ALERT! Increased number of Israeli nodes on Tor network. And how to exclude them all.

[Niko_is_666]

One of my friends alerted me to a possible increase in the numbers of Israeli nodes in the Tor network. So far I believe these Israeli nodes don't have the guard flag[not yet guard nodes], they seem to be relaying as middle nodes. So you do not have to worry, even if you have passed through a node that is in Israel, no one can intercept your data passing through, and no one can know your whereabouts, nothing to panic.

I searched the forums to find out that no one has mentioned anything about excluding tor nodes. So I decided to create this short thread/tutorial to alert everyone and also to help inexperienced users, for them to exclude nodes situated in Israel or any country[It's very easy]. I will keep bumping this thread for a few days so that every member who uses Tor can see this. I have also listed the country codes.


We only have one file to work with, and that is the "torrc" file. So locate it in your respective OS.
Open it and add the following: ExcludeNodes {il} StrictNodes 1
you can use commas without space to add more countries to the list, example: ExcludeNodes {il},{ru},{us} StrictNodes 1
In the curly bracket one can also add hash-id's of specific nodes to exclude them.

ExcludeNodes tells Tor to exclude the listed nodes in any place, and the whole circuit[Guard/Middle/Exit]. Though I have heard[most likly an outdated info], that it rather tells Tor to do it's best to avoid the listed nodes, they say there's no strict enforcement/guarantee. For me personally it works well, but it's always better to be more cautious and keep an eye on the connection, especially the guard node, we don't want a guard node that is in Israel, that can provide the source IP, your ISP. This can make tor over vpn essential for some users who are unable to avoid specific guard nodes.
But I think it works fine, one can test it with well known countries like US or Germany, if none of them appear in the circuit, it should indicate its working well.




Now for novice or windows users:

1. You have to locate your Tor Browser's directory[where you will see the firefox.exe]
2. Once you have located your Tor's directory, open it and navigate to the following: \TorBrowser\Data\Tor
   the folder should look something like this:
   
   
3. Open the torrc file with notepad.
4. Now the Torrc file should look something like this:
   # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1, and Tor will ignore it ClientOnionAuthDir C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth DataDirectory C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor GeoIPFile C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip GeoIPv6File C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6
   
   
5. Add the following in the next line: ExcludeNodes {il} StrictNodes 1
   it should all look like this afterwards:
   # This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1, and Tor will ignore it ClientOnionAuthDir C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth DataDirectory C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor GeoIPFile C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip GeoIPv6File C:\Users\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6 ExcludeNodes {il} StrictNodes 1
6. Save it and exit. That's it.
   
   
   List of country codes:
   Country Code ASCENSION ISLAND {ac} AFGHANISTAN {af} ALAND {ax} ALBANIA {al} ALGERIA {dz} ANDORRA {ad} ANGOLA {ao} ANGUILLA {ai} ANTARCTICA {aq} ANTIGUA AND BARBUDA {ag} ARGENTINA REPUBLIC {ar} ARMENIA {am} ARUBA {aw} AUSTRALIA {au} AUSTRIA {at} AZERBAIJAN {az} BAHAMAS {bs} BAHRAIN {bh} BANGLADESH {bd} BARBADOS {bb} BELARUS {by} BELGIUM {be} BELIZE {bz} BENIN {bj} BERMUDA {bm} BHUTAN {bt} BOLIVIA {bo} BOSNIA AND HERZEGOVINA {ba} BOTSWANA {bw} BOUVET ISLAND {bv} BRAZIL {br} BRITISH INDIAN OCEAN TERR {io} BRITISH VIRGIN ISLANDS {vg} BRUNEI DARUSSALAM {bn} BULGARIA {bg} BURKINA FASO {bf} BURUNDI {bi} CAMBODIA {kh} CAMEROON {cm} CANADA {ca} CAPE VERDE {cv} CAYMAN ISLANDS {ky} CENTRAL AFRICAN REPUBLIC {cf} CHAD {td} CHILE {cl} PEOPLE'S REPUBLIC OF CHINA {cn} CHRISTMAS ISLANDS {cx} COCOS ISLANDS {cc} COLOMBIA {co} COMORAS {km} CONGO {cg} CONGO (DEMOCRATIC REPUBLIC) {cd} COOK ISLANDS {ck} COSTA RICA {cr} COTE D IVOIRE {ci} CROATIA {hr} CUBA {cu} CYPRUS {cy} CZECH REPUBLIC {cz} DENMARK {dk} DJIBOUTI {dj} DOMINICA {dm} DOMINICAN REPUBLIC {do} EAST TIMOR {tp} ECUADOR {ec} EGYPT {eg} EL SALVADOR {sv} EQUATORIAL GUINEA {gq} ESTONIA {ee} ETHIOPIA {et} FALKLAND ISLANDS {fk} FAROE ISLANDS {fo} FIJI {fj} FINLAND {fi} FRANCE {fr} FRANCE METROPOLITAN {fx} FRENCH GUIANA {gf} FRENCH POLYNESIA {pf} FRENCH SOUTHERN TERRITORIES {tf} GABON {ga} GAMBIA {gm} GEORGIA {ge} GERMANY {de} GHANA {gh} GIBRALTER {gi} GREECE {gr} GREENLAND {gl} GRENADA {gd} GUADELOUPE {gp} GUAM {gu} GUATEMALA {gt} GUINEA {gn} GUINEA-BISSAU {gw} GUYANA {gy} HAITI {ht} HEARD & MCDONALD ISLAND {hm} HONDURAS {hn} HONG KONG {hk} HUNGARY {hu} ICELAND {is} INDIA {in} INDONESIA {id} IRAN, ISLAMIC REPUBLIC OF {ir} IRAQ {iq} IRELAND {ie} ISLE OF MAN {im} ISRAEL {il} ITALY {it} JAMAICA {jm} JAPAN {jp} JORDAN {jo} KAZAKHSTAN {kz} KENYA {ke} KIRIBATI {ki} KOREA, DEM. PEOPLES REP OF {kp} KOREA, REPUBLIC OF {kr} KUWAIT {kw} KYRGYZSTAN {kg} LAO PEOPLE'S DEM. REPUBLIC {la} LATVIA {lv} LEBANON {lb} LESOTHO {ls} LIBERIA {lr} LIBYAN ARAB JAMAHIRIYA {ly} LIECHTENSTEIN {li} LITHUANIA {lt} LUXEMBOURG {lu} MACAO {mo} MACEDONIA {mk} MADAGASCAR {mg} MALAWI {mw} MALAYSIA {my} MALDIVES {mv} MALI {ml} MALTA {mt} MARSHALL ISLANDS {mh} MARTINIQUE {mq} MAURITANIA {mr} MAURITIUS {mu} MAYOTTE {yt} MEXICO {mx} MICRONESIA {fm} MOLDAVA REPUBLIC OF {md} MONACO {mc} MONGOLIA {mn} MONTENEGRO {me} MONTSERRAT {ms} MOROCCO {ma} MOZAMBIQUE {mz} MYANMAR {mm} NAMIBIA {na} NAURU {nr} NEPAL {np} NETHERLANDS ANTILLES {an} NETHERLANDS, THE {nl} NEW CALEDONIA {nc} NEW ZEALAND {nz} NICARAGUA {ni} NIGER {ne} NIGERIA {ng} NIUE {nu} NORFOLK ISLAND {nf} NORTHERN MARIANA ISLANDS {mp} NORWAY {no} OMAN {om} PAKISTAN {pk} PALAU {pw} PALESTINE {ps} PANAMA {pa} PAPUA NEW GUINEA {pg} PARAGUAY {py} PERU {pe} PHILIPPINES (REPUBLIC OF THE) {ph} PITCAIRN {pn} POLAND {pl} PORTUGAL {pt} PUERTO RICO {pr} QATAR {qa} REUNION {re} ROMANIA {ro} RUSSIAN FEDERATION {ru} RWANDA {rw} SAMOA {ws} SAN MARINO {sm} SAO TOME/PRINCIPE {st} SAUDI ARABIA {sa} SCOTLAND {uk} SENEGAL {sn} SERBIA {rs} SEYCHELLES {sc} SIERRA LEONE {sl} SINGAPORE {sg} SLOVAKIA {sk} SLOVENIA {si} SOLOMON ISLANDS {sb} SOMALIA {so} SOMOA,GILBERT,ELLICE ISLANDS {as} SOUTH AFRICA {za} SOUTH GEORGIA, SOUTH SANDWICH ISLANDS {gs} SOVIET UNION {su} SPAIN {es} SRI LANKA {lk} ST. HELENA {sh} ST. KITTS AND NEVIS {kn} ST. LUCIA {lc} ST. PIERRE AND MIQUELON {pm} ST. VINCENT & THE GRENADINES {vc} SUDAN {sd} SURINAME {sr} SVALBARD AND JAN MAYEN {sj} SWAZILAND {sz} SWEDEN {se} SWITZERLAND {ch} SYRIAN ARAB REPUBLIC {sy} TAIWAN {tw} TAJIKISTAN {tj} TANZANIA, UNITED REPUBLIC OF {tz} THAILAND {th} TOGO {tg} TOKELAU {tk} TONGA {to} TRINIDAD AND TOBAGO {tt} TUNISIA {tn} TURKEY {tr} TURKMENISTAN {tm} TURKS AND CALCOS ISLANDS {tc} TUVALU {tv} UGANDA {ug} UKRAINE {ua} UNITED ARAB EMIRATES {ae} UNITED KINGDOM (no new registrations) {gb} UNITED KINGDOM {uk} UNITED STATES {us} UNITED STATES MINOR OUTL.IS. {um} URUGUAY {uy} UZBEKISTAN {uz} VANUATU {vu} VATICAN CITY STATE {va} VENEZUELA {ve} VIET NAM {vn} VIRGIN ISLANDS (USA) {vi} WALLIS AND FUTUNA ISLANDS {wf} WESTERN SAHARA {eh} YEMEN {ye} ZAMBIA {zm} ZIMBABWE {zw}

 

[Henu the Great]

I wish it was as easy as this. The actual problem is not countered like this because those who operate large amounts of every sort of node with espionage in mind have their nodes all over the planet. One, very bad solution is to make your own set of nodes and force traffic through them, at least some of the time. The downside is that such a method lowers the amount of randomness in your connection.

 

[Wotanwarrior]

Done, it only takes a moment, thank you very much for the warning.

 

[Dragonheart666]

Done! Thank you! For the worning

 

[Niko_is_666]

I wish it was as easy as this. The actual problem is not countered like this because those who operate large amounts of every sort of node with espionage in mind have their nodes all over the planet. One, very bad solution is to make your own set of nodes and force traffic through them, at least some of the time. The downside is that such a method lowers the amount of randomness in your connection.

Espionage with Tor is pretty useless, one cannot intercept the the data because first it is encrypted multiple times by Tor itself, and inside that exists another encryption of https[for https secured websites], the maximum the exit node could figure out is the website you are visiting and the source IP which here is the middle relay, that's it. And if it's onion, they will get nothing.
If all three nodes are controlled by a single entity, yes they could trace back to the original source IP if it is not a spoof, but one has to be extremely unlucky to land on a circuit owned by a single entity. it's why tor relays through different countries. There are over 7500+ relays/nodes 2000+ bridges, it would be rare to get a circuit of a single entity. From what I read, Tor also has some form of reputation system for relays and bridges.

A non-government organization or a jewish organization cannot control every single server around the world, they are not cheap to run. It's much cheaper to give 100 euros and a boat to those migrants entering Europe. It's also not easy for tech giants to spy around in countries with higher moral values, world has witnessed the employees frequently blowing their cover. It's why to spy on windows users, Microsoft frequently connects windows services to Israel, where any crime against non-jews is pretty much legal. That's why one must try not to connect to israel or at least never connect directly to israel in any way on any network.

Creating your own nodes to force your own traffic through them can be considered a poor practice.

JoS can research on hidden/onion services, they are better.

To be truly secure, whether it's tor or not tor, one has to use a seperate completely spoofed device that is never used with their home/private internet.

Tor over VPN is fine, instead of your ISP, only your vpn provider will learn that you are using tor services, and your source IP would be that of VPN provider to the guard node. One has to choose a vpn service that didn't present anything to a court order of any respective country they operate in.

Nothing in the digital world is 100% secure, one has to use various tricks and strategies to be safe, and hope for the best.

 

[Henu the Great]

Espionage with Tor is pretty useless, one cannot intercept the the data because first it is encrypted multiple times by Tor itself, and inside that exists another encryption of https[for https secured websites], the maximum the exit node could figure out is the website you are visiting and the source IP which here is the middle relay, that's it. And if it's onion, they will get nothing.
If all three nodes are controlled by a single entity, yes they could trace back to the original source IP if it is not a spoof, but one has to be extremely unlucky to land on a circuit owned by a single entity. it's why tor relays through different countries. There are over 7500+ relays/nodes 2000+ bridges, it would be rare to get a circuit of a single entity. From what I read, Tor also has some form of reputation system for relays and bridges.

I know how the network works. And that amount of relays is not much considering the amount of networking on this planet. Also, there is no need to control all of the nodes. Thirty percent is enough to get started, and even with a smaller amount of control, denanonymization becomes possible.

A non-government organization or a jewish organization cannot control every single server around the world, they are not cheap to run.

There does not need to be total control, as major control is enough. When there is a sizeable control of nodes (which has happened multiple times in the past) then it becomes possible to denonymize traffic.

It's much cheaper to give 100 euros and a boat to those migrants entering Europe.

A simple raspberry Pi is equal to this so your point is not correct. And regardless of the price tag, it is irrelevant since these two issues are separate functions with separate goals.

It's also not easy for tech giants to spy around in countries with higher moral values, world has witnessed the employees frequently blowing their cover. It's why to spy on windows users, Microsoft frequently connects windows services to Israel, where any crime against non-jews is pretty much legal. That's why one must try not to connect to israel or at least never connect directly to israel in any way on any network.

The main problem with espionage is not private companies, but governmental actors ALL around the world. Including so-called "countries with high morals". Also, private groups, not just private companies.

Creating your own nodes to force your own traffic through them can be considered a poor practice.

Yes, but it is better than routing traffic through compromised servers. I also said it is a very bad solution. But a very bad solution is better than an extremely bad solution.

Back to my original point. The solution is not merely denying Israeli nodes. The solution is to enlarge the network (you, me, us) while also making sure that those nodes do not become compromised. Then the network becomes more secure. However, even then I am not too optimistic about this network since it has its flaws just like everything else.

 

[AFODO]

...

Although neither is I2P fully safe
( https://tlu.tarilabs.com/protocols/intro-to-tor-and-i2p#i2p-threats-security-and-vulnerability )
but it's safer because it's less popular.

 

[Niko_is_666]

A simple raspberry Pi is equal to this so your point is not correct. And regardless of the price tag, it is irrelevant since these two issues are separate functions with separate goals.

I don't think becoming a reputed guard relay or any other relay on a raspberry pi is possible, even if it does it will likely crash. decreasing the reputation and chances to be selected for a circuit will fall to low.
It's not meant for mass surveillance.

 

[Henu the Great]

I don't think becoming a reputed guard relay or any other relay on a raspberry pi is possible, even if it does it will likely crash. decreasing the reputation and chances to be selected for a circuit will fall to low.
It's not meant for mass surveillance.

It is doable. You are mistaken if you think these nodes have to be part of a server collective in a warehouse of servers or something. You can set up a node from your home, or even from a smartphone. Moreover, that is exactly what a more secure TOR network requires. Services from people for people. To blend in the mass of services.

Your solution of restricting the use of nodes makes the overall use less secure because there would be fewer nodes to select from. Think about that for a moment.

 

[Mergethor]

The main problem with espionage is not private companies, but governmental actors ALL around the world. Including so-called "countries with high morals". Also, private groups, not just private companies.

This. I mean in the ICT-sector in Europe it is common knowledge that most Tor-Exit nodes are run by Intel under the usual disguise of NGOs and other fakecompanies.
All I say is Crypto AG from Switzerland, This is an excellent publicly made example how this works, although this was regarding backdoors in SSL and SSH encryption algos, the procedure stays the same.

Anyhow for browsing the Tor-Network for Information this is an excellent basic-opsec for trying to avoid some Intels to get started. As long as you don't kick out too many countries and limit this to a specific one as mentioned.

But beware this as only countermeasure doesn't make anything safe, especially as long as you are operating on a windows machine Henu already mentioned some the basic points. Keep in mind, TOR is a software rolled out by US naval Intel back then, the exitnodes are mostly run by intel (at least in Central an northern Europe and I doubt any other procedure in other geographic locations), many sites for malicious stuff are run by Intel as honeypots. All I will say is keep in mind you are entering an Intel-Network.

Don't get me wrong its still a great tool for anonymising.

https://www.privacyaffairs.com/install-tails/
You can still edit the torrc. and it is runnabel on a windowsmachine also, A Tails-USB-stick provides generally a decent security setup.

 

[Henu the Great]

...
It's not meant for mass surveillance.

To touch on this statement. Well, I never claimed the TOR network to be for mass surveillance. I simply stated that the traffic can be and has been deanonymized.

My cynical side would add that this is by design. On paper, the design is all well and good. There is anonymity due to multiple points of encryption. However, this design is greatly flawed when someone has a great number of control over the network. Let's remember that the government military has released this project, not civilian scientists, but the government.

Maybe this is a coincidence, maybe not.

 

[Niko_is_666]

It is doable. You are mistaken if you think these nodes have to be part of a server collective in a warehouse of servers or something. You can set up a node from your home, or even from a smartphone. Moreover, that is exactly what a more secure TOR network requires. Services from people for people. To blend in the mass of services.

Your solution of restricting the use of nodes makes the overall use less secure because there would be fewer nodes to select from. Think about that for a moment.

Nah, not a warehouse, I am aware of that. This is not a bond movie.
Of course tor needs volunteers to randomize the network, and the more traffic the better, but since most people can't provide a stable connection and bandwidth there is an abundance of middle relays, and less guard and exit nodes, for such reasons raspberry pi is not enough.


I did not propose to restrict the use of nodes, it was just for Israeli nodes. I see where the misunderstanding arose from, the reason I mentioned

to exclude nodes situated in Israel or any country

in the original post is because there are some instances with newer tor client where the whole circuit is based in one single country which is bad, as this is where the governmental actors of a single government[where the whole circuit took place] can get a chance to find the source IP without much hassle. I assumed users knew such issues are bad, so I mentioned "any country" to just let them know that this is an option to exclude any number of nodes. I personally experienced this for a particular country a few months ago, so I had to exclude that country temporarily along with Israel. I did not mean to say that one should start excluding nodes from countries they don't like. And the reason why I listed the country codes is to allow less experienced tor users to obtain it from here without searching it on clearnet on some malicious tor "friendly" website.

 

[Niko_is_666]

To touch on this statement. Well, I never claimed the TOR network to be for mass surveillance. I simply stated that the traffic can be and has been deanonymized.

My cynical side would add that this is by design. On paper, the design is all well and good. There is anonymity due to multiple points of encryption. However, this design is greatly flawed when someone has a great number of control over the network. Let's remember that the government military has released this project, not civilian scientists, but the government.

Maybe this is a coincidence, maybe not.

Yeah I agree on that.

 

[AFODO]

I simply stated that the traffic can be and has been deanonymized.

True but it's not the biggest problem.
90%+ of "hackers" got deanonymized trough them telling too much, and not because of their system.

So telling nothing about yourself here actually worth way more than trying to make tor even more anonym.
But that is still a wise and good thing, we could make a bunch of safe nodes which would make tor overall more safer.

I2P doesn't even let you use it without becoming a "node" yourself. The problem with tor is that most people just use it and does not contribute to it.