun 21 06:24:51.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
>Jun 21 06:24:52.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
>Jun 21 06:24:52.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
>Jun 21 06:24:53.000 [warn] Relay address suggestion coming from non trusted source 185.220.101.31 accepted due to OmniMix patch
>Jun 21 06:24:53.000 [notice] External address seen and suggested by a directory authority: 73.92.36.56
>Jun 21 06:24:53.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
>Jun 21 06:24:53.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
>Jun 21 06:24:53.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
>Jun 21 06:24:53.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
>Jun 21 06:24:53.000 [warn] Relay address suggestion coming from non trusted source 136.243.92.194 accepted due to OmniMix patch
>Jun 21 06:24:54.000 [notice] Bootstrapped 100% (done): Done
>Jun 21 06:24:55.000 [notice] New control connection opened from 127.0.0.1.

[Anonymous]

> >Jun 21 06:24:53.000 [notice] External address seen and suggested by a directory authority: 73.92.36.56

Gotcha! Though, Cupertino? Are you kiddin'?

[Anonymous]

With a syntax error in torrc TOR fails to start. So check that file.

[Nomen Nescio]

>> >Jun 21 06:24:53.000 [notice] External address seen and suggested by a directory authority: 73.92.36.56
>
>Gotcha! Though, Cupertino? Are you kiddin'?

;-)