Page 1 of 1

Physical/hardware attacks?

Posted: Wed Jan 14, 2015 0:05
by Maser
Correct me if I write anything wrong, but here is one hypothetical attack:

The mix servers are located in one city somewhere in the world, but their location is known. The operator may or may not be in the same country.

The first question is does the map in the settings (Config -> Anonymity -> Map (of that mix)) reveal the exact location of the server or just where the city is (so it could be anywhere in the city, but it does not show the exact location)?

Because if the first one shows the exact location, this scenario could happen. Any unauthorized person could break into the building where the mix server is located and "hack/hijack" the servers physically, essentially wiretapping the entire connection or creating a MITM attack. Physical inspection is very difficult for the mix operators because they are usually in a different country (or in a few cases, in a different continent). While the connections themselves are scrambled thanks to JonDo, the intruder could at very least get some more data which could contribute towards deanonymizing the user. Especially if the attack happened in the first mix server location because the first mix server must handle the connection between the user and the first mix server.

While mix operators are trustworthy, if they run the mixes from a different country, they cannot maintain it without having to travel a great distance, I do not know if the same trustworthiness applies for the server operators that are actually sitting near the mix servers and are responsible for running and maintaining the mixes. Are the server operators just running and maintaining said mix servers or could they possibly do something more sinister?

A simpler variant is that the connection close to the mix server is wiretapped (there is usually one thick cable just before it enters the building), while the connection itself stays encrypted, the metadata (which includes the exact time, down to the nanosecond, when the connection was created), so that a timing attack would allow to match connections, so that, if enough data exists, an user could be deanonymized by simply checking when the connections were made between the mix servers. This variant however is very unlikely because trying to that would result into a big mess, the intruder does not want, otherwise everyone in that building knows that they are wiretapped. An alternate variant would involve stealing/copying the data into an external storage, logging every detail, then taking the storage away when its full and crack it at home, which is easier than real-time cracking (assuming that is possible with the current technology, this would only work if the encryption is too weak)


I am also aware that there is a surveillance tool for the mix operator. They can only uncover individual connections, is there any possibility of abuse?

Please be honest when answering, I am only using free services right now, you will not lose any profit. I am also not saying that we are being wiretapped right now but this could be the case, you never know.


Unrelated question: Is it OK when I use Javascript when there is absolutely no other way to access the webpage? (Basically the website wont work at all if you disable JS)